Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

cannot remove Trojan.FakeAlert.H file and registry value [Closed]


  • This topic is locked This topic is locked

#1
Angellalt

Angellalt

    New Member

  • Member
  • Pip
  • 8 posts
Cannot open various programmes including antivirus software. I managed to scan a computer with Malwarebytes' Anti-Malware by creating alternative executive file. I found Trojan.FakeAlert.H file and registry value. Infected registry value is said to be quarantined and deleted succesfully, while file is said to be deleted on reboot. After reboot virus is still there. Any suggestions how to get rid of it? Thank You!!
This is the log file after scan:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

02/05/2012 00:52:14
mbam-log-2012-05-02 (00-52-14).txt

Scan type: Full scan (C:\|D:\|E:\|G:\|)
Objects scanned: 246
Time elapsed: 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\renpugbr (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Ruta\AppData\Local\jbvdkhdd\renpugbr.exe (Trojan.FakeAlert.H) -> Delete on reboot.
  • 0

Advertisements


#2
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hello Angellalt, :wave:
:welcome:. My name is godawgs and I will be assisting you with your Virus / Malware issues.

I am currently still in training and my posts have to be approved by an expert so please expect a delay between my posts.

We apologize for the delay in responding to your request for help. Here at GeeksToGo we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

I will start working on your Malware issues. This may, or may not, solve other issues you have with your machine. The fixes are specific to your problem and should only be used for this issue on this machine!

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.
If you have not, please adhere to the guidelines below and then carefully follow all future instructions:

I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same.
Because of this, you must reply within four days. If you haven't replied within that time, the topic will be closed! If you need additional time to complete things, just let me know.
  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please let me know if you are using a computer with multiple accounts, as this can affect the instructions given.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • All tools must be run from an account with Administrator privileges.
  • If I instruct you to download a specific tool which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Please read all of my response through at least once before attempting to follow the procedures described. I would recommend printing them out, if you can, so you can check off each step as you complete it.
    Also, part of the fix may require you to be in Safe Mode, which will not allow you to access the internet, or my instructions!
  • Do not do things I do not ask for, such as running a spyware scan on your computer, installing/uninstall programs, deleting files, modifying the registry or running any tools, unless instructed to do so. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date (if possible)!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
  • Lastly, Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. Some infections are so severe that we might encounter situations where the only recourse is to re-format and re-install your operating system. Don't worry, this only happens in severe cases, but, sadly, it does happen.
    In light of this be prepared to back up your data. Have means of backing up your data available.


Step-1.

Posted Image OTL
OTL is currently our primary tool for searching key areas of the registry and other system locations for the telltale signs of malware. It generates a comprehensive log, and offers an initial diagnosis.
  • Download OTL to the Desktop. It is important that it is download to the Desktop. (FireFox users should right click the download link and click "Save File As". On the window that comes up, make sure the download location is the Desktop and click the Save button.)
  • Please copy the text in the code box below and paste it in the Posted Image box in OTL. To do that:
    • Highlight everything inside the code box, right click the mouse and click Copy.
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    consrv.dll
    /md5stop
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    %Temp%\smtmp\1\*.*
    %Temp%\smtmp\2\*.*
    %Temp%\smtmp\3\*.*
    %Temp%\smtmp\4\*.*
    C:\Windows\assembly\tmp\U\*.* /s
    C:\Program Files\Common Files\ComObjects\*.* /s
    DRIVES
    >C:\commands.txt echo list vol /raw /hide /c
    /wait
    >C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
    /wait
    type c:\diskreport.txt /c
    /wait
    del c:\commands.txt^|y /hide /c
    /wait
    del c:\diskreport.txt^|y /hide /c
    
  • Open OTL on the desktop. To do that:
  • Double click on the Posted Image OTL icon to run it. Make sure all other windows are closed.
  • You will see a console like the one below:

    Posted Image
  • Check the box beside Scan All Users at the top of the console
  • Make sure the Output box at the top is set to Standard Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Place the mouse pointer inside thePosted Image box, right click and click Paste. This will put the above script inside OTL
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so.
  • Let the scan run uninterrupted. The scan won't take long.
  • When the scan completes, it will open OTL.Txt on the desktop. A file named Extras.txt will be minimized.These files are also saved in the same location as OTL (it should be on your desktop).
  • Please copy the contents of these files and paste them into your reply. To do that:
    • On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
    • Right click inside the forum post window then click Paste.This will paste the contents of the OTL.txt file in the in the post window.
    Repeat for the Extras.txt file.


Step-2.

Run aswMBR
  • Download aswMBR.exe to your desktop.
  • Double click the aswMBR.exe file to run it. (Windows /7 users: Right click the file and click Run as Administrator. If you get a UAC window, allow the file to run.
  • If it asks you if you want to download the latest virus definitions, click Yes
  • Click the "Scan" button to start the scan
    Posted Image
  • On completion of the scan click save log. Save it to your desktop and post in your next reply.
    Posted Image
NOTE: When you run aswMBR, if it is shutdown automatically, then it is most likely the infection detecting that aswMBR is running and terminating it. In this situation you should rename executable to iexplore.exe and try it again.


Step-3.

Things For Your Next Post:
1. The OTL.txt log
2. The Extras.txt log
3. The aswMBR log
  • 0

#3
Angellalt

Angellalt

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Thank You for such a quick response!
1. OTL.txt log:

OTL logfile created on: 02/05/2012 15:24:12 - Run 1
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\Ruta\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.75 Gb Total Physical Memory | 2.43 Gb Available Physical Memory | 65.00% Memory free
7.49 Gb Paging File | 5.96 Gb Available in Paging File | 79.52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97.56 Gb Total Space | 23.27 Gb Free Space | 23.85% Space Free | Partition Type: NTFS
Drive D: | 368.10 Gb Total Space | 278.05 Gb Free Space | 75.54% Space Free | Partition Type: NTFS

Computer Name: RUTA-PC | User Name: Ruta | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/02 14:11:09 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Ruta\Desktop\OTL.exe
PRC - [2012/04/30 17:51:15 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/04/30 14:09:18 | 000,097,376 | --S- | M] () -- C:\Users\Ruta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\renpugbr.exe
PRC - [2012/04/04 06:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/03/31 04:38:26 | 000,021,392 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2012/03/31 04:38:14 | 003,521,424 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
PRC - [2011/07/29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/05/15 23:01:44 | 000,478,720 | ---- | M] (Crossrider) -- C:\Program Files (x86)\CrossriderWebApps\Crossrider.exe
PRC - [2010/04/29 16:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010/04/01 10:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2009/07/01 19:54:04 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2009/05/21 09:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
PRC - [2009/05/21 09:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/05/14 15:47:54 | 000,731,840 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
PRC - [2007/03/06 10:35:02 | 000,198,168 | ---- | M] (InterVideo Inc.) -- C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe
PRC - [2005/12/21 21:23:58 | 000,278,528 | ---- | M] (ACD Systems, Ltd.) -- C:\Program Files (x86)\Common Files\ACD Systems\EN\DevDetect.exe


========== Modules (No Company Name) ==========

MOD - [2012/04/30 17:51:15 | 001,952,696 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/04/30 14:09:18 | 000,097,376 | --S- | M] () -- C:\Users\Ruta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\renpugbr.exe
MOD - [2012/04/29 16:11:31 | 000,115,137 | ---- | M] () -- C:\Users\Ruta\AppData\Local\Temp\bd7c47bb-f5c0-417c-a180-ec348d87718a\CliSecureRT.dll
MOD - [2012/04/11 20:32:35 | 018,000,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\caf9fdf2957d955ccb07d837d095eae1\PresentationFramework.ni.dll
MOD - [2012/04/11 20:32:18 | 011,450,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\7a2fecd8284d0c427d16ff278a1e574f\PresentationCore.ni.dll
MOD - [2012/04/11 20:32:15 | 013,197,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\a36af74ac369a8c1f3171cd6fb18f3a6\System.Windows.Forms.ni.dll
MOD - [2012/04/11 20:32:06 | 003,858,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\32a65725ff7d128428e35d8100dad4be\WindowsBase.ni.dll
MOD - [2012/04/11 20:32:04 | 001,665,536 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\64ea1d0193e735b953c94d16d6fd2146\System.Drawing.ni.dll
MOD - [2012/03/31 04:38:26 | 000,021,392 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MOD - [2012/03/07 08:13:33 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\eef171dee81858018c3956485fff7ba7\System.Management.ni.dll
MOD - [2012/03/07 08:11:50 | 000,762,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\4017661cfa4a173b878d7e2a949c3a9e\System.Runtime.Remoting.ni.dll
MOD - [2012/03/07 08:11:41 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\b9942cb07813f553f6d6374dd4541362\System.Xaml.ni.dll
MOD - [2012/03/07 00:57:54 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\1c5b741f270fccb3b527b4fc3a8431f3\PresentationFramework.Aero.ni.dll
MOD - [2012/03/07 00:57:24 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\b7409080f31b0a702281b68c37bac326\System.Core.ni.dll
MOD - [2012/03/07 00:57:21 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\68345d6b57fe33c9a94fe6a72ab5e85e\System.Xml.ni.dll
MOD - [2012/03/07 00:57:17 | 009,091,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\57e066d0b97757dbd26d59302c3d701a\System.ni.dll
MOD - [2012/03/07 00:57:10 | 014,414,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\e5b31f3bb6508df0dc7c20ddc72f3191\mscorlib.ni.dll
MOD - [2012/02/22 21:33:12 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012/02/22 21:33:05 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2011/10/14 21:34:45 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/07/29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/06/17 22:10:14 | 000,258,048 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010/04/27 23:12:18 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/02/02 15:13:10 | 000,048,128 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/07/01 19:54:02 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/05/14 15:54:26 | 000,023,296 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV:64bit: - [2009/05/14 15:47:54 | 000,731,840 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2009/03/03 03:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2012/04/30 17:51:15 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/04/05 11:37:38 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/04/04 06:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/09/14 22:30:00 | 004,373,784 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2010/04/29 16:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/21 09:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2007/03/06 10:35:02 | 000,198,168 | ---- | M] (InterVideo Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe -- (Capture Device Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/19 23:16:46 | 000,035,664 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\MpEngineStore\MpKsl20cd6d97.sys -- (MpKsl20cd6d97)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/06/02 06:47:22 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011/06/02 06:47:22 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV:64bit: - [2011/06/02 06:47:22 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/18 17:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/12/21 06:55:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 12:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/12 16:18:48 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/06/17 22:10:14 | 000,515,584 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010/04/29 16:39:28 | 000,024,664 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2010/04/27 23:46:04 | 006,790,144 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/04/27 22:22:50 | 000,220,672 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/04/08 05:12:02 | 000,124,944 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/02/02 15:13:08 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2010/02/02 15:13:08 | 000,020,984 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcmvwl64.sys -- (BcmVWL)
DRV:64bit: - [2010/02/02 15:13:06 | 003,058,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010/01/12 15:37:34 | 000,325,152 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/12/23 15:14:02 | 000,301,104 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/12/21 16:56:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/11/11 16:11:42 | 000,232,480 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/02 23:26:34 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009/07/02 23:26:34 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/07/02 23:26:34 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009/07/02 23:26:34 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/14 15:49:54 | 000,044,944 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp)
DRV:64bit: - [2009/05/14 15:49:50 | 000,033,608 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\epfwndis.sys -- (Epfwndis)
DRV:64bit: - [2009/05/14 15:49:48 | 000,165,960 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw)
DRV:64bit: - [2009/05/14 15:47:16 | 000,134,024 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2009/05/14 15:41:14 | 000,142,776 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamon.sys -- (eamon)
DRV:64bit: - [2009/05/05 11:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2007/11/15 20:33:58 | 000,528,256 | ---- | M] (Syntek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\StkTMini.sys -- (StkTMini)
DRV - [2011/03/23 02:27:30 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\pfc.sys -- (pfc)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005/01/04 10:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylo....19&affID=17160
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2295149285-1401042247-1921297835-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-2295149285-1401042247-1921297835-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2295149285-1401042247-1921297835-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-2295149285-1401042247-1921297835-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 16 43 05 C6 51 82 CB 01 [binary data]
IE - HKU\S-1-5-21-2295149285-1401042247-1921297835-1000\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found
IE - HKU\S-1-5-21-2295149285-1401042247-1921297835-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2295149285-1401042247-1921297835-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-2295149285-1401042247-1921297835-1000\..\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}: "URL" = http://search.babylo....19&affID=17160
IE - HKU\S-1-5-21-2295149285-1401042247-1921297835-1000\..\SearchScopes\{AB79D3B4-AEDB-428a-B504-BAC00521A1C7}: "URL" = http://www.smartwebs...q={searchTerms}
IE - HKU\S-1-5-21-2295149285-1401042247-1921297835-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2295149285-1401042247-1921297835-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaultthis.engineName: "TV Bar 1.1 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect...nampie7&query="
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.46
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8442
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.126
FF - prefs.js..keyword.URL: "http://search.babylo...affID=17160&q="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/11/04 00:31:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramData\CodecCheck\firefox [2011/11/04 21:26:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/04/30 17:51:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/05/01 16:57:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2012/05/01 17:12:31 | 000,000,000 | ---D | M]

[2010/11/13 21:40:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ruta\AppData\Roaming\Mozilla\Extensions
[2012/05/02 13:11:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ruta\AppData\Roaming\Mozilla\Firefox\Profiles\pgg179el.default\extensions
[2012/05/02 13:11:03 | 000,000,000 | ---D | M] ("I Want This") -- C:\Users\Ruta\AppData\Roaming\Mozilla\Firefox\Profiles\pgg179el.default\extensions\[email protected]
[2011/12/13 22:56:57 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Ruta\AppData\Roaming\Mozilla\Firefox\Profiles\pgg179el.default\extensions\[email protected]
[2012/04/30 09:13:57 | 000,000,000 | ---D | M] ("Inbox Toolbar") -- C:\Users\Ruta\AppData\Roaming\Mozilla\Firefox\Profiles\pgg179el.default\extensions\[email protected]
[2011/04/06 15:27:20 | 000,002,126 | ---- | M] () -- C:\Users\Ruta\AppData\Roaming\Mozilla\Firefox\Profiles\pgg179el.default\searchplugins\GoogleFeed.xml
[2011/12/12 23:49:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/05/01 23:54:27 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/04/30 17:51:15 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2009/11/06 17:37:19 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2009/11/06 17:37:20 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2012/04/30 17:51:14 | 000,001,525 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/04/14 19:03:01 | 000,002,423 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012/02/29 22:12:17 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/04/30 17:51:14 | 000,000,935 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/04/30 17:51:14 | 000,001,166 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/04/30 17:51:15 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
[2012/04/30 17:51:14 | 000,001,121 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Search the web (Babylon) (Enabled)
CHR - default_search_provider: search_url = http://search.babylo....19&affID=17160
CHR - default_search_provider: suggest_url =
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.106\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.106\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.106\pdf.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Ruta\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Skype Click to Call = C:\Users\Ruta\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Ruta\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.126_0\

O1 HOSTS File: ([2011/03/24 14:39:59 | 000,001,851 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 adobe.activate.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 www.adobeereg.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 125.252.224.90
O1 - Hosts: 127.0.0.1 125.252.224.91
O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com
O1 - Hosts: 74.208.10.249 gs.apple.com
O2 - BHO: (I Want This) - {11111111-1111-1111-1111-110011221158} - C:\Program Files (x86)\I Want This\I Want This.dll (215 Apps)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (CrossRider) - {A876E312-7D08-401a-B7A6-FAFC5DC2F292} - C:\Program Files (x86)\CrossriderWebApps\Crossrider.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [Device Detector] DevDetect.exe -autorun File not found
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [GoogleDownload] C:\Users\Ruta\AppData\Roaming\GoogleDownload.exe File not found
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\xxxx.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2295149285-1401042247-1921297835-1000..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-2295149285-1401042247-1921297835-1000..\Run: [CE8SIIFGSU] C:\Users\Ruta\AppData\Local\Temp\Jp1.exe File not found
O4 - HKU\S-1-5-21-2295149285-1401042247-1921297835-1000..\Run: [CrossRiderPlugin] C:\Program Files (x86)\CrossriderWebApps\Crossrider.exe (Crossrider)
O4 - HKU\S-1-5-21-2295149285-1401042247-1921297835-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-2295149285-1401042247-1921297835-1000..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKU\S-1-5-21-2295149285-1401042247-1921297835-1000..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKU\S-1-5-21-2295149285-1401042247-1921297835-1000..\Run: [Microsoft® Windows Update] C:\Users\Ruta\M-1-52-5782-8752-5245\winsvc.exe File not found
O4 - HKU\S-1-5-21-2295149285-1401042247-1921297835-1000..\Run: [RenPugbr] C:\Users\Ruta\AppData\Local\jbvdkhdd\renpugbr.exe ()
O4 - HKU\S-1-5-21-2295149285-1401042247-1921297835-1000..\Run: [RGSC] C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Ruta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\renpugbr.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1FB42339-0E1D-429B-97E7-FDE3AD57E03F}: DhcpNameServer = 194.168.4.100 194.168.8.100
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\inbox - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\Program Files (x86)\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/02 15:27:38 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Ruta\Desktop\aswMBR.exe
[2012/05/02 14:10:06 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Ruta\Desktop\OTL.exe
[2012/05/02 12:43:52 | 000,000,000 | ---D | C] -- C:\Users\Ruta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
[2012/05/01 23:54:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/05/01 23:54:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012/05/01 23:28:44 | 000,000,000 | ---D | C] -- C:\Users\Ruta\AppData\Roaming\ESET
[2012/05/01 17:18:30 | 000,000,000 | ---D | C] -- C:\Users\Ruta\AppData\Roaming\Go PDF Reader
[2012/05/01 17:18:13 | 000,000,000 | ---D | C] -- C:\Users\Ruta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Go PDF Reader
[2012/05/01 17:18:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Go PDF Reader
[2012/05/01 17:17:57 | 000,000,000 | ---D | C] -- C:\Users\Ruta\AppData\Local\I Want This
[2012/05/01 17:17:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\I Want This
[2012/05/01 17:12:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
[2012/05/01 17:05:52 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/05/01 16:31:45 | 000,000,000 | ---D | C] -- C:\Users\Ruta\Desktop\EC365
[2012/04/30 17:51:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/04/30 17:51:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/04/30 14:09:25 | 000,000,000 | ---D | C] -- C:\Users\Ruta\AppData\Local\jbvdkhdd
[2012/04/29 16:11:20 | 000,000,000 | ---D | C] -- C:\Users\Ruta\AppData\Local\Samsung
[2012/04/29 16:11:09 | 000,000,000 | ---D | C] -- C:\Users\Ruta\AppData\Roaming\Samsung
[2012/04/29 16:11:00 | 000,000,000 | ---D | C] -- C:\Users\Ruta\Documents\samsung
[2012/04/29 16:08:39 | 001,917,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WdfCoInstaller01005.dll
[2012/04/29 16:08:39 | 001,917,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfCoInstaller01005.dll
[2012/04/29 16:08:39 | 000,177,640 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadmdm.sys
[2012/04/29 16:08:39 | 000,157,672 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadbus.sys
[2012/04/29 16:08:39 | 000,036,328 | ---- | C] (Google Inc) -- C:\Windows\SysNative\drivers\ssadadb.sys
[2012/04/29 16:08:39 | 000,016,872 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadmdfl.sys
[2012/04/29 16:08:39 | 000,013,800 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadwhnt.sys
[2012/04/29 16:08:39 | 000,013,800 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadwh.sys
[2012/04/29 16:08:39 | 000,013,288 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadcmnt.sys
[2012/04/29 16:08:39 | 000,013,288 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadcm.sys
[2012/04/29 16:06:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
[2012/04/29 16:06:53 | 004,659,712 | ---- | C] (Dmitry Streblechenko) -- C:\Windows\SysWow64\Redemption.dll
[2012/04/29 16:06:38 | 000,821,824 | ---- | C] (Devguru Co., Ltd.) -- C:\Windows\SysWow64\dgderapi.dll
[2012/04/29 16:06:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MarkAny
[2012/04/29 16:06:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
[2012/04/29 16:06:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Samsung
[2012/04/21 00:25:35 | 000,000,000 | ---D | C] -- C:\Users\Ruta\AppData\Roaming\AIMP3
[2012/04/14 22:07:45 | 000,000,000 | --SD | C] -- C:\Users\Ruta\Documents\My Data Sources
[2012/04/11 20:27:19 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/04/11 20:27:19 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/04/11 20:27:18 | 002,311,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/04/11 20:27:18 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/04/11 20:27:18 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/04/11 20:27:18 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/04/11 20:27:18 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/04/11 20:27:17 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/04/11 20:27:17 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/04/11 20:27:16 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/04/11 20:27:16 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/04/11 20:26:24 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/04/11 20:26:22 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/04/11 20:26:21 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/04/11 20:23:12 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2012/04/11 20:23:12 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
[2012/04/11 20:23:11 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll

========== Files - Modified Within 30 Days ==========

[2012/05/02 15:28:23 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Ruta\Desktop\aswMBR.exe
[2012/05/02 15:25:04 | 000,014,416 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/02 15:25:04 | 000,014,416 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/02 15:21:37 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/02 15:19:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/02 15:19:45 | 3016,695,808 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/02 15:00:26 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/02 14:11:09 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Ruta\Desktop\OTL.exe
[2012/05/01 23:54:06 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/04/30 14:09:18 | 000,097,376 | --S- | M] () -- C:\Users\Ruta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\renpugbr.exe
[2012/04/30 14:09:18 | 000,097,376 | ---- | M] () -- C:\Users\Ruta\0.3670661442765544.exe
[2012/04/29 16:41:37 | 000,628,874 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/04/29 16:41:37 | 000,111,026 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/04/29 16:41:36 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/04/29 16:40:19 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ssadadb_01005.Wdf
[2012/04/29 16:10:48 | 000,001,917 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies.lnk
[2012/04/29 16:06:59 | 000,001,941 | ---- | M] () -- C:\Users\Ruta\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk
[2012/04/25 21:50:22 | 000,007,680 | -HS- | M] () -- C:\Users\Ruta\Documents\Folder.jpg
[2012/04/25 21:50:22 | 000,007,680 | -HS- | M] () -- C:\Users\Ruta\Documents\AlbumArt_{B908480A-E38F-4060-A267-E5228A61CAB9}_Large.jpg
[2012/04/25 21:50:22 | 000,002,151 | -HS- | M] () -- C:\Users\Ruta\Documents\AlbumArtSmall.jpg
[2012/04/25 21:50:22 | 000,002,151 | -HS- | M] () -- C:\Users\Ruta\Documents\AlbumArt_{B908480A-E38F-4060-A267-E5228A61CAB9}_Small.jpg
[2012/04/25 21:50:18 | 000,010,596 | -HS- | M] () -- C:\Users\Ruta\Documents\AlbumArt_{28BC196F-E288-4646-8B0E-0662F58D8E51}_Large.jpg
[2012/04/25 21:50:18 | 000,002,618 | -HS- | M] () -- C:\Users\Ruta\Documents\AlbumArt_{28BC196F-E288-4646-8B0E-0662F58D8E51}_Small.jpg
[2012/04/21 00:25:39 | 000,000,869 | ---- | M] () -- C:\Users\Public\Desktop\AIMP3.lnk
[2012/04/20 22:45:41 | 000,055,357 | ---- | M] () -- C:\Users\Ruta\Documents\Judith Beheading Holofernes Michelangelo Merisi da Caravaggio.jpg
[2012/04/20 22:42:36 | 000,062,894 | ---- | M] () -- C:\Users\Ruta\Documents\Narcissus Caravaggio.jpg
[2012/04/20 00:32:11 | 000,192,179 | ---- | M] () -- C:\Users\Ruta\Documents\Leonardo,_san_girolamo.jpg
[2012/04/20 00:27:47 | 001,627,616 | ---- | M] () -- C:\Users\Ruta\Documents\Melencolia_I_(Durero).jpg
[2012/04/20 00:27:23 | 000,302,427 | ---- | M] () -- C:\Users\Ruta\Documents\Duerer_-_Ritter,_Tod_und_Teufel_(Der_Reuther).jpg
[2012/04/20 00:24:15 | 000,116,517 | ---- | M] () -- C:\Users\Ruta\Documents\Primavera_05.jpg
[2012/04/15 21:50:48 | 002,296,198 | ---- | M] () -- C:\Users\Ruta\2_for_1_entry_voucher.pdf
[2012/04/06 17:14:19 | 000,037,661 | ---- | M] () -- C:\Users\Ruta\Documents\beautiful-calligraphy-font.jpg
[2012/04/06 16:50:14 | 000,000,653 | ---- | M] () -- C:\Users\Ruta\Desktop\EC831 - Shortcut.lnk
[2012/04/06 15:59:53 | 000,967,214 | ---- | M] () -- C:\Users\Ruta\BP.jpg
[2012/04/06 15:46:47 | 000,977,075 | ---- | M] () -- C:\Users\Ruta\JK.jpg
[2012/04/06 14:13:26 | 000,692,779 | ---- | M] () -- C:\Users\Ruta\Documents\Wolf_Fight_by_nikkiburr.jpg
[2012/04/05 18:45:54 | 007,763,394 | ---- | M] () -- C:\Users\Ruta\Scanned at 2012.04.04 20-03.bmp
[2012/04/05 18:45:53 | 007,763,394 | ---- | M] () -- C:\Users\Ruta\Scanned at 2012.04.04 20-04.bmp

========== Files Created - No Company Name ==========

[2012/05/01 23:54:06 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/04/30 14:09:23 | 000,097,376 | --S- | C] () -- C:\Users\Ruta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\renpugbr.exe
[2012/04/30 14:09:17 | 000,097,376 | ---- | C] () -- C:\Users\Ruta\0.3670661442765544.exe
[2012/04/29 16:40:19 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ssadadb_01005.Wdf
[2012/04/29 16:10:48 | 000,001,917 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Kies.lnk
[2012/04/29 16:06:59 | 000,001,941 | ---- | C] () -- C:\Users\Ruta\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk
[2012/04/25 21:50:22 | 000,007,680 | -HS- | C] () -- C:\Users\Ruta\Documents\AlbumArt_{B908480A-E38F-4060-A267-E5228A61CAB9}_Large.jpg
[2012/04/25 21:50:22 | 000,002,151 | -HS- | C] () -- C:\Users\Ruta\Documents\AlbumArt_{B908480A-E38F-4060-A267-E5228A61CAB9}_Small.jpg
[2012/04/25 21:50:18 | 000,010,596 | -HS- | C] () -- C:\Users\Ruta\Documents\AlbumArt_{28BC196F-E288-4646-8B0E-0662F58D8E51}_Large.jpg
[2012/04/25 21:50:18 | 000,002,618 | -HS- | C] () -- C:\Users\Ruta\Documents\AlbumArt_{28BC196F-E288-4646-8B0E-0662F58D8E51}_Small.jpg
[2012/04/25 21:50:12 | 000,013,663 | -HS- | C] () -- C:\Users\Ruta\Documents\AlbumArt_{9009044C-20AA-4675-BAB8-4C1AD4049288}_Large.jpg
[2012/04/25 21:50:11 | 000,002,763 | -HS- | C] () -- C:\Users\Ruta\Documents\AlbumArt_{9009044C-20AA-4675-BAB8-4C1AD4049288}_Small.jpg
[2012/04/24 23:14:40 | 003,919,693 | ---- | C] () -- C:\Users\Ruta\Documents\10 Chemical Wedding.mp3
[2012/04/24 23:14:31 | 004,779,964 | ---- | C] () -- C:\Users\Ruta\Documents\04 As Above So Below.mp3
[2012/04/24 23:14:20 | 007,188,632 | ---- | C] () -- C:\Users\Ruta\Documents\[Sundown] 02 Design 19.mp3
[2012/04/21 00:25:39 | 000,000,869 | ---- | C] () -- C:\Users\Public\Desktop\AIMP3.lnk
[2012/04/20 22:45:39 | 000,055,357 | ---- | C] () -- C:\Users\Ruta\Documents\Judith Beheading Holofernes Michelangelo Merisi da Caravaggio.jpg
[2012/04/20 22:42:34 | 000,062,894 | ---- | C] () -- C:\Users\Ruta\Documents\Narcissus Caravaggio.jpg
[2012/04/20 00:32:10 | 000,192,179 | ---- | C] () -- C:\Users\Ruta\Documents\Leonardo,_san_girolamo.jpg
[2012/04/20 00:27:46 | 001,627,616 | ---- | C] () -- C:\Users\Ruta\Documents\Melencolia_I_(Durero).jpg
[2012/04/20 00:27:20 | 000,302,427 | ---- | C] () -- C:\Users\Ruta\Documents\Duerer_-_Ritter,_Tod_und_Teufel_(Der_Reuther).jpg
[2012/04/20 00:24:12 | 000,116,517 | ---- | C] () -- C:\Users\Ruta\Documents\Primavera_05.jpg
[2012/04/15 21:50:48 | 002,296,198 | ---- | C] () -- C:\Users\Ruta\2_for_1_entry_voucher.pdf
[2012/04/06 17:14:17 | 000,037,661 | ---- | C] () -- C:\Users\Ruta\Documents\beautiful-calligraphy-font.jpg
[2012/04/06 16:50:17 | 000,000,653 | ---- | C] () -- C:\Users\Ruta\Desktop\EC831 - Shortcut.lnk
[2012/04/06 15:59:52 | 000,967,214 | ---- | C] () -- C:\Users\Ruta\BP.jpg
[2012/04/06 15:46:47 | 000,977,075 | ---- | C] () -- C:\Users\Ruta\JK.jpg
[2012/04/06 14:13:26 | 000,692,779 | ---- | C] () -- C:\Users\Ruta\Documents\Wolf_Fight_by_nikkiburr.jpg
[2012/04/05 18:44:25 | 007,763,394 | ---- | C] () -- C:\Users\Ruta\Scanned at 2012.04.04 20-04.bmp
[2012/04/05 18:44:25 | 007,763,394 | ---- | C] () -- C:\Users\Ruta\Scanned at 2012.04.04 20-03.bmp
[2012/03/28 22:11:08 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012/03/28 22:11:06 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012/03/28 22:11:06 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012/03/28 22:11:06 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012/03/28 22:11:06 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011/10/11 02:51:24 | 000,153,600 | ---- | C] () -- C:\Windows\SysWow64\WS_ContextMenu.dll
[2011/04/14 19:03:05 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll
[2011/04/01 20:12:16 | 000,000,132 | ---- | C] () -- C:\Users\Ruta\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/03/20 17:39:15 | 000,000,132 | ---- | C] () -- C:\Users\Ruta\AppData\Roaming\Adobe IllExport Filter CS5 Prefs
[2011/02/19 20:24:46 | 000,007,605 | ---- | C] () -- C:\Users\Ruta\AppData\Local\Resmon.ResmonCfg
[2011/02/15 19:34:01 | 000,000,600 | ---- | C] () -- C:\Users\Ruta\AppData\Roaming\winscp.rnd
[2010/11/13 19:52:23 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/11/12 10:20:28 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010/11/12 10:20:28 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010/11/12 10:20:27 | 000,790,528 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010/11/12 10:20:27 | 000,134,144 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/11/12 10:20:27 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010/11/12 10:09:17 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/11/12 09:26:17 | 000,002,093 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== LOP Check ==========

[2011/04/12 21:23:19 | 000,000,000 | ---D | M] -- C:\Users\Ruta\AppData\Roaming\ACD Systems
[2012/05/01 18:00:50 | 000,000,000 | ---D | M] -- C:\Users\Ruta\AppData\Roaming\AIMP3
[2010/11/20 19:59:29 | 000,000,000 | ---D | M] -- C:\Users\Ruta\AppData\Roaming\Canneverbe Limited
[2011/04/13 14:40:15 | 000,000,000 | ---D | M] -- C:\Users\Ruta\AppData\Roaming\Canon
[2010/11/12 16:28:26 | 000,000,000 | ---D | M] -- C:\Users\Ruta\AppData\Roaming\DAEMON Tools Lite
[2012/05/01 23:28:44 | 000,000,000 | ---D | M] -- C:\Users\Ruta\AppData\Roaming\ESET
[2010/11/30 21:40:03 | 000,000,000 | ---D | M] -- C:\Users\Ruta\AppData\Roaming\GetRightToGo
[2011/07/02 00:03:54 | 000,000,000 | ---D | M] -- C:\Users\Ruta\AppData\Roaming\go
[2012/05/01 17:18:42 | 000,000,000 | ---D | M] -- C:\Users\Ruta\AppData\Roaming\Go PDF Reader
[2011/05/06 19:53:53 | 000,000,000 | ---D | M] -- C:\Users\Ruta\AppData\Roaming\GrabPro
[2010/12/27 21:40:50 | 000,000,000 | ---D | M] -- C:\Users\Ruta\AppData\Roaming\led
[2011/05/08 18:12:42 | 000,000,000 | ---D | M] -- C:\Users\Ruta\AppData\Roaming\Orbit
[2011/05/06 19:53:57 | 000,000,000 | ---D | M] -- C:\Users\Ruta\AppData\Roaming\ProgSense
[2011/10/11 00:20:01 | 000,000,000 | ---D | M] -- C:\Users\Ruta\AppData\Roaming\Publish Providers
[2012/04/29 16:11:09 | 000,000,000 | ---D | M] -- C:\Users\Ruta\AppData\Roaming\Samsung
[2011/04/14 19:41:54 | 000,000,000 | ---D | M] -- C:\Users\Ruta\AppData\Roaming\Smart PDF Converter
[2011/10/11 00:19:53 | 000,000,000 | ---D | M] -- C:\Users\Ruta\AppData\Roaming\Sony
[2011/03/20 02:44:43 | 000,000,000 | ---D | M] -- C:\Users\Ruta\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/11/24 22:36:48 | 000,000,000 | ---D | M] -- C:\Users\Ruta\AppData\Roaming\TeamViewer
[2011/03/31 19:37:58 | 000,000,000 | ---D | M] -- C:\Users\Ruta\AppData\Roaming\Ulead Systems
[2012/05/02 15:18:43 | 000,000,000 | ---D | M] -- C:\Users\Ruta\AppData\Roaming\uTorrent
[2012/03/09 11:22:34 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >
[2010/12/02 18:31:28 | 000,000,286 | ---- | M] () -- C:\FLVDirect.exe

< MD5 for: EXPLORER.EXE >
[2011/02/26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: SVCHOST.EXE >
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s >
"DisplayName" = @%SystemRoot%\system32\drivers\netbt.sys,-2
"Group" = PNP_TDI
"ImagePath" = System32\DRIVERS\netbt.sys
"Description" = @%SystemRoot%\system32\drivers\netbt.sys,-1
"ErrorControl" = 1
"Start" = 1
"Type" = 1
"DependOnService" = Tdxtcpip [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Linkage]
"OtherDependencies" = Tcpip [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters]
"BcastNameQueryCount" = 3
"BcastQueryTimeout" = 750
"CacheTimeout" = 600000
"EnableLMHOSTS" = 1
"NameServerPort" = 137
"NameSrvQueryCount" = 3
"NameSrvQueryTimeout" = 1500
"NbProvider" = _tcp
"SessionKeepAlive" = 3600000
"Size/Small/Medium/Large" = 1
"TransportBindName" = \Device\
"UseNewSmb" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{1FB42339-0E1D-429B-97E7-FDE3AD57E03F}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{598F39ED-69D7-4EB7-8E19-F1E9D533C530}]
"NameServerList" = [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{72FC67C9-3D33-462A-A6EF-D779013352FC}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{8F798739-6A16-48DB-A03A-CCD623F5C9FD}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{B9EAC2C6-93BA-45A7-9E06-42E95F929ED8}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{CFF0EC10-AD50-435B-A2FA-5139A89FBD95}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Enum]
"0" = Root\LEGACY_NETBT\0000
"Count" = 1
"NextInstance" = 1

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s >
"Type" = 2
"Start" = 1
"ErrorControl" = 1
"Tag" = 2
"ImagePath" = system32\DRIVERS\netbios.sys
"DisplayName" = NetBIOS Interface
"Group" = NetBIOSGroup
"Description" = NetBIOS Interface
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage]
"LanaMap" = 01 0C 01 09 01 05 01 03 01 01 01 07 01 0F 01 0E 01 00 01 0D 01 0B 01 0A 01 06 01 04 01 02 [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters]
"MaxLana" = 15
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Enum]
"0" = Root\LEGACY_NETBIOS\0000
"Count" = 1
"NextInstance" = 1

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/04/30 17:51:14 | 000,866,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/04/30 17:51:14 | 000,866,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/04/30 17:51:14 | 000,866,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2012/04/30 17:51:15 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2012/04/30 17:51:15 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2012/04/30 17:51:15 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --show-icons [2012/04/12 08:37:36 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --hide-icons [2012/04/12 08:37:36 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/04/12 08:37:36 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [2012/04/12 08:37:36 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/05/29 12:23:38 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/05/29 12:23:38 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/05/29 12:23:38 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2011/05/29 12:23:39 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2011/05/29 12:23:39 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Safari\Safari.exe" /reinstall [2011/09/27 14:47:02 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Safari\Safari.exe" /hideicons [2011/09/27 14:47:02 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Safari\Safari.exe" /showicons [2011/09/27 14:47:02 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files (x86)\Safari\Safari.exe" [2011/09/27 14:47:02 | 002,388,848 | ---- | M] (Apple Inc.)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2012/04/30 17:51:14 | 000,866,992 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2012/04/30 17:51:14 | 000,866,992 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2012/04/30 17:51:14 | 000,866,992 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE [2012/04/30 17:51:15 | 000,924,600 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES [2012/04/30 17:51:15 | 000,924,600 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE [2012/04/30 17:51:15 | 000,924,600 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2012/04/12 08:37:36 | 001,224,176 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2012/04/12 08:37:36 | 001,224,176 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2012/04/12 08:37:36 | 001,224,176 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2012/04/12 08:37:36 | 001,224,176 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2011/05/29 12:23:38 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2011/05/29 12:23:38 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2011/05/29 12:23:38 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2011/05/29 12:23:39 | 000,748,336 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2011/05/29 12:23:39 | 000,748,336 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\SAFARI\SAFARI.EXE" /REINSTALL [2011/09/27 14:47:02 | 002,388,848 | ---- | M] (Apple Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\SAFARI\SAFARI.EXE" /HIDEICONS [2011/09/27 14:47:02 | 002,388,848 | ---- | M] (Apple Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\SAFARI\SAFARI.EXE" /SHOWICONS [2011/09/27 14:47:02 | 002,388,848 | ---- | M] (Apple Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\PROGRAM FILES (X86)\SAFARI\SAFARI.EXE" [2011/09/27 14:47:02 | 002,388,848 | ---- | M] (Apple Inc.)

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< C:\Windows\assembly\tmp\U\*.* /s >

< C:\Program Files\Common Files\ComObjects\*.* /s >

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: WDC WD5000BEVT-75A0RT0 ATA Device
Partitions: 3
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 0.00GB
Starting Offset: 1048576
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 98.00GB
Starting Offset: 105906176
Hidden sectors: 0


DeviceID: Disk #0, Partition #2
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 368.00GB
Starting Offset: 104858648576
Hidden sectors: 0


< type c:\diskreport.txt /c >
Microsoft DiskPart version 6.1.7601
Copyright © 1999-2008 Microsoft Corporation.
On computer: RUTA-PC
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 E DVD-ROM 0 B No Media
Volume 1 G DVD-ROM 0 B No Media
Volume 2 System Rese NTFS Partition 100 MB Healthy System
C:\ldrscan\
Volume 3 C NTFS Partition 97 GB Healthy Boot
Volume 4 D Archyviukas NTFS Partition 368 GB Healthy

========== Alternate Data Streams ==========

@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:888AFB86

< End of report >

2. extras.txt log

OTL Extras logfile created on: 02/05/2012 15:24:12 - Run 1
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\Ruta\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.75 Gb Total Physical Memory | 2.43 Gb Available Physical Memory | 65.00% Memory free
7.49 Gb Paging File | 5.96 Gb Available in Paging File | 79.52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97.56 Gb Total Space | 23.27 Gb Free Space | 23.85% Space Free | Partition Type: NTFS
Drive D: | 368.10 Gb Total Space | 278.05 Gb Free Space | 75.54% Space Free | Partition Type: NTFS

Computer Name: RUTA-PC | User Name: Ruta | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = CHM] -- C:\Program Files (x86)\Go PDF Reader\GoPDFReader.exe (Download Manager Ltd.)
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = CHM] -- C:\Program Files (x86)\Go PDF Reader\GoPDFReader.exe (Download Manager Ltd.)
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-2295149285-1401042247-1921297835-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDBrowse] -- "C:\Program Files (x86)\ACD Systems\ACDSee\9.0\ACDSeeQV.exe" "%1" (ACD Systems Ltd.)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDBrowse] -- "C:\Program Files (x86)\ACD Systems\ACDSee\9.0\ACDSeeQV.exe" "%1" (ACD Systems Ltd.)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{11AFA8D2-ECD3-42A6-B1BD-017AA277D05A}" = rport=2869 | protocol=6 | dir=out | app=system |
"{16B1ED28-077C-4CC4-8255-79EF22D7A5CD}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4EF2CA56-0B7A-456C-945C-1640EA87AAC0}" = lport=2869 | protocol=6 | dir=in | app=system |
"{512CF6D4-254D-4B26-8AF2-919812A89730}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5522E9FE-F38C-4BA0-84BB-33CD5F6EBD23}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{56F9B07D-076D-450C-8C99-FFA7FF91C019}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{57DB0D87-4C3E-4DEB-B74E-35FA05172155}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{6E7EB158-9460-4D05-8460-C2C3D703733B}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{808F3ABA-FCB1-4BE3-98C4-12FF7D1D0906}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{82956268-8583-4202-93A1-3CE4AB070715}" = lport=10243 | protocol=6 | dir=in | app=system |
"{890E63C3-C6CD-4C5D-89E1-55C3A8C76319}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8DE5BC5E-210F-402A-9E3F-AD32B034FECD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{973D1096-681C-450C-B69B-0A4EFDEE3049}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9F166F82-04AE-439C-91AC-0C27362557CF}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{A2FC727E-6DBF-4F00-AA4C-6D8500CE985F}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{AAA9EBD0-E8C2-401C-B350-4C81F9F5C044}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BCA01F73-BAF2-492C-A550-D0F5C965F8BA}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{C41FCF65-728E-4B9F-8844-CBCCE86FF5F3}" = rport=10243 | protocol=6 | dir=out | app=system |
"{CAFA9B90-19CC-495D-8A03-D3DB001B1547}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{CC68FCF5-631D-46AB-8240-20647049FB47}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CDCCEAEA-D1C5-437C-95B4-26C391646532}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E378F085-DEE2-4936-ADF9-BE87761C7D75}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E394694D-5975-4C92-98CF-7A8BA23BED02}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{EBD58E1B-87BC-4A5D-B3FE-C20179D5E3EE}" = lport=2869 | protocol=6 | dir=in | app=system |
"{ED0C0303-CE46-414F-95F4-917B4CE5A06F}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{F922F422-0388-4E8A-A63E-2B6D61ED02F9}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{FAFEB340-2F31-41FF-9DD2-A54C98C46F4C}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F83C194-0700-4633-8DC3-7F80EB71F83A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{22540A07-ACE4-46B8-91DE-E6BE2E85FEFA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{3A70AE33-47EC-4FB1-8D4D-3BEB5914D5FF}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3B80DB6C-2E8F-4074-9487-3484C37F7AA6}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{45E5D7F3-6E2E-4EB8-885B-A73CA4B86F87}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{4842C569-698A-4B09-84B3-1D3757435A80}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{48F9C798-7D13-4F81-88EB-9522428C7F71}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4CD3B3B8-0BDD-4430-BA39-2A52F89FCBFF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4E8544FD-9B1A-4415-8E72-430FFEC71D6F}" = protocol=17 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |
"{4F4DA1ED-15CC-4371-A029-850F1A6B1749}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5203E605-1E31-4EB3-8D1B-883B38EB1D16}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{5AFF3CEF-4128-4B6C-A731-1F767588D8AF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7082F1DE-4CE3-419B-BD98-1DBD7F247FDC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{834C9707-1BC3-484D-9771-C0E2097AFE5A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8B6E763B-A7FE-4616-B128-B691FF8A3196}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8E87A38A-F64A-4A49-A049-FEA17C78C312}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{935B4341-619A-4FBD-BAFD-51BF2072998B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{999AC488-143D-424F-B048-3E844B1FAAFD}" = protocol=6 | dir=out | app=system |
"{9A714E4F-2E8A-4BA8-926A-F1D7C0DF917E}" = protocol=6 | dir=in | app=c:\users\ruta\downloads\pdfconvertersetup.exe |
"{A0535AED-0D5F-4091-9468-22C533BAE942}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A8C53E31-E7D9-4FD4-B50F-A826765FDDC3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A945F095-D713-4A04-AB57-B2E414553146}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AF0A3655-1BE0-4A84-BA23-169678498729}" = protocol=58 | dir=in | [email protected],-148 |
"{B452C0F0-B016-4012-AF04-E03F4F87CADA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{BC4B7C9D-9B42-4158-8662-A5455266A03B}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{C416444F-7633-4CFA-9E13-FEADE47D35E7}" = protocol=17 | dir=in | app=c:\users\ruta\downloads\pdfconvertersetup.exe |
"{D0B33B62-3CA2-4ADE-9FB8-BEFF4239EDD9}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{DACF1C18-E96A-4C5E-8185-A78972019372}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{DB444DE8-3E2D-4C08-A027-8395613AFE0A}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{E6344C28-8C67-4907-9819-52A7CE87C4DF}" = protocol=6 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |
"{EEA19A8C-558F-426E-BD60-23548B87A350}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{FA5BCF0E-E3D7-4F97-AC26-182DCBA58279}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FF9AE16E-239B-4DEA-A3A7-06965FE89430}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{FFC756A7-8F71-40EB-8B60-0D06C9B1AFF9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"TCP Query User{22AE2A01-CEC3-4B33-8725-531ACA38E732}C:\program files (x86)\nanosync\nanosync.exe" = protocol=6 | dir=in | app=c:\program files (x86)\nanosync\nanosync.exe |
"TCP Query User{2C7CCB9C-14AA-47FA-B2BC-698C42DC469F}C:\windows\syswow64\svchost.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\svchost.exe |
"TCP Query User{32B62AC5-349D-4CFD-B4E3-E146FCF374CC}C:\program files (x86)\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |
"TCP Query User{3675AE2C-22A0-4BF9-ABF8-ACEA31F50A50}C:\program files (x86)\icamsource\icamsource.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icamsource\icamsource.exe |
"TCP Query User{38565DDC-0004-4818-B6C8-62CF2279E74E}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"TCP Query User{3E99F884-5146-4AAB-8367-470C24CF0B27}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"TCP Query User{4D82D095-BDC3-45B7-9A65-22DD0A325C82}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{5FE7D696-CF3E-4F38-B312-1AC374E0F27E}C:\program files\foxit software\pdf editor\pdfedit.exe" = protocol=6 | dir=in | app=c:\program files\foxit software\pdf editor\pdfedit.exe |
"TCP Query User{735441AF-1226-4C35-9CA8-D9826548CF54}C:\users\ruta\downloads\tinyumbrella-4.30.04.exe" = protocol=6 | dir=in | app=c:\users\ruta\downloads\tinyumbrella-4.30.04.exe |
"TCP Query User{76B6467E-AD80-40B8-9053-DDF7C17A5DAB}C:\program files\beatpack\beatpack.exe" = protocol=6 | dir=in | app=c:\program files\beatpack\beatpack.exe |
"TCP Query User{7A6B1B84-28E9-463E-B2EE-44340568F38F}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"TCP Query User{8BC50DD1-23CC-4FF6-8248-EADCD4AA35E6}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"TCP Query User{97AC7093-1482-4A31-9CBC-4877099CC62D}C:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"TCP Query User{AB644F4A-BDE3-4356-B655-21110A15117E}C:\program files (x86)\cue.play.setlist\cue.play.setlist.exe" = protocol=6 | dir=in | app=c:\program files (x86)\cue.play.setlist\cue.play.setlist.exe |
"UDP Query User{304A07BA-AE6D-45E4-8873-6FF7F560608D}C:\program files (x86)\icamsource\icamsource.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icamsource\icamsource.exe |
"UDP Query User{373DFE63-747B-4BF4-A90E-7DC79AAA16DA}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"UDP Query User{546C0DDB-FC9F-4E0D-9472-3145A18AB0F4}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"UDP Query User{622E8767-0FC6-48AE-971B-5F709F083187}C:\program files\foxit software\pdf editor\pdfedit.exe" = protocol=17 | dir=in | app=c:\program files\foxit software\pdf editor\pdfedit.exe |
"UDP Query User{63F2DE5E-240A-4C64-9AD0-EB9B8B85B0C9}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"UDP Query User{8351B7FB-97AA-4DC6-84A8-6DE8C418D8FB}C:\users\ruta\downloads\tinyumbrella-4.30.04.exe" = protocol=17 | dir=in | app=c:\users\ruta\downloads\tinyumbrella-4.30.04.exe |
"UDP Query User{92E2DF96-43C3-4634-A7A8-56A51174E244}C:\program files (x86)\nanosync\nanosync.exe" = protocol=17 | dir=in | app=c:\program files (x86)\nanosync\nanosync.exe |
"UDP Query User{B4145FEE-9620-41A6-96B5-D3D2593C81F3}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{B82063B5-0B7B-4E74-BDF4-AE523E6BD495}C:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"UDP Query User{BE6C73EA-96BC-48C6-AF63-355E21B78E9D}C:\program files (x86)\cue.play.setlist\cue.play.setlist.exe" = protocol=17 | dir=in | app=c:\program files (x86)\cue.play.setlist\cue.play.setlist.exe |
"UDP Query User{CADD4FBC-D5D9-49C5-B963-D4C85BBB58FB}C:\program files (x86)\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |
"UDP Query User{CC7875D2-40A1-4525-B770-EE46AF110190}C:\windows\syswow64\svchost.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\svchost.exe |
"UDP Query User{CC9D8C6C-B637-413F-B16B-0B6C0186D968}C:\program files\beatpack\beatpack.exe" = protocol=17 | dir=in | app=c:\program files\beatpack\beatpack.exe |
"UDP Query User{F52638A6-1B29-445D-9E86-307BAF22362A}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0653A24F-0105-4E6C-4DE1-2811A7BF02F4}" = ATI Catalyst Install Manager
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1CA13C06-309A-5F5A-3A3F-FDC8582698BD}" = ccc-utility64
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{56F26668-13DA-497A-883F-61434A10CBAB}" = MobileMe Control Panel
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6378ABCE-F816-4330-A7B1-FBEBCD50B746}" = ESET Smart Security
"{650AF771-456D-418F-BFC7-F6FFC9D0235C}" = HP Deskjet 3050 J610 series Basic Device Software
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8F473675-D702-45F9-8EBC-342B40C17BF5}" = Apple Mobile Device Support
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FEB2C4AA-661E-483F-9626-21A8ACFD10F2}" = HP Deskjet 3050 J610 series Product Improvement Study
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"DW WLAN Card Utility" = DW WLAN Card Utility
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{025B67D0-257E-29E3-72D4-674DF6FE7367}" = CCC Help Greek
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F31532A-16F1-4812-8B7B-D321A4CE91A6}" = Sony Vegas Pro 8.0
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{16CD4E04-BBD5-47DC-978D-C3A65B5DD00C}" = Motorola Phone Tools
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{201AE255-3F42-9146-A8CE-A19EBC366D75}" = CCC Help Turkish
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java™ 6 Update 26
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2C6D03AC-02ED-4417-9F40-6A0CB55CEF2B}" = ACDSee Photo Editor
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C873221-12B9-475D-8DCB-62D0B2179AF9}" = USB2.0 ATV
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A21A06E-05A8-327E-0B24-F06575F9B6B0}" = CCC Help Russian
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}" = InterVideo DeviceService
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{593AFFA4-D08E-4272-BABB-420949D32A10}" = QUICKfind
"{59E4543A-D49D-4489-B445-473D763C79AF}" = Microsoft Games for Windows - LIVE Redistributable
"{5CF2B6B9-AFDF-A0A6-CF1F-6ED89643506B}" = CCC Help Chinese Traditional
"{5E453519-60F6-4A4D-A0BF-16663F9B3536}" = Safari
"{612AD33D-9824-4E87-8396-92374E91C4BB}_is1" = Inbox Toolbar
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{636B2BAF-8F5E-793D-4B5F-80176D01556C}" = CCC Help Finnish
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{64F3B568-7134-95E4-9183-C1AED7CCD6E9}" = Catalyst Control Center Graphics Full Existing
"{65C0025A-2CDE-43C5-82D0-C7A56EF0DB39}" = Bing Bar Platform
"{6630F1F3-2B8A-098F-8BE8-10C8BFA4F6A9}" = Catalyst Control Center Graphics Light
"{667FF3E9-6EF0-0769-AB33-864C9ABCF925}" = CCC Help Dutch
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A4CADBF-3211-5AAA-92E2-C49B39ADB0A7}" = ccc-core-static
"{6F8A91CE-2F11-D176-7A8F-69E9ED4B44FE}" = CCC Help Czech
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E015CC-52DA-4536-AF0C-C643BA1E45FB}" = Catalyst Control Center - Branding
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{798EA182-789D-B9C8-4DFE-A0173822AF20}" = Catalyst Control Center Localization All
"{7CB24AC4-56FB-CD85-83B2-8BE91B58C4F0}" = CCC Help Hungarian
"{7CF6A9A3-9017-5FC9-2994-58F86B64691C}" = CCC Help Korean
"{7DF7595F-6DEB-4C0D-4FDC-B62399550BC3}" = Catalyst Control Center Core Implementation
"{7F2D2421-5265-62A8-ECCF-F55C5B2D1F91}" = CCC Help Italian
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{8196D7C1-72D0-6749-96CA-AC0BEFBF54D9}" = CCC Help Chinese Standard
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{878821BA-C2E1-BD88-0BB8-4D63C43BDD15}" = CCC Help Spanish
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{912B2983-8F9F-8AB2-22AB-6EA5494796E6}" = CCC Help German
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9925D724-344F-B629-1370-AA73A7FE150F}" = Catalyst Control Center Graphics Previews Vista
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A89D4ADB-754D-4A93-B612-F596D02EBA93}" = Anglonas
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA19A4F6-EFE6-64CB-FEB8-4DAFA0DDE2BB}" = CCC Help Swedish
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{B2D41883-3BFC-4BA0-A2F6-5A2C9836C238}" = ACDSee 9 Photo Manager
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B95B1BA9-F887-4B3C-8D3A-CCD4C4675120}" = Microsoft Default Manager
"{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}" = Motorola Phone Tools
"{BFE903DE-4845-4387-9C6C-98B21B8445A3}" = GMATPrep™
"{C07B302C-B494-DA93-8285-57AC54A7539A}" = CCC Help Thai
"{C2A5E915-588A-7746-3BE1-251A32909D1E}" = CCC Help Japanese
"{C354EA3B-3537-3E85-5CE9-4F52C23C4267}" = Catalyst Control Center Graphics Full New
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CC4DDF20-9318-9998-C71A-A7251AE38ED4}" = CCC Help Danish
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D234FD43-C8E6-8D48-FE1C-E1D67EE1EC70}" = CCC Help French
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D7B31233-EE2B-4911-AA3F-2A8C28843D3B}" = SkyPlayer for Windows Media Center
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DD362236-5315-43DC-CCF8-2D24084D361C}" = Catalyst Control Center Graphics Previews Common
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E28D850E-B132-404C-21E3-76C9AD7CCEA2}" = CCC Help Polish
"{E337B156-DF81-48D8-8977-B1574EE87BCF}" = USB2.0 Capture Device
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E4970BC1-6021-C498-909E-660F6F53E270}" = CCC Help English
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}" = HP Deskjet 3050 J610 series Help
"{F9DF122F-3A59-7B40-2EDB-B4E9D725CDBB}" = CCC Help Portuguese
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE16A8D0-1E0A-8DB0-DC19-F36F734E2DD0}" = CCC Help Norwegian
"Adobe AIR" = Adobe AIR
"AIMP3" = AIMP3
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Crossrider" = Crossrider Web Apps
"Debut" = Debut Video Capture Software
"DivX Setup" = DivX Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Google Chrome" = Google Chrome
"GoPDFReader" = Go PDF Reader
"HP Photo Creations" = HP Photo Creations
"I Want This" = I Want This
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.5.0 (Full)
"led" = Longman Exams Coach
"Magic ISO Maker v5.5 (build 0272)" = Magic ISO Maker v5.5 (build 0272)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox 12.0 (x86 en-GB)" = Mozilla Firefox 12.0 (x86 en-GB)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nero Multimedia Suite10.0.13100 Lite" = Nero Multimedia Suite
"RealAlt_is1" = Real Alternative 2.0.2
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.5
"WinAVI Video Converter 9.09.0" = WinAVI Video Converter 9.0
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Wondershare Video Converter Ultimate_is1" = Wondershare Video Converter Ultimate(Build 5.4.3.0)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2295149285-1401042247-1921297835-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Game Organizer" = EasyBits GO

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 01/05/2012 20:30:44 | Computer Name = RUTA-PC | Source = Application Error | ID = 1000
Description = Faulting application name: AcroRd32.exe, version: 10.1.3.23, time
stamp: 0xf36bac23 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time
stamp: 0x4ec49b8f Exception code: 0xc0000005 Fault offset: 0x000222b2 Faulting process
id: 0x1748 Faulting application start time: 0x01cd27fac5f12fe5 Faulting application
path: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe Faulting module
path: C:\Windows\SysWOW64\ntdll.dll Report Id: 0db7ff8c-93ee-11e1-b94a-e78399857599

Error - 01/05/2012 20:52:03 | Computer Name = RUTA-PC | Source = Application Error | ID = 1000
Description = Faulting application name: AcroRd32.exe, version: 10.1.3.23, time
stamp: 0xf36bac23 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time
stamp: 0x4ec49b8f Exception code: 0xc0000005 Fault offset: 0x000222b2 Faulting process
id: 0x10f8 Faulting application start time: 0x01cd27fdc0db3f39 Faulting application
path: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe Faulting module
path: C:\Windows\SysWOW64\ntdll.dll Report Id: 07a6f004-93f1-11e1-b94a-e78399857599

Error - 01/05/2012 21:28:13 | Computer Name = RUTA-PC | Source = Application Hang | ID = 1002
Description = The program WINWORD.EXE version 12.0.6612.1000 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 16c4 Start
Time: 01cd27f8887f45be Termination Time: 156 Application Path: C:\Program Files (x86)\Microsoft
Office\Office12\WINWORD.EXE Report Id: 0e8b2454-93f6-11e1-b94a-e78399857599

Error - 01/05/2012 21:29:06 | Computer Name = RUTA-PC | Source = Application Error | ID = 1000
Description = Faulting application name: AcroRd32.exe, version: 10.1.3.23, time
stamp: 0xf36bac23 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time
stamp: 0x4ec49b8f Exception code: 0xc0000005 Fault offset: 0x000222b2 Faulting process
id: 0x840 Faulting application start time: 0x01cd2802ea69a48e Faulting application
path: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe Faulting module
path: C:\Windows\SysWOW64\ntdll.dll Report Id: 34923502-93f6-11e1-b94a-e78399857599

Error - 01/05/2012 21:29:44 | Computer Name = RUTA-PC | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 12.0.0.4493 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1098 Start
Time: 01cd2802e5001c9f Termination Time: 702 Application Path: C:\Program Files (x86)\Mozilla
Firefox\firefox.exe Report Id: 4502b5e4-93f6-11e1-b94a-e78399857599

Error - 02/05/2012 07:45:37 | Computer Name = RUTA-PC | Source = Application Error | ID = 1000
Description = Faulting application name: AcroRd32.exe, version: 10.1.3.23, time
stamp: 0xf36bac23 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time
stamp: 0x4ec49b8f Exception code: 0xc0000005 Fault offset: 0x000222b2 Faulting process
id: 0x75c Faulting application start time: 0x01cd285907e9f762 Faulting application
path: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe Faulting module
path: C:\Windows\SysWOW64\ntdll.dll Report Id: 54ca6c1f-944c-11e1-b94a-e78399857599

Error - 02/05/2012 09:16:32 | Computer Name = RUTA-PC | Source = Application Hang | ID = 1002
Description = The program OTL.exe version 3.2.42.2 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: 1eac Start Time:
01cd28652aac5980 Termination Time: 340 Application Path: C:\Users\Ruta\Desktop\OTL.exe

Report
Id: f46e8833-9458-11e1-b94a-e78399857599

Error - 02/05/2012 09:22:45 | Computer Name = RUTA-PC | Source = Application Hang | ID = 1002
Description = The program WINWORD.EXE version 12.0.6612.1000 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1f08 Start
Time: 01cd2866759153a7 Termination Time: 513 Application Path: C:\Program Files (x86)\Microsoft
Office\Office12\WINWORD.EXE Report Id: db83a9c6-9459-11e1-b94a-e78399857599

Error - 02/05/2012 10:17:11 | Computer Name = RUTA-PC | Source = Application Hang | ID = 1002
Description = The program OTL.exe version 3.2.42.2 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: 1f44 Start Time:
01cd2865e4749875 Termination Time: 268 Application Path: C:\Users\Ruta\Desktop\OTL.exe

Report
Id: 799eac53-9461-11e1-b94a-e78399857599

Error - 02/05/2012 10:22:56 | Computer Name = RUTA-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Skype.exe, version: 5.9.0.114, time stamp:
0xf36bac23 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x00000200 Faulting process id: 0xce8 Faulting application
start time: 0x01cd286ee2ec8898 Faulting application path: C:\Program Files (x86)\Skype\Phone\Skype.exe
Faulting
module path: unknown Report Id: 4f751585-9462-11e1-a4ab-a488d74f7482

[ Broadcom Wireless LAN Events ]
Error - 02/12/2011 11:22:19 | Computer Name = RUTA-PC | Source = WLAN-Tray | ID = 0
Description = 15:22:19, Fri, Dec 02, 11 Error - Unable to gain access to user store


Error - 11/04/2012 15:21:25 | Computer Name = RUTA-PC | Source = WLAN-Tray | ID = 0
Description = 20:21:25, Wed, Apr 11, 12 Error - Unable to gain access to user store


[ Media Center Events ]
Error - 19/03/2012 21:22:35 | Computer Name = RUTA-PC | Source = MCUpdate | ID = 0
Description = 01:22:35 - Failed to retrieve MCEClientUX (Error: The underlying connection
was closed: Could not establish trust relationship for the SSL/TLS secure channel.)


[ System Events ]
Error - 02/05/2012 10:00:08 | Computer Name = RUTA-PC | Source = NetBT | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the interface
with IP address 192.168.0.4. The computer with the IP address 192.168.0.5 did not
allow the name to be claimed by this computer.

Error - 02/05/2012 10:05:18 | Computer Name = RUTA-PC | Source = NetBT | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the interface
with IP address 192.168.0.4. The computer with the IP address 192.168.0.5 did not
allow the name to be claimed by this computer.

Error - 02/05/2012 10:10:28 | Computer Name = RUTA-PC | Source = NetBT | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the interface
with IP address 192.168.0.4. The computer with the IP address 192.168.0.5 did not
allow the name to be claimed by this computer.

Error - 02/05/2012 10:19:44 | Computer Name = RUTA-PC | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\drivers\pfc.sys has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 02/05/2012 10:19:48 | Computer Name = RUTA-PC | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\drivers\pfc.sys has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 02/05/2012 10:20:20 | Computer Name = RUTA-PC | Source = NetBT | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the interface
with IP address 192.168.0.4. The computer with the IP address 192.168.0.5 did not
allow the name to be claimed by this computer.

Error - 02/05/2012 10:25:30 | Computer Name = RUTA-PC | Source = NetBT | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the interface
with IP address 192.168.0.4. The computer with the IP address 192.168.0.5 did not
allow the name to be claimed by this computer.

Error - 02/05/2012 10:30:41 | Computer Name = RUTA-PC | Source = NetBT | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the interface
with IP address 192.168.0.4. The computer with the IP address 192.168.0.5 did not
allow the name to be claimed by this computer.

Error - 02/05/2012 10:35:49 | Computer Name = RUTA-PC | Source = VDS Basic Provider | ID = 33554433
Description =

Error - 02/05/2012 10:35:51 | Computer Name = RUTA-PC | Source = NetBT | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the interface
with IP address 192.168.0.4. The computer with the IP address 192.168.0.5 did not
allow the name to be claimed by this computer.


< End of report >

3. aswMBR.txt log

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-02 16:04:51
-----------------------------
16:04:51.385 OS Version: Windows x64 6.1.7601 Service Pack 1
16:04:51.385 Number of processors: 2 586 0x603
16:04:51.385 ComputerName: RUTA-PC UserName: Ruta
16:04:52.087 Initialize success
16:08:52.045 AVAST engine defs: 12050200
16:11:08.092 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
16:11:08.108 Disk 0 Vendor: WDC_WD5000BEVT-75A0RT0 01.01A01 Size: 476940MB BusType: 11
16:11:08.436 Disk 0 MBR read successfully
16:11:08.436 Disk 0 MBR scan
16:11:08.451 Disk 0 Windows 7 default MBR code
16:11:08.467 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
16:11:08.482 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 99900 MB offset 206848
16:11:08.514 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 376938 MB offset 204802048
16:11:08.545 Disk 0 scanning C:\Windows\system32\drivers
16:11:21.961 Service scanning
16:11:33.240 Service GENERICDRV E:\Rutos dell draiver\amifldrv64.sys **LOCKED** 21
16:12:18.901 Modules scanning
16:12:18.916 Disk 0 trace - called modules:
16:12:19.494 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa80049da2c0]<<spop.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
16:12:19.494 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004cf15c0]
16:12:19.509 3 CLASSPNP.SYS[fffff88001bcd43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004c61060]
16:12:19.509 \Driver\atapi[0xfffffa8004a6f960] -> IRP_MJ_CREATE -> 0xfffffa80049da2c0
16:12:20.461 AVAST engine scan C:\Windows
16:12:23.036 AVAST engine scan C:\Windows\system32
16:16:15.560 AVAST engine scan C:\Windows\system32\drivers
16:16:32.460 AVAST engine scan C:\Users\Ruta
16:16:34.624 File: C:\Users\Ruta\0.3670661442765544.exe **INFECTED** Win32:Rootkit-gen [Rtk]
16:16:52.815 File: C:\Users\Ruta\AppData\Local\jbvdkhdd\renpugbr.exe **INFECTED** Win32:Rootkit-gen [Rtk]
16:25:16.946 File: C:\Users\Ruta\AppData\Local\Temp\jmlkwjoapjguibne.exe **INFECTED** Win32:Rootkit-gen [Rtk]
16:35:53.296 Disk 0 MBR has been saved successfully to "C:\Users\Ruta\Desktop\MBR.dat"
16:35:53.309 The log file has been saved successfully to "C:\Users\Ruta\Desktop\aswMBR.txt"
  • 0

#4
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hi Angellalt,

You have a rootkit infection an some other nasties. Let's start killing them. You also have Peer2Peer program(s) on the system.

We need to remove some programs and you have the following Peer-to-Peer program(s) installed:

uTorrent

GeeksToGo does not recommend using such programs, but you should read the description of Peer-to-Peer programs below before deciding for yourself.

Description of Peer-to-Peer (P2P) software.
P2P(Peer-to-Peer) may be a great way to get lots of seemingly freeware, but it is a great way to get infected as well. The program(s) may be safe, but there's no way to tell if the file being shared is infected. P2P programs, more often than not, install adware and/or spyware and worse still, some worms spread via P2P networks, infecting you as well.
Once upon a time, P2P file sharing was fairly safe. This is no longer true. P2P programs form a direct conduit inside your computer, their security measures are easily circumvented, and malware writers are increasingly exploiting them to spread their wares on to your computer. If your P2P program is not configured correctly, your computer may also be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

If you need convincing, please read these short reports on the dangers of peer-2-peer programs and file sharing. We advise removing any P2P programs you have now and avoiding this type of software application. Whether you remove them or not is your decision. But if you decide to keep and use Peer-to-Peer programs I can guarantee that you will be coming back to this forum or another malware forum. If you do choose to keep the program(s), please do not use it / them until the computer is clean and I give the all clear.

All programs, folders and files listed below in this color are optional removals, but if you uninstall the program(s) you must delete the folders and files in the corresponding colors. All programs in black are malware or viruses and must be deleted, along with the corresponding folders and files in red.


Step-1.

Program Uninstalls and Optional Removals

1. Click th Start Orb, click Control Panel. Under the Programs heading click Uninstall a program
2. In the list of programs installed, locate the following program(s):

uTorrent
Coupon Printer for Windows
Inbox Toolbar
I Want This


3. Click on each program to highlight it and click Uninstall
4. After the program(s) have been uninstalled, close the Installed Programs window and the Control Panel.
5. Reboot the computer.

Delete the folders associated with the uninstalled programs.(Only do this if you uninstalled the program)

1. Using Windows Explorer (to get there right-click your Start button and click "Explore"), please delete the following folders(s) in red (if present):

C:\Program Files (x86)\Inbox Toolbar
C:\Program Files (x86)\Coupon Piinter or Cupon Printer for Wondows
C:\Program Files (x86)\I Want This
C:\Users\Ruta\AppData\Local\I Want This
C:\Program Files (x86)\uTorrent

2. Close Windows Explorer.


Step-2.

Posted Image OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run

To disable MBAM
Open the scanner and select the Protection tab
Remove the tick from "Start with Windows"
Reboot and start with number 1. below to run the OTL fix.
Posted Image

1. Please copy all of the text in the code box below. To do this, highlight everything
inside the code box , right click and click Copy.
:SERVICES
MpKsl20cd6d97

:OTL
PRC - [2012/04/30 14:09:18 | 000,097,376 | --S- | M] () -- C:\Users\Ruta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\renpugbr.exe
MOD - [2012/04/30 14:09:18 | 000,097,376 | --S- | M] () -- C:\Users\Ruta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\renpugbr.exe
MOD - [2012/04/29 16:11:31 | 000,115,137 | ---- | M] () -- C:\Users\Ruta\AppData\Local\Temp\bd7c47bb-f5c0-417c-a180-ec348d87718a\CliSecureRT.dll
DRV:64bit: - [2012/03/19 23:16:46 | 000,035,664 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\MpEngineStore\MpKsl20cd6d97.sys -- (MpKsl20cd6d97)
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylo....19&affID=17160
IE - HKU\S-1-5-21-2295149285-1401042247-1921297835-1000\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found
IE - HKU\S-1-5-21-2295149285-1401042247-1921297835-1000\..\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}: "URL" = http://search.babylo....19&affID=17160
IE - HKU\S-1-5-21-2295149285-1401042247-1921297835-1000\..\SearchScopes\{AB79D3B4-AEDB-428a-B504-BAC00521A1C7}: "URL" = http://www.smartwebs...q={searchTerms}
FF - prefs.js..browser.search.defaultthis.engineName: "TV Bar 1.1 Customized Web Search"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..extensions.enabledItems: [email protected]m:1.0.0.46
FF - prefs.js..keyword.URL: "http://search.babylon.com/?babsrc=SP_ss&mntrId=fcc371ae000000000000c0cb3813913d&tlver=1.4.19.19&instlRef=sst&affID=17160&q="
[2011/12/13 22:56:57 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Ruta\AppData\Roaming\Mozilla\Firefox\Profiles\pgg179el.default\extensions\[email protected]
[2012/04/30 09:13:57 | 000,000,000 | ---D | M] ("Inbox Toolbar") -- C:\Users\Ruta\AppData\Roaming\Mozilla\Firefox\Profiles\pgg179el.default\extensions\[email protected]
[2009/11/06 17:37:19 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2009/11/06 17:37:20 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2011/04/14 19:03:01 | 000,002,423 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
CHR - default_search_provider: Search the web (Babylon) (Enabled)
CHR - default_search_provider: search_url = http://search.babylo....19&affID=17160
O2 - BHO: (I Want This) - {11111111-1111-1111-1111-110011221158} - C:\Program Files (x86)\I Want This\I Want This.dll (215 Apps)
O2 - BHO: (CrossRider) - {A876E312-7D08-401a-B7A6-FAFC5DC2F292} - C:\Program Files (x86)\CrossriderWebApps\Crossrider.dll ()
O4 - HKU\S-1-5-21-2295149285-1401042247-1921297835-1000..\Run: [CE8SIIFGSU] C:\Users\Ruta\AppData\Local\Temp\Jp1.exe File not found
[2012/04/30 14:09:25 | 000,000,000 | ---D | C] -- C:\Users\Ruta\AppData\Local\jbvdkhdd
[2012/04/30 14:09:18 | 000,097,376 | ---- | M] () -- C:\Users\Ruta\0.3670661442765544.exe
[2012/04/29 16:40:19 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ssadadb_01005.Wdf

:FILES
ipconfig /flushdns
C:\Users\Ruta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\renpugbr.exe
C:\Users\Ruta\AppData\Local\Temp\jmlkwjoapjguibne.exe

:COMMANDS
[PURITY]
[EMPTYTEMP]
[RESETHOSTS]
[CREATERESTOREPOINT]

Warning: This fix is relevant for this system and no other. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

2. Please re-open Posted Image on your desktop.
3. Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).
10. Run OTL again and click the Posted Image button. Post the log it produces in your next reply.


Step-3.

Posted Image TDSSKiller

Please read carefully and follow these steps.
Download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
    Posted Image
  • Click the Start Scan button.
    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


Step-4.

File Scanner
There are some files I need you to upload for checking

  • Make sure to use Internet Explorer or Firefox for this
  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:
    • C:\Windows\MusiccityDownload.exe
  • Click on the Upload button
  • If a pop-up appears saying the file has been scanned already, please select the ReScan button.
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.
Repeat the above directions for the following:
C:\Windows\SysWow64\cis-2.4.dll
C:\Windows\SysWow64\issacapi_bs-2.3.dll



Step-5.

Things For Your Next Post:
1. The OTL fixsx log.
2. The new OTL.txt log.
3. The TDSSKiller log
4. The Virscan results.
  • 0

#5
Angellalt

Angellalt

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Thank you for taking time and looking at my problem. I don't seem to have problems with opening my programmes.
These are the logs
1. The OTL fixsx log.

All processes killed
========== SERVICES/DRIVERS ==========
Service MpKsl20cd6d97 stopped successfully!
Service MpKsl20cd6d97 deleted successfully!
========== OTL ==========
No active process named renpugbr.exe was found!
Error: No service named MpKsl20cd6d97 was found to stop!
Service\Driver key MpKsl20cd6d97 not found.
C:\Windows\SysNative\MpEngineStore\MpKsl20cd6d97.sys moved successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-2295149285-1401042247-1921297835-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ not found.
Registry key HKEY_USERS\S-1-5-21-2295149285-1401042247-1921297835-1000\Software\Microsoft\Internet Explorer\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}\ not found.
Registry key HKEY_USERS\S-1-5-21-2295149285-1401042247-1921297835-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AB79D3B4-AEDB-428a-B504-BAC00521A1C7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AB79D3B4-AEDB-428a-B504-BAC00521A1C7}\ not found.
Prefs.js: "TV Bar 1.1 Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "Search the web (Babylon)" removed from browser.search.selectedEngine
Prefs.js: [email protected]:1.0.0.46 removed from extensions.enabledItems
Prefs.js: "http://search.babylo...affID=17160&q=" removed from keyword.URL
C:\Users\Ruta\AppData\Roaming\Mozilla\Firefox\Profiles\pgg179el.default\extensions\[email protected]\defaults\preferences folder moved successfully.
C:\Users\Ruta\AppData\Roaming\Mozilla\Firefox\Profiles\pgg179el.default\extensions\[email protected]\defaults folder moved successfully.
C:\Users\Ruta\AppData\Roaming\Mozilla\Firefox\Profiles\pgg179el.default\extensions\[email protected]\content\imgs\mnRadio folder moved successfully.
C:\Users\Ruta\AppData\Roaming\Mozilla\Firefox\Profiles\pgg179el.default\extensions\[email protected]\content\imgs\flgs folder moved successfully.
C:\Users\Ruta\AppData\Roaming\Mozilla\Firefox\Profiles\pgg179el.default\extensions\[email protected]\content\imgs folder moved successfully.
C:\Users\Ruta\AppData\Roaming\Mozilla\Firefox\Profiles\pgg179el.default\extensions\[email protected]\content folder moved successfully.
C:\Users\Ruta\AppData\Roaming\Mozilla\Firefox\Profiles\pgg179el.default\extensions\[email protected]\components folder moved successfully.
C:\Users\Ruta\AppData\Roaming\Mozilla\Firefox\Profiles\pgg179el.default\extensions\[email protected] folder moved successfully.
Folder C:\Users\Ruta\AppData\Roaming\Mozilla\Firefox\Profiles\pgg179el.default\extensions\[email protected]\ not found.
File C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll not found.
File C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll not found.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml moved successfully.
Unable to fix default_search_provider items.
Unable to fix default_search_provider items.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011221158}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110011221158}\ not found.
File C:\Program Files (x86)\I Want This\I Want This.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A876E312-7D08-401a-B7A6-FAFC5DC2F292}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A876E312-7D08-401a-B7A6-FAFC5DC2F292}\ deleted successfully.
C:\Program Files (x86)\CrossriderWebApps\Crossrider.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-2295149285-1401042247-1921297835-1000\Software\Microsoft\Windows\CurrentVersion\Run\\CE8SIIFGSU deleted successfully.
C:\Users\Ruta\AppData\Local\jbvdkhdd folder moved successfully.
C:\Users\Ruta\0.3670661442765544.exe moved successfully.
C:\Windows\SysNative\drivers\Msft_Kernel_ssadadb_01005.Wdf moved successfully.
========== FILES ==========
Invalid Switch: flushdns
File move failed. C:\Users\Ruta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\renpugbr.exe scheduled to be moved on reboot.
C:\Users\Ruta\AppData\Local\Temp\jmlkwjoapjguibne.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56502 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: Ruta
->Temp folder emptied: 449989312 bytes
->Temporary Internet Files folder emptied: 2202536580 bytes
->Java cache emptied: 48377 bytes
->FireFox cache emptied: 769707648 bytes
->Google Chrome cache emptied: 34981975 bytes
->Apple Safari cache emptied: 155274240 bytes
->Flash cache emptied: 80489 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 25584688719 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67630 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 27,845.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.42.2 log created on 05042012_214122

Files\Folders moved on Reboot...
C:\Users\Ruta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\renpugbr.exe moved successfully.

Registry entries deleted on Reboot...

2. The new OTL.txt log.

OTL logfile created on: 04/05/2012 21:52:22 - Run 2
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\Ruta\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.75 Gb Total Physical Memory | 2.17 Gb Available Physical Memory | 57.86% Memory free
7.49 Gb Paging File | 5.72 Gb Available in Paging File | 76.39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97.56 Gb Total Space | 51.16 Gb Free Space | 52.44% Space Free | Partition Type: NTFS
Drive D: | 368.10 Gb Total Space | 278.05 Gb Free Space | 75.54% Space Free | Partition Type: NTFS

Computer Name: RUTA-PC | User Name: Ruta | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/02 14:11:09 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Ruta\Desktop\OTL.exe
PRC - [2012/04/30 17:51:15 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/04/04 06:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/03/31 04:38:26 | 000,021,392 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2012/03/31 04:38:14 | 003,521,424 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
PRC - [2011/07/29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/05/15 23:01:44 | 000,478,720 | ---- | M] (Crossrider) -- C:\Program Files (x86)\CrossriderWebApps\Crossrider.exe
PRC - [2010/04/29 16:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010/04/01 10:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2009/07/01 19:54:04 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2009/05/21 09:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
PRC - [2009/05/21 09:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/05/14 15:47:54 | 000,731,840 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
PRC - [2007/03/06 10:35:02 | 000,198,168 | ---- | M] (InterVideo Inc.) -- C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe
PRC - [2005/12/21 21:23:58 | 000,278,528 | ---- | M] (ACD Systems, Ltd.) -- C:\Program Files (x86)\Common Files\ACD Systems\EN\DevDetect.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/04 21:48:52 | 000,115,137 | ---- | M] () -- C:\Users\Ruta\AppData\Local\Temp\bd7c47bb-f5c0-417c-a180-ec348d87718a\CliSecureRT.dll
MOD - [2012/05/04 14:42:45 | 008,797,344 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
MOD - [2012/04/30 17:51:15 | 001,952,696 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/04/11 20:32:35 | 018,000,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\caf9fdf2957d955ccb07d837d095eae1\PresentationFramework.ni.dll
MOD - [2012/04/11 20:32:18 | 011,450,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\7a2fecd8284d0c427d16ff278a1e574f\PresentationCore.ni.dll
MOD - [2012/04/11 20:32:15 | 013,197,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\a36af74ac369a8c1f3171cd6fb18f3a6\System.Windows.Forms.ni.dll
MOD - [2012/04/11 20:32:06 | 003,858,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\32a65725ff7d128428e35d8100dad4be\WindowsBase.ni.dll
MOD - [2012/04/11 20:32:04 | 001,665,536 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\64ea1d0193e735b953c94d16d6fd2146\System.Drawing.ni.dll
MOD - [2012/03/31 04:38:26 | 000,021,392 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MOD - [2012/03/07 08:13:33 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\eef171dee81858018c3956485fff7ba7\System.Management.ni.dll
MOD - [2012/03/07 08:11:50 | 000,762,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\4017661cfa4a173b878d7e2a949c3a9e\System.Runtime.Remoting.ni.dll
MOD - [2012/03/07 08:11:41 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\b9942cb07813f553f6d6374dd4541362\System.Xaml.ni.dll
MOD - [2012/03/07 00:57:54 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\1c5b741f270fccb3b527b4fc3a8431f3\PresentationFramework.Aero.ni.dll
MOD - [2012/03/07 00:57:24 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\b7409080f31b0a702281b68c37bac326\System.Core.ni.dll
MOD - [2012/03/07 00:57:21 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\68345d6b57fe33c9a94fe6a72ab5e85e\System.Xml.ni.dll
MOD - [2012/03/07 00:57:17 | 009,091,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\57e066d0b97757dbd26d59302c3d701a\System.ni.dll
MOD - [2012/03/07 00:57:10 | 014,414,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\e5b31f3bb6508df0dc7c20ddc72f3191\mscorlib.ni.dll
MOD - [2012/02/22 21:33:12 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012/02/22 21:33:05 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2011/10/14 21:34:45 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/07/29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/06/17 22:10:14 | 000,258,048 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010/04/27 23:12:18 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/02/02 15:13:10 | 000,048,128 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/07/01 19:54:02 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/05/14 15:54:26 | 000,023,296 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV:64bit: - [2009/05/14 15:47:54 | 000,731,840 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2009/03/03 03:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2012/05/04 14:42:45 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/30 17:51:15 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/04/05 11:37:38 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/04/04 06:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/09/14 22:30:00 | 004,373,784 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2010/04/29 16:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/21 09:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2007/03/06 10:35:02 | 000,198,168 | ---- | M] (InterVideo Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe -- (Capture Device Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/06/02 06:47:22 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011/06/02 06:47:22 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV:64bit: - [2011/06/02 06:47:22 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/18 17:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/12/21 06:55:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 12:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/12 16:18:48 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/06/17 22:10:14 | 000,515,584 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010/04/29 16:39:28 | 000,024,664 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2010/04/27 23:46:04 | 006,790,144 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/04/27 22:22:50 | 000,220,672 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/04/08 05:12:02 | 000,124,944 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/02/02 15:13:08 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2010/02/02 15:13:08 | 000,020,984 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcmvwl64.sys -- (BcmVWL)
DRV:64bit: - [2010/02/02 15:13:06 | 003,058,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010/01/12 15:37:34 | 000,325,152 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/12/23 15:14:02 | 000,301,104 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/12/21 16:56:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/11/11 16:11:42 | 000,232,480 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/02 23:26:34 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009/07/02 23:26:34 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/07/02 23:26:34 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009/07/02 23:26:34 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/14 15:49:54 | 000,044,944 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp)
DRV:64bit: - [2009/05/14 15:49:50 | 000,033,608 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\epfwndis.sys -- (Epfwndis)
DRV:64bit: - [2009/05/14 15:49:48 | 000,165,960 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw)
DRV:64bit: - [2009/05/14 15:47:16 | 000,134,024 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2009/05/14 15:41:14 | 000,142,776 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamon.sys -- (eamon)
DRV:64bit: - [2009/05/05 11:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2007/11/15 20:33:58 | 000,528,256 | ---- | M] (Syntek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\StkTMini.sys -- (StkTMini)
DRV - [2011/03/23 02:27:30 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\pfc.sys -- (pfc)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005/01/04 10:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 16 43 05 C6 51 82 CB 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect...nampie7&query="
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_233.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/11/04 00:31:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramData\CodecCheck\firefox [2011/11/04 21:26:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/04 21:11:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/05/04 21:11:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2012/05/01 17:12:31 | 000,000,000 | ---D | M]

[2010/11/13 21:40:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ruta\AppData\Roaming\Mozilla\Extensions
[2012/05/04 21:51:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ruta\AppData\Roaming\Mozilla\Firefox\Profiles\pgg179el.default\extensions
[2011/04/06 15:27:20 | 000,002,126 | ---- | M] () -- C:\Users\Ruta\AppData\Roaming\Mozilla\Firefox\Profiles\pgg179el.default\searchplugins\GoogleFeed.xml
[2011/12/12 23:49:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/05/01 23:54:27 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/04/30 17:51:15 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/04/30 17:51:14 | 000,001,525 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/02/29 22:12:17 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/04/30 17:51:14 | 000,000,935 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/04/30 17:51:14 | 000,001,166 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/04/30 17:51:15 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
[2012/04/30 17:51:14 | 000,001,121 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Search the web (Babylon) (Enabled)
CHR - default_search_provider: search_url = http://search.babylo....19&affID=17160
CHR - default_search_provider: suggest_url =
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.106\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.106\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.106\pdf.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Ruta\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Skype Click to Call = C:\Users\Ruta\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Ruta\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.126_0\

O1 HOSTS File: ([2012/05/04 21:45:25 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [Device Detector] DevDetect.exe -autorun File not found
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [GoogleDownload] C:\Users\Ruta\AppData\Roaming\GoogleDownload.exe File not found
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" File not found
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [CrossRiderPlugin] C:\Program Files (x86)\CrossriderWebApps\Crossrider.exe (Crossrider)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKCU..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKCU..\Run: [Microsoft® Windows Update] C:\Users\Ruta\M-1-52-5782-8752-5245\winsvc.exe File not found
O4 - HKCU..\Run: [RenPugbr] C:\Users\Ruta\AppData\Local\jbvdkhdd\renpugbr.exe File not found
O4 - HKCU..\Run: [RGSC] C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1FB42339-0E1D-429B-97E7-FDE3AD57E03F}: DhcpNameServer = 194.168.4.100 194.168.8.100
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/04 21:52:33 | 002,075,184 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Ruta\Desktop\tdsskiller.exe
[2012/05/04 21:41:22 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/05/04 15:34:01 | 000,000,000 | ---D | C] -- C:\Users\Ruta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
[2012/05/02 18:42:26 | 000,000,000 | ---D | C] -- C:\Users\Ruta\Desktop\EC372
[2012/05/02 15:27:38 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Ruta\Desktop\aswMBR.exe
[2012/05/02 14:10:06 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Ruta\Desktop\OTL.exe
[2012/05/01 23:54:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/05/01 23:54:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012/05/01 23:28:44 | 000,000,000 | ---D | C] -- C:\Users\Ruta\AppData\Roaming\ESET
[2012/05/01 17:18:30 | 000,000,000 | ---D | C] -- C:\Users\Ruta\AppData\Roaming\Go PDF Reader
[2012/05/01 17:18:13 | 000,000,000 | ---D | C] -- C:\Users\Ruta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Go PDF Reader
[2012/05/01 17:18:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Go PDF Reader
[2012/05/01 17:12:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
[2012/05/01 17:05:52 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/05/01 16:31:45 | 000,000,000 | ---D | C] -- C:\Users\Ruta\Desktop\EC365
[2012/04/30 17:51:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/04/30 17:51:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/04/29 16:11:20 | 000,000,000 | ---D | C] -- C:\Users\Ruta\AppData\Local\Samsung
[2012/04/29 16:11:09 | 000,000,000 | ---D | C] -- C:\Users\Ruta\AppData\Roaming\Samsung
[2012/04/29 16:11:00 | 000,000,000 | ---D | C] -- C:\Users\Ruta\Documents\samsung
[2012/04/29 16:08:39 | 000,177,640 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadmdm.sys
[2012/04/29 16:08:39 | 000,157,672 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadbus.sys
[2012/04/29 16:08:39 | 000,016,872 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadmdfl.sys
[2012/04/29 16:08:39 | 000,013,800 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadwhnt.sys
[2012/04/29 16:08:39 | 000,013,800 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadwh.sys
[2012/04/29 16:08:39 | 000,013,288 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadcmnt.sys
[2012/04/29 16:08:39 | 000,013,288 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadcm.sys
[2012/04/29 16:06:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
[2012/04/29 16:06:53 | 004,659,712 | ---- | C] (Dmitry Streblechenko) -- C:\Windows\SysWow64\Redemption.dll
[2012/04/29 16:06:38 | 000,821,824 | ---- | C] (Devguru Co., Ltd.) -- C:\Windows\SysWow64\dgderapi.dll
[2012/04/29 16:06:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MarkAny
[2012/04/29 16:06:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
[2012/04/29 16:06:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Samsung
[2012/04/21 00:25:35 | 000,000,000 | ---D | C] -- C:\Users\Ruta\AppData\Roaming\AIMP3
[2012/04/14 22:07:45 | 000,000,000 | --SD | C] -- C:\Users\Ruta\Documents\My Data Sources

========== Files - Modified Within 30 Days ==========

[2012/05/04 21:53:17 | 002,075,184 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Ruta\Desktop\tdsskiller.exe
[2012/05/04 21:52:11 | 000,014,416 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/04 21:52:10 | 000,014,416 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/04 21:47:16 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/04 21:47:12 | 000,000,374 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2012/05/04 21:46:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/04 21:46:51 | 3016,695,808 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/04 21:45:25 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012/05/04 21:09:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/04 21:00:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/04 18:41:30 | 000,100,409 | ---- | M] () -- C:\Users\Ruta\Documents\Head_VI_(1949).JPG
[2012/05/04 18:19:27 | 000,130,368 | ---- | M] () -- C:\Users\Ruta\Documents\munch.death-sickroom.jpg
[2012/05/04 18:19:11 | 000,140,015 | ---- | M] () -- C:\Users\Ruta\Documents\munch.puberty.jpg
[2012/05/04 18:19:01 | 000,198,493 | ---- | M] () -- C:\Users\Ruta\Documents\munch.madonna.jpg
[2012/05/04 18:18:48 | 000,133,331 | ---- | M] () -- C:\Users\Ruta\Documents\munch.ashes.jpg
[2012/05/04 18:18:28 | 000,152,709 | ---- | M] () -- C:\Users\Ruta\Documents\munch.scream.jpg
[2012/05/04 17:58:07 | 000,329,394 | ---- | M] () -- C:\Users\Ruta\Documents\the-sower-van-gogh.jpg
[2012/05/04 17:58:01 | 000,047,039 | ---- | M] () -- C:\Users\Ruta\Documents\van gogh.jpg
[2012/05/02 21:50:06 | 000,994,091 | ---- | M] () -- C:\Users\Ruta\Desktop\electroshock_Psyciatryscruelin.pdf
[2012/05/02 16:35:53 | 000,000,512 | ---- | M] () -- C:\Users\Ruta\Desktop\MBR.dat
[2012/05/02 15:28:23 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Ruta\Desktop\aswMBR.exe
[2012/05/02 14:11:09 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Ruta\Desktop\OTL.exe
[2012/05/01 23:54:06 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/04/29 16:41:37 | 000,628,874 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/04/29 16:41:37 | 000,111,026 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/04/29 16:41:36 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/04/29 16:10:48 | 000,001,917 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies.lnk
[2012/04/29 16:06:59 | 000,001,941 | ---- | M] () -- C:\Users\Ruta\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk
[2012/04/25 21:50:22 | 000,007,680 | -HS- | M] () -- C:\Users\Ruta\Documents\Folder.jpg
[2012/04/25 21:50:22 | 000,007,680 | -HS- | M] () -- C:\Users\Ruta\Documents\AlbumArt_{B908480A-E38F-4060-A267-E5228A61CAB9}_Large.jpg
[2012/04/25 21:50:22 | 000,002,151 | -HS- | M] () -- C:\Users\Ruta\Documents\AlbumArtSmall.jpg
[2012/04/25 21:50:22 | 000,002,151 | -HS- | M] () -- C:\Users\Ruta\Documents\AlbumArt_{B908480A-E38F-4060-A267-E5228A61CAB9}_Small.jpg
[2012/04/25 21:50:18 | 000,010,596 | -HS- | M] () -- C:\Users\Ruta\Documents\AlbumArt_{28BC196F-E288-4646-8B0E-0662F58D8E51}_Large.jpg
[2012/04/25 21:50:18 | 000,002,618 | -HS- | M] () -- C:\Users\Ruta\Documents\AlbumArt_{28BC196F-E288-4646-8B0E-0662F58D8E51}_Small.jpg
[2012/04/21 00:25:39 | 000,000,869 | ---- | M] () -- C:\Users\Public\Desktop\AIMP3.lnk
[2012/04/20 22:45:41 | 000,055,357 | ---- | M] () -- C:\Users\Ruta\Documents\Judith Beheading Holofernes Michelangelo Merisi da Caravaggio.jpg
[2012/04/20 22:42:36 | 000,062,894 | ---- | M] () -- C:\Users\Ruta\Documents\Narcissus Caravaggio.jpg
[2012/04/20 00:32:11 | 000,192,179 | ---- | M] () -- C:\Users\Ruta\Documents\Leonardo,_san_girolamo.jpg
[2012/04/20 00:27:47 | 001,627,616 | ---- | M] () -- C:\Users\Ruta\Documents\Melencolia_I_(Durero).jpg
[2012/04/20 00:27:23 | 000,302,427 | ---- | M] () -- C:\Users\Ruta\Documents\Duerer_-_Ritter,_Tod_und_Teufel_(Der_Reuther).jpg
[2012/04/20 00:24:15 | 000,116,517 | ---- | M] () -- C:\Users\Ruta\Documents\Primavera_05.jpg
[2012/04/15 21:50:48 | 002,296,198 | ---- | M] () -- C:\Users\Ruta\2_for_1_entry_voucher.pdf
[2012/04/06 17:14:19 | 000,037,661 | ---- | M] () -- C:\Users\Ruta\Documents\beautiful-calligraphy-font.jpg
[2012/04/06 16:50:14 | 000,000,653 | ---- | M] () -- C:\Users\Ruta\Desktop\EC831 - Shortcut.lnk
[2012/04/06 15:59:53 | 000,967,214 | ---- | M] () -- C:\Users\Ruta\BP.jpg
[2012/04/06 15:46:47 | 000,977,075 | ---- | M] () -- C:\Users\Ruta\JK.jpg
[2012/04/06 14:13:26 | 000,692,779 | ---- | M] () -- C:\Users\Ruta\Documents\Wolf_Fight_by_nikkiburr.jpg
[2012/04/05 18:45:54 | 007,763,394 | ---- | M] () -- C:\Users\Ruta\Scanned at 2012.04.04 20-03.bmp
[2012/04/05 18:45:53 | 007,763,394 | ---- | M] () -- C:\Users\Ruta\Scanned at 2012.04.04 20-04.bmp

========== Files Created - No Company Name ==========

[2012/05/04 18:41:29 | 000,100,409 | ---- | C] () -- C:\Users\Ruta\Documents\Head_VI_(1949).JPG
[2012/05/04 18:19:26 | 000,130,368 | ---- | C] () -- C:\Users\Ruta\Documents\munch.death-sickroom.jpg
[2012/05/04 18:19:10 | 000,140,015 | ---- | C] () -- C:\Users\Ruta\Documents\munch.puberty.jpg
[2012/05/04 18:19:01 | 000,198,493 | ---- | C] () -- C:\Users\Ruta\Documents\munch.madonna.jpg
[2012/05/04 18:18:47 | 000,133,331 | ---- | C] () -- C:\Users\Ruta\Documents\munch.ashes.jpg
[2012/05/04 18:18:26 | 000,152,709 | ---- | C] () -- C:\Users\Ruta\Documents\munch.scream.jpg
[2012/05/04 17:58:06 | 000,329,394 | ---- | C] () -- C:\Users\Ruta\Documents\the-sower-van-gogh.jpg
[2012/05/04 17:57:59 | 000,047,039 | ---- | C] () -- C:\Users\Ruta\Documents\van gogh.jpg
[2012/05/04 14:42:52 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/02 21:50:06 | 000,994,091 | ---- | C] () -- C:\Users\Ruta\Desktop\electroshock_Psyciatryscruelin.pdf
[2012/05/02 16:35:53 | 000,000,512 | ---- | C] () -- C:\Users\Ruta\Desktop\MBR.dat
[2012/05/01 23:54:06 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/04/29 16:10:48 | 000,001,917 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Kies.lnk
[2012/04/29 16:06:59 | 000,001,941 | ---- | C] () -- C:\Users\Ruta\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk
[2012/04/25 21:50:22 | 000,007,680 | -HS- | C] () -- C:\Users\Ruta\Documents\AlbumArt_{B908480A-E38F-4060-A267-E5228A61CAB9}_Large.jpg
[2012/04/25 21:50:22 | 000,002,151 | -HS- | C] () -- C:\Users\Ruta\Documents\AlbumArt_{B908480A-E38F-4060-A267-E5228A61CAB9}_Small.jpg
[2012/04/25 21:50:18 | 000,010,596 | -HS- | C] () -- C:\Users\Ruta\Documents\AlbumArt_{28BC196F-E288-4646-8B0E-0662F58D8E51}_Large.jpg
[2012/04/25 21:50:18 | 000,002,618 | -HS- | C] () -- C:\Users\Ruta\Documents\AlbumArt_{28BC196F-E288-4646-8B0E-0662F58D8E51}_Small.jpg
[2012/04/25 21:50:12 | 000,013,663 | -HS- | C] () -- C:\Users\Ruta\Documents\AlbumArt_{9009044C-20AA-4675-BAB8-4C1AD4049288}_Large.jpg
[2012/04/25 21:50:11 | 000,002,763 | -HS- | C] () -- C:\Users\Ruta\Documents\AlbumArt_{9009044C-20AA-4675-BAB8-4C1AD4049288}_Small.jpg
[2012/04/24 23:14:40 | 003,919,693 | ---- | C] () -- C:\Users\Ruta\Documents\10 Chemical Wedding.mp3
[2012/04/24 23:14:31 | 004,779,964 | ---- | C] () -- C:\Users\Ruta\Documents\04 As Above So Below.mp3
[2012/04/24 23:14:20 | 007,188,632 | ---- | C] () -- C:\Users\Ruta\Documents\[Sundown] 02 Design 19.mp3
[2012/04/21 00:25:39 | 000,000,869 | ---- | C] () -- C:\Users\Public\Desktop\AIMP3.lnk
[2012/04/20 22:45:39 | 000,055,357 | ---- | C] () -- C:\Users\Ruta\Documents\Judith Beheading Holofernes Michelangelo Merisi da Caravaggio.jpg
[2012/04/20 22:42:34 | 000,062,894 | ---- | C] () -- C:\Users\Ruta\Documents\Narcissus Caravaggio.jpg
[2012/04/20 00:32:10 | 000,192,179 | ---- | C] () -- C:\Users\Ruta\Documents\Leonardo,_san_girolamo.jpg
[2012/04/20 00:27:46 | 001,627,616 | ---- | C] () -- C:\Users\Ruta\Documents\Melencolia_I_(Durero).jpg
[2012/04/20 00:27:20 | 000,302,427 | ---- | C] () -- C:\Users\Ruta\Documents\Duerer_-_Ritter,_Tod_und_Teufel_(Der_Reuther).jpg
[2012/04/20 00:24:12 | 000,116,517 | ---- | C] () -- C:\Users\Ruta\Documents\Primavera_05.jpg
[2012/04/15 21:50:48 | 002,296,198 | ---- | C] () -- C:\Users\Ruta\2_for_1_entry_voucher.pdf
[2012/04/06 17:14:17 | 000,037,661 | ---- | C] () -- C:\Users\Ruta\Documents\beautiful-calligraphy-font.jpg
[2012/04/06 16:50:17 | 000,000,653 | ---- | C] () -- C:\Users\Ruta\Desktop\EC831 - Shortcut.lnk
[2012/04/06 15:59:52 | 000,967,214 | ---- | C] () -- C:\Users\Ruta\BP.jpg
[2012/04/06 15:46:47 | 000,977,075 | ---- | C] () -- C:\Users\Ruta\JK.jpg
[2012/04/06 14:13:26 | 000,692,779 | ---- | C] () -- C:\Users\Ruta\Documents\Wolf_Fight_by_nikkiburr.jpg
[2012/04/05 18:44:25 | 007,763,394 | ---- | C] () -- C:\Users\Ruta\Scanned at 2012.04.04 20-04.bmp
[2012/04/05 18:44:25 | 007,763,394 | ---- | C] () -- C:\Users\Ruta\Scanned at 2012.04.04 20-03.bmp
[2012/03/28 22:11:08 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012/03/28 22:11:06 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012/03/28 22:11:06 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012/03/28 22:11:06 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012/03/28 22:11:06 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011/10/11 02:51:24 | 000,153,600 | ---- | C] () -- C:\Windows\SysWow64\WS_ContextMenu.dll
[2011/04/14 19:03:05 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll
[2011/04/01 20:12:16 | 000,000,132 | ---- | C] () -- C:\Users\Ruta\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/03/20 17:39:15 | 000,000,132 | ---- | C] () -- C:\Users\Ruta\AppData\Roaming\Adobe IllExport Filter CS5 Prefs
[2011/02/19 20:24:46 | 000,007,605 | ---- | C] () -- C:\Users\Ruta\AppData\Local\Resmon.ResmonCfg
[2011/02/15 19:34:01 | 000,000,600 | ---- | C] () -- C:\Users\Ruta\AppData\Roaming\winscp.rnd
[2010/11/13 19:52:23 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/11/12 10:20:28 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010/11/12 10:20:28 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010/11/12 10:20:27 | 000,790,528 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010/11/12 10:20:27 | 000,134,144 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/11/12 10:20:27 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010/11/12 10:09:17 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/11/12 09:26:17 | 000,002,093 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== LOP Check ==========

[2011/04/12 21:23:19 | 000,000,000 | ---D | M] -- C:\Users\Ruta\AppData\Roaming\ACD Systems
[2012/05/03 00:09:51 | 000,000,000 | ---D | M] -- C:\Users\Ruta\AppData\Roaming\AIMP3
[2010/11/20 19:59:29 | 000,000,000 | ---D | M] -- C:\Users\Ruta\AppData\Roaming\Canneverbe Limited
[2011/04/13 14:40:15 | 000,000,000 | ---D | M] -- C:\Users\Ruta\AppData\Roaming\Canon
[2010/11/12 16:28:26 | 000,000,000 | ---D | M] -- C:\Users\Ruta\AppData\Roaming\DAEMON Tools Lite
[2012/05/01 23:28:44 | 000,000,000 | ---D | M] -- C:\Users\Ruta\AppData\Roaming\ESET
[2010/11/30 21:40:03 | 000,000,000 | ---D | M] -- C:\Users\Ruta\AppData\Roaming\GetRightToGo
[2011/07/02 00:03:54 | 000,000,000 | ---D | M] -- C:\Users\Ruta\AppData\Roaming\go
[2012/05/01 17:18:42 | 000,000,000 | ---D | M] -- C:\Users\Ruta\AppData\Roaming\Go PDF Reader
[2011/05/06 19:53:53 | 000,000,000 | ---D | M] -- C:\Users\Ruta\AppData\Roaming\GrabPro
[2010/12/27 21:40:50 | 000,000,000 | ---D | M] -- C:\Users\Ruta\AppData\Roaming\led
[2011/05/08 18:12:42 | 000,000,000 | ---D | M] -- C:\Users\Ruta\AppData\Roaming\Orbit
[2011/05/06 19:53:57 | 000,000,000 | ---D | M] -- C:\Users\Ruta\AppData\Roaming\ProgSense
[2011/10/11 00:20:01 | 000,000,000 | ---D | M] -- C:\Users\Ruta\AppData\Roaming\Publish Providers
[2012/04/29 16:11:09 | 000,000,000 | ---D | M] -- C:\Users\Ruta\AppData\Roaming\Samsung
[2011/04/14 19:41:54 | 000,000,000 | ---D | M] -- C:\Users\Ruta\AppData\Roaming\Smart PDF Converter
[2011/10/11 00:19:53 | 000,000,000 | ---D | M] -- C:\Users\Ruta\AppData\Roaming\Sony
[2011/03/20 02:44:43 | 000,000,000 | ---D | M] -- C:\Users\Ruta\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/11/24 22:36:48 | 000,000,000 | ---D | M] -- C:\Users\Ruta\AppData\Roaming\TeamViewer
[2011/03/31 19:37:58 | 000,000,000 | ---D | M] -- C:\Users\Ruta\AppData\Roaming\Ulead Systems
[2012/05/04 21:11:28 | 000,000,000 | ---D | M] -- C:\Users\Ruta\AppData\Roaming\uTorrent
[2012/03/09 11:22:34 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:888AFB86

< End of report >

3. The TDSSKiller log

22:03:25.0612 2816 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
22:03:26.0286 2816 ============================================================
22:03:26.0286 2816 Current date / time: 2012/05/04 22:03:26.0286
22:03:26.0286 2816 SystemInfo:
22:03:26.0286 2816
22:03:26.0286 2816 OS Version: 6.1.7601 ServicePack: 1.0
22:03:26.0286 2816 Product type: Workstation
22:03:26.0286 2816 ComputerName: RUTA-PC
22:03:26.0286 2816 UserName: Ruta
22:03:26.0286 2816 Windows directory: C:\Windows
22:03:26.0286 2816 System windows directory: C:\Windows
22:03:26.0286 2816 Running under WOW64
22:03:26.0286 2816 Processor architecture: Intel x64
22:03:26.0286 2816 Number of processors: 2
22:03:26.0286 2816 Page size: 0x1000
22:03:26.0286 2816 Boot type: Normal boot
22:03:26.0286 2816 ============================================================
22:03:27.0323 2816 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:03:27.0328 2816 ============================================================
22:03:27.0328 2816 \Device\Harddisk0\DR0:
22:03:27.0329 2816 MBR partitions:
22:03:27.0329 2816 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
22:03:27.0329 2816 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xC31E000
22:03:27.0329 2816 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xC350800, BlocksNum 0x2E035000
22:03:27.0329 2816 ============================================================
22:03:27.0351 2816 C: <-> \Device\Harddisk0\DR0\Partition1
22:03:27.0397 2816 D: <-> \Device\Harddisk0\DR0\Partition2
22:03:27.0397 2816 ============================================================
22:03:27.0397 2816 Initialize success
22:03:27.0397 2816 ============================================================
22:04:06.0223 3336 ============================================================
22:04:06.0223 3336 Scan started
22:04:06.0223 3336 Mode: Manual; SigCheck; TDLFS;
22:04:06.0223 3336 ============================================================
22:04:07.0062 3336 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
22:04:07.0170 3336 1394ohci - ok
22:04:07.0260 3336 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
22:04:07.0290 3336 ACPI - ok
22:04:07.0328 3336 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
22:04:07.0363 3336 AcpiPmi - ok
22:04:07.0688 3336 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
22:04:07.0719 3336 AdobeARMservice - ok
22:04:07.0880 3336 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:04:07.0896 3336 AdobeFlashPlayerUpdateSvc - ok
22:04:07.0978 3336 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
22:04:08.0000 3336 adp94xx - ok
22:04:08.0057 3336 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
22:04:08.0076 3336 adpahci - ok
22:04:08.0103 3336 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
22:04:08.0118 3336 adpu320 - ok
22:04:08.0155 3336 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
22:04:08.0205 3336 AeLookupSvc - ok
22:04:08.0307 3336 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Program Files\IDT\WDM\AESTSr64.exe
22:04:08.0367 3336 AESTFilters - ok
22:04:08.0477 3336 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
22:04:08.0526 3336 AFD - ok
22:04:08.0585 3336 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
22:04:08.0616 3336 agp440 - ok
22:04:08.0673 3336 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
22:04:08.0742 3336 ALG - ok
22:04:08.0768 3336 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
22:04:08.0781 3336 aliide - ok
22:04:08.0845 3336 AMD External Events Utility (c6469ced96fedef508aeb74553135cdc) C:\Windows\system32\atiesrxx.exe
22:04:08.0881 3336 AMD External Events Utility - ok
22:04:08.0901 3336 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
22:04:08.0913 3336 amdide - ok
22:04:08.0974 3336 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
22:04:09.0019 3336 AmdK8 - ok
22:04:09.0501 3336 amdkmdag (18ad9ad00ffad95dc820762fb7f4b80f) C:\Windows\system32\DRIVERS\atikmdag.sys
22:04:09.0709 3336 amdkmdag - ok
22:04:09.0886 3336 amdkmdap (dbf0db9a8b60a2c029eb70824afccbda) C:\Windows\system32\DRIVERS\atikmpag.sys
22:04:09.0937 3336 amdkmdap - ok
22:04:09.0973 3336 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
22:04:10.0005 3336 AmdPPM - ok
22:04:10.0066 3336 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
22:04:10.0097 3336 amdsata - ok
22:04:10.0140 3336 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
22:04:10.0159 3336 amdsbs - ok
22:04:10.0189 3336 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
22:04:10.0201 3336 amdxata - ok
22:04:10.0244 3336 androidusb (4de0d5d747a73797c95a97dcce5018b5) C:\Windows\system32\Drivers\ssadadb.sys
22:04:10.0336 3336 androidusb - ok
22:04:10.0393 3336 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
22:04:10.0439 3336 AppID - ok
22:04:10.0466 3336 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
22:04:10.0519 3336 AppIDSvc - ok
22:04:10.0573 3336 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
22:04:10.0627 3336 Appinfo - ok
22:04:10.0753 3336 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:04:10.0770 3336 Apple Mobile Device - ok
22:04:10.0834 3336 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
22:04:10.0875 3336 AppMgmt - ok
22:04:10.0935 3336 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
22:04:10.0949 3336 arc - ok
22:04:10.0967 3336 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
22:04:10.0981 3336 arcsas - ok
22:04:10.0998 3336 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
22:04:11.0050 3336 AsyncMac - ok
22:04:11.0075 3336 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
22:04:11.0087 3336 atapi - ok
22:04:11.0159 3336 AtiHdmiService (637e0753bd6deb8ea5314a5c357ec1a0) C:\Windows\system32\drivers\AtiHdmi.sys
22:04:11.0188 3336 AtiHdmiService - ok
22:04:11.0224 3336 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys
22:04:11.0250 3336 AtiPcie - ok
22:04:11.0358 3336 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
22:04:11.0464 3336 AudioEndpointBuilder - ok
22:04:11.0472 3336 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
22:04:11.0516 3336 AudioSrv - ok
22:04:11.0581 3336 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
22:04:11.0653 3336 AxInstSV - ok
22:04:11.0749 3336 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
22:04:11.0800 3336 b06bdrv - ok
22:04:11.0860 3336 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
22:04:11.0896 3336 b57nd60a - ok
22:04:11.0948 3336 BCM42RLY (ac4e2d84de54cd3a013aeff0cc56095c) C:\Windows\system32\drivers\BCM42RLY.sys
22:04:11.0959 3336 BCM42RLY - ok
22:04:12.0214 3336 BCM43XX (0b0df4cd7c2c188c95c4e09c568ad54a) C:\Windows\system32\DRIVERS\bcmwl664.sys
22:04:12.0272 3336 BCM43XX - ok
22:04:12.0420 3336 BcmVWL (d224b2e6bb543f1d8f1177d57fec2950) C:\Windows\system32\DRIVERS\bcmvwl64.sys
22:04:12.0445 3336 BcmVWL - ok
22:04:12.0478 3336 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
22:04:12.0515 3336 BDESVC - ok
22:04:12.0564 3336 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
22:04:12.0658 3336 Beep - ok
22:04:12.0822 3336 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
22:04:12.0897 3336 BFE - ok
22:04:12.0989 3336 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
22:04:13.0055 3336 BITS - ok
22:04:13.0147 3336 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
22:04:13.0197 3336 blbdrive - ok
22:04:13.0353 3336 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
22:04:13.0383 3336 Bonjour Service - ok
22:04:13.0446 3336 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
22:04:13.0464 3336 bowser - ok
22:04:13.0483 3336 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:04:13.0525 3336 BrFiltLo - ok
22:04:13.0565 3336 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:04:13.0583 3336 BrFiltUp - ok
22:04:13.0633 3336 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
22:04:13.0715 3336 Browser - ok
22:04:13.0755 3336 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
22:04:13.0786 3336 Brserid - ok
22:04:13.0809 3336 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
22:04:13.0844 3336 BrSerWdm - ok
22:04:13.0883 3336 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
22:04:13.0930 3336 BrUsbMdm - ok
22:04:13.0937 3336 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
22:04:13.0967 3336 BrUsbSer - ok
22:04:14.0041 3336 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
22:04:14.0070 3336 BthEnum - ok
22:04:14.0101 3336 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
22:04:14.0133 3336 BTHMODEM - ok
22:04:14.0189 3336 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
22:04:14.0226 3336 BthPan - ok
22:04:14.0335 3336 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\system32\Drivers\BTHport.sys
22:04:14.0375 3336 BTHPORT - ok
22:04:14.0412 3336 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
22:04:14.0450 3336 bthserv - ok
22:04:14.0493 3336 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\system32\Drivers\BTHUSB.sys
22:04:14.0526 3336 BTHUSB - ok
22:04:14.0582 3336 btwaudio (6bcfdc2b5b7f66d484486d4bd4b39a6b) C:\Windows\system32\drivers\btwaudio.sys
22:04:14.0594 3336 btwaudio - ok
22:04:14.0626 3336 btwavdt (82dc8b7c626e526681c1bebed2bc3ff9) C:\Windows\system32\drivers\btwavdt.sys
22:04:14.0638 3336 btwavdt - ok
22:04:14.0805 3336 btwdins (d65aa164acd0f6706dbcfbbcc9731584) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
22:04:14.0838 3336 btwdins - ok
22:04:14.0872 3336 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys
22:04:14.0881 3336 btwl2cap - ok
22:04:14.0919 3336 btwrchid (28e105ad3b79f440bf94780f507bf66a) C:\Windows\system32\DRIVERS\btwrchid.sys
22:04:14.0929 3336 btwrchid - ok
22:04:15.0045 3336 Capture Device Service (1778eba872274c1226d869cd9486847e) C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe
22:04:15.0060 3336 Capture Device Service - ok
22:04:15.0113 3336 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
22:04:15.0171 3336 cdfs - ok
22:04:15.0242 3336 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
22:04:15.0290 3336 cdrom - ok
22:04:15.0349 3336 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
22:04:15.0437 3336 CertPropSvc - ok
22:04:15.0501 3336 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
22:04:15.0559 3336 circlass - ok
22:04:15.0625 3336 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
22:04:15.0651 3336 CLFS - ok
22:04:15.0712 3336 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:04:15.0730 3336 clr_optimization_v2.0.50727_32 - ok
22:04:15.0773 3336 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:04:15.0798 3336 clr_optimization_v2.0.50727_64 - ok
22:04:15.0902 3336 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:04:15.0961 3336 clr_optimization_v4.0.30319_32 - ok
22:04:16.0010 3336 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:04:16.0027 3336 clr_optimization_v4.0.30319_64 - ok
22:04:16.0066 3336 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
22:04:16.0085 3336 CmBatt - ok
22:04:16.0121 3336 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
22:04:16.0134 3336 cmdide - ok
22:04:16.0205 3336 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
22:04:16.0233 3336 CNG - ok
22:04:16.0260 3336 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
22:04:16.0272 3336 Compbatt - ok
22:04:16.0308 3336 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
22:04:16.0334 3336 CompositeBus - ok
22:04:16.0355 3336 COMSysApp - ok
22:04:16.0366 3336 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
22:04:16.0379 3336 crcdisk - ok
22:04:16.0443 3336 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
22:04:16.0495 3336 CryptSvc - ok
22:04:16.0558 3336 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
22:04:16.0598 3336 CSC - ok
22:04:16.0669 3336 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
22:04:16.0709 3336 CscService - ok
22:04:16.0803 3336 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
22:04:16.0862 3336 DcomLaunch - ok
22:04:16.0936 3336 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
22:04:17.0024 3336 defragsvc - ok
22:04:17.0101 3336 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
22:04:17.0161 3336 DfsC - ok
22:04:17.0222 3336 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
22:04:17.0274 3336 Dhcp - ok
22:04:17.0302 3336 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
22:04:17.0360 3336 discache - ok
22:04:17.0410 3336 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
22:04:17.0422 3336 Disk - ok
22:04:17.0488 3336 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
22:04:17.0527 3336 Dnscache - ok
22:04:17.0604 3336 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
22:04:17.0669 3336 dot3svc - ok
22:04:17.0711 3336 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
22:04:17.0763 3336 DPS - ok
22:04:17.0897 3336 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
22:04:17.0982 3336 drmkaud - ok
22:04:17.0998 3336 dump_wmimmc - ok
22:04:18.0118 3336 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
22:04:18.0150 3336 DXGKrnl - ok
22:04:18.0206 3336 eamon (55851f4864f8ad6e98b02307eca29db4) C:\Windows\system32\DRIVERS\eamon.sys
22:04:18.0219 3336 eamon - ok
22:04:18.0246 3336 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
22:04:18.0299 3336 EapHost - ok
22:04:18.0534 3336 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
22:04:18.0649 3336 ebdrv - ok
22:04:18.0806 3336 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
22:04:18.0858 3336 EFS - ok
22:04:18.0997 3336 ehdrv (62c96b617ac7c4c8a9c29d57a36aa874) C:\Windows\system32\DRIVERS\ehdrv.sys
22:04:19.0026 3336 ehdrv - ok
22:04:19.0148 3336 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
22:04:19.0211 3336 ehRecvr - ok
22:04:19.0251 3336 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
22:04:19.0266 3336 ehSched - ok
22:04:19.0388 3336 EhttpSrv (6160f4cc52847923910cd5bb5dff4b31) C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
22:04:19.0414 3336 EhttpSrv - ok
22:04:19.0538 3336 ekrn (a5f63285c1b6c4b396d9ace0dffc88ef) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
22:04:19.0569 3336 ekrn - ok
22:04:19.0749 3336 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
22:04:19.0793 3336 elxstor - ok
22:04:19.0838 3336 epfw (9c4476159ccdef1a9b3f91dc580f1c46) C:\Windows\system32\DRIVERS\epfw.sys
22:04:19.0855 3336 epfw - ok
22:04:19.0920 3336 Epfwndis (34f666bf6387210034e4bcc5be6a3e45) C:\Windows\system32\DRIVERS\Epfwndis.sys
22:04:19.0935 3336 Epfwndis - ok
22:04:19.0968 3336 epfwwfp (bf2cb1efb98a888d6f676683cd48936f) C:\Windows\system32\DRIVERS\epfwwfp.sys
22:04:19.0982 3336 epfwwfp - ok
22:04:20.0009 3336 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
22:04:20.0046 3336 ErrDev - ok
22:04:20.0112 3336 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
22:04:20.0187 3336 EventSystem - ok
22:04:20.0231 3336 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
22:04:20.0271 3336 exfat - ok
22:04:20.0294 3336 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
22:04:20.0351 3336 fastfat - ok
22:04:20.0480 3336 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
22:04:20.0531 3336 Fax - ok
22:04:20.0556 3336 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
22:04:20.0583 3336 fdc - ok
22:04:20.0623 3336 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
22:04:20.0701 3336 fdPHost - ok
22:04:20.0726 3336 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
22:04:20.0805 3336 FDResPub - ok
22:04:20.0830 3336 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
22:04:20.0843 3336 FileInfo - ok
22:04:20.0853 3336 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
22:04:20.0908 3336 Filetrace - ok
22:04:20.0945 3336 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
22:04:20.0958 3336 flpydisk - ok
22:04:21.0022 3336 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
22:04:21.0051 3336 FltMgr - ok
22:04:21.0163 3336 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
22:04:21.0214 3336 FontCache - ok
22:04:21.0291 3336 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:04:21.0302 3336 FontCache3.0.0.0 - ok
22:04:21.0358 3336 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
22:04:21.0371 3336 FsDepends - ok
22:04:21.0410 3336 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
22:04:21.0420 3336 fssfltr - ok
22:04:21.0656 3336 fsssvc (4ce9dac1518ff7e77bd213e6394b9d77) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
22:04:21.0735 3336 fsssvc - ok
22:04:21.0889 3336 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
22:04:21.0904 3336 Fs_Rec - ok
22:04:21.0987 3336 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
22:04:22.0017 3336 fvevol - ok
22:04:22.0068 3336 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
22:04:22.0096 3336 gagp30kx - ok
22:04:22.0118 3336 GENERICDRV - ok
22:04:22.0222 3336 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
22:04:22.0300 3336 gpsvc - ok
22:04:22.0454 3336 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:04:22.0466 3336 gupdate - ok
22:04:22.0470 3336 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:04:22.0481 3336 gupdatem - ok
22:04:22.0501 3336 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
22:04:22.0532 3336 hcw85cir - ok
22:04:22.0608 3336 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
22:04:22.0640 3336 HdAudAddService - ok
22:04:22.0686 3336 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
22:04:22.0724 3336 HDAudBus - ok
22:04:22.0746 3336 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
22:04:22.0776 3336 HidBatt - ok
22:04:22.0803 3336 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
22:04:22.0840 3336 HidBth - ok
22:04:22.0847 3336 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
22:04:22.0904 3336 HidIr - ok
22:04:22.0940 3336 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
22:04:23.0015 3336 hidserv - ok
22:04:23.0071 3336 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
22:04:23.0094 3336 HidUsb - ok
22:04:23.0140 3336 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
22:04:23.0229 3336 hkmsvc - ok
22:04:23.0277 3336 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
22:04:23.0322 3336 HomeGroupListener - ok
22:04:23.0366 3336 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
22:04:23.0418 3336 HomeGroupProvider - ok
22:04:23.0468 3336 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
22:04:23.0483 3336 HpSAMD - ok
22:04:23.0583 3336 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
22:04:23.0650 3336 HTTP - ok
22:04:23.0681 3336 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
22:04:23.0694 3336 hwpolicy - ok
22:04:23.0749 3336 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
22:04:23.0764 3336 i8042prt - ok
22:04:23.0841 3336 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
22:04:23.0860 3336 iaStorV - ok
22:04:24.0296 3336 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:04:24.0337 3336 idsvc - ok
22:04:24.0399 3336 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
22:04:24.0413 3336 iirsp - ok
22:04:24.0588 3336 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
22:04:24.0668 3336 IKEEXT - ok
22:04:24.0713 3336 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
22:04:24.0739 3336 intelide - ok
22:04:24.0791 3336 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
22:04:24.0818 3336 intelppm - ok
22:04:24.0853 3336 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
22:04:24.0912 3336 IPBusEnum - ok
22:04:24.0963 3336 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:04:25.0015 3336 IpFilterDriver - ok
22:04:25.0101 3336 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
22:04:25.0159 3336 iphlpsvc - ok
22:04:25.0207 3336 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
22:04:25.0239 3336 IPMIDRV - ok
22:04:25.0294 3336 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
22:04:25.0346 3336 IPNAT - ok
22:04:25.0375 3336 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
22:04:25.0408 3336 IRENUM - ok
22:04:25.0432 3336 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
22:04:25.0444 3336 isapnp - ok
22:04:25.0496 3336 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
22:04:25.0513 3336 iScsiPrt - ok
22:04:25.0535 3336 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
22:04:25.0548 3336 kbdclass - ok
22:04:25.0601 3336 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
22:04:25.0627 3336 kbdhid - ok
22:04:25.0661 3336 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:04:25.0674 3336 KeyIso - ok
22:04:25.0726 3336 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
22:04:25.0756 3336 KSecDD - ok
22:04:25.0806 3336 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
22:04:25.0820 3336 KSecPkg - ok
22:04:25.0845 3336 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
22:04:25.0896 3336 ksthunk - ok
22:04:25.0963 3336 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
22:04:26.0046 3336 KtmRm - ok
22:04:26.0117 3336 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
22:04:26.0170 3336 LanmanServer - ok
22:04:26.0229 3336 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
22:04:26.0315 3336 LanmanWorkstation - ok
22:04:26.0383 3336 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
22:04:26.0430 3336 lltdio - ok
22:04:26.0477 3336 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
22:04:26.0534 3336 lltdsvc - ok
22:04:26.0552 3336 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
22:04:26.0591 3336 lmhosts - ok
22:04:26.0631 3336 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
22:04:26.0645 3336 LSI_FC - ok
22:04:26.0675 3336 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
22:04:26.0689 3336 LSI_SAS - ok
22:04:26.0709 3336 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:04:26.0724 3336 LSI_SAS2 - ok
22:04:26.0746 3336 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:04:26.0760 3336 LSI_SCSI - ok
22:04:26.0797 3336 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
22:04:26.0854 3336 luafv - ok
22:04:26.0949 3336 MBAMProtector (e330051cce41eb4522e5dcebc15adcea) C:\Windows\system32\drivers\mbam.sys
22:04:26.0974 3336 MBAMProtector - ok
22:04:27.0072 3336 MBAMService (47902a906ace88580b08ff58d4c0c205) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
22:04:27.0094 3336 MBAMService - ok
22:04:27.0129 3336 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
22:04:27.0164 3336 Mcx2Svc - ok
22:04:27.0200 3336 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
22:04:27.0217 3336 megasas - ok
22:04:27.0250 3336 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
22:04:27.0267 3336 MegaSR - ok
22:04:27.0357 3336 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
22:04:27.0380 3336 Microsoft Office Groove Audit Service - ok
22:04:27.0432 3336 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
22:04:27.0480 3336 MMCSS - ok
22:04:27.0512 3336 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
22:04:27.0559 3336 Modem - ok
22:04:27.0585 3336 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
22:04:27.0620 3336 monitor - ok
22:04:27.0667 3336 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
22:04:27.0679 3336 mouclass - ok
22:04:27.0733 3336 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
22:04:27.0776 3336 mouhid - ok
22:04:27.0838 3336 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
22:04:27.0860 3336 mountmgr - ok
22:04:27.0926 3336 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
22:04:27.0952 3336 MozillaMaintenance - ok
22:04:28.0000 3336 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
22:04:28.0019 3336 mpio - ok
22:04:28.0045 3336 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
22:04:28.0089 3336 mpsdrv - ok
22:04:28.0176 3336 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
22:04:28.0237 3336 MpsSvc - ok
22:04:28.0293 3336 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
22:04:28.0350 3336 MRxDAV - ok
22:04:28.0402 3336 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:04:28.0450 3336 mrxsmb - ok
22:04:28.0513 3336 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:04:28.0566 3336 mrxsmb10 - ok
22:04:28.0600 3336 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:04:28.0614 3336 mrxsmb20 - ok
22:04:28.0650 3336 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
22:04:28.0661 3336 msahci - ok
22:04:28.0715 3336 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
22:04:28.0728 3336 msdsm - ok
22:04:28.0772 3336 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
22:04:28.0805 3336 MSDTC - ok
22:04:28.0851 3336 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
22:04:28.0888 3336 Msfs - ok
22:04:28.0902 3336 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
22:04:28.0938 3336 mshidkmdf - ok
22:04:28.0953 3336 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
22:04:28.0965 3336 msisadrv - ok
22:04:29.0024 3336 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
22:04:29.0115 3336 MSiSCSI - ok
22:04:29.0119 3336 msiserver - ok
22:04:29.0169 3336 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
22:04:29.0218 3336 MSKSSRV - ok
22:04:29.0237 3336 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
22:04:29.0291 3336 MSPCLOCK - ok
22:04:29.0320 3336 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
22:04:29.0373 3336 MSPQM - ok
22:04:29.0426 3336 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
22:04:29.0444 3336 MsRPC - ok
22:04:29.0483 3336 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
22:04:29.0495 3336 mssmbios - ok
22:04:29.0511 3336 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
22:04:29.0557 3336 MSTEE - ok
22:04:29.0576 3336 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
22:04:29.0588 3336 MTConfig - ok
22:04:29.0621 3336 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
22:04:29.0634 3336 Mup - ok
22:04:29.0705 3336 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
22:04:29.0767 3336 napagent - ok
22:04:29.0828 3336 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
22:04:29.0861 3336 NativeWifiP - ok
22:04:29.0995 3336 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
22:04:30.0035 3336 NDIS - ok
22:04:30.0063 3336 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
22:04:30.0102 3336 NdisCap - ok
22:04:30.0127 3336 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
22:04:30.0165 3336 NdisTapi - ok
22:04:30.0204 3336 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
22:04:30.0258 3336 Ndisuio - ok
22:04:30.0299 3336 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
22:04:30.0349 3336 NdisWan - ok
22:04:30.0381 3336 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
22:04:30.0418 3336 NDProxy - ok
22:04:30.0464 3336 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
22:04:30.0512 3336 NetBIOS - ok
22:04:30.0562 3336 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
22:04:30.0636 3336 NetBT - ok
22:04:30.0672 3336 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:04:30.0686 3336 Netlogon - ok
22:04:30.0968 3336 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
22:04:31.0044 3336 Netman - ok
22:04:31.0109 3336 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
22:04:31.0175 3336 netprofm - ok
22:04:31.0270 3336 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:04:31.0308 3336 NetTcpPortSharing - ok
22:04:31.0366 3336 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
22:04:31.0384 3336 nfrd960 - ok
22:04:31.0449 3336 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
22:04:31.0499 3336 NlaSvc - ok
22:04:31.0512 3336 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
22:04:31.0551 3336 Npfs - ok
22:04:31.0580 3336 npggsvc - ok
22:04:31.0587 3336 NPPTNT2 - ok
22:04:31.0617 3336 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
22:04:31.0669 3336 nsi - ok
22:04:31.0686 3336 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
22:04:31.0742 3336 nsiproxy - ok
22:04:31.0891 3336 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
22:04:31.0956 3336 Ntfs - ok
22:04:32.0092 3336 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
22:04:32.0148 3336 Null - ok
22:04:32.0195 3336 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
22:04:32.0208 3336 nvraid - ok
22:04:32.0258 3336 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
22:04:32.0272 3336 nvstor - ok
22:04:32.0309 3336 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
22:04:32.0322 3336 nv_agp - ok
22:04:32.0447 3336 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:04:32.0471 3336 odserv - ok
22:04:32.0517 3336 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
22:04:32.0569 3336 ohci1394 - ok
22:04:32.0638 3336 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:04:32.0664 3336 ose - ok
22:04:32.0739 3336 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
22:04:32.0779 3336 p2pimsvc - ok
22:04:32.0834 3336 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
22:04:32.0854 3336 p2psvc - ok
22:04:32.0901 3336 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
22:04:32.0914 3336 Parport - ok
22:04:32.0954 3336 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
22:04:32.0985 3336 partmgr - ok
22:04:33.0025 3336 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
22:04:33.0057 3336 PcaSvc - ok
22:04:33.0100 3336 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
22:04:33.0116 3336 pci - ok
22:04:33.0132 3336 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
22:04:33.0145 3336 pciide - ok
22:04:33.0200 3336 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
22:04:33.0230 3336 pcmcia - ok
22:04:33.0243 3336 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
22:04:33.0256 3336 pcw - ok
22:04:33.0322 3336 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
22:04:33.0389 3336 PEAUTH - ok
22:04:33.0524 3336 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
22:04:33.0589 3336 PeerDistSvc - ok
22:04:33.0705 3336 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
22:04:33.0738 3336 PerfHost - ok
22:04:33.0878 3336 pfc - ok
22:04:34.0053 3336 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
22:04:34.0143 3336 pla - ok
22:04:34.0225 3336 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
22:04:34.0272 3336 PlugPlay - ok
22:04:34.0296 3336 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
22:04:34.0330 3336 PNRPAutoReg - ok
22:04:34.0372 3336 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
22:04:34.0389 3336 PNRPsvc - ok
22:04:34.0463 3336 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
22:04:34.0519 3336 PolicyAgent - ok
22:04:34.0562 3336 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
22:04:34.0617 3336 Power - ok
22:04:34.0729 3336 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
22:04:34.0793 3336 PptpMiniport - ok
22:04:34.0834 3336 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
22:04:34.0864 3336 Processor - ok
22:04:34.0934 3336 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
22:04:34.0987 3336 ProfSvc - ok
22:04:35.0017 3336 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:04:35.0030 3336 ProtectedStorage - ok
22:04:35.0094 3336 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
22:04:35.0152 3336 Psched - ok
22:04:35.0289 3336 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
22:04:35.0349 3336 ql2300 - ok
22:04:35.0486 3336 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
22:04:35.0513 3336 ql40xx - ok
22:04:35.0567 3336 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
22:04:35.0596 3336 QWAVE - ok
22:04:35.0611 3336 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
22:04:35.0647 3336 QWAVEdrv - ok
22:04:35.0668 3336 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
22:04:35.0733 3336 RasAcd - ok
22:04:35.0780 3336 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
22:04:35.0819 3336 RasAgileVpn - ok
22:04:35.0853 3336 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
22:04:35.0909 3336 RasAuto - ok
22:04:35.0997 3336 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:04:36.0087 3336 Rasl2tp - ok
22:04:36.0162 3336 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
22:04:36.0206 3336 RasMan - ok
22:04:36.0236 3336 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
22:04:36.0295 3336 RasPppoe - ok
22:04:36.0337 3336 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
22:04:36.0392 3336 RasSstp - ok
22:04:36.0443 3336 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
22:04:36.0503 3336 rdbss - ok
22:04:36.0520 3336 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
22:04:36.0538 3336 rdpbus - ok
22:04:36.0548 3336 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:04:36.0602 3336 RDPCDD - ok
22:04:36.0652 3336 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
22:04:36.0666 3336 RDPDR - ok
22:04:36.0701 3336 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
22:04:36.0738 3336 RDPENCDD - ok
22:04:36.0759 3336 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
22:04:36.0796 3336 RDPREFMP - ok
22:04:36.0856 3336 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
22:04:36.0904 3336 RdpVideoMiniport - ok
22:04:36.0959 3336 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
22:04:36.0992 3336 RDPWD - ok
22:04:37.0059 3336 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
22:04:37.0075 3336 rdyboost - ok
22:04:37.0115 3336 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
22:04:37.0169 3336 RemoteAccess - ok
22:04:37.0196 3336 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
22:04:37.0253 3336 RemoteRegistry - ok
22:04:37.0311 3336 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
22:04:37.0347 3336 RFCOMM - ok
22:04:37.0391 3336 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
22:04:37.0445 3336 RpcEptMapper - ok
22:04:37.0476 3336 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
22:04:37.0499 3336 RpcLocator - ok
22:04:37.0571 3336 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
22:04:37.0614 3336 RpcSs - ok
22:04:37.0656 3336 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
22:04:37.0694 3336 rspndr - ok
22:04:37.0755 3336 RSUSBSTOR (30f463768d5143bfd7b2df822b53cf4d) C:\Windows\system32\Drivers\RtsUStor.sys
22:04:37.0770 3336 RSUSBSTOR - ok
22:04:37.0843 3336 RTL8167 (fd978b2bf8a9b2390dcbef435e9c1f9f) C:\Windows\system32\DRIVERS\Rt64win7.sys
22:04:37.0858 3336 RTL8167 - ok
22:04:37.0901 3336 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
22:04:37.0925 3336 s3cap - ok
22:04:37.0961 3336 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:04:37.0974 3336 SamSs - ok
22:04:38.0013 3336 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
22:04:38.0026 3336 sbp2port - ok
22:04:38.0083 3336 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
22:04:38.0143 3336 SCardSvr - ok
22:04:38.0172 3336 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
22:04:38.0221 3336 scfilter - ok
22:04:38.0336 3336 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
22:04:38.0390 3336 Schedule - ok
22:04:38.0425 3336 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
22:04:38.0461 3336 SCPolicySvc - ok
22:04:38.0513 3336 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
22:04:38.0549 3336 SDRSVC - ok
22:04:38.0712 3336 SeaPort (16a252022535b680046f6e34e136d378) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
22:04:38.0747 3336 SeaPort - ok
22:04:38.0816 3336 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
22:04:38.0872 3336 secdrv - ok
22:04:38.0907 3336 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
22:04:38.0944 3336 seclogon - ok
22:04:38.0973 3336 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
22:04:39.0026 3336 SENS - ok
22:04:39.0047 3336 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
22:04:39.0062 3336 SensrSvc - ok
22:04:39.0080 3336 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
22:04:39.0110 3336 Serenum - ok
22:04:39.0149 3336 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
22:04:39.0163 3336 Serial - ok
22:04:39.0198 3336 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
22:04:39.0211 3336 sermouse - ok
22:04:39.0263 3336 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
22:04:39.0335 3336 SessionEnv - ok
22:04:39.0363 3336 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
22:04:39.0391 3336 sffdisk - ok
22:04:39.0395 3336 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
22:04:39.0414 3336 sffp_mmc - ok
22:04:39.0431 3336 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
22:04:39.0466 3336 sffp_sd - ok
22:04:39.0498 3336 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
22:04:39.0528 3336 sfloppy - ok
22:04:39.0579 3336 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
22:04:39.0632 3336 SharedAccess - ok
22:04:39.0688 3336 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
22:04:39.0746 3336 ShellHWDetection - ok
22:04:39.0810 3336 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:04:39.0841 3336 SiSRaid2 - ok
22:04:39.0863 3336 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
22:04:39.0876 3336 SiSRaid4 - ok
22:04:40.0034 3336 SkypeUpdate (68ea68d03bf58389fe6ad2b38fad798c) C:\Program Files (x86)\Skype\Updater\Updater.exe
22:04:40.0047 3336 SkypeUpdate - ok
22:04:40.0103 3336 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
22:04:40.0159 3336 Smb - ok
22:04:40.0203 3336 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
22:04:40.0218 3336 SNMPTRAP - ok
22:04:40.0232 3336 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
22:04:40.0246 3336 spldr - ok
22:04:40.0322 3336 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
22:04:40.0367 3336 Spooler - ok
22:04:40.0699 3336 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
22:04:40.0856 3336 sppsvc - ok
22:04:40.0984 3336 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
22:04:41.0059 3336 sppuinotify - ok
22:04:41.0173 3336 sprtsvc_DellSupportCenter (d630b6f2e8379b6f10dc16e82a426552) C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
22:04:41.0187 3336 sprtsvc_DellSupportCenter - ok
22:04:41.0341 3336 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
22:04:41.0343 3336 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
22:04:41.0347 3336 sptd ( LockedFile.Multi.Generic ) - warning
22:04:41.0347 3336 sptd - detected LockedFile.Multi.Generic (1)
22:04:41.0413 3336 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
22:04:41.0452 3336 srv - ok
22:04:41.0514 3336 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
22:04:41.0549 3336 srv2 - ok
22:04:41.0598 3336 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
22:04:41.0631 3336 srvnet - ok
22:04:41.0684 3336 ssadbus (8f8324ed1de63ffc7b1a02cd2d963c72) C:\Windows\system32\DRIVERS\ssadbus.sys
22:04:41.0718 3336 ssadbus - ok
22:04:41.0764 3336 ssadmdfl (58221efcb74167b73667f0024c661ce0) C:\Windows\system32\DRIVERS\ssadmdfl.sys
22:04:41.0793 3336 ssadmdfl - ok
22:04:41.0850 3336 ssadmdm (4da7c71bfac5ad71255b7e4cab980163) C:\Windows\system32\DRIVERS\ssadmdm.sys
22:04:41.0880 3336 ssadmdm - ok
22:04:41.0949 3336 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
22:04:42.0018 3336 SSDPSRV - ok
22:04:42.0039 3336 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
22:04:42.0078 3336 SstpSvc - ok
22:04:42.0219 3336 STacSV (463e33b1ea7af1e6eb87b66b831db41a) C:\Program Files\IDT\WDM\STacSV64.exe
22:04:42.0245 3336 STacSV - ok
22:04:42.0249 3336 StarOpen - ok
22:04:42.0287 3336 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
22:04:42.0299 3336 stexstor - ok
22:04:42.0364 3336 STHDA (4304b75094e106fb5423a290c95841e5) C:\Windows\system32\DRIVERS\stwrt64.sys
22:04:42.0393 3336 STHDA - ok
22:04:42.0451 3336 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
22:04:42.0495 3336 StillCam - ok
22:04:42.0575 3336 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
22:04:42.0627 3336 stisvc - ok
22:04:42.0747 3336 StkTMini (b6baf8151060f07386c72bc5641290b3) C:\Windows\system32\Drivers\StkTMini.sys
22:04:42.0788 3336 StkTMini ( UnsignedFile.Multi.Generic ) - warning
22:04:42.0788 3336 StkTMini - detected UnsignedFile.Multi.Generic (1)
22:04:42.0831 3336 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
22:04:42.0843 3336 storflt - ok
22:04:42.0858 3336 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
22:04:42.0871 3336 storvsc - ok
22:04:42.0885 3336 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
22:04:42.0897 3336 swenum - ok
22:04:42.0983 3336 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
22:04:43.0058 3336 swprv - ok
22:04:43.0077 3336 Synth3dVsc - ok
22:04:43.0151 3336 SynTP (8a3fbcb3d6d4710730d27da4392a4863) C:\Windows\system32\DRIVERS\SynTP.sys
22:04:43.0166 3336 SynTP - ok
22:04:43.0320 3336 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
22:04:43.0409 3336 SysMain - ok
22:04:43.0561 3336 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
22:04:43.0595 3336 TabletInputService - ok
22:04:43.0663 3336 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
22:04:43.0723 3336 TapiSrv - ok
22:04:43.0766 3336 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
22:04:43.0805 3336 TBS - ok
22:04:44.0049 3336 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
22:04:44.0141 3336 Tcpip - ok
22:04:44.0423 3336 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
22:04:44.0464 3336 TCPIP6 - ok
22:04:44.0594 3336 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
22:04:44.0679 3336 tcpipreg - ok
22:04:44.0720 3336 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
22:04:44.0751 3336 TDPIPE - ok
22:04:44.0785 3336 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
22:04:44.0808 3336 TDTCP - ok
22:04:44.0868 3336 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
22:04:44.0920 3336 tdx - ok
22:04:44.0959 3336 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
22:04:44.0987 3336 TermDD - ok
22:04:45.0055 3336 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
22:04:45.0120 3336 TermService - ok
22:04:45.0156 3336 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
22:04:45.0187 3336 Themes - ok
22:04:45.0222 3336 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
22:04:45.0261 3336 THREADORDER - ok
22:04:45.0312 3336 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
22:04:45.0352 3336 TrkWks - ok
22:04:45.0417 3336 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
22:04:45.0455 3336 TrustedInstaller - ok
22:04:45.0501 3336 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:04:45.0556 3336 tssecsrv - ok
22:04:45.0592 3336 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
22:04:45.0604 3336 TsUsbFlt - ok
22:04:45.0624 3336 tsusbhub - ok
22:04:45.0689 3336 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
22:04:45.0744 3336 tunnel - ok
22:04:45.0786 3336 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
22:04:45.0799 3336 uagp35 - ok
22:04:45.0857 3336 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
22:04:45.0906 3336 udfs - ok
22:04:45.0938 3336 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
22:04:45.0954 3336 UI0Detect - ok
22:04:46.0000 3336 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
22:04:46.0012 3336 uliagpkx - ok
22:04:46.0057 3336 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
22:04:46.0070 3336 umbus - ok
22:04:46.0091 3336 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
22:04:46.0117 3336 UmPass - ok
22:04:46.0164 3336 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
22:04:46.0192 3336 UmRdpService - ok
22:04:46.0247 3336 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
22:04:46.0290 3336 upnphost - ok
22:04:46.0343 3336 USBAAPL64 (54d4b48d443e7228bf64cf7cdc3118ac) C:\Windows\system32\Drivers\usbaapl64.sys
22:04:46.0354 3336 USBAAPL64 - ok
22:04:46.0418 3336 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
22:04:46.0458 3336 usbaudio - ok
22:04:46.0501 3336 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
22:04:46.0519 3336 usbccgp - ok
22:04:46.0572 3336 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
22:04:46.0594 3336 usbcir - ok
22:04:46.0638 3336 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
22:04:46.0670 3336 usbehci - ok
22:04:46.0706 3336 usbfilter (2c780746dc44a28fe67004dc58173f05) C:\Windows\system32\DRIVERS\usbfilter.sys
22:04:46.0716 3336 usbfilter - ok
22:04:46.0799 3336 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
22:04:46.0838 3336 usbhub - ok
22:04:46.0866 3336 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
22:04:46.0879 3336 usbohci - ok
22:04:46.0904 3336 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
22:04:46.0940 3336 usbprint - ok
22:04:47.0110 3336 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
22:04:47.0163 3336 usbscan - ok
22:04:47.0211 3336 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:04:47.0256 3336 USBSTOR - ok
22:04:47.0284 3336 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
22:04:47.0319 3336 usbuhci - ok
22:04:47.0394 3336 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
22:04:47.0411 3336 usbvideo - ok
22:04:47.0447 3336 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
22:04:47.0503 3336 UxSms - ok
22:04:47.0539 3336 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:04:47.0553 3336 VaultSvc - ok
22:04:47.0601 3336 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
22:04:47.0628 3336 vdrvroot - ok
22:04:47.0716 3336 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
22:04:47.0761 3336 vds - ok
22:04:47.0818 3336 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
22:04:47.0834 3336 vga - ok
22:04:47.0851 3336 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
22:04:47.0900 3336 VgaSave - ok
22:04:47.0921 3336 VGPU - ok
22:04:47.0973 3336 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
22:04:47.0988 3336 vhdmp - ok
22:04:48.0026 3336 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
22:04:48.0038 3336 viaide - ok
22:04:48.0087 3336 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
22:04:48.0112 3336 vmbus - ok
22:04:48.0143 3336 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
22:04:48.0170 3336 VMBusHID - ok
22:04:48.0198 3336 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
22:04:48.0210 3336 volmgr - ok
22:04:48.0272 3336 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
22:04:48.0301 3336 volmgrx - ok
22:04:48.0363 3336 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
22:04:48.0379 3336 volsnap - ok
22:04:48.0432 3336 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
22:04:48.0447 3336 vsmraid - ok
22:04:48.0602 3336 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
22:04:48.0692 3336 VSS - ok
22:04:48.0831 3336 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
22:04:48.0886 3336 vwifibus - ok
22:04:48.0916 3336 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
22:04:48.0954 3336 vwififlt - ok
22:04:48.0992 3336 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
22:04:49.0009 3336 vwifimp - ok
22:04:49.0074 3336 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
22:04:49.0118 3336 W32Time - ok
22:04:49.0153 3336 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
22:04:49.0186 3336 WacomPen - ok
22:04:49.0245 3336 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
22:04:49.0291 3336 WANARP - ok
22:04:49.0313 3336 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
22:04:49.0352 3336 Wanarpv6 - ok
22:04:49.0549 3336 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
22:04:49.0597 3336 WatAdminSvc - ok
22:04:49.0771 3336 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
22:04:49.0857 3336 wbengine - ok
22:04:50.0002 3336 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
22:04:50.0035 3336 WbioSrvc - ok
22:04:50.0094 3336 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
22:04:50.0133 3336 wcncsvc - ok
22:04:50.0149 3336 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
22:04:50.0164 3336 WcsPlugInService - ok
22:04:50.0231 3336 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
22:04:50.0260 3336 Wd - ok
22:04:50.0324 3336 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
22:04:50.0349 3336 Wdf01000 - ok
22:04:50.0369 3336 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
22:04:50.0404 3336 WdiServiceHost - ok
22:04:50.0410 3336 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
22:04:50.0430 3336 WdiSystemHost - ok
22:04:50.0491 3336 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
22:04:50.0534 3336 WebClient - ok
22:04:50.0578 3336 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
22:04:50.0629 3336 Wecsvc - ok
22:04:50.0657 3336 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
22:04:50.0697 3336 wercplsupport - ok
22:04:50.0727 3336 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
22:04:50.0766 3336 WerSvc - ok
22:04:50.0844 3336 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
22:04:50.0910 3336 WfpLwf - ok
22:04:50.0923 3336 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
22:04:50.0936 3336 WIMMount - ok
22:04:50.0966 3336 WinDefend - ok
22:04:50.0974 3336 WinHttpAutoProxySvc - ok
22:04:51.0058 3336 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
22:04:51.0135 3336 Winmgmt - ok
22:04:51.0306 3336 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
22:04:51.0400 3336 WinRM - ok
22:04:51.0593 3336 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
22:04:51.0610 3336 WinUsb - ok
22:04:51.0707 3336 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
22:04:51.0758 3336 Wlansvc - ok
22:04:51.0864 3336 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
22:04:51.0888 3336 wlcrasvc - ok
22:04:52.0112 3336 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:04:52.0169 3336 wlidsvc - ok
22:04:52.0235 3336 wltrysvc (de816a0624d54d68e1fb8a9028dcf81a) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
22:04:52.0261 3336 wltrysvc ( UnsignedFile.Multi.Generic ) - warning
22:04:52.0261 3336 wltrysvc - detected UnsignedFile.Multi.Generic (1)
22:04:52.0453 3336 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
22:04:52.0490 3336 WmiAcpi - ok
22:04:52.0574 3336 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
22:04:52.0610 3336 wmiApSrv - ok
22:04:52.0653 3336 WMPNetworkSvc - ok
22:04:52.0682 3336 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
22:04:52.0696 3336 WPCSvc - ok
22:04:52.0733 3336 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
22:04:52.0750 3336 WPDBusEnum - ok
22:04:52.0779 3336 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
22:04:52.0838 3336 ws2ifsl - ok
22:04:52.0869 3336 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
22:04:52.0906 3336 wscsvc - ok
22:04:52.0909 3336 WSearch - ok
22:04:53.0107 3336 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
22:04:53.0244 3336 wuauserv - ok
22:04:53.0407 3336 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
22:04:53.0490 3336 WudfPf - ok
22:04:53.0531 3336 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:04:53.0569 3336 WUDFRd - ok
22:04:53.0612 3336 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
22:04:53.0650 3336 wudfsvc - ok
22:04:53.0701 3336 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
22:04:53.0722 3336 WwanSvc - ok
22:04:53.0757 3336 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
22:04:53.0913 3336 \Device\Harddisk0\DR0 - ok
22:04:53.0920 3336 Boot (0x1200) (0c92d26aa03dd70d96388101c558d781) \Device\Harddisk0\DR0\Partition0
22:04:53.0923 3336 \Device\Harddisk0\DR0\Partition0 - ok
22:04:53.0961 3336 Boot (0x1200) (76e7e741f52799c8e6ae154124802de3) \Device\Harddisk0\DR0\Partition1
22:04:53.0963 3336 \Device\Harddisk0\DR0\Partition1 - ok
22:04:53.0981 3336 Boot (0x1200) (b10506f5ab35a3b1494d9db42d414fed) \Device\Harddisk0\DR0\Partition2
22:04:53.0983 3336 \Device\Harddisk0\DR0\Partition2 - ok
22:04:53.0983 3336 ============================================================
22:04:53.0983 3336 Scan finished
22:04:53.0983 3336 ============================================================
22:04:54.0001 5064 Detected object count: 3
22:04:54.0001 5064 Actual detected object count: 3
22:05:11.0909 5064 sptd ( LockedFile.Multi.Generic ) - skipped by user
22:05:11.0909 5064 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
22:05:11.0910 5064 StkTMini ( UnsignedFile.Multi.Generic ) - skipped by user
22:05:11.0910 5064 StkTMini ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:05:11.0914 5064 wltrysvc ( UnsignedFile.Multi.Generic ) - skipped by user
22:05:11.0914 5064 wltrysvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:06:01.0077 3500 Deinitialize success

4. The Virscan results.

VirSCAN.org Scanned Report :
Scanned time : 2012/05/04 22:08:35 (BST)
Scanner results: Scanners did not find malware!
File Name : MusiccityDownload.exe
File Size : 30568 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : 35783ff1ccab7cfbfe799ef8d6476c0d
SHA1 : ad563aa5d439a32e085d657759d7d734b95d0d06
Online report : http://r.virscan.org...0dba877f21a3449

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.1.0.4 20120504150131 2012-05-04 0.35 -
AhnLab V3 2012.03.26.00 2012.03.26 2012-03-26 5.04 -
AntiVir 8.2.10.58 7.11.28.226 2012-04-27 0.18 -
Antiy 2.0.18 2.0.18. 0002-18-00 0.28 -
Arcavir 2011 201205021247 2012-05-02 4.29 -
Authentium 5.1.1 201205041521 2012-05-04 1.70 -
AVAST! 4.7.4 120504-0 2012-05-04 0.23 -
AVG 12.0.1782 2425/4977 2012-05-04 0.43 -
BitDefender 7.90123.7135111 7.42160 2012-05-05 5.07 -
ClamAV 0.97.3 14875 2012-05-04 0.18 -
Comodo 5.1 12223 2012-05-03 2.46 -
CP Secure 1.3.0.5 2012.05.05 2012-05-05 0.21 -
Dr.Web 7.0.1.2210 2012.05.04 2012-05-04 13.82 -
F-Prot 4.6.2.117 20120504 2012-05-04 0.88 -
F-Secure 7.02.73807 2012.05.04.06 2012-05-04 2.56 -
Fortinet 4.3.392 15.493 2012-05-03 0.24 -
GData 22.4862 20120504 2012-05-04 5.19 -
ViRobot 20120504 2012.05.04 2012-05-04 0.40 -
Ikarus T3.1.32.20.0 2012.05.04.81110 2012-05-04 5.76 -
JiangMin 13.0.900 2012.05.03 2012-05-03 2.05 -
Kaspersky 5.5.10 2012.05.04 2012-05-04 0.38 -
KingSoft 2009.2.5.15 2012.5.4.14 2012-05-04 0.91 -
McAfee 5400.1158 6701 2012-05-04 8.53 -
Microsoft 1.8304 2012.05.03 2012-05-03 5.31 -
NOD32 3.0.21 7111 2012-05-04 0.19 -
Panda 9.05.01 2012.05.04 2012-05-04 3.02 -
Trend Micro 9.500-1005 8.972.01 2012-05-03 0.20 -
Quick Heal 11.00 2012.05.03 2012-05-03 1.00 -
Rising 20.0 24.08.03.03 2012-05-03 2.72 -
Sophos 3.30.0 4.76 2012-05-04 5.09 -
Sunbelt 3.9.2536.2 11874 2012-05-03 0.89 -
Symantec 1.3.0.24 20120503.004 2012-05-03 0.19 -
nProtect 20120503.01 11229042 2012-05-03 1.30 -
The Hacker 6.8.0.0 v00003 2012-05-03 0.56 -
VBA32 3.12.16.4 20120504.1106 2012-05-04 3.79 -
VirusBuster 5.5.0.2 14.2.58.0/8605414 2012-05-04 0.19 -




VirSCAN.org Scanned Report :
Scanned time : 2012/05/04 22:14:35 (BST)
Scanner results: Scanners did not find malware!
File Name : cis-2.4.dll
File Size : 974848 byte
File Type : PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bi
MD5 : 209fdf5096afd1312b98527b8b7b852e
SHA1 : 8c815fd4cac628759ebddbd0e83e945abf3d855a
Online report : http://r.virscan.org...67d3aae10fcca1a

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.1.0.4 20120504150131 2012-05-04 0.34 -
AhnLab V3 2012.03.26.00 2012.03.26 2012-03-26 3.58 -
AntiVir 8.2.10.58 7.11.28.226 2012-04-27 0.18 -
Antiy 2.0.18 2.0.18. 0002-18-00 0.28 -
Arcavir 2011 201205021247 2012-05-02 4.20 -
Authentium 5.1.1 201205041521 2012-05-04 1.58 -
AVAST! 4.7.4 120504-0 2012-05-04 0.39 -
AVG 12.0.1782 2425/4977 2012-05-04 0.26 -
BitDefender 7.90123.7135111 7.42160 2012-05-05 3.95 -
ClamAV 0.97.3 14875 2012-05-04 0.30 -
Comodo 5.1 12223 2012-05-03 2.44 -
CP Secure 1.3.0.5 2012.05.05 2012-05-05 0.28 -
Dr.Web 7.0.1.2210 2012.05.04 2012-05-04 13.01 -
F-Prot 4.6.2.117 20120504 2012-05-04 1.01 -
F-Secure 7.02.73807 2012.05.04.06 2012-05-04 0.32 -
Fortinet 4.3.392 15.493 2012-05-03 0.29 -
GData 22.4862 20120504 2012-05-04 5.28 -
ViRobot 20120504 2012.05.04 2012-05-04 0.36 -
Ikarus T3.1.32.20.0 2012.05.04.81110 2012-05-04 5.53 -
JiangMin 13.0.900 2012.05.03 2012-05-03 2.07 -
Kaspersky 5.5.10 2012.05.04 2012-05-04 0.48 -
KingSoft 2009.2.5.15 2012.5.4.14 2012-05-04 1.05 -
McAfee 5400.1158 6701 2012-05-04 9.43 -
Microsoft 1.8304 2012.05.03 2012-05-03 10.78 -
NOD32 3.0.21 7111 2012-05-04 0.22 -
Panda 9.05.01 2012.05.04 2012-05-04 2.93 -
Trend Micro 9.500-1005 8.972.01 2012-05-03 0.21 -
Quick Heal 11.00 2012.05.03 2012-05-03 1.21 -
Rising 20.0 24.08.03.03 2012-05-03 2.70 -
Sophos 3.30.0 4.76 2012-05-04 5.25 -
Sunbelt 3.9.2536.2 11874 2012-05-03 0.80 -
Symantec 1.3.0.24 20120503.004 2012-05-03 0.16 -
nProtect 20120503.01 11229042 2012-05-03 1.39 -
The Hacker 6.8.0.0 v00003 2012-05-03 0.61 -
VBA32 3.12.16.4 20120504.1106 2012-05-04 4.19 -
VirusBuster 5.5.0.2 14.2.58.0/8605414 2012-05-04 0.19 -



VirSCAN.org Scanned Report :
Scanned time : 2012/05/04 22:23:58 (BST)
Scanner results: Scanners did not find malware!
File Name : issacapi_bs-2.3.dll
File Size : 81920 byte
File Type : PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bi
MD5 : d8d6fa22135619b3c3b32441571b3c4f
SHA1 : 87bea67413f6029ac22b695cb4b1ddbddd4dfb35
Online report : http://r.virscan.org...4a9eea9bacf67a0

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.1.0.4 20120504150131 2012-05-04 0.34 -
AhnLab V3 2012.03.26.00 2012.03.26 2012-03-26 2.06 -
AntiVir 8.2.10.58 7.11.28.226 2012-04-27 0.20 -
Antiy 2.0.18 2.0.18. 0002-18-00 0.28 -
Arcavir 2011 201205021247 2012-05-02 4.37 -
Authentium 5.1.1 201205041521 2012-05-04 1.48 -
AVAST! 4.7.4 120504-0 2012-05-04 0.19 -
AVG 12.0.1782 2425/4977 2012-05-04 0.28 -
BitDefender 7.90123.7135111 7.42160 2012-05-05 4.37 -
ClamAV 0.97.3 14875 2012-05-04 0.19 -
Comodo 5.1 12223 2012-05-03 2.35 -
CP Secure 1.3.0.5 2012.05.05 2012-05-05 0.23 -
Dr.Web 7.0.1.2210 2012.05.04 2012-05-04 12.40 -
F-Prot 4.6.2.117 20120504 2012-05-04 0.86 -
F-Secure 7.02.73807 2012.05.04.06 2012-05-04 0.23 -
Fortinet 4.3.392 15.493 2012-05-03 0.20 -
GData 22.4862 20120504 2012-05-04 5.33 -
ViRobot 20120504 2012.05.04 2012-05-04 0.37 -
Ikarus T3.1.32.20.0 2012.05.04.81110 2012-05-04 5.52 -
JiangMin 13.0.900 2012.05.03 2012-05-03 2.12 -
Kaspersky 5.5.10 2012.05.04 2012-05-04 0.47 -
KingSoft 2009.2.5.15 2012.5.4.14 2012-05-04 1.03 -
McAfee 5400.1158 6701 2012-05-04 8.94 -
Microsoft 1.8304 2012.05.03 2012-05-03 7.05 -
NOD32 3.0.21 7111 2012-05-04 0.19 -
Panda 9.05.01 2012.05.04 2012-05-04 3.47 -
Trend Micro 9.500-1005 8.972.01 2012-05-03 0.21 -
Quick Heal 11.00 2012.05.03 2012-05-03 1.02 -
Rising 20.0 24.08.03.03 2012-05-03 2.80 -
Sophos 3.30.0 4.76 2012-05-04 5.12 -
Sunbelt 3.9.2536.2 11874 2012-05-03 0.88 -
Symantec 1.3.0.24 20120503.004 2012-05-03 0.17 -
nProtect 20120503.01 11229042 2012-05-03 1.42 -
The Hacker 6.8.0.0 v00003 2012-05-03 0.59 -
VBA32 3.12.16.4 20120504.1106 2012-05-04 3.64 -
VirusBuster 5.5.0.2 14.2.58.0/8605414 2012-05-04 0.19 -
  • 0

#6
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hi Angellalt,

Good job! :thumbsup: I'm glad your programs are working again. OTL took care of a bunch of stuff but there are some entries that we need to remove manually.

First, if you uninstalled uTorrent, please delete the following folder:
C:\Users\Ruta\AppData\Roaming\uTorrent

Next we want to remove the Babylon search engine and Coupon Printer plugins from Chrome.
Then we will look for any remnants of malware and if everything is ok we'll be ready to wrap this puppy up.


Step-1.

  • Start Google Chrome and click the Tools icon in the upper right corner of your Google Chrome window. (It is the one that looks like a small wrench..Posted Image) and click Options on the drop down menu.
    The Google Chrome Options window will open.
  • Click the Basics tab.
  • In the Default Search section, click the Manage button. A Search Engines window will open.
  • Find the Babylon entry. Click it to highlight it and click the Remove button.
  • Next choose which search engine you want to use, (Google for example), and click the Make Default button beside it.
  • Click the Close button.
  • Close out all windows until you get back to the Chrome browser.
  • Click the Tools icon in the upper right corner again. This time click Extensions from the drop down menu.
    A window will open a list of all of the extensions you currently have installed in Google Chrome.
  • Find the following entries and click the Uninstall button beside them. NOTE: If Uninstall is not there, click the Disable button.
    • Coupon Printer Manager
  • Close out all windows to get back to the main browser window.
  • Re-start Chrome to make the changes effective.


Step-2.

Update MalwareBytes and Scan

Open MalwareBytes.
  • If it doesn't automatically ask to update the program, click the Update tab and update it.
  • After the update has finished, click the Scanner tab and click the radio button beside Perform Full Scan
  • Click the Scan button.
  • MBAM will now start scanning your computer for malware. This process can take quite a while, so I suggest you go and do something else and periodically check on the status of the scan.
  • When the scan is finished a message box will appear as shown in the image below.

    Posted Image
    You should click on the OK button to close the message box and continue with the removal process.
  • You will now be back at the main Scanner screen. At this point you should click on the Show Results button.
  • A screen displaying all the malware that the program found will be shown.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


Step-3.

Run ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista / 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
  • Please go here then click on: Posted Image

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!


Step-4.

Run Security Check

Download Security Check from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

And a final OTL scan.

Step-5.

Run OTL again and click the Posted Image button. Post the OTL.txt log it produces in your next reply.


Step-6.

Things For Your Next Post:
1. Let me know if you were able to remove the Babylon search engine and Coupon Printer plugins from Chrome.
2. The MalwareBytes scan log
3. The ESET scan log
4. The Checkup.txt log
5. The new OTL.txt log

Tell me how the computer is running now.
  • 0

#7
Angellalt

Angellalt

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Hello!

My computer seems to be running perfectly well :) all programmes are working well, I do not have error massage when I start my computer anymore. Thank you so much for all the help!

Now, I have removed Babylon search engine, but I didnt see Coupon Printer plugin anywhere.

Here are the logs

2. The MalwareBytes scan log

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.05.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Ruta :: RUTA-PC [administrator]

Protection: Enabled

05/05/2012 22:13:57
mbam-log-2012-05-05 (23-27-03).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 375031
Time elapsed: 1 hour(s), 12 minute(s), 27 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 4
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65bcd620-07dd-012f-819f-073cf1b8f7c6} (Adware.GamePlayLab) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> No action taken.
HKCU\SOFTWARE\CE8SIIFGSU (Trojan.FakeAlert) -> No action taken.
HKCU\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> No action taken.

Registry Values Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Microsoft® Windows Update (Trojan.Agent) -> Data: C:\Users\Ruta\M-1-52-5782-8752-5245\winsvc.exe -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|GoogleDownload (Trojan.Downloader) -> Data: C:\Users\Ruta\AppData\Roaming\GoogleDownload.exe -> No action taken.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\Users\Ruta\M-1-52-5782-8752-5245 (Trojan.Agent.Gen) -> No action taken.

Files Detected: 6
C:\_OTL\MovedFiles\05042012_214122\C_Users\Ruta\0.3670661442765544.exe (Virus.Ramnit) -> No action taken.
C:\_OTL\MovedFiles\05042012_214122\C_Users\Ruta\AppData\Local\jbvdkhdd\renpugbr.exe (Virus.Ramnit) -> No action taken.
C:\_OTL\MovedFiles\05042012_214122\C_Users\Ruta\AppData\Local\Temp\jmlkwjoapjguibne.exe (Virus.Ramnit) -> No action taken.
C:\_OTL\MovedFiles\05042012_214122\C_Users\Ruta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\renpugbr.exe (Virus.Ramnit) -> No action taken.
D:\SOFT\ABBYY.FineReader.Pro.9.0.0.1019\ABBYY.FineReader.Pro.9.0.0.1019\CURE\Crack\FineReader.exe (PUP.Hacktool.Patcher) -> No action taken.
C:\Users\Ruta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.1640578400891658.exe.lnk (Backdoor.Agent) -> No action taken.

(end)

3. The ESET scan log

C:\Users\Ruta\Downloads\Unlocker1.9.1.exe a variant of Win32/Toolbar.Babylon application deleted - quarantined
D:\ESET NOD 32 Anti-Virus 4.0.468.0 (32 & 64-bit).rar Win32/RiskWare.HackAV.CX application deleted - quarantined
D:\SOFT\ABBYY.FineReader.Pro.9.0.0.1019.rar a variant of Win32/HackTool.Patcher.N application deleted - quarantined
D:\SOFT\Adobe Premiere Elements 8.exe BAT/HostsChanger.A application deleted - quarantined
D:\SOFT\Adobe Photoshop CS5 Extended Edition Incl. Serial\adobe-photoshop-cs5-extended keygen.rar a variant of Win32/HackTool.Patcher.P application deleted - quarantined

4. The Checkup.txt log

Results of screen317's Security Check version 0.99.32
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Java™ 6 Update 26
Java version out of date!
Adobe Reader X (10.1.3)
Mozilla Firefox (12.0.)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe
``````````End of Log````````````

5. The new OTL.txt log

OTL logfile created on: 06/05/2012 13:20:04 - Run 3
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\Ruta\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.75 Gb Total Physical Memory | 2.12 Gb Available Physical Memory | 56.71% Memory free
7.49 Gb Paging File | 5.63 Gb Available in Paging File | 75.12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97.56 Gb Total Space | 44.73 Gb Free Space | 45.85% Space Free | Partition Type: NTFS
Drive D: | 368.10 Gb Total Space | 273.67 Gb Free Space | 74.35% Space Free | Partition Type: NTFS

Computer Name: RUTA-PC | User Name: Ruta | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/02 14:11:09 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Ruta\Desktop\OTL.exe
PRC - [2012/04/30 17:51:15 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/04/04 06:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/03/31 04:38:26 | 000,021,392 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2012/03/31 04:38:14 | 003,521,424 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
PRC - [2011/07/29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/05/15 23:01:44 | 000,478,720 | ---- | M] (Crossrider) -- C:\Program Files (x86)\CrossriderWebApps\Crossrider.exe
PRC - [2010/04/01 10:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2009/07/01 19:54:04 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2009/05/21 09:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
PRC - [2009/05/21 09:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/05/14 15:47:54 | 000,731,840 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
PRC - [2007/03/06 10:35:02 | 000,198,168 | ---- | M] (InterVideo Inc.) -- C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe
PRC - [2005/12/21 21:23:58 | 000,278,528 | ---- | M] (ACD Systems, Ltd.) -- C:\Program Files (x86)\Common Files\ACD Systems\EN\DevDetect.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/04 21:48:52 | 000,115,137 | ---- | M] () -- C:\Users\Ruta\AppData\Local\Temp\bd7c47bb-f5c0-417c-a180-ec348d87718a\CliSecureRT.dll
MOD - [2012/05/04 14:42:45 | 008,797,344 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
MOD - [2012/04/30 17:51:15 | 001,952,696 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/04/11 20:32:35 | 018,000,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\caf9fdf2957d955ccb07d837d095eae1\PresentationFramework.ni.dll
MOD - [2012/04/11 20:32:18 | 011,450,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\7a2fecd8284d0c427d16ff278a1e574f\PresentationCore.ni.dll
MOD - [2012/04/11 20:32:15 | 013,197,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\a36af74ac369a8c1f3171cd6fb18f3a6\System.Windows.Forms.ni.dll
MOD - [2012/04/11 20:32:06 | 003,858,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\32a65725ff7d128428e35d8100dad4be\WindowsBase.ni.dll
MOD - [2012/04/11 20:32:04 | 001,665,536 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\64ea1d0193e735b953c94d16d6fd2146\System.Drawing.ni.dll
MOD - [2012/03/31 04:38:26 | 000,021,392 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MOD - [2012/03/07 08:13:33 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\eef171dee81858018c3956485fff7ba7\System.Management.ni.dll
MOD - [2012/03/07 08:11:50 | 000,762,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\4017661cfa4a173b878d7e2a949c3a9e\System.Runtime.Remoting.ni.dll
MOD - [2012/03/07 08:11:41 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\b9942cb07813f553f6d6374dd4541362\System.Xaml.ni.dll
MOD - [2012/03/07 00:57:54 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\1c5b741f270fccb3b527b4fc3a8431f3\PresentationFramework.Aero.ni.dll
MOD - [2012/03/07 00:57:24 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\b7409080f31b0a702281b68c37bac326\System.Core.ni.dll
MOD - [2012/03/07 00:57:21 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\68345d6b57fe33c9a94fe6a72ab5e85e\System.Xml.ni.dll
MOD - [2012/03/07 00:57:17 | 009,091,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\57e066d0b97757dbd26d59302c3d701a\System.ni.dll
MOD - [2012/03/07 00:57:10 | 014,414,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\e5b31f3bb6508df0dc7c20ddc72f3191\mscorlib.ni.dll
MOD - [2012/02/22 21:33:12 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012/02/22 21:33:05 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2011/10/14 21:34:45 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/07/29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/06/17 22:10:14 | 000,258,048 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010/04/27 23:12:18 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/02/02 15:13:10 | 000,048,128 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/07/01 19:54:02 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/05/14 15:54:26 | 000,023,296 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV:64bit: - [2009/05/14 15:47:54 | 000,731,840 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2009/03/03 03:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2012/05/04 14:42:45 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/30 17:51:15 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/04/05 11:37:38 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/04/04 06:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/09/14 22:30:00 | 004,373,784 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/21 09:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2007/03/06 10:35:02 | 000,198,168 | ---- | M] (InterVideo Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe -- (Capture Device Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/06/02 06:47:22 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011/06/02 06:47:22 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV:64bit: - [2011/06/02 06:47:22 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/18 17:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/12/21 06:55:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 12:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/12 16:18:48 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/06/17 22:10:14 | 000,515,584 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010/04/27 23:46:04 | 006,790,144 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/04/27 22:22:50 | 000,220,672 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/04/08 05:12:02 | 000,124,944 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/02/02 15:13:08 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2010/02/02 15:13:08 | 000,020,984 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcmvwl64.sys -- (BcmVWL)
DRV:64bit: - [2010/02/02 15:13:06 | 003,058,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010/01/12 15:37:34 | 000,325,152 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/12/23 15:14:02 | 000,301,104 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/12/21 16:56:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/11/11 16:11:42 | 000,232,480 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/02 23:26:34 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009/07/02 23:26:34 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/07/02 23:26:34 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009/07/02 23:26:34 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/14 15:49:54 | 000,044,944 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp)
DRV:64bit: - [2009/05/14 15:49:50 | 000,033,608 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\epfwndis.sys -- (Epfwndis)
DRV:64bit: - [2009/05/14 15:49:48 | 000,165,960 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw)
DRV:64bit: - [2009/05/14 15:47:16 | 000,134,024 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2009/05/14 15:41:14 | 000,142,776 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamon.sys -- (eamon)
DRV:64bit: - [2009/05/05 11:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2007/11/15 20:33:58 | 000,528,256 | ---- | M] (Syntek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\StkTMini.sys -- (StkTMini)
DRV - [2011/03/23 02:27:30 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\pfc.sys -- (pfc)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005/01/04 10:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 16 43 05 C6 51 82 CB 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect...nampie7&query="
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_233.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/11/04 00:31:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramData\CodecCheck\firefox [2011/11/04 21:26:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/04 21:11:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/05/04 21:11:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2012/05/01 17:12:31 | 000,000,000 | ---D | M]

[2010/11/13 21:40:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ruta\AppData\Roaming\Mozilla\Extensions
[2012/05/04 21:51:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ruta\AppData\Roaming\Mozilla\Firefox\Profiles\pgg179el.default\extensions
[2011/04/06 15:27:20 | 000,002,126 | ---- | M] () -- C:\Users\Ruta\AppData\Roaming\Mozilla\Firefox\Profiles\pgg179el.default\searchplugins\GoogleFeed.xml
[2011/12/12 23:49:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/05/01 23:54:27 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/04/30 17:51:15 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/04/30 17:51:14 | 000,001,525 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/02/29 22:12:17 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/04/30 17:51:14 | 000,000,935 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/04/30 17:51:14 | 000,001,166 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/04/30 17:51:15 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
[2012/04/30 17:51:14 | 000,001,121 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.168\pdf.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Ruta\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2012/05/04 21:45:25 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [Device Detector] DevDetect.exe -autorun File not found
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" File not found
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [CrossRiderPlugin] C:\Program Files (x86)\CrossriderWebApps\Crossrider.exe (Crossrider)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKCU..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKCU..\Run: [RenPugbr] C:\Users\Ruta\AppData\Local\jbvdkhdd\renpugbr.exe File not found
O4 - HKCU..\Run: [RGSC] C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1FB42339-0E1D-429B-97E7-FDE3AD57E03F}: DhcpNameServer = 194.168.4.100 194.168.8.100
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/05 23:46:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/05/04 23:08:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\µTorrent
[2012/05/04 21:52:33 | 002,075,184 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Ruta\Desktop\tdsskiller.exe
[2012/05/04 21:41:22 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/05/04 15:34:01 | 000,000,000 | ---D | C] -- C:\Users\Ruta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
[2012/05/02 18:42:26 | 000,000,000 | ---D | C] -- C:\Users\Ruta\Desktop\EC372
[2012/05/02 15:27:38 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Ruta\Desktop\aswMBR.exe
[2012/05/02 14:10:06 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Ruta\Desktop\OTL.exe
[2012/05/01 23:54:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/05/01 23:54:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012/05/01 23:28:44 | 000,000,000 | ---D | C] -- C:\Users\Ruta\AppData\Roaming\ESET
[2012/05/01 17:18:30 | 000,000,000 | ---D | C] -- C:\Users\Ruta\AppData\Roaming\Go PDF Reader
[2012/05/01 17:18:13 | 000,000,000 | ---D | C] -- C:\Users\Ruta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Go PDF Reader
[2012/05/01 17:18:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Go PDF Reader
[2012/05/01 17:12:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
[2012/05/01 17:05:52 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/05/01 16:31:45 | 000,000,000 | ---D | C] -- C:\Users\Ruta\Desktop\EC365
[2012/04/30 17:51:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/04/30 17:51:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/04/29 16:11:20 | 000,000,000 | ---D | C] -- C:\Users\Ruta\AppData\Local\Samsung
[2012/04/29 16:11:09 | 000,000,000 | ---D | C] -- C:\Users\Ruta\AppData\Roaming\Samsung
[2012/04/29 16:11:00 | 000,000,000 | ---D | C] -- C:\Users\Ruta\Documents\samsung
[2012/04/29 16:08:39 | 000,177,640 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadmdm.sys
[2012/04/29 16:08:39 | 000,157,672 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadbus.sys
[2012/04/29 16:08:39 | 000,016,872 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadmdfl.sys
[2012/04/29 16:08:39 | 000,013,800 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadwhnt.sys
[2012/04/29 16:08:39 | 000,013,800 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadwh.sys
[2012/04/29 16:08:39 | 000,013,288 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadcmnt.sys
[2012/04/29 16:08:39 | 000,013,288 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadcm.sys
[2012/04/29 16:06:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
[2012/04/29 16:06:53 | 004,659,712 | ---- | C] (Dmitry Streblechenko) -- C:\Windows\SysWow64\Redemption.dll
[2012/04/29 16:06:38 | 000,821,824 | ---- | C] (Devguru Co., Ltd.) -- C:\Windows\SysWow64\dgderapi.dll
[2012/04/29 16:06:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MarkAny
[2012/04/29 16:06:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
[2012/04/29 16:06:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Samsung
[2012/04/21 00:25:35 | 000,000,000 | ---D | C] -- C:\Users\Ruta\AppData\Roaming\AIMP3
[2012/04/14 22:07:45 | 000,000,000 | --SD | C] -- C:\Users\Ruta\Documents\My Data Sources

========== Files - Modified Within 30 Days ==========

[2012/05/06 13:09:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/06 13:00:01 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/06 12:43:44 | 000,014,416 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/06 12:43:44 | 000,014,416 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/06 12:39:16 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/06 12:38:47 | 000,000,374 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2012/05/06 12:38:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/06 12:38:22 | 3016,695,808 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/06 02:41:32 | 000,879,714 | ---- | M] () -- C:\Users\Ruta\Desktop\SecurityCheck.exe
[2012/05/06 01:04:14 | 000,245,441 | ---- | M] () -- C:\Users\Ruta\1838.jpg
[2012/05/06 01:04:13 | 000,147,100 | ---- | M] () -- C:\Users\Ruta\3D-Street-Optical-Illusion-036.jpg
[2012/05/06 01:04:13 | 000,119,396 | ---- | M] () -- C:\Users\Ruta\3D-Street-Optical-Illusion-064.jpg
[2012/05/05 21:57:22 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/05 21:01:42 | 433,958,774 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/05/04 21:53:17 | 002,075,184 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Ruta\Desktop\tdsskiller.exe
[2012/05/04 21:45:25 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012/05/04 18:41:30 | 000,100,409 | ---- | M] () -- C:\Users\Ruta\Documents\Head_VI_(1949).JPG
[2012/05/04 18:19:27 | 000,130,368 | ---- | M] () -- C:\Users\Ruta\Documents\munch.death-sickroom.jpg
[2012/05/04 18:19:11 | 000,140,015 | ---- | M] () -- C:\Users\Ruta\Documents\munch.puberty.jpg
[2012/05/04 18:19:01 | 000,198,493 | ---- | M] () -- C:\Users\Ruta\Documents\munch.madonna.jpg
[2012/05/04 18:18:48 | 000,133,331 | ---- | M] () -- C:\Users\Ruta\Documents\munch.ashes.jpg
[2012/05/04 18:18:28 | 000,152,709 | ---- | M] () -- C:\Users\Ruta\Documents\munch.scream.jpg
[2012/05/04 17:58:07 | 000,329,394 | ---- | M] () -- C:\Users\Ruta\Documents\the-sower-van-gogh.jpg
[2012/05/04 17:58:01 | 000,047,039 | ---- | M] () -- C:\Users\Ruta\Documents\van gogh.jpg
[2012/05/02 21:50:06 | 000,994,091 | ---- | M] () -- C:\Users\Ruta\Desktop\electroshock_Psyciatryscruelin.pdf
[2012/05/02 16:35:53 | 000,000,512 | ---- | M] () -- C:\Users\Ruta\Desktop\MBR.dat
[2012/05/02 15:28:23 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Ruta\Desktop\aswMBR.exe
[2012/05/02 14:11:09 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Ruta\Desktop\OTL.exe
[2012/05/01 23:54:06 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/04/29 16:41:37 | 000,628,874 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/04/29 16:41:37 | 000,111,026 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/04/29 16:41:36 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/04/29 16:10:48 | 000,001,917 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies.lnk
[2012/04/29 16:06:59 | 000,001,941 | ---- | M] () -- C:\Users\Ruta\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk
[2012/04/25 21:50:22 | 000,007,680 | -HS- | M] () -- C:\Users\Ruta\Documents\Folder.jpg
[2012/04/25 21:50:22 | 000,007,680 | -HS- | M] () -- C:\Users\Ruta\Documents\AlbumArt_{B908480A-E38F-4060-A267-E5228A61CAB9}_Large.jpg
[2012/04/25 21:50:22 | 000,002,151 | -HS- | M] () -- C:\Users\Ruta\Documents\AlbumArtSmall.jpg
[2012/04/25 21:50:22 | 000,002,151 | -HS- | M] () -- C:\Users\Ruta\Documents\AlbumArt_{B908480A-E38F-4060-A267-E5228A61CAB9}_Small.jpg
[2012/04/25 21:50:18 | 000,010,596 | -HS- | M] () -- C:\Users\Ruta\Documents\AlbumArt_{28BC196F-E288-4646-8B0E-0662F58D8E51}_Large.jpg
[2012/04/25 21:50:18 | 000,002,618 | -HS- | M] () -- C:\Users\Ruta\Documents\AlbumArt_{28BC196F-E288-4646-8B0E-0662F58D8E51}_Small.jpg
[2012/04/21 00:25:39 | 000,000,869 | ---- | M] () -- C:\Users\Public\Desktop\AIMP3.lnk
[2012/04/20 22:45:41 | 000,055,357 | ---- | M] () -- C:\Users\Ruta\Documents\Judith Beheading Holofernes Michelangelo Merisi da Caravaggio.jpg
[2012/04/20 22:42:36 | 000,062,894 | ---- | M] () -- C:\Users\Ruta\Documents\Narcissus Caravaggio.jpg
[2012/04/20 00:32:11 | 000,192,179 | ---- | M] () -- C:\Users\Ruta\Documents\Leonardo,_san_girolamo.jpg
[2012/04/20 00:27:47 | 001,627,616 | ---- | M] () -- C:\Users\Ruta\Documents\Melencolia_I_(Durero).jpg
[2012/04/20 00:27:23 | 000,302,427 | ---- | M] () -- C:\Users\Ruta\Documents\Duerer_-_Ritter,_Tod_und_Teufel_(Der_Reuther).jpg
[2012/04/20 00:24:15 | 000,116,517 | ---- | M] () -- C:\Users\Ruta\Documents\Primavera_05.jpg
[2012/04/15 21:50:48 | 002,296,198 | ---- | M] () -- C:\Users\Ruta\2_for_1_entry_voucher.pdf
[2012/04/06 17:14:19 | 000,037,661 | ---- | M] () -- C:\Users\Ruta\Documents\beautiful-calligraphy-font.jpg
[2012/04/06 16:50:14 | 000,000,653 | ---- | M] () -- C:\Users\Ruta\Desktop\EC831 - Shortcut.lnk
[2012/04/06 15:59:53 | 000,967,214 | ---- | M] () -- C:\Users\Ruta\BP.jpg
[2012/04/06 15:46:47 | 000,977,075 | ---- | M] () -- C:\Users\Ruta\JK.jpg
[2012/04/06 14:13:26 | 000,692,779 | ---- | M] () -- C:\Users\Ruta\Documents\Wolf_Fight_by_nikkiburr.jpg

========== Files Created - No Company Name ==========

[2012/05/06 02:41:26 | 000,879,714 | ---- | C] () -- C:\Users\Ruta\Desktop\SecurityCheck.exe
[2012/05/06 01:03:55 | 000,245,441 | ---- | C] () -- C:\Users\Ruta\1838.jpg
[2012/05/06 01:03:55 | 000,147,100 | ---- | C] () -- C:\Users\Ruta\3D-Street-Optical-Illusion-036.jpg
[2012/05/06 01:03:55 | 000,119,396 | ---- | C] () -- C:\Users\Ruta\3D-Street-Optical-Illusion-064.jpg
[2012/05/05 21:57:22 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/04 18:41:29 | 000,100,409 | ---- | C] () -- C:\Users\Ruta\Documents\Head_VI_(1949).JPG
[2012/05/04 18:19:26 | 000,130,368 | ---- | C] () -- C:\Users\Ruta\Documents\munch.death-sickroom.jpg
[2012/05/04 18:19:10 | 000,140,015 | ---- | C] () -- C:\Users\Ruta\Documents\munch.puberty.jpg
[2012/05/04 18:19:01 | 000,198,493 | ---- | C] () -- C:\Users\Ruta\Documents\munch.madonna.jpg
[2012/05/04 18:18:47 | 000,133,331 | ---- | C] () -- C:\Users\Ruta\Documents\munch.ashes.jpg
[2012/05/04 18:18:26 | 000,152,709 | ---- | C] () -- C:\Users\Ruta\Documents\munch.scream.jpg
[2012/05/04 17:58:06 | 000,329,394 | ---- | C] () -- C:\Users\Ruta\Documents\the-sower-van-gogh.jpg
[2012/05/04 17:57:59 | 000,047,039 | ---- | C] () -- C:\Users\Ruta\Documents\van gogh.jpg
[2012/05/04 14:42:52 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/02 21:50:06 | 000,994,091 | ---- | C] () -- C:\Users\Ruta\Desktop\electroshock_Psyciatryscruelin.pdf
[2012/05/02 16:35:53 | 000,000,512 | ---- | C] () -- C:\Users\Ruta\Desktop\MBR.dat
[2012/05/01 23:54:06 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/04/29 16:10:48 | 000,001,917 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Kies.lnk
[2012/04/29 16:06:59 | 000,001,941 | ---- | C] () -- C:\Users\Ruta\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk
[2012/04/25 21:50:22 | 000,007,680 | -HS- | C] () -- C:\Users\Ruta\Documents\AlbumArt_{B908480A-E38F-4060-A267-E5228A61CAB9}_Large.jpg
[2012/04/25 21:50:22 | 000,002,151 | -HS- | C] () -- C:\Users\Ruta\Documents\AlbumArt_{B908480A-E38F-4060-A267-E5228A61CAB9}_Small.jpg
[2012/04/25 21:50:18 | 000,010,596 | -HS- | C] () -- C:\Users\Ruta\Documents\AlbumArt_{28BC196F-E288-4646-8B0E-0662F58D8E51}_Large.jpg
[2012/04/25 21:50:18 | 000,002,618 | -HS- | C] () -- C:\Users\Ruta\Documents\AlbumArt_{28BC196F-E288-4646-8B0E-0662F58D8E51}_Small.jpg
[2012/04/25 21:50:12 | 000,013,663 | -HS- | C] () -- C:\Users\Ruta\Documents\AlbumArt_{9009044C-20AA-4675-BAB8-4C1AD4049288}_Large.jpg
[2012/04/25 21:50:11 | 000,002,763 | -HS- | C] () -- C:\Users\Ruta\Documents\AlbumArt_{9009044C-20AA-4675-BAB8-4C1AD4049288}_Small.jpg
[2012/04/24 23:14:40 | 003,919,693 | ---- | C] () -- C:\Users\Ruta\Documents\10 Chemical Wedding.mp3
[2012/04/24 23:14:31 | 004,779,964 | ---- | C] () -- C:\Users\Ruta\Documents\04 As Above So Below.mp3
[2012/04/24 23:14:20 | 007,188,632 | ---- | C] () -- C:\Users\Ruta\Documents\[Sundown] 02 Design 19.mp3
[2012/04/21 00:25:39 | 000,000,869 | ---- | C] () -- C:\Users\Public\Desktop\AIMP3.lnk
[2012/04/20 22:45:39 | 000,055,357 | ---- | C] () -- C:\Users\Ruta\Documents\Judith Beheading Holofernes Michelangelo Merisi da Caravaggio.jpg
[2012/04/20 22:42:34 | 000,062,894 | ---- | C] () -- C:\Users\Ruta\Documents\Narcissus Caravaggio.jpg
[2012/04/20 00:32:10 | 000,192,179 | ---- | C] () -- C:\Users\Ruta\Documents\Leonardo,_san_girolamo.jpg
[2012/04/20 00:27:46 | 001,627,616 | ---- | C] () -- C:\Users\Ruta\Documents\Melencolia_I_(Durero).jpg
[2012/04/20 00:27:20 | 000,302,427 | ---- | C] () -- C:\Users\Ruta\Documents\Duerer_-_Ritter,_Tod_und_Teufel_(Der_Reuther).jpg
[2012/04/20 00:24:12 | 000,116,517 | ---- | C] () -- C:\Users\Ruta\Documents\Primavera_05.jpg
[2012/04/15 21:50:48 | 002,296,198 | ---- | C] () -- C:\Users\Ruta\2_for_1_entry_voucher.pdf
[2012/04/06 17:14:17 | 000,037,661 | ---- | C] () -- C:\Users\Ruta\Documents\beautiful-calligraphy-font.jpg
[2012/04/06 16:50:17 | 000,000,653 | ---- | C] () -- C:\Users\Ruta\Desktop\EC831 - Shortcut.lnk
[2012/04/06 15:59:52 | 000,967,214 | ---- | C] () -- C:\Users\Ruta\BP.jpg
[2012/04/06 15:46:47 | 000,977,075 | ---- | C] () -- C:\Users\Ruta\JK.jpg
[2012/04/06 14:13:26 | 000,692,779 | ---- | C] () -- C:\Users\Ruta\Documents\Wolf_Fight_by_nikkiburr.jpg
[2012/03/28 22:11:08 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012/03/28 22:11:06 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012/03/28 22:11:06 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012/03/28 22:11:06 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012/03/28 22:11:06 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011/10/11 02:51:24 | 000,153,600 | ---- | C] () -- C:\Windows\SysWow64\WS_ContextMenu.dll
[2011/04/14 19:03:05 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll
[2011/04/01 20:12:16 | 000,000,132 | ---- | C] () -- C:\Users\Ruta\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/03/20 17:39:15 | 000,000,132 | ---- | C] () -- C:\Users\Ruta\AppData\Roaming\Adobe IllExport Filter CS5 Prefs
[2011/02/19 20:24:46 | 000,007,605 | ---- | C] () -- C:\Users\Ruta\AppData\Local\Resmon.ResmonCfg
[2011/02/15 19:34:01 | 000,000,600 | ---- | C] () -- C:\Users\Ruta\AppData\Roaming\winscp.rnd
[2010/11/13 19:52:23 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/11/12 10:20:28 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010/11/12 10:20:28 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010/11/12 10:20:27 | 000,790,528 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010/11/12 10:20:27 | 000,134,144 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/11/12 10:20:27 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010/11/12 10:09:17 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/11/12 09:26:17 | 000,002,093 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== LOP Check ==========

[2011/04/12 21:23:19 | 000,000,000 | ---D | M] -- C:\Users\Ruta\AppData\Roaming\ACD Systems
[2012/05/05 00:02:21 | 000,000,000 | ---D | M] -- C:\Users\Ruta\AppData\Roaming\AIMP3
[2010/11/20 19:59:29 | 000,000,000 | ---D | M] -- C:\Users\Ruta\AppData\Roaming\Canneverbe Limited
[2011/04/13 14:40:15 | 000,000,000 | ---D | M] -- C:\Users\Ruta\AppData\Roaming\Canon
[2010/11/12 16:28:26 | 000,000,000 | ---D | M] -- C:\Users\Ruta\AppData\Roaming\DAEMON Tools Lite
[2012/05/01 23:28:44 | 000,000,000 | ---D | M] -- C:\Users\Ruta\AppData\Roaming\ESET
[2010/11/30 21:40:03 | 000,000,000 | ---D | M] -- C:\Users\Ruta\AppData\Roaming\GetRightToGo
[2011/07/02 00:03:54 | 000,000,000 | ---D | M] -- C:\Users\Ruta\AppData\Roaming\go
[2012/05/01 17:18:42 | 000,000,000 | ---D | M] -- C:\Users\Ruta\AppData\Roaming\Go PDF Reader
[2011/05/06 19:53:53 | 000,000,000 | ---D | M] -- C:\Users\Ruta\AppData\Roaming\GrabPro
[2010/12/27 21:40:50 | 000,000,000 | ---D | M] -- C:\Users\Ruta\AppData\Roaming\led
[2011/05/08 18:12:42 | 000,000,000 | ---D | M] -- C:\Users\Ruta\AppData\Roaming\Orbit
[2011/05/06 19:53:57 | 000,000,000 | ---D | M] -- C:\Users\Ruta\AppData\Roaming\ProgSense
[2011/10/11 00:20:01 | 000,000,000 | ---D | M] -- C:\Users\Ruta\AppData\Roaming\Publish Providers
[2012/04/29 16:11:09 | 000,000,000 | ---D | M] -- C:\Users\Ruta\AppData\Roaming\Samsung
[2011/04/14 19:41:54 | 000,000,000 | ---D | M] -- C:\Users\Ruta\AppData\Roaming\Smart PDF Converter
[2011/10/11 00:19:53 | 000,000,000 | ---D | M] -- C:\Users\Ruta\AppData\Roaming\Sony
[2011/03/20 02:44:43 | 000,000,000 | ---D | M] -- C:\Users\Ruta\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/11/24 22:36:48 | 000,000,000 | ---D | M] -- C:\Users\Ruta\AppData\Roaming\TeamViewer
[2011/03/31 19:37:58 | 000,000,000 | ---D | M] -- C:\Users\Ruta\AppData\Roaming\Ulead Systems
[2012/03/09 11:22:34 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:888AFB86

< End of report >
  • 0

#8
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hi Angellalt,

I'm glad to hear the system is running well. Unfortunately you missed a few steps in the MalwareBytes scan. It was #5 through #7. You didn't have MalwareBytes remove what it found. We will need to run it again. I will post screen shots to show you what I mean.

You may not have seen Coupon Printer in the Chrome extensions but the log still shows the files. Let's see if we can kill them manually.


Step-1.

Run MalwareBytes

Open MalwareBytes.You shouldn't need to update it.
  • Click the Scanner tab and click the radio button beside Perform Full Scan
  • Click the Scan button.
  • MBAM will now start scanning your computer for malware. This process can take quite a while, so I suggest you go and do something else and periodically check on the status of the scan. When MBAM is scanning it will look like the image below.

    Posted Image
  • When the scan is finished a message box will appear as shown in the image below.

    Posted Image
    You should click on the OK button to close the message box and continue with the removal process.
  • You will now be back at the main Scanner screen. At this point you should click on the Show Results button. Be sure you do this one! It is important.
  • A screen displaying all the malware that the program found will be shown as seen in the image below. Please note that the infections found may be different than what is shown in the image.

    Posted Image
  • Make sure that everything is checked, and click Remove Selected. And this one. It is Important!
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


Step-2.

Remove the Coupon Printer Files

Open Windows Explorer, navigate to the following folders and delete the files in red if present:

  • C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
  • C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll


Step-2.

Things For Your Next Post:
1. The MalwareBytes log
2. Let me know if the files were present and deleted.

After this I swear we'll be ready to clean up. It is important that you stay with me through clean up so we can remove the tools we've used.

thanks!
  • 0

#9
Angellalt

Angellalt

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Hello,

Sorry for the late reply,caught a human virus myself :D
Anyways, today when i tried to turn on my computer, blue screen turned up and it all shut down, any attempts to run in normal mode - same thing happens. So I ran the safe mode with networking. I scaned with MBAM in safe mode, so I'm not sure how effective was that. After the scan I still can't run computer in normal mode.

About the Coupon Printer Files, they were not in the directories you've mentioned. I could not find them anywhere.

Thanks for spending your time for this!

this is the MBAM scan log:

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.08.04

Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
Ruta :: RUTA-PC [administrator]

Protection: Disabled

09/05/2012 09:49:21
mbam-log-2012-05-09 (09-49-21).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 379898
Time elapsed: 1 hour(s), 6 minute(s), 23 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\SOFTWARE\Spruce (Adware.Spruce) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

#10
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hi Angellalt,

Anyways, today when i tried to turn on my computer, blue screen turned up and it all shut down, any attempts to run in normal mode - same thing happens.

That's not good. Have you installed any hardware or software since the 6th?
Did the blue screen give any Stop code(s) or error messages?
Has the computer been booted up and used since you posted on the 6th, or was this the first time it had been turned on since then?

Thanks for spending your time for this!

You are welcome.


Step-1.

Minidump Files

System crashes produce dump files to help troubleshoot the problem. The files are located at C:\Windows\Minidump and will have names like MiniXXXXXX.XX.dmp where the X's are the date and the dump file number. Example: Mini120510-01.dmp

Please check the Minidump folder and post the last two or three dump files. To do that you will need highlight the files, then right click on one of the files and click Sent to then Compressed (Zipped) file. Attach the .zip file to your next post. See How to add an attachment to a new topic or reply


Step-2.

Please boot Windows in Safe Mode and run a new OTL scan.


Step-2.

Things For Your Next Post:
1. The OTL log
2. Answer to my questions above. Especially the bluescreen Stop code and error message if you got one.
3. The Minidump files
  • 0

Advertisements


#11
Angellalt

Angellalt

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Hey,
somehow i managed to repair my computer, setting it to previous date. Now I am able to run my computer in normal mode again.
I did not install any software or hardware. Some sort of code appeared on the blue screen and the error message, but it flashed very quickly and then system shut down so i was not able to read it properly. I just remember something like irql_not_less_or_equal
I cannot compress minidump files, it says that files not found or no read permission.
I've run a new OTL in normal mode.

OTL log:


OTL logfile created on: 11/05/2012 23:01:01 - Run 4
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\Ruta\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.75 Gb Total Physical Memory | 2.70 Gb Available Physical Memory | 72.05% Memory free
7.49 Gb Paging File | 5.49 Gb Available in Paging File | 73.29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97.56 Gb Total Space | 50.27 Gb Free Space | 51.53% Space Free | Partition Type: NTFS
Drive D: | 368.10 Gb Total Space | 267.27 Gb Free Space | 72.61% Space Free | Partition Type: NTFS

Computer Name: RUTA-PC | User Name: Ruta | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/02 14:11:09 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Ruta\Desktop\OTL.exe
PRC - [2012/04/30 17:51:15 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/04/04 06:53:54 | 001,496,472 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
PRC - [2012/04/04 06:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/03/31 04:38:14 | 003,521,424 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
PRC - [2011/07/29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/05/15 23:01:44 | 000,478,720 | ---- | M] (Crossrider) -- C:\Program Files (x86)\CrossriderWebApps\Crossrider.exe
PRC - [2010/04/01 10:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2009/07/01 19:54:04 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2009/05/21 09:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
PRC - [2009/05/21 09:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/05/14 15:47:54 | 000,731,840 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
PRC - [2007/03/06 10:35:02 | 000,198,168 | ---- | M] (InterVideo Inc.) -- C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe
PRC - [2005/12/21 21:23:58 | 000,278,528 | ---- | M] (ACD Systems, Ltd.) -- C:\Program Files (x86)\Common Files\ACD Systems\EN\DevDetect.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/04 14:42:45 | 008,797,344 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
MOD - [2012/04/30 17:51:15 | 001,952,696 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/04/04 06:53:52 | 000,249,232 | ---- | M] () -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\sqlite.dll
MOD - [2012/02/22 21:33:12 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012/02/22 21:33:05 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2011/10/14 21:34:45 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/10/05 04:52:30 | 000,756,048 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL
MOD - [2011/07/29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/06/17 22:10:14 | 000,258,048 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010/04/27 23:12:18 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/02/02 15:13:10 | 000,048,128 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/07/01 19:54:02 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/05/14 15:54:26 | 000,023,296 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV:64bit: - [2009/05/14 15:47:54 | 000,731,840 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2009/03/03 03:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2012/05/04 14:42:45 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/30 17:51:15 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/04/05 11:37:38 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/04/04 06:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/09/14 22:30:00 | 004,373,784 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/21 09:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2007/03/06 10:35:02 | 000,198,168 | ---- | M] (InterVideo Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe -- (Capture Device Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/06/02 06:47:22 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011/06/02 06:47:22 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV:64bit: - [2011/06/02 06:47:22 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/18 17:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/12/21 06:55:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 12:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/12 16:18:48 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/06/17 22:10:14 | 000,515,584 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010/04/27 23:46:04 | 006,790,144 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/04/27 22:22:50 | 000,220,672 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/04/08 05:12:02 | 000,124,944 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/02/02 15:13:08 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2010/02/02 15:13:08 | 000,020,984 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcmvwl64.sys -- (BcmVWL)
DRV:64bit: - [2010/02/02 15:13:06 | 003,058,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010/01/12 15:37:34 | 000,325,152 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/12/23 15:14:02 | 000,301,104 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/12/21 16:56:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/11/11 16:11:42 | 000,232,480 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/02 23:26:34 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009/07/02 23:26:34 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/07/02 23:26:34 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009/07/02 23:26:34 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/14 15:49:54 | 000,044,944 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp)
DRV:64bit: - [2009/05/14 15:49:50 | 000,033,608 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\epfwndis.sys -- (Epfwndis)
DRV:64bit: - [2009/05/14 15:49:48 | 000,165,960 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw)
DRV:64bit: - [2009/05/14 15:47:16 | 000,134,024 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2009/05/14 15:41:14 | 000,142,776 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamon.sys -- (eamon)
DRV:64bit: - [2009/05/05 11:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2007/11/15 20:33:58 | 000,528,256 | ---- | M] (Syntek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\StkTMini.sys -- (StkTMini)
DRV - [2011/03/23 02:27:30 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\pfc.sys -- (pfc)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005/01/04 10:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 16 43 05 C6 51 82 CB 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect...nampie7&query="
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_233.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/11/04 00:31:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramData\CodecCheck\firefox [2011/11/04 21:26:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/04 21:11:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/05/04 21:11:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2012/05/01 17:12:31 | 000,000,000 | ---D | M]

[2010/11/13 21:40:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ruta\AppData\Roaming\Mozilla\Extensions
[2012/05/09 18:31:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ruta\AppData\Roaming\Mozilla\Firefox\Profiles\pgg179el.default\extensions
[2012/05/10 05:04:16 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\Ruta\AppData\Roaming\Mozilla\Firefox\Profiles\pgg179el.default\extensions\[email protected]
[2011/04/06 15:27:20 | 000,002,126 | ---- | M] () -- C:\Users\Ruta\AppData\Roaming\Mozilla\Firefox\Profiles\pgg179el.default\searchplugins\GoogleFeed.xml
[2011/12/12 23:49:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/05/01 23:54:27 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/04/30 17:51:15 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/04/30 17:51:14 | 000,001,525 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/02/29 22:12:17 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/04/30 17:51:14 | 000,000,935 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/04/30 17:51:14 | 000,001,166 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/04/30 17:51:15 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
[2012/04/30 17:51:14 | 000,001,121 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.168\pdf.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Ruta\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2012/05/04 21:45:25 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [Device Detector] DevDetect.exe -autorun File not found
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" File not found
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [CrossRiderPlugin] C:\Program Files (x86)\CrossriderWebApps\Crossrider.exe (Crossrider)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKCU..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKCU..\Run: [RenPugbr] C:\Users\Ruta\AppData\Local\jbvdkhdd\renpugbr.exe File not found
O4 - HKCU..\Run: [RGSC] C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent File not found
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_233_Plugin.exe (Adobe Systems Incorporated)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1FB42339-0E1D-429B-97E7-FDE3AD57E03F}: DhcpNameServer = 194.168.4.100 194.168.8.100
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/10 00:42:10 | 000,000,000 | ---D | C] -- C:\Users\Ruta\Documents\EC322 past exams
[2012/05/09 21:40:55 | 000,000,000 | ---D | C] -- C:\Windows\lt-LT
[2012/05/09 21:40:48 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\lt-LT
[2012/05/09 21:40:44 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\lt-LT
[2012/05/09 21:17:34 | 000,000,000 | ---D | C] -- C:\Windows\it-IT
[2012/05/09 21:17:27 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\XPSViewer
[2012/05/09 21:17:26 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\it-IT
[2012/05/09 21:17:26 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\it
[2012/05/09 21:17:26 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\0410
[2012/05/09 21:17:04 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\it-IT
[2012/05/09 21:17:04 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0410
[2012/05/09 21:16:52 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\it
[2012/05/09 20:57:37 | 000,003,584 | ---- | C] (SCM Microsystems, Inc.) -- C:\Windows\SysNative\drivers\it-IT\pscr.sys.mui
[2012/05/09 20:56:43 | 000,011,264 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\it-IT\BrSerIb.sys.mui
[2012/05/09 20:56:41 | 000,011,264 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\it-IT\BrSerId.sys.mui
[2012/05/09 20:56:41 | 000,002,560 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\it-IT\BrParwdm.sys.mui
[2012/05/09 20:40:23 | 000,000,000 | ---D | C] -- C:\Users\Ruta\Documents\samsung
[2012/05/09 20:39:24 | 000,000,000 | ---D | C] -- C:\Users\Ruta\Documents\Bluetooth Exchange Folder
[2012/05/09 18:31:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Phyxion.net
[2012/05/09 18:31:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Phyxion.net
[2012/05/09 18:30:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DealPly
[2012/05/09 18:30:38 | 000,000,000 | ---D | C] -- C:\Users\Ruta\AppData\Local\Wajam
[2012/05/09 18:30:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wajam
[2012/05/09 18:28:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2012/05/08 22:46:24 | 000,000,000 | ---D | C] -- C:\Users\Ruta\AppData\Local\{416226A7-9957-11E1-826E-B8AC6F996F26}
[2012/05/08 22:46:02 | 000,000,000 | ---D | C] -- C:\Windows\system64
[2012/05/07 20:11:11 | 000,000,000 | ---D | C] -- C:\Users\Ruta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
[2012/05/06 15:51:27 | 000,000,000 | ---D | C] -- C:\Users\Ruta\Documents\Downloads
[2012/05/06 15:48:57 | 000,000,000 | ---D | C] -- C:\Users\Ruta\AppData\Roaming\uTorrent
[2012/05/06 15:48:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent
[2012/05/05 23:46:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/05/04 23:08:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\µTorrent
[2012/05/04 21:52:33 | 002,075,184 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Ruta\Desktop\tdsskiller.exe
[2012/05/04 21:41:22 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/05/02 15:27:38 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Ruta\Desktop\aswMBR.exe
[2012/05/02 14:10:06 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Ruta\Desktop\OTL.exe
[2012/05/01 23:54:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/05/01 23:54:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012/05/01 23:28:44 | 000,000,000 | ---D | C] -- C:\Users\Ruta\AppData\Roaming\ESET
[2012/05/01 17:18:30 | 000,000,000 | ---D | C] -- C:\Users\Ruta\AppData\Roaming\Go PDF Reader
[2012/05/01 17:18:13 | 000,000,000 | ---D | C] -- C:\Users\Ruta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Go PDF Reader
[2012/05/01 17:18:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Go PDF Reader
[2012/05/01 17:12:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
[2012/05/01 17:05:52 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/04/30 17:51:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/04/30 17:51:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/04/29 16:11:20 | 000,000,000 | ---D | C] -- C:\Users\Ruta\AppData\Local\Samsung
[2012/04/29 16:11:09 | 000,000,000 | ---D | C] -- C:\Users\Ruta\AppData\Roaming\Samsung
[2012/04/29 16:08:39 | 000,177,640 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadmdm.sys
[2012/04/29 16:08:39 | 000,157,672 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadbus.sys
[2012/04/29 16:08:39 | 000,016,872 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadmdfl.sys
[2012/04/29 16:08:39 | 000,013,800 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadwhnt.sys
[2012/04/29 16:08:39 | 000,013,800 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadwh.sys
[2012/04/29 16:08:39 | 000,013,288 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadcmnt.sys
[2012/04/29 16:08:39 | 000,013,288 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadcm.sys
[2012/04/29 16:06:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
[2012/04/29 16:06:53 | 004,659,712 | ---- | C] (Dmitry Streblechenko) -- C:\Windows\SysWow64\Redemption.dll
[2012/04/29 16:06:38 | 000,821,824 | ---- | C] (Devguru Co., Ltd.) -- C:\Windows\SysWow64\dgderapi.dll
[2012/04/29 16:06:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MarkAny
[2012/04/29 16:06:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
[2012/04/29 16:06:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Samsung
[2012/04/21 00:25:35 | 000,000,000 | ---D | C] -- C:\Users\Ruta\AppData\Roaming\AIMP3
[2012/04/14 22:07:45 | 000,000,000 | --SD | C] -- C:\Users\Ruta\Documents\My Data Sources

========== Files - Modified Within 30 Days ==========

[2012/05/11 23:00:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/11 22:09:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/11 21:07:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/11 18:00:00 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/11 14:18:08 | 000,085,792 | ---- | M] () -- C:\Users\Ruta\227_TA27z1.jpg
[2012/05/11 14:18:08 | 000,070,510 | ---- | M] () -- C:\Users\Ruta\2012-03-24 11.44.40.jpg
[2012/05/11 14:18:07 | 000,035,599 | ---- | M] () -- C:\Users\Ruta\Elementare_consolle_Fiam.jpg
[2012/05/11 11:42:10 | 000,014,416 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/11 11:42:10 | 000,014,416 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/11 11:37:15 | 000,000,374 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2012/05/11 11:36:48 | 3016,695,808 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/10 20:59:09 | 000,080,531 | ---- | M] () -- C:\Users\Ruta\Documents\SubgamePerfection.pdf
[2012/05/09 21:20:42 | 000,689,342 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat
[2012/05/09 21:20:42 | 000,127,378 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat
[2012/05/09 21:20:41 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/05/09 21:20:41 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/05/09 21:16:04 | 000,335,478 | ---- | M] () -- C:\Windows\SysNative\perfi010.dat
[2012/05/09 21:16:04 | 000,037,534 | ---- | M] () -- C:\Windows\SysNative\perfd010.dat
[2012/05/08 17:15:53 | 380,264,502 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/05/06 02:41:32 | 000,879,714 | ---- | M] () -- C:\Users\Ruta\Desktop\SecurityCheck.exe
[2012/05/05 21:57:22 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/04 21:53:17 | 002,075,184 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Ruta\Desktop\tdsskiller.exe
[2012/05/04 21:45:25 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012/05/02 16:35:53 | 000,000,512 | ---- | M] () -- C:\Users\Ruta\Desktop\MBR.dat
[2012/05/02 15:28:23 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Ruta\Desktop\aswMBR.exe
[2012/05/02 14:11:09 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Ruta\Desktop\OTL.exe
[2012/05/01 23:54:06 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/04/29 16:41:36 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/04/29 16:10:48 | 000,001,917 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies.lnk
[2012/04/29 16:06:59 | 000,001,941 | ---- | M] () -- C:\Users\Ruta\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk
[2012/04/21 00:25:39 | 000,000,869 | ---- | M] () -- C:\Users\Public\Desktop\AIMP3.lnk

========== Files Created - No Company Name ==========

[2012/05/11 14:18:04 | 000,085,792 | ---- | C] () -- C:\Users\Ruta\227_TA27z1.jpg
[2012/05/11 14:18:04 | 000,070,510 | ---- | C] () -- C:\Users\Ruta\2012-03-24 11.44.40.jpg
[2012/05/11 14:18:04 | 000,035,599 | ---- | C] () -- C:\Users\Ruta\Elementare_consolle_Fiam.jpg
[2012/05/10 20:59:09 | 000,080,531 | ---- | C] () -- C:\Users\Ruta\Documents\SubgamePerfection.pdf
[2012/05/09 21:20:25 | 000,335,478 | ---- | C] () -- C:\Windows\SysNative\perfi010.dat
[2012/05/09 21:20:24 | 000,689,342 | ---- | C] () -- C:\Windows\SysNative\perfh010.dat
[2012/05/09 21:20:24 | 000,127,378 | ---- | C] () -- C:\Windows\SysNative\perfc010.dat
[2012/05/09 21:20:24 | 000,037,534 | ---- | C] () -- C:\Windows\SysNative\perfd010.dat
[2012/05/06 02:41:26 | 000,879,714 | ---- | C] () -- C:\Users\Ruta\Desktop\SecurityCheck.exe
[2012/05/05 21:57:22 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/04 14:42:52 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/02 16:35:53 | 000,000,512 | ---- | C] () -- C:\Users\Ruta\Desktop\MBR.dat
[2012/05/01 23:54:06 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/04/29 16:10:48 | 000,001,917 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Kies.lnk
[2012/04/29 16:06:59 | 000,001,941 | ---- | C] () -- C:\Users\Ruta\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk
[2012/04/21 00:25:39 | 000,000,869 | ---- | C] () -- C:\Users\Public\Desktop\AIMP3.lnk
[2012/03/28 22:11:08 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012/03/28 22:11:06 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012/03/28 22:11:06 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012/03/28 22:11:06 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012/03/28 22:11:06 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011/10/11 02:51:24 | 000,153,600 | ---- | C] () -- C:\Windows\SysWow64\WS_ContextMenu.dll
[2011/04/14 19:03:05 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll
[2011/04/01 20:12:16 | 000,000,132 | ---- | C] () -- C:\Users\Ruta\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/03/20 17:39:15 | 000,000,132 | ---- | C] () -- C:\Users\Ruta\AppData\Roaming\Adobe IllExport Filter CS5 Prefs
[2011/02/19 20:24:46 | 000,007,605 | ---- | C] () -- C:\Users\Ruta\AppData\Local\Resmon.ResmonCfg
[2011/02/15 19:34:01 | 000,000,600 | ---- | C] () -- C:\Users\Ruta\AppData\Roaming\winscp.rnd
[2010/11/13 19:52:23 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/11/12 10:20:28 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010/11/12 10:20:28 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010/11/12 10:20:27 | 000,790,528 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010/11/12 10:20:27 | 000,134,144 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/11/12 10:20:27 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010/11/12 10:09:17 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/11/12 09:26:17 | 000,002,093 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== LOP Check ==========

[2011/04/12 21:23:19 | 000,000,000 | ---D | M] -- C:\Users\Ruta\AppData\Roaming\ACD Systems
[2012/05/11 12:24:45 | 000,000,000 | ---D | M] -- C:\Users\Ruta\AppData\Roaming\AIMP3
[2010/11/20 19:59:29 | 000,000,000 | ---D | M] -- C:\Users\Ruta\AppData\Roaming\Canneverbe Limited
[2011/04/13 14:40:15 | 000,000,000 | ---D | M] -- C:\Users\Ruta\AppData\Roaming\Canon
[2010/11/12 16:28:26 | 000,000,000 | ---D | M] -- C:\Users\Ruta\AppData\Roaming\DAEMON Tools Lite
[2012/05/01 23:28:44 | 000,000,000 | ---D | M] -- C:\Users\Ruta\AppData\Roaming\ESET
[2010/11/30 21:40:03 | 000,000,000 | ---D | M] -- C:\Users\Ruta\AppData\Roaming\GetRightToGo
[2011/07/02 00:03:54 | 000,000,000 | ---D | M] -- C:\Users\Ruta\AppData\Roaming\go
[2012/05/01 17:18:42 | 000,000,000 | ---D | M] -- C:\Users\Ruta\AppData\Roaming\Go PDF Reader
[2011/05/06 19:53:53 | 000,000,000 | ---D | M] -- C:\Users\Ruta\AppData\Roaming\GrabPro
[2010/12/27 21:40:50 | 000,000,000 | ---D | M] -- C:\Users\Ruta\AppData\Roaming\led
[2011/05/08 18:12:42 | 000,000,000 | ---D | M] -- C:\Users\Ruta\AppData\Roaming\Orbit
[2011/05/06 19:53:57 | 000,000,000 | ---D | M] -- C:\Users\Ruta\AppData\Roaming\ProgSense
[2011/10/11 00:20:01 | 000,000,000 | ---D | M] -- C:\Users\Ruta\AppData\Roaming\Publish Providers
[2012/04/29 16:11:09 | 000,000,000 | ---D | M] -- C:\Users\Ruta\AppData\Roaming\Samsung
[2011/04/14 19:41:54 | 000,000,000 | ---D | M] -- C:\Users\Ruta\AppData\Roaming\Smart PDF Converter
[2011/10/11 00:19:53 | 000,000,000 | ---D | M] -- C:\Users\Ruta\AppData\Roaming\Sony
[2011/03/20 02:44:43 | 000,000,000 | ---D | M] -- C:\Users\Ruta\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/11/24 22:36:48 | 000,000,000 | ---D | M] -- C:\Users\Ruta\AppData\Roaming\TeamViewer
[2011/03/31 19:37:58 | 000,000,000 | ---D | M] -- C:\Users\Ruta\AppData\Roaming\Ulead Systems
[2012/05/10 05:04:18 | 000,000,000 | ---D | M] -- C:\Users\Ruta\AppData\Roaming\uTorrent
[2012/03/09 11:22:34 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\system64] -> \systemroot\system32 -> Mount Point

========== Alternate Data Streams ==========

@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:888AFB86

< End of report >
  • 0

#12
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hi Angellalt,

I'm glad you got the system back into normal windows mode. We need to use a stronger tool and get a deeper look into the system.


Step-1.

Posted Image Run ComboFix
***Read through this entire procedure and if you have any questions, please ask them before you begin. Then either print out, or copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.***

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
Disable your Firewall

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" ComboFix. If you have a problem, reply back for further instructions.
3. If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer. That will cure it.


A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use. ComboFix Should Not be used unless requested by a forum helper


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

Don't forget to re-enable your Firewall and Anti-Virus


And let's see if we can get those minidump files.


Step-2.

Run WhoCrashed

Download WhoCrashed from this link
This program checks for any drivers which may have been causing your computer to crash....

Click on the file you just downloaded and run it.
  • Put a tick in Accept then click on Next
  • Put a tick in the Don't create a start menu folder then click Next
  • Put a tick in Create a Desktop Icon then click on Install and make sure there is a tick in Launch Whocrashed before clicking Finish
  • Click Analyze
  • It will want to download the Debugger and install it Say Yes
WhoCrashed will create report but you have to scroll down to see it
Copy and paste it into your next reply.


Step-3.

Things For Your Next Post:
1. The ComboFix.txt log
2. The WhoCrashed log

Tell me what problems the computer is having now.
  • 0

#13
Angellalt

Angellalt

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Hey,

Now I dont seem to have any problems with my computer again. Everything is running smoothly and no more unexpected shut downs.

I couldn't download ComboFix tool, first link was not found, and following the second link I couldn't start the download.

I've ran WhoCrashed and here is the report from it:

Crash Dump Analysis
--------------------------------------------------------------------------------

Crash dump directory: C:\Windows\Minidump

Crash dumps are enabled on your computer.


On Tue 08/05/2012 12:21:46 GMT your computer crashed
crash dump file: C:\Windows\Minidump\050812-21980-01.dmp
This was probably caused by the following module: ntoskrnl.exe (nt+0x7CC80)
Bugcheck code: 0x9F (0x3, 0xFFFFFA800604DE20, 0xFFFFF8000456C518, 0xFFFFFA8004227010)
Error: DRIVER_POWER_STATE_FAILURE
file path: C:\Windows\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This bug check indicates that the driver is in an inconsistent or invalid power state.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver which cannot be identified at this time.


On Tue 08/05/2012 12:21:46 GMT your computer crashed
crash dump file: C:\Windows\memory.dmp
This was probably caused by the following module: ntkrnlmp.exe (nt!KeBugCheckEx+0x0)
Bugcheck code: 0x9F (0x3, 0xFFFFFA800604DE20, 0xFFFFF8000456C518, 0xFFFFFA8004227010)
Error: DRIVER_POWER_STATE_FAILURE
Bug check description: This bug check indicates that the driver is in an inconsistent or invalid power state.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver which cannot be identified at this time.


On Sat 05/05/2012 00:16:05 GMT your computer crashed
crash dump file: C:\Windows\Minidump\050512-20514-01.dmp
This was probably caused by the following module: ntoskrnl.exe (nt+0x7FB7A)
Bugcheck code: 0x1000009F (0x4, 0x258, 0xFFFFFA8003CE5B60, 0xFFFFF80000B9C510)
Error: CUSTOM_ERROR
file path: C:\Windows\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
The crash took place in the Windows kernel. Possibly this problem is caused by another driver which cannot be identified at this time.


On Sat 28/05/2011 09:33:42 GMT your computer crashed
crash dump file: C:\Windows\Minidump\052811-32105-01.dmp
This was probably caused by the following module: ntoskrnl.exe (nt+0x7FD00)
Bugcheck code: 0x50 (0xFFFFF900C30AD020, 0x0, 0xFFFFF96000154060, 0x0)
Error: PAGE_FAULT_IN_NONPAGED_AREA
file path: C:\Windows\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This indicates that invalid system memory has been referenced.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver which cannot be identified at this time.



--------------------------------------------------------------------------------
Conclusion
--------------------------------------------------------------------------------

4 crash dumps have been found and analyzed.
Read the topic general suggestions for troubleshooting system crashes for more information.

Note that it's not always possible to state with certainty whether a reported driver is actually responsible for crashing your system or that the root cause is in another module. Nonetheless it's suggested you look for updates for the products that these drivers belong to and regularly visit Windows update or enable automatic updates for Windows. In case a piece of malfunctioning hardware is causing trouble, a search with Google on the bug check errors together with the model name and brand of your computer may help you investigate this further.
  • 0

#14
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hello Angellalt,

My bad! Somehow the links got corrupted when I put them in the instructions. That has been corrected.

Even though the system seems to be running OK, The logs indicate the a rootkit tried to install itself at some point in time but didn't complete. Some of the dropper files still remain and we need to get a look.

I want you to download the file again. But some malware is written to recognize the ComboFix.exe file and blocks the download. If that happens, download the file again but change the file name before downloading it. To do that:
  • Click the FireFox tab in the upper left corner of the browser and click Options on the drop down menu. The Options page will open up.
    Posted Image
  • Click the General tab at the top of the page. In the Downloads section, make sure the radio button beside Always ask me where to save files has a dot in it. If it doesn't, click in the radio button to put a dot in it and make it active.
  • Click the OK button to close the Options window.
Now when you click Save File on the file download the Save File window will open up:
  • Click Desktop in the left hand menu. This will save the file to the desktop.
  • In the File name box change the name to wonkbreath.com and click the Save button.<--Very Important
  • A file named wonkbreath.com will be saved to the desktop.

IE works basically the same way.


Step-1.

Posted Image Run ComboFix
***Read through this entire procedure and if you have any questions, please ask them before you begin. Then either print out, or copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.***

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
Disable your Firewall

  • Double click on ComboFix.exe, (wonkbreath.com) if you renamed it & follow the prompts.((Vista/7 users): Right click on the file and click Run as Administrator to run the file).
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" ComboFix. If you have a problem, reply back for further instructions.
3. If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer. That will cure it.


A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use. ComboFix Should Not be used unless requested by a forum helper


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

Don't forget to re-enable your Firewall and Anti-Virus


Step-2.

Things For Your Next Post:
1. The ComboFix.txt log
  • 0

#15
Angellalt

Angellalt

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Hey

Computer is running well.
I've managed to scan with ComboFix
here is the log file:

ComboFix 12-05-13.03 - Ruta 13/05/2012 21:14:37.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.3836.2025 [GMT 1:00]
Running from: c:\users\Ruta\Desktop\wonkbreath.com.exe
AV: ESET Smart Security 4.0 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
FW: ESET Personal firewall *Enabled* {F3340042-195E-BB41-42D1-CDB495BB46DE}
SP: ESET Smart Security 4.0 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\data
c:\data\Sylenth_setup.exe
c:\users\Ruta\AppData\Local\fxolpydg.log
c:\users\Ruta\AppData\Local\hqifcxhj.log
c:\users\Ruta\AppData\Local\jbvdkhdd\renpugbr.exe
c:\users\Ruta\AppData\Local\lfxuehhh.log
c:\users\Ruta\AppData\Local\oitghgbm.log
c:\users\Ruta\AppData\Local\siqhvjrp.log
c:\users\Ruta\AppData\Local\tyuuogyp.log
c:\users\Ruta\AppData\Local\uvkkmncg.log
c:\users\Ruta\AppData\Local\xolcxclk.log
c:\users\Ruta\AppData\Roaming\Microsoft\Google
c:\users\Ruta\AppData\Roaming\Microsoft\Google\s.txt
c:\windows\security\Database\tmp.edb
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\SysWow64\muzapp.exe
.
Infected copy of c:\windows\SysWow64\userinit.exe was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-04-13 to 2012-05-13 )))))))))))))))))))))))))))))))
.
.
2012-05-13 11:59 . 2012-05-13 11:59 -------- d-----w- c:\program files\WhoCrashed
2012-05-11 12:44 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-05-11 12:44 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-11 12:44 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-11 12:44 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 12:44 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-11 12:44 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-11 12:44 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-11 12:43 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-11 12:43 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-11 12:43 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-11 12:43 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-11 12:43 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-11 12:43 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-11 12:36 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{ABFE031B-B574-4531-98FF-B6212CA7C77E}\mpengine.dll
2012-05-09 20:40 . 2012-05-09 20:40 -------- d-----w- c:\windows\lt-LT
2012-05-09 20:40 . 2012-05-09 20:40 -------- d-----w- c:\windows\SysWow64\drivers\lt-LT
2012-05-09 20:40 . 2012-05-09 20:40 -------- d-----w- c:\windows\SysWow64\wbem\lt-LT
2012-05-09 20:40 . 2012-05-09 20:40 -------- d-----w- c:\windows\system32\wbem\lt-LT
2012-05-09 20:40 . 2012-05-09 20:40 -------- d-----w- c:\windows\system32\drivers\lt-LT
2012-05-09 20:17 . 2012-05-09 20:17 -------- d-----w- c:\windows\it-IT
2012-05-09 20:17 . 2012-05-09 20:17 -------- d-----w- c:\windows\SysWow64\XPSViewer
2012-05-09 20:17 . 2012-05-09 20:17 -------- d-----w- c:\windows\SysWow64\drivers\it-IT
2012-05-09 20:17 . 2012-05-09 20:17 -------- d-----w- c:\windows\SysWow64\wbem\it-IT
2012-05-09 20:17 . 2012-05-09 20:17 -------- d-----w- c:\windows\SysWow64\it
2012-05-09 20:17 . 2012-05-09 20:17 -------- d-----w- c:\windows\SysWow64\drivers\UMDF\it-IT
2012-05-09 20:17 . 2012-05-09 20:17 -------- d-----w- c:\windows\SysWow64\0410
2012-05-09 20:17 . 2012-05-09 20:17 -------- d-----w- c:\windows\system32\drivers\it-IT
2012-05-09 20:17 . 2012-05-09 20:17 -------- d-----w- c:\windows\system32\drivers\UMDF\it-IT
2012-05-09 20:17 . 2012-05-09 20:17 -------- d-----w- c:\windows\system32\0410
2012-05-09 20:16 . 2012-05-09 20:16 -------- d-----w- c:\windows\system32\wbem\it-IT
2012-05-09 20:16 . 2012-05-09 20:16 -------- d-----w- c:\windows\system32\it
2012-05-09 19:57 . 2009-07-13 17:57 3584 ----a-w- c:\windows\system32\Spool\prtprocs\x64\it-IT\LXKPTPRC.DLL.mui
2012-05-09 17:31 . 2012-05-09 17:31 -------- d-----w- c:\program files (x86)\Phyxion.net
2012-05-09 17:30 . 2012-05-10 04:04 -------- d-----w- c:\program files (x86)\DealPly
2012-05-09 17:30 . 2012-05-09 17:30 -------- d-----w- c:\users\Ruta\AppData\Local\Wajam
2012-05-09 17:30 . 2012-05-10 04:04 -------- d-----w- c:\program files (x86)\Wajam
2012-05-09 17:28 . 2012-05-09 17:28 -------- d-----w- c:\programdata\Tarma Installer
2012-05-08 21:46 . 2012-05-10 04:04 -------- d-----w- c:\users\Ruta\AppData\Local\{416226A7-9957-11E1-826E-B8AC6F996F26}
2012-05-08 21:46 . 2012-05-08 21:46 -------- d-----we c:\windows\system64
2012-05-06 14:48 . 2012-05-10 04:04 -------- d-----w- c:\users\Ruta\AppData\Roaming\uTorrent
2012-05-06 14:48 . 2012-05-10 04:04 -------- d-----w- c:\program files (x86)\uTorrent
2012-05-05 22:46 . 2012-05-05 22:46 -------- d-----w- c:\program files (x86)\ESET
2012-05-04 20:41 . 2012-05-04 20:41 -------- d-----w- C:\_OTL
2012-05-04 13:42 . 2012-05-04 13:42 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-01 22:54 . 2012-05-01 22:54 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-05-01 16:18 . 2012-05-01 16:18 -------- d-----w- c:\users\Ruta\AppData\Roaming\Go PDF Reader
2012-05-01 16:18 . 2012-05-01 16:18 -------- d-----w- c:\program files (x86)\Go PDF Reader
2012-05-01 16:05 . 2012-05-01 22:47 -------- d-----w- c:\program files\ESET
2012-04-30 16:51 . 2012-04-30 16:51 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-04-30 16:51 . 2012-04-30 16:51 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-04-30 16:51 . 2012-04-30 16:51 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-04-29 15:11 . 2012-04-30 08:08 -------- d-----w- c:\users\Ruta\AppData\Local\Samsung
2012-04-29 15:11 . 2012-04-29 15:11 -------- d-----w- c:\users\Ruta\AppData\Roaming\Samsung
2012-04-29 15:08 . 2011-06-02 05:47 177640 ----a-w- c:\windows\system32\drivers\ssadmdm.sys
2012-04-29 15:08 . 2011-06-02 05:47 16872 ----a-w- c:\windows\system32\drivers\ssadmdfl.sys
2012-04-29 15:08 . 2011-06-02 05:47 157672 ----a-w- c:\windows\system32\drivers\ssadbus.sys
2012-04-29 15:08 . 2011-06-02 05:47 13800 ----a-w- c:\windows\system32\drivers\ssadwhnt.sys
2012-04-29 15:08 . 2011-06-02 05:47 13800 ----a-w- c:\windows\system32\drivers\ssadwh.sys
2012-04-29 15:08 . 2011-06-02 05:47 13288 ----a-w- c:\windows\system32\drivers\ssadcmnt.sys
2012-04-29 15:08 . 2011-06-02 05:47 13288 ----a-w- c:\windows\system32\drivers\ssadcm.sys
2012-04-29 15:08 . 2010-12-21 05:55 36328 ----a-w- c:\windows\system32\drivers\ssadadb.sys
2012-04-29 15:08 . 2010-12-21 05:55 1917416 ----a-w- c:\windows\system32\WdfCoInstaller01005.dll
2012-04-29 15:08 . 2010-12-21 05:55 1917416 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01005.dll
2012-04-29 15:06 . 2012-03-28 21:11 4659712 ----a-w- c:\windows\SysWow64\Redemption.dll
2012-04-29 15:06 . 2012-04-29 15:06 -------- d-----w- c:\program files (x86)\MarkAny
2012-04-29 15:06 . 2012-03-28 21:11 821824 ----a-w- c:\windows\SysWow64\dgderapi.dll
2012-04-29 15:06 . 2012-04-29 15:07 -------- d-----w- c:\program files (x86)\Samsung
2012-04-29 15:06 . 2012-04-29 15:07 -------- d-----w- c:\programdata\Samsung
2012-04-20 23:25 . 2012-05-13 12:55 -------- d-----w- c:\users\Ruta\AppData\Roaming\AIMP3
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-04 13:42 . 2011-06-12 21:19 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-04 14:56 . 2011-02-24 00:59 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-28 21:11 . 2012-03-28 21:11 90112 ----a-w- c:\windows\MAMCityDownload.ocx
2012-03-28 21:11 . 2012-03-28 21:11 325552 ----a-w- c:\windows\MASetupCaller.dll
2012-03-28 21:11 . 2012-03-28 21:11 30568 ----a-w- c:\windows\MusiccityDownload.exe
2012-03-28 21:11 . 2012-03-28 21:11 974848 ----a-w- c:\windows\SysWow64\cis-2.4.dll
2012-03-28 21:11 . 2012-03-28 21:11 81920 ----a-w- c:\windows\SysWow64\issacapi_bs-2.3.dll
2012-03-28 21:11 . 2012-03-28 21:11 65536 ----a-w- c:\windows\SysWow64\issacapi_pe-2.3.dll
2012-03-28 21:11 . 2012-03-28 21:11 57344 ----a-w- c:\windows\SysWow64\MTXSYNCICON.dll
2012-03-28 21:11 . 2012-03-28 21:11 57344 ----a-w- c:\windows\SysWow64\MK_Lyric.dll
2012-03-28 21:11 . 2012-03-28 21:11 57344 ----a-w- c:\windows\SysWow64\issacapi_se-2.3.dll
2012-03-28 21:11 . 2012-03-28 21:11 569344 ----a-w- c:\windows\SysWow64\muzdecode.ax
2012-03-28 21:11 . 2012-03-28 21:11 491520 ----a-w- c:\windows\SysWow64\muzapp.dll
2012-03-28 21:11 . 2012-03-28 21:11 49152 ----a-w- c:\windows\SysWow64\MaJGUILib.dll
2012-03-28 21:11 . 2012-03-28 21:11 45320 ----a-w- c:\windows\SysWow64\MAMACExtract.dll
2012-03-28 21:11 . 2012-03-28 21:11 45056 ----a-w- c:\windows\SysWow64\MaXMLProto.dll
2012-03-28 21:11 . 2012-03-28 21:11 45056 ----a-w- c:\windows\SysWow64\MACXMLProto.dll
2012-03-28 21:11 . 2012-03-28 21:11 40960 ----a-w- c:\windows\SysWow64\MTTELECHIP.dll
2012-03-28 21:11 . 2012-03-28 21:11 352256 ----a-w- c:\windows\SysWow64\MSLUR71.dll
2012-03-28 21:11 . 2012-03-28 21:11 258048 ----a-w- c:\windows\SysWow64\muzoggsp.ax
2012-03-28 21:11 . 2012-03-28 21:11 245760 ----a-w- c:\windows\SysWow64\MSCLib.dll
2012-03-28 21:11 . 2012-03-28 21:11 24576 ----a-w- c:\windows\SysWow64\MASetupCleaner.exe
2012-03-28 21:11 . 2012-03-28 21:11 200704 ----a-w- c:\windows\SysWow64\muzwmts.dll
2012-03-28 21:11 . 2012-03-28 21:11 155648 ----a-w- c:\windows\SysWow64\MSFLib.dll
2012-03-28 21:11 . 2012-03-28 21:11 143360 ----a-w- c:\windows\SysWow64\3DAudio.ax
2012-03-28 21:11 . 2012-03-28 21:11 135168 ----a-w- c:\windows\SysWow64\muzaf1.dll
2012-03-28 21:11 . 2012-03-28 21:11 131072 ----a-w- c:\windows\SysWow64\muzmpgsp.ax
2012-03-28 21:11 . 2012-03-28 21:11 122880 ----a-w- c:\windows\SysWow64\muzeffect.ax
2012-03-28 21:11 . 2012-03-28 21:11 118784 ----a-w- c:\windows\SysWow64\MaDRM.dll
2012-03-28 21:11 . 2012-03-28 21:11 110592 ----a-w- c:\windows\SysWow64\muzmp4sp.ax
2012-03-20 23:38 . 2011-02-01 17:27 2301208 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-03-20 23:38 . 2011-02-01 17:27 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-03-20 01:22 . 2011-02-01 17:27 710992 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-03-01 06:46 . 2012-04-11 19:23 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-03-01 06:38 . 2012-04-11 19:23 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-03-01 06:33 . 2012-04-11 19:23 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-03-01 06:28 . 2012-04-11 19:23 5120 ----a-w- c:\windows\system32\wmi.dll
2012-03-01 05:37 . 2012-04-11 19:23 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-03-01 05:33 . 2012-04-11 19:23 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-03-01 05:29 . 2012-04-11 19:23 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-02-28 06:56 . 2012-04-11 19:27 2311168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 06:49 . 2012-04-11 19:27 1390080 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 06:48 . 2012-04-11 19:27 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 06:42 . 2012-04-11 19:27 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-28 01:18 . 2012-04-11 19:27 1799168 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-02-28 01:11 . 2012-04-11 19:27 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-02-28 01:11 . 2012-04-11 19:27 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2012-02-28 01:03 . 2012-04-11 19:27 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-02-23 09:18 . 2010-11-12 15:38 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-17 06:38 . 2012-03-19 11:11 1112064 ----a-w- c:\windows\system32\rdpcorets.dll
2012-02-17 06:38 . 2012-03-19 11:11 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-19 11:11 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-19 11:11 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-19 11:11 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"CrossRiderPlugin"="c:\program files (x86)\CrossriderWebApps\Crossrider.exe" [2011-05-15 478720]
"KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2012-03-31 954256]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-03-31 21392]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-04-05 17356424]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Device Detector"="DevDetect.exe -autorun" [X]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-04-27 102400]
"dellsupportcenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-03-31 3521424]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 1079584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-14 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-04-05 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-04 253088]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [x]
R3 dump_wmimmc;dump_wmimmc;f:\cabal\GameGuard\dump_wmimmc.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-14 136176]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-30 129976]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R3 StkTMini;Syntek AVStream USB2.0 ATV;c:\windows\system32\Drivers\StkTMini.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2009-05-14 731840]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-04 13:42]
.
2012-05-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-14 20:56]
.
2012-05-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-14 20:56]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2010-02-02 5712896]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-06-17 487424]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-05-14 2692520]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.co.uk/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
FF - ProfilePath - c:\users\Ruta\AppData\Roaming\Mozilla\Firefox\Profiles\pgg179el.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - www.google.com
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-RGSC - c:\program files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKCU-Run-RenPugbr - c:\users\Ruta\AppData\Local\jbvdkhdd\renpugbr.exe
Wow6432Node-HKLM-Run-WinampAgent - c:\program files (x86)\Winamp\winampa.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe
.
**************************************************************************
.
Completion time: 2012-05-13 21:42:13 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-13 20:42
.
Pre-Run: 49,705,390,080 bytes free
Post-Run: 49,325,510,656 bytes free
.
- - End Of File - - 498995130D021F5FE55C6F9341A3F87C
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP