Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

sirefef.w + phdet.e + automatic restart [Solved]


  • This topic is locked This topic is locked

#1
RuiPedro

RuiPedro

    Member

  • Member
  • PipPip
  • 13 posts
Somehow today I got the message that MSE were not running. After running them I was told that my computer was infected with sirefef.w and phdet.e

After running Microsoft Security essencials I get this message:


You are about to be logged off
Windows has encountered a critical problem and will restart automatically in one minute. Please save your work now.

I don't have time to run OLT... :(

Any help ? Thanks in avance :)

/Edit sirefef.b is also detectec by MSE

Edited by RuiPedro, 07 July 2012 - 05:14 PM.

  • 0

Advertisements


#2
Crag_Hack

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,775 posts
Hello and welcome to the Geeks to Go Virus, Spyware & Malware Removal forum. My name is Josh and I will be helping you remove your infection. I am only human not superman - I can make errors but will do my best to help you as best I can so we can solve your problems. If you have since resolved the original problem you were having, I would appreciate you letting me know. Please include a clear description of the problems you're having along with any steps you may have performed so far if you haven't already.

Some of the following instructions to begin the malware removal process can be hard to follow - let me know if you have any questions. Please read all of my responses through at least once before attempting to follow the procedures described. I would recommend printing them out, if you can, as you can check off each step as you complete it. Also please do not attempt any disinfection procedures without my instruction as things can go wrong that way or lengthen the time it takes to disinfect your computer. Also please follow your topic to conclusion or your system may not be completely clean, and it will be more vulnerable to future infections.

Please copy and paste all logs into your reply. Do not attach logs to a post unless I tell you to or if they don't fit in the post.

One more thing - please refrain from using your computer until it is disinfected unless you absolutely have to (unless you are following my disinfection procedures) - if you do have to use your computer please disconnect it from the Internet - that way the current malware cannot propagate further infections.

I will get back to you soon with further instructions. Expect no more than 36 hours between your post and my response unless World War 3 breaks out and I will need at most 48 hours for initial analysis of your OTL log. Good luck! After 4 days if a topic is not replied to we assume it has been abandoned and it is closed.
  • 0

#3
Crag_Hack

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,775 posts
I apologize for the delay in my response. The geekstogo websites has been down for the last couple days. I will have a response for you probably tomorrow afternoon pacific time.
  • 0

#4
RuiPedro

RuiPedro

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
No Problem :)

I will add some more info. Maybe it helps !

The system reboots each time I restart my computer after about a minute, which of course makes it almost impossible to do anything about the problem. (didn't know if this was undestandable^^)

Sirefef.Y is also present and the infected file (or at least one of them) is "services.exe"

Kind Regards,
RuiPedro

Edited by RuiPedro, 09 July 2012 - 05:49 PM.

  • 0

#5
Crag_Hack

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,775 posts
Hi RuiPedro. Please follow these instructions:

Step 1

The first step is to try downloading and running OTL in Safe Mode. If the computer restarts just like in normal mode then skip to Step 4. Otherwise run OTL as described in Step 2 and aswMBR as described in Step 3. To boot in safe mode:
  • Restart the computer
  • Repeatedly tap the F8 key until you arrive at the Windows Advanced Options Menu or the Advanced Boot Options menu
  • Choose the Safe Mode with Networking option
  • Once booted in safe mode try running OTL using the instructions in Step 2

Step 2

If you are able to stay in Windows safe mode without the computer rebooting please follow these instructions:

  • Download OTL and save to desktop or other convenient location.
  • Double click OTL Posted Image to run it. Make sure all other windows are closed to let it run uninterrupted.
  • Select the Scan All Users box in the middle on the top of the window
  • Under the Custom Scans/Fixes box paste this in:

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    WSHELPER.*
    consrv.dll
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    C:\Windows\assembly\tmp\U\*.* /s
    %Temp%\smtmp\1\*.*
    %Temp%\smtmp\2\*.*
    %Temp%\smtmp\3\*.*
    %Temp%\smtmp\4\*.*
    >C:\commands.txt echo list vol /raw /hide /c
    /wait
    >C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
    /wait
    type c:\diskreport.txt /c
    /wait
    erase c:\commands.txt /hide /c
    /wait
    erase c:\diskreport.txt /hide /c
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. If you have already run OTL it won't open Extras.txt but Extras.txt will be in the same place as the new OTL.txt so simply open it manually.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

Step 3

If you are able to stay in Windows safe mode without the computer rebooting please follow these instructions after running OTL:

  • Download aswMBR.exe ( 1870KB ) to your desktop.
  • Double click the aswMBR.exe to run it
  • It will ask you if you want to download the latest Avast! virus definitions, answer yes

    Posted Image
  • Click the Scan button to start scan

    Posted Image
  • On completion of the scan click Save log, save it to your desktop and post in your next reply

Step 4

If you cannot stay in Windows safe mode long enough to run OTL and aswMBR please do the following:

Please print these instructions out so that you know what you are doing

File details OTLPENet.exe
Bytes=126,850,486
MB=120.9
MD5=8A7C5BA1C92552ADDCC5E468D0AA069A

  • Download OTLPENet.exe to your desktop on a working computer
  • Ensure that you have a blank CD in the drive
  • Double click OTLPENet.exe and this will then open imgburn to burn the file to CD
  • Reboot your infected system using the boot CD you just created.
    Note : If you do not know how to set your computer to boot from CD follow the steps here
  • As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads :)
  • Your system should now display a Reatogo desktop.
    Note : as you are running from CD it is not exactly speedy
  • Double-click on the OTLPE icon.
  • Select the Windows folder of the infected drive if it asks for a location
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start.
  • Drag and drop this attached Attached File  scan.txt   254bytes   29 downloads into the Custom scans and fixes box
  • Press Quick Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive if you do not have internet connection on this system.
  • Right click the file and select send to : select the USB drive.
  • Confirm that it has copied to the USB drive by selecting it
  • You can backup any files that you wish from this OS
  • Please post the contents of the C:\OTL.txt file in your reply.

Things to see in your next post:
OTL.txt and Extras.txt (if present)
aswMBR log if you could run aswMBR

  • 0

#6
RuiPedro

RuiPedro

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Hello !

I had to skip to step 4 due to restarts. here is OTL.txt

OTL logfile created on: 7/11/2012 3:56:40 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
64bit-Windows 7 Home Premium Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Portugal | Language: PTG | Date Format: dd-MM-yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = F: | %SystemRoot% = F:\windows | %ProgramFiles% = F:\Program Files (x86)
Drive C: | 100.00 Mb Total Space | 74.25 Mb Free Space | 74.25% Space Free | Partition Type: NTFS
Drive D: | 426.13 Gb Total Space | 213.15 Gb Free Space | 50.02% Space Free | Partition Type: NTFS
Drive E: | 500.69 Mb Total Space | 194.23 Mb Free Space | 38.79% Space Free | Partition Type: FAT
Drive F: | 249.00 Gb Total Space | 176.19 Gb Free Space | 70.76% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/26 13:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand] -- F:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/03/26 13:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto] -- F:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/04/21 05:34:16 | 001,136,640 | ---- | M] (Intel Corporation) [Auto] -- F:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV:64bit: - [2011/04/21 04:42:50 | 000,134,928 | ---- | M] (Intel® Corporation) [Auto] -- F:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr) Intel® Centrino® Wireless Bluetooth®
SRV:64bit: - [2010/10/07 22:24:16 | 000,150,016 | ---- | M] (Intel® Corporation) [On_Demand] -- F:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) Intel®
SRV:64bit: - [2010/09/22 05:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled] -- F:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/08/09 15:04:12 | 000,166,704 | ---- | M] (Samsung Electronics CO., LTD.) [On_Demand] -- F:\windows\System32\SUPDSvc.exe -- (Samsung UPD Service)
SRV - [2012/07/02 03:09:47 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand] -- F:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/06/23 19:50:12 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand] -- F:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/05/21 17:32:20 | 000,147,336 | ---- | M] (LogMeIn, Inc.) [Auto] -- F:\Program Files (x86)\LogMeIn\x64\RaMaint.exe -- (LMIMaint)
SRV - [2012/05/21 17:32:09 | 000,375,176 | ---- | M] (LogMeIn, Inc.) [Auto] -- F:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2012/03/27 14:24:22 | 000,466,944 | ---- | M] () [Auto] -- F:\Program Files (x86)\SimracewayUpdater\SRWUpdate.exe -- (Simraceway Update Service)
SRV - [2012/02/23 06:40:41 | 002,886,528 | ---- | M] (TeamViewer GmbH) [Auto] -- F:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012/02/10 00:13:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto] -- F:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/01/24 15:50:56 | 000,131,912 | ---- | M] (Desura Pty Ltd) [On_Demand] -- F:\Program Files (x86)\Common Files\Desura\desura_service.exe -- (Desura Install Service)
SRV - [2012/01/07 20:17:51 | 000,075,136 | ---- | M] () [Auto] -- F:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto] -- F:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/10/01 04:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand] -- F:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 04:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto] -- F:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/09/16 10:10:50 | 000,407,424 | ---- | M] (LogMeIn, Inc.) [Auto] -- F:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn)
SRV - [2011/05/05 08:44:54 | 002,656,536 | ---- | M] (Intel Corporation) [Auto] -- F:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2011/05/05 08:44:52 | 000,326,424 | ---- | M] (Intel Corporation) [Auto] -- F:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2011/03/30 10:42:34 | 001,001,808 | ---- | M] (Intel Corporation) [Auto] -- F:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2011/03/30 10:42:32 | 001,321,296 | ---- | M] (Intel Corporation) [On_Demand] -- F:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
SRV - [2011/03/30 10:42:30 | 000,923,984 | ---- | M] (Intel Corporation) [Auto] -- F:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2011/03/01 08:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand] -- F:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/24 21:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto] -- F:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand] -- F:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/03/18 08:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- F:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- F:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/05/21 17:32:10 | 000,087,456 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled] -- F:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2012/04/15 07:57:52 | 000,231,376 | ---- | M] (TrueCrypt Foundation) [Kernel | System] -- F:\Windows\System32\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2012/03/20 15:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/02/10 00:13:00 | 000,028,992 | ---- | M] (NVIDIA Corporation) [Kernel | Boot] -- F:\Windows\System32\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2011/12/09 14:45:00 | 000,060,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\iBtFltCoex.sys -- (iBtFltCoex)
DRV:64bit: - [2011/12/08 00:22:28 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011/12/08 00:22:28 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV:64bit: - [2011/12/08 00:22:28 | 000,146,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\ssadserd.sys -- (ssadserd) SAMSUNG Android USB Diagnostic Serial Port (WDM)
DRV:64bit: - [2011/12/08 00:22:28 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand] -- F:\Windows\System32\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2011/12/08 00:22:28 | 000,019,968 | ---- | M] (Danish Wireless Design A/S) [Kernel | On_Demand] -- F:\Windows\System32\drivers\flashusb.sys -- (flashusb)
DRV:64bit: - [2011/12/08 00:22:28 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV:64bit: - [2011/11/14 20:13:00 | 000,327,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\btmhsf.sys -- (btmhsf)
DRV:64bit: - [2011/10/01 04:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 04:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 04:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- F:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 04:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/09/16 10:10:50 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto] -- F:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2011/07/29 08:54:56 | 000,016,776 | ---- | M] () [Kernel | On_Demand] -- F:\Windows\System32\epmntdrv.sys -- (epmntdrv)
DRV:64bit: - [2011/07/29 08:54:56 | 000,009,096 | ---- | M] () [Kernel | On_Demand] -- F:\Windows\System32\EuGdiDrv.sys -- (EuGdiDrv)
DRV:64bit: - [2011/05/01 01:33:06 | 008,593,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel®
DRV:64bit: - [2011/04/22 06:17:04 | 000,471,144 | ---- | M] (Realtek ) [Kernel | On_Demand] -- F:\Windows\System32\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/04/21 05:09:26 | 000,294,912 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand] -- F:\Windows\System32\drivers\AmpPal.sys -- (AMPPALP) Intel® Centrino®
DRV:64bit: - [2011/04/21 05:09:26 | 000,294,912 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand] -- F:\Windows\System32\drivers\AmpPal.sys -- (AMPPAL) Intel® Centrino®
DRV:64bit: - [2011/03/08 10:44:08 | 000,051,712 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\btmaux.sys -- (btmaux)
DRV:64bit: - [2010/12/16 22:39:08 | 012,256,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- F:\windows\system32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/09 21:04:14 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/10/20 12:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\HECIx64.sys -- (MEIx64) Intel®
DRV:64bit: - [2010/10/15 05:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2010/10/07 22:23:38 | 000,019,192 | ---- | M] (Intel® Corporation) [Kernel | Auto] -- F:\Windows\System32\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- F:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- F:\windows\system32\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- F:\windows\system32\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- F:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2007/04/20 05:42:28 | 000,112,384 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- F:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2011/10/07 03:12:08 | 000,015,144 | ---- | M] (Windows ® 2003 DDK 3790 provider) [Kernel | On_Demand] -- F:\Windows\SysWOW64\drivers\rtport.sys -- (rtport)
DRV - [2011/09/16 10:10:50 | 000,015,928 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto] -- F:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo)
DRV - [2011/07/29 08:54:56 | 000,014,216 | ---- | M] () [Kernel | On_Demand] -- F:\Windows\SysWOW64\epmntdrv.sys -- (epmntdrv)
DRV - [2011/07/29 08:54:56 | 000,008,456 | ---- | M] () [Kernel | On_Demand] -- F:\Windows\SysWOW64\EuGdiDrv.sys -- (EuGdiDrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\RuiPedro_ON_F\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung.msn.com
IE - HKU\RuiPedro_ON_F\Software\Microsoft\Internet Explorer\Main,Start Page = http://samsung.msn.com
IE - HKU\RuiPedro_ON_F\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: F:\Windows\System32\Macromed\Flash\NPSWF64_11_3_300_257.dll ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: F:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer: F:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin: F:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE: File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: F:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: F:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: F:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: F:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: F:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: F:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.1: F:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: F:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: F:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/23 19:50:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/12 02:55:53 | 000,000,000 | ---D | M]

[2012/02/26 04:51:29 | 000,000,000 | ---D | M] (No name found) -- F:\Program Files (x86)\Mozilla Firefox\extensions
[2012/01/06 15:43:09 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- F:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]_bak
[2012/06/23 19:50:12 | 000,085,472 | ---- | M] (Mozilla Foundation) -- F:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/02/25 04:05:50 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- F:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/06/23 19:50:10 | 000,001,525 | ---- | M] () -- F:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/06/23 19:50:10 | 000,002,252 | ---- | M] () -- F:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/23 19:50:10 | 000,000,935 | ---- | M] () -- F:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/06/23 19:50:10 | 000,001,166 | ---- | M] () -- F:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/06/23 19:50:10 | 000,002,040 | ---- | M] () -- F:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
[2012/06/23 19:50:10 | 000,001,121 | ---- | M] () -- F:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - F:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - F:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - F:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [BTMTrayAgent] F:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4:64bit: - HKLM..\Run: [ETDCtrl] F:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [LogMeIn GUI] F:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
O4:64bit: - HKLM..\Run: [MSC] F:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] F:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [HUAWEI E620 Data Card] F:\Program Files (x86)\Kanguru\Kanguru.exe (HUAWEI Technologies Co., Ltd.)
O4 - HKU\LocalService_ON_F..\Run: [Sidebar] F:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_F..\Run: [Sidebar] F:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\RuiPedro_ON_F..\Run: [KiesHelper] File not found
O4 - HKU\RuiPedro_ON_F..\Run: [KiesPDLR] F:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKU\RuiPedro_ON_F..\Run: [OscarEditor] F:\Program Files (x86)\OSCAR Editor X7\OscarEditor.exe ()
O4 - HKU\UpdatusUser_ON_F..\Run: [Sidebar] F:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_F..\RunOnce: [mctadmin] File not found
O4 - HKU\NetworkService_ON_F..\RunOnce: [mctadmin] File not found
O4 - HKU\UpdatusUser_ON_F..\RunOnce: [mctadmin] File not found
O4 - Startup: Error locating startup folders.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O20:64bit: - AppInit_DLLs: (C:\windows\system32\nvinitx.dll) - F:\Windows\System32\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\windows\SysWOW64\nvinit.dll) - F:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - F:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - F:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - F:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


========== Files/Folders - Created Within 30 Days ==========

[2012/07/07 14:40:49 | 000,000,000 | ---D | C] -- F:\Program Files (x86)\Microsoft Security Client
[2012/07/07 14:40:44 | 000,000,000 | ---D | C] -- F:\Program Files\Microsoft Security Client
[2012/07/07 14:40:13 | 000,000,000 | -HSD | C] -- F:\Config.Msi
[2012/07/04 19:36:17 | 000,000,000 | ---D | C] -- F:\Users\RuiPedro\Documents\Condominio FNamora
[2012/07/03 18:50:00 | 000,112,384 | ---- | C] (Huawei Technologies Co., Ltd.) -- F:\windows\System32\drivers\ewusbmdm.sys
[2012/07/03 18:50:00 | 000,029,696 | ---- | C] (Huawei Tech. Co., Ltd.) -- F:\windows\System32\drivers\ewdcsc.sys
[2012/07/03 18:49:50 | 000,000,000 | ---D | C] -- F:\Users\RuiPedro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kanguru
[2012/07/03 18:49:50 | 000,000,000 | ---D | C] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kanguru
[2012/07/03 18:49:48 | 000,000,000 | ---D | C] -- F:\Program Files (x86)\Kanguru
[2012/06/28 03:10:01 | 000,000,000 | -HSD | C] -- F:\windows\System32\%APPDATA%
[2012/06/26 05:16:08 | 000,000,000 | ---D | C] -- F:\Users\RuiPedro\AppData\Local\{DBCA3620-643A-4466-94E4-26A90CCD81F0}
[2012/06/26 05:15:52 | 000,000,000 | ---D | C] -- F:\Users\RuiPedro\AppData\Local\{51F6B646-375F-4E3F-AB88-B272AE2F47F8}
[2012/06/23 05:45:36 | 000,000,000 | ---D | C] -- F:\Users\RuiPedro\AppData\Roaming\DeadMage
[2012/06/20 19:58:14 | 000,000,000 | ---D | C] -- F:\Users\RuiPedro\AppData\Local\Funcom
[2012/06/20 19:58:05 | 000,000,000 | ---D | C] -- F:\ProgramData\media center programs
[2012/06/20 19:58:03 | 000,000,000 | ---D | C] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Funcom
[2012/06/19 08:15:54 | 000,000,000 | ---D | C] -- F:\Users\RuiPedro\Documents\Ubisoft
[2012/06/18 18:22:23 | 000,000,000 | ---D | C] -- F:\Users\RuiPedro\AppData\Local\Ubisoft Game Launcher
[2012/06/18 18:21:40 | 000,000,000 | ---D | C] -- F:\Program Files (x86)\Ubisoft
[2012/06/17 07:48:51 | 000,000,000 | ---D | C] -- F:\Users\RuiPedro\AppData\Local\{B1129602-5E6E-4E87-B47B-ACF2DBA9CF66}
[2012/06/14 02:33:34 | 000,000,000 | ---D | C] -- F:\Users\RuiPedro\AppData\Local\Macromedia
[2 F:\windows\*.tmp files -> F:\windows\*.tmp -> ]
[1 F:\windows\SysWow64\*.tmp files -> F:\windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/11 08:30:47 | 000,067,584 | --S- | M] () -- F:\windows\bootstat.dat
[2012/07/11 08:29:41 | 2055,409,663 | -HS- | M] () -- F:\hiberfil.sys
[2012/07/07 18:57:16 | 000,001,034 | ---- | M] () -- F:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-251638132-866889896-205452805-1001UA.job
[2012/07/07 15:26:58 | 000,654,518 | ---- | M] () -- F:\windows\System32\perfh009.dat
[2012/07/07 15:26:58 | 000,122,092 | ---- | M] () -- F:\windows\System32\perfc009.dat
[2012/07/07 14:44:37 | 000,021,200 | -H-- | M] () -- F:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/07 14:44:37 | 000,021,200 | -H-- | M] () -- F:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/07 14:41:13 | 000,001,945 | ---- | M] () -- F:\windows\epplauncher.mif
[2012/07/07 14:40:53 | 000,001,915 | ---- | M] () -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/07/07 14:40:50 | 000,788,832 | ---- | M] () -- F:\windows\SysWow64\PerfStringBackup.INI
[2012/07/07 07:07:31 | 000,000,982 | ---- | M] () -- F:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-251638132-866889896-205452805-1001Core.job
[2012/07/04 18:45:19 | 000,184,004 | ---- | M] () -- F:\Users\RuiPedro\Desktop\sumotori102.zip
[2012/07/03 18:49:50 | 000,000,000 | ---D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kanguru
[2012/07/01 03:34:37 | 000,000,206 | ---- | M] () -- F:\Users\RuiPedro\Desktop\Psychonauts.url
[2012/06/30 09:58:09 | 000,002,373 | ---- | M] () -- F:\Users\RuiPedro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/06/23 18:51:17 | 000,000,747 | ---- | M] () -- F:\Users\RuiPedro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Titan Poker.lnk
[2012/06/23 18:51:17 | 000,000,723 | ---- | M] () -- F:\Users\RuiPedro\Desktop\Titan Poker.lnk
[2012/06/23 05:45:28 | 000,466,456 | ---- | M] (Creative Labs) -- F:\windows\System32\wrap_oal.dll
[2012/06/23 05:45:28 | 000,444,952 | ---- | M] (Creative Labs) -- F:\windows\SysWow64\wrap_oal.dll
[2012/06/20 19:58:05 | 000,000,693 | ---- | M] () -- F:\Users\Public\Desktop\The Secret World.lnk
[2012/06/20 19:58:03 | 000,000,000 | ---D | M] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Funcom
[2012/06/18 14:58:09 | 000,000,207 | ---- | M] () -- F:\Users\RuiPedro\Desktop\Driver San Francisco.url
[2012/06/14 14:39:16 | 000,000,493 | ---- | M] () -- F:\Users\RuiPedro\Desktop\Windows Update - Shortcut.lnk
[2012/06/13 22:28:23 | 000,276,600 | ---- | M] () -- F:\windows\System32\FNTCACHE.DAT
[2012/06/12 06:47:31 | 000,001,055 | ---- | M] () -- F:\Users\RuiPedro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/06/12 06:47:27 | 000,001,029 | ---- | M] () -- F:\Users\RuiPedro\Desktop\Dropbox.lnk
[2 F:\windows\*.tmp files -> F:\windows\*.tmp -> ]
[1 F:\windows\SysWow64\*.tmp files -> F:\windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/07 14:40:53 | 000,001,915 | ---- | C] () -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/07/04 18:45:17 | 000,184,004 | ---- | C] () -- F:\Users\RuiPedro\Desktop\sumotori102.zip
[2012/07/01 03:34:37 | 000,000,206 | ---- | C] () -- F:\Users\RuiPedro\Desktop\Psychonauts.url
[2012/06/23 18:51:17 | 000,000,753 | ---- | C] () -- F:\Users\RuiPedro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Titan Poker.lnk
[2012/06/23 18:51:17 | 000,000,747 | ---- | C] () -- F:\Users\RuiPedro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Titan Poker.lnk
[2012/06/23 18:51:17 | 000,000,723 | ---- | C] () -- F:\Users\RuiPedro\Desktop\Titan Poker.lnk
[2012/06/22 21:31:35 | 000,000,207 | ---- | C] () -- F:\Users\RuiPedro\Desktop\Lucid - Copy.url
[2012/06/20 19:58:05 | 000,000,693 | ---- | C] () -- F:\Users\Public\Desktop\The Secret World.lnk
[2012/06/18 14:58:09 | 000,000,207 | ---- | C] () -- F:\Users\RuiPedro\Desktop\Driver San Francisco.url
[2012/06/14 14:39:16 | 000,000,493 | ---- | C] () -- F:\Users\RuiPedro\Desktop\Windows Update - Shortcut.lnk
[2012/04/12 17:46:22 | 000,000,717 | ---- | C] () -- F:\windows\cedt.INI
[2012/04/11 18:43:41 | 000,000,204 | ---- | C] () -- F:\Users\RuiPedro\AppData\Roaming\Lucid_player_profiles_data.dat
[2012/04/11 18:43:41 | 000,000,008 | ---- | C] () -- F:\Users\RuiPedro\AppData\Roaming\Lucid_player_highscore.dat
[2012/04/09 13:44:42 | 002,469,760 | ---- | C] () -- F:\windows\SysWow64\BootMan.exe
[2012/04/09 13:44:42 | 000,086,408 | ---- | C] () -- F:\windows\SysWow64\setupempdrv03.exe
[2012/04/09 13:44:42 | 000,019,840 | ---- | C] () -- F:\windows\SysWow64\EuEpmGdi.dll
[2012/04/09 13:44:42 | 000,014,216 | ---- | C] () -- F:\windows\SysWow64\epmntdrv.sys
[2012/04/09 13:44:42 | 000,008,456 | ---- | C] () -- F:\windows\SysWow64\EuGdiDrv.sys
[2012/02/11 13:35:48 | 000,007,168 | ---- | C] () -- F:\Users\RuiPedro\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/07 20:17:53 | 000,281,656 | ---- | C] () -- F:\windows\SysWow64\PnkBstrB.exe
[2012/01/07 20:17:51 | 000,075,136 | ---- | C] () -- F:\windows\SysWow64\PnkBstrA.exe
[2012/01/05 18:22:01 | 000,000,262 | ---- | C] () -- F:\windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2012/01/04 15:09:48 | 000,788,832 | ---- | C] () -- F:\windows\SysWow64\PerfStringBackup.INI
[2011/12/23 16:58:28 | 000,030,568 | ---- | C] () -- F:\windows\MusiccityDownload.exe
[2011/12/23 16:58:24 | 000,974,848 | ---- | C] () -- F:\windows\SysWow64\cis-2.4.dll
[2011/12/23 16:58:24 | 000,081,920 | ---- | C] () -- F:\windows\SysWow64\issacapi_bs-2.3.dll
[2011/12/23 16:58:24 | 000,065,536 | ---- | C] () -- F:\windows\SysWow64\issacapi_pe-2.3.dll
[2011/12/23 16:58:24 | 000,057,344 | ---- | C] () -- F:\windows\SysWow64\issacapi_se-2.3.dll
[2011/09/28 12:44:14 | 000,179,271 | ---- | C] () -- F:\windows\SysWow64\xlive.dll.cat
[2011/09/06 00:46:14 | 000,258,864 | ---- | C] () -- F:\windows\SUPDRun.exe
[2011/09/06 00:42:16 | 000,960,940 | ---- | C] () -- F:\windows\SysWow64\igkrng600.bin
[2011/09/06 00:42:15 | 000,207,376 | ---- | C] () -- F:\windows\SysWow64\igfcg600m.bin
[2011/09/06 00:42:14 | 000,145,804 | ---- | C] () -- F:\windows\SysWow64\igcompkrng600.bin
[2011/09/05 21:31:49 | 000,307,200 | ---- | C] () -- F:\windows\SetDisplayResolution.exe
[2011/09/05 20:52:57 | 000,000,918 | ---- | C] () -- F:\windows\HotFixList.ini
[2011/09/05 20:52:37 | 000,142,128 | ---- | C] () -- F:\windows\wiainst64.exe
[2010/11/20 23:24:49 | 000,252,928 | ---- | C] () -- F:\windows\SysWow64\DShowRdpFilter.dll
[2009/10/06 03:16:02 | 000,819,200 | ---- | C] () -- F:\windows\SysWow64\xvidcore.dll
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- F:\windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- F:\windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- F:\windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- F:\windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- F:\windows\SysWow64\BWContextHandler.dll
[2009/07/13 18:25:04 | 000,197,632 | ---- | C] () -- F:\windows\SysWow64\ir32_32.dll
[2009/07/13 17:59:36 | 000,982,196 | ---- | C] () -- F:\windows\SysWow64\igkrng500.bin
[2009/07/13 17:59:36 | 000,139,824 | ---- | C] () -- F:\windows\SysWow64\igfcg500.bin
[2009/07/13 17:59:36 | 000,097,448 | ---- | C] () -- F:\windows\SysWow64\igfcg500m.bin
[2009/07/13 17:59:35 | 000,417,344 | ---- | C] () -- F:\windows\SysWow64\igcompkrng500.bin
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- F:\windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- F:\windows\SysWow64\mlang.dat

========== LOP Check ==========

[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- F:\ProgramData\Application Data
[2012/03/18 12:41:27 | 000,000,000 | ---D | M] -- F:\ProgramData\Battle.net
[2012/01/22 11:50:43 | 000,000,000 | -H-D | M] -- F:\ProgramData\CanonBJ
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- F:\ProgramData\Desktop
[2012/01/24 15:50:19 | 000,000,000 | ---D | M] -- F:\ProgramData\Desura
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- F:\ProgramData\Documents
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- F:\ProgramData\Favorites
[2012/07/11 08:30:10 | 000,000,000 | ---D | M] -- F:\ProgramData\LogMeIn
[2012/06/01 18:55:45 | 000,000,000 | ---D | M] -- F:\ProgramData\PDF Writer
[2012/02/18 11:36:18 | 000,000,000 | ---D | M] -- F:\ProgramData\Pendulo Studios
[2012/05/01 10:31:17 | 000,000,000 | ---D | M] -- F:\ProgramData\PoksterCalculator
[2012/04/10 09:16:28 | 000,000,000 | ---D | M] -- F:\ProgramData\PopCap Games
[2012/02/11 13:29:39 | 000,000,000 | ---D | M] -- F:\ProgramData\SAMSUNG
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- F:\ProgramData\Start Menu
[2012/02/12 19:16:17 | 000,000,000 | ---D | M] -- F:\ProgramData\Steam
[2012/01/04 14:42:42 | 000,000,000 | ---D | M] -- F:\ProgramData\Temp
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- F:\ProgramData\Templates
[2012/01/04 20:24:07 | 000,000,000 | ---D | M] -- F:\ProgramData\VirtualizedApplications
[2012/04/11 19:37:20 | 000,000,000 | ---D | M] -- F:\ProgramData\WildTangent
[2011/09/06 19:08:26 | 000,000,000 | ---D | M] -- F:\ProgramData\WinClon
[2009/07/14 01:08:49 | 000,026,696 | ---- | M] () -- F:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- F:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- F:\Windows\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- F:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 02:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- F:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 23:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- F:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- F:\Windows\SysWOW64\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- F:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 23:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- F:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: SERVICES >
[2009/06/10 17:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- F:\windows\System32\drivers\etc\services
[2009/06/10 17:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- F:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services

< MD5 for: SERVICES.CFG >
[2012/04/04 01:53:54 | 000,585,987 | ---- | M] () MD5=7BAB089A4F862C6BC86E0201D5BF1779 -- F:\Program Files (x86)\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2011/06/06 08:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- F:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg

< MD5 for: SERVICES.CNF >
[2010/08/23 11:07:16 | 000,000,002 | ---- | M] () MD5=A55822426A5330C04625A41D264C190B -- F:\Users\RuiPedro\Documents\Sites\eLojasOnline.com\Backup\backup-elojasonline.com-9-7-2010\public_html\_vti_pvt\services.cnf
[2010/08/23 11:07:16 | 000,000,002 | ---- | M] () MD5=A55822426A5330C04625A41D264C190B -- F:\Users\RuiPedro\Documents\Sites\eLojasOnline.com\Backup\backup-elojasonline.com-9-7-2010\www\_vti_pvt\services.cnf

< MD5 for: SERVICES.EXE >
[2012/07/10 18:36:48 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=014A9CB92514E27C0107614DF764BC06 -- F:\windows\System32\services.exe
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- F:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SERVICES.EXE.04C832EA36C9C51F >
[2012/07/07 15:00:29 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- F:\windows\System32\services.exe.04C832EA36C9C51F

< MD5 for: SERVICES.EXE.07A9DA281D4DAA56 >
[2012/07/07 18:38:39 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- F:\windows\System32\services.exe.07A9DA281D4DAA56

< MD5 for: SERVICES.EXE.0D1FD7C7A112D7EE >
[2012/07/07 15:35:50 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- F:\windows\System32\services.exe.0D1FD7C7A112D7EE

< MD5 for: SERVICES.EXE.2AE7D42245B3F82D >
[2012/07/07 18:19:41 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- F:\windows\System32\services.exe.2AE7D42245B3F82D

< MD5 for: SERVICES.EXE.2E0F01C9446B3D8E >
[2012/07/07 18:12:49 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- F:\windows\System32\services.exe.2E0F01C9446B3D8E

< MD5 for: SERVICES.EXE.327DDAF15C310D0A >
[2012/07/07 18:02:15 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- F:\windows\System32\services.exe.327DDAF15C310D0A

< MD5 for: SERVICES.EXE.3B0BA2C36EA16753 >
[2012/07/07 14:56:40 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- F:\windows\System32\services.exe.3B0BA2C36EA16753

< MD5 for: SERVICES.EXE.40E01CE2D7061700 >
[2012/07/07 18:36:08 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- F:\windows\System32\services.exe.40E01CE2D7061700

< MD5 for: SERVICES.EXE.42DF510FEE91AF25 >
[2012/07/07 18:57:07 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- F:\windows\System32\services.exe.42DF510FEE91AF25

< MD5 for: SERVICES.EXE.4D67A6AF2AC71A4C >
[2012/07/07 15:29:17 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- F:\windows\System32\services.exe.4D67A6AF2AC71A4C

< MD5 for: SERVICES.EXE.5788036570116922 >
[2012/07/07 18:16:30 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- F:\windows\System32\services.exe.5788036570116922

< MD5 for: SERVICES.EXE.5A31AB0D44B4CFA7 >
[2012/07/07 18:48:58 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- F:\windows\System32\services.exe.5A31AB0D44B4CFA7

< MD5 for: SERVICES.EXE.700BA86AC8B77C2C >
[2012/07/07 18:05:55 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- F:\windows\System32\services.exe.700BA86AC8B77C2C

< MD5 for: SERVICES.EXE.7210E77BD1543310 >
[2012/07/07 17:47:47 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- F:\windows\System32\services.exe.7210E77BD1543310

< MD5 for: SERVICES.EXE.75C192AF5FB3BFC6 >
[2012/07/07 15:03:51 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- F:\windows\System32\services.exe.75C192AF5FB3BFC6

< MD5 for: SERVICES.EXE.79BBC4A21714F1CA >
[2012/07/07 18:24:23 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- F:\windows\System32\services.exe.79BBC4A21714F1CA

< MD5 for: SERVICES.EXE.8842DB8163DE8A9D >
[2012/07/07 14:53:27 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- F:\windows\System32\services.exe.8842DB8163DE8A9D

< MD5 for: SERVICES.EXE.901C1604BEA17E52 >
[2012/07/10 18:29:41 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- F:\windows\System32\services.exe.901C1604BEA17E52

< MD5 for: SERVICES.EXE.9D233E7114CE6942 >
[2012/07/07 15:14:49 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- F:\windows\System32\services.exe.9D233E7114CE6942

< MD5 for: SERVICES.EXE.A0FA56E5ACA8E349 >
[2012/07/07 15:18:11 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- F:\windows\System32\services.exe.A0FA56E5ACA8E349

< MD5 for: SERVICES.EXE.A34FBA84DA5780BE >
[2012/07/07 17:58:57 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- F:\windows\System32\services.exe.A34FBA84DA5780BE

< MD5 for: SERVICES.EXE.A7E50ACA02DADE8D >
[2012/07/07 17:54:30 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- F:\windows\System32\services.exe.A7E50ACA02DADE8D

< MD5 for: SERVICES.EXE.A95E6E759C10C0C5 >
[2012/07/07 18:09:11 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- F:\windows\System32\services.exe.A95E6E759C10C0C5

< MD5 for: SERVICES.EXE.AB5568716A50EE55 >
[2012/07/07 18:33:19 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- F:\windows\System32\services.exe.AB5568716A50EE55

< MD5 for: SERVICES.EXE.ADEE51D20A24885C >
[2012/07/07 18:41:12 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- F:\windows\System32\services.exe.ADEE51D20A24885C

< MD5 for: SERVICES.EXE.BEDB150A737D5823 >
[2012/07/07 18:29:45 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- F:\windows\System32\services.exe.BEDB150A737D5823

< MD5 for: SERVICES.EXE.C561E556684A18C9 >
[2012/07/07 15:32:32 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- F:\windows\System32\services.exe.C561E556684A18C9

< MD5 for: SERVICES.EXE.CEB341C6165429CC >
[2012/07/07 17:51:04 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- F:\windows\System32\services.exe.CEB341C6165429CC

< MD5 for: SERVICES.EXE.D88E33018B26E709 >
[2012/07/10 18:40:48 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- F:\windows\System32\services.exe.D88E33018B26E709

< MD5 for: SERVICES.EXE.E6354E53F4A653F6 >
[2012/07/07 18:54:14 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- F:\windows\System32\services.exe.E6354E53F4A653F6

< MD5 for: SERVICES.EXE.EBE67F4D875B1A91 >
[2012/07/07 18:26:49 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- F:\windows\System32\services.exe.EBE67F4D875B1A91

< MD5 for: SERVICES.EXE.EF0074AFA93E054C >
[2012/07/07 15:26:04 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- F:\windows\System32\services.exe.EF0074AFA93E054C

< MD5 for: SERVICES.EXE.F50C904D28AE52E9 >
[2012/07/10 18:45:29 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- F:\windows\System32\services.exe.F50C904D28AE52E9

< MD5 for: SERVICES.EXE.F677F0A77FCAD9DF >
[2012/07/07 18:43:41 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- F:\windows\System32\services.exe.F677F0A77FCAD9DF

< MD5 for: SERVICES.EXE.MUI >
[2010/11/21 03:06:16 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- F:\windows\System32\en-US\services.exe.mui
[2010/11/21 03:06:16 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- F:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui

< MD5 for: SERVICES.EXE-511D36F4.PF >
[2012/07/07 14:22:56 | 000,058,450 | ---- | M] () MD5=DA03F02D087AFB38B1ACBAAAED19A5E3 -- F:\Windows\Prefetch\SERVICES.EXE-511D36F4.pf

< MD5 for: SERVICES.LNK >
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOCHIADS.COM.SOL >
[2012/07/01 14:47:10 | 000,000,351 | ---- | M] () MD5=C8AC961DAD4C3C1123690A8932E42D15 -- F:\Users\RuiPedro\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\TYBPF5TR\mochiads.com\services.mochiads.com.sol

< MD5 for: SERVICES.MOF >
[2009/06/10 16:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- F:\windows\System32\wbem\services.mof
[2009/06/10 16:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- F:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof

< MD5 for: SERVICES.MSC >
[2010/11/21 03:06:14 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- F:\windows\System32\en-US\services.msc
[2009/06/10 16:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- F:\windows\System32\services.msc
[2010/11/21 03:06:17 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- F:\Windows\SysWOW64\en-US\services.msc
[2009/06/10 17:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- F:\Windows\SysWOW64\services.msc
[2010/11/21 03:06:14 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- F:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 16:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- F:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2010/11/21 03:06:17 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- F:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 17:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- F:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PNG >
[2010/06/01 13:30:42 | 000,036,737 | ---- | M] () MD5=DE73CD8D57FBEB810AE09B146ED235FD -- F:\Users\RuiPedro\Documents\Sites\eLojasOnline.com\Downloads\Icons\256x256-Business-Icons\Services.png

< MD5 for: SERVICES.PTXML >
[2009/07/13 16:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- F:\windows\System32\wdi\perftrack\Services.ptxml
[2009/07/13 16:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- F:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml

< MD5 for: SERVICES.TPL.PHP >
[2012/05/14 11:32:00 | 000,004,984 | ---- | M] () MD5=EFC83B81C2BB50ED20D695DC464869D8 -- F:\Users\RuiPedro\Documents\Sites\Battery-Live.com\Site\battery-live.com\battery-live.com\public_html\gestao\themes\default\templates\services.tpl.php

< MD5 for: SVCHOST.EXE >
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- F:\Windows\SysWOW64\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- F:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- F:\windows\System32\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- F:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 23:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- F:\Windows\SysWOW64\userinit.exe
[2010/11/20 23:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- F:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 23:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- F:\windows\System32\userinit.exe
[2010/11/20 23:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- F:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 23:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- F:\windows\System32\winlogon.exe
[2010/11/20 23:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- F:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

< MD5 for: WSHELPER.DLL >
[2009/07/13 21:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- F:\Windows\SysWOW64\wshelper.dll
[2009/07/13 21:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- F:\Windows\winsxs\wow64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6ace9e67456cc40b\wshelper.dll
[2009/07/13 21:41:58 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=D314DA4B0B8DCD023D547FC568E34FB6 -- F:\windows\System32\wshelper.dll
[2009/07/13 21:41:58 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=D314DA4B0B8DCD023D547FC568E34FB6 -- F:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\wshelper.dll

< MD5 for: WSHELPER.DLL.MUI >
[2010/11/21 03:06:21 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=CD53AEA05D09943FDAA9E6E779D28A26 -- F:\Windows\SysWOW64\en-US\wshelper.dll.mui
[2010/11/21 03:06:21 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=CD53AEA05D09943FDAA9E6E779D28A26 -- F:\Windows\winsxs\x86_microsoft-windows-w..ure-other.resources_31bf3856ad364e35_6.1.7600.16385_en-us_adb3c1d9fa188607\wshelper.dll.mui
[2010/11/21 03:06:18 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=D3C8A35BD4D7F008A7D37AA6F235C8FD -- F:\windows\System32\en-US\wshelper.dll.mui
[2010/11/21 03:06:18 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=D3C8A35BD4D7F008A7D37AA6F235C8FD -- F:\Windows\winsxs\amd64_microsoft-windows-w..ure-other.resources_31bf3856ad364e35_6.1.7600.16385_en-us_09d25d5db275f73d\wshelper.dll.mui

< C:\Windows\assembly\tmp\U\*.* /s >

Invalid Environment Variable: %Temp%\smtmp\1\*.*

Invalid Environment Variable: %Temp%\smtmp\2\*.*

Invalid Environment Variable: %Temp%\smtmp\3\*.*

Invalid Environment Variable: %Temp%\smtmp\4\*.*
< End of report >
  • 0

#7
Crag_Hack

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,775 posts
Hi RuiPedro. I finished analyzing your OTL log. It looks clean. Also it appears services.exe is infected just like you reported. I will get back to you with further instructions tomorrow.
  • 0

#8
Crag_Hack

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,775 posts
Hi RuiPedro. It appears services.exe is infected. We will now examine it and also run a scan using a special utility. If you do not have a flash drive you can use an external hard drive. If you don't have either please let me know. Please do the following:

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Please boot to OTLPE and run FRST from the flash drive by navigating to the flash drive then running frst64.exe
When the tool opens click Yes to disclaimer.
Posted Image
Press Scan button.
It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Restart FRST as before

Type the following in the edit box after "Search:".

services.exe

It then should look like:

Search: services.exe

Click Search button and post the log (Search.txt on the flash drive) it makes to your reply.

Things to see in your next post:
FRST.txt
Search.txt

  • 0

#9
RuiPedro

RuiPedro

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Hello Crag_Hack,

I can't run FRST64.exe by booting from the OTLPE CD because it says it's not a valid win32 app. Don't know if I understood something wrong.

So... I've downloaded FRST.exe from the same source and run it fom the flash drive. Hope I didn't do anything stupid and thanks for your help !

Logs:

Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 14-07-2012
Ran by SYSTEM at 15-07-2012 01:50:33
Running from F:\
Windows 7 Home Premium (X86) OS Language: English(US)
The current controlset is ControlSet001

ATTENTION!:=====> THE OPERATING SYSTEM IS A X64 SYSTEM BUT THE BOOT DISK THAT IS USED TO BOOT TO RECOVERY ENVIRONMENT IS A X86 SYSTEM DISK.
========================== Registry (Whitelisted) =============

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11895400 2011-06-24] (Realtek Semiconductor)
HKLM\...\Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp [10372368 2011-03-30] (Intel Corporation)
HKLM\...\Run: [ETDCtrl] %ProgramFiles%\Elantech\ETDCtrl.exe [2588968 2010-11-12] (ELAN Microelectronics Corp.)
HKLM\...\Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" [57928 2011-09-16] (LogMeIn, Inc.)
HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKU\RuiPedro\...\Run: [OscarEditor] "C:\Program Files (x86)\OSCAR Editor X7\OscarEditor.exe" Minimum [3357696 2011-02-11] ()
HKU\RuiPedro\...\Run: [Google Update] "C:\Users\RuiPedro\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2012-01-13] (Google Inc.)
HKU\RuiPedro\...\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [21432 2012-06-08] ()
HKU\RuiPedro\...\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s [x]
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
AppInit_DLLs: C:\windows\system32\nvinitx.dll
Tcpip\..\Interfaces\{B6E529D9-DF0F-4E36-AFE5-36AD61491626}: [NameServer]62.169.67.172 62.169.67.171
Startup: C:\Users\RuiPedro\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)

================================ Services (Whitelisted) ==================

2 AdobeARMservice; "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" [63928 2012-01-03] (Adobe Systems Incorporated)
2 AMPPALR3; C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [1136640 2011-04-21] (Intel Corporation)
3 aspnet_state; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [44376 2010-03-18] (Microsoft Corporation)
3 BBSvc; "C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE" [183560 2011-03-01] (Microsoft Corporation.)
2 Bluetooth Device Monitor; "C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe" [923984 2011-03-30] (Intel Corporation)
3 Bluetooth Media Service; "C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe" [1321296 2011-03-30] (Intel Corporation)
2 Bluetooth OBEX Service; "C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe" [1001808 2011-03-30] (Intel Corporation)
2 BTHSSecurityMgr; "C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe" [134928 2011-04-21] (Intel® Corporation)
4 clr_optimization_v2.0.50727_64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [89920 2009-06-10] (Microsoft Corporation)
2 clr_optimization_v4.0.30319_64; C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [138576 2010-03-18] (Microsoft Corporation)
2 cvhsvc; "C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE" [822624 2012-01-04] (Microsoft Corporation)
3 Desura Install Service; C:\Program Files (x86)\Common Files\Desura\desura_service.exe [131912 2012-01-24] (Desura Pty Ltd)
2 eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [27136 2009-07-13] (Microsoft Corporation)
3 FontCache3.0.0.0; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [42856 2010-11-20] (Microsoft Corporation)
3 GamesAppService; "C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe" [206072 2010-10-12] (WildTangent, Inc.)
3 idsvc; "C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe" [856400 2010-11-20] (Microsoft Corporation)
2 LMIGuardianSvc; "C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe" [375176 2012-05-21] (LogMeIn, Inc.)
2 LMIMaint; "C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe" [147336 2012-05-21] (LogMeIn, Inc.)
2 LMS; C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [326424 2011-05-05] (Intel Corporation)
2 LogMeIn; "C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe" [407424 2011-09-16] (LogMeIn, Inc.)
3 MozillaMaintenance; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [113120 2012-06-23] (Mozilla Foundation)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
4 NetMsmqActivator; "C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe" -NetMsmqActivator [124240 2010-03-18] (Microsoft Corporation)
4 NetPipeActivator; C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [124240 2010-03-18] (Microsoft Corporation)
4 NetTcpActivator; C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [124240 2010-03-18] (Microsoft Corporation)
4 NetTcpPortSharing; C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [124240 2010-03-18] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
2 nvUpdatusService; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2348352 2012-02-10] (NVIDIA Corporation)
3 ose; "C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE" [149352 2010-01-09] (Microsoft Corporation)
3 PerfHost; C:\Windows\SysWow64\perfhost.exe [20992 2009-07-13] (Microsoft Corporation)
2 RichVideo; "C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe" [244904 2009-12-01] ()
3 Samsung UPD Service; "C:\windows\System32\SUPDSvc.exe" [166704 2010-08-09] (Samsung Electronics CO., LTD.)
2 SeaPort; "C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE" [249648 2011-02-24] (Microsoft Corporation)
2 sftlist; "C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe" [508776 2011-10-01] (Microsoft Corporation)
3 sftvsa; "C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe" [219496 2011-10-01] (Microsoft Corporation)
2 Simraceway Update Service; C:\Program Files (x86)\SimracewayUpdater\SRWUpdate.exe [466944 2012-03-27] ()
3 Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe /RunAsService [529232 2012-07-02] (Valve Corporation)
2 TeamViewer7; C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2886528 2012-02-23] (TeamViewer GmbH)
2 UNS; "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" [2656536 2011-05-05] (Intel Corporation)
2 PnkBstrA; C:\windows\system32\PnkBstrA.exe [x]

========================== Drivers (Whitelisted) =============

3 AMPPAL; C:\Windows\System32\DRIVERS\AMPPAL.sys [294912 2011-04-21] (Windows ® Win 7 DDK provider)
3 AMPPALP; C:\Windows\System32\DRIVERS\amppal.sys [294912 2011-04-21] (Windows ® Win 7 DDK provider)
3 androidusb; C:\Windows\System32\Drivers\ssadadb.sys [36328 2011-12-08] (Google Inc)
3 b06bdrv; C:\Windows\system32\drivers\bxvbda.sys [468480 2009-06-10] (Broadcom Corporation)
3 b57nd60a; C:\Windows\System32\DRIVERS\b57nd60a.sys [270848 2009-06-10] (Broadcom Corporation)
3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [51712 2011-03-08] (Intel Corporation)
3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [327168 2011-11-14] (Intel Corporation)
3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
3 epmntdrv; \??\C:\windows\system32\epmntdrv.sys [16776 2011-07-29] ()
3 ETD; C:\Windows\System32\DRIVERS\ETD.sys [138024 2010-11-12] (ELAN Microelectronics Corp.)
3 EuGdiDrv; \??\C:\windows\system32\EuGdiDrv.sys [9096 2011-07-29] ()
3 flashusb; C:\Windows\System32\DRIVERS\flashusb.sys [19968 2011-12-08] (Danish Wireless Design A/S)
3 iBtFltCoex; C:\Windows\System32\DRIVERS\iBtFltCoex.sys [60416 2011-12-09] (Intel Corporation)
3 igfx; C:\Windows\System32\DRIVERS\igdkmd64.sys [12256512 2010-12-16] (Intel Corporation)
3 IntcAzAudAddService; C:\Windows\System32\drivers\RTKVHD64.sys [2905320 2011-06-24] (Realtek Semiconductor Corp.)
3 ksthunk; C:\Windows\system32\drivers\ksthunk.sys [20992 2009-07-13] (Microsoft Corporation)
2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [15928 2011-09-16] (LogMeIn, Inc.)
3 lmimirr; C:\Windows\System32\DRIVERS\lmimirr.sys [11552 2011-09-16] (LogMeIn, Inc.)
2 LMIRfsDriver; \??\C:\windows\system32\drivers\LMIRfsDriver.sys [72216 2011-09-16] (LogMeIn, Inc.)
3 MEIx64; C:\Windows\System32\DRIVERS\HECIx64.sys [56344 2010-10-20] (Intel Corporation)
0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [203888 2012-03-20] (Microsoft Corporation)
3 NETwNs64; C:\Windows\System32\DRIVERS\NETwNs64.sys [8593920 2011-05-01] (Intel Corporation)
0 nvpciflt; C:\Windows\System32\DRIVERS\nvpciflt.sys [28992 2012-02-10] (NVIDIA Corporation)
3 RTL8167; C:\Windows\System32\DRIVERS\Rt64win7.sys [471144 2011-04-22] (Realtek )
3 rtport; \??\C:\windows\SysWOW64\drivers\rtport.sys [15144 2011-10-07] (Windows ® 2003 DDK 3790 provider)
1 SABI; \??\C:\windows\system32\Drivers\SABI.sys [13824 2009-05-28] (SAMSUNG ELECTRONICS)
2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [19192 2010-10-07] (Intel® Corporation)
4 LMIRfsClientNP; [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-07-15 01:50 - 2012-07-15 01:50 - 00000000 ____D C:\FRST
2012-07-11 16:06 - 2012-07-11 16:06 - 00110064 ____A C:\OTL.Txt
2012-07-10 18:45 - 2012-07-10 18:45 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F50C904D28AE52E9
2012-07-10 18:40 - 2012-07-10 18:40 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D88E33018B26E709
2012-07-10 18:29 - 2012-07-10 18:29 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.901C1604BEA17E52
2012-07-07 18:57 - 2012-07-07 18:57 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.42DF510FEE91AF25
2012-07-07 18:54 - 2012-07-07 18:54 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E6354E53F4A653F6
2012-07-07 18:48 - 2012-07-07 18:48 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5A31AB0D44B4CFA7
2012-07-07 18:43 - 2012-07-07 18:43 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F677F0A77FCAD9DF
2012-07-07 18:41 - 2012-07-07 18:41 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.ADEE51D20A24885C
2012-07-07 18:38 - 2012-07-07 18:38 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.07A9DA281D4DAA56
2012-07-07 18:36 - 2012-07-07 18:36 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.40E01CE2D7061700
2012-07-07 18:33 - 2012-07-07 18:33 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.AB5568716A50EE55
2012-07-07 18:29 - 2012-07-07 18:29 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.BEDB150A737D5823
2012-07-07 18:26 - 2012-07-07 18:26 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.EBE67F4D875B1A91
2012-07-07 18:24 - 2012-07-07 18:24 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.79BBC4A21714F1CA
2012-07-07 18:19 - 2012-07-07 18:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2AE7D42245B3F82D
2012-07-07 18:16 - 2012-07-07 18:16 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5788036570116922
2012-07-07 18:12 - 2012-07-07 18:12 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2E0F01C9446B3D8E
2012-07-07 18:09 - 2012-07-07 18:09 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A95E6E759C10C0C5
2012-07-07 18:05 - 2012-07-07 18:05 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.700BA86AC8B77C2C
2012-07-07 18:02 - 2012-07-07 18:02 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.327DDAF15C310D0A
2012-07-07 17:58 - 2012-07-07 17:58 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A34FBA84DA5780BE
2012-07-07 17:54 - 2012-07-07 17:54 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A7E50ACA02DADE8D
2012-07-07 17:51 - 2012-07-07 17:51 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CEB341C6165429CC
2012-07-07 17:47 - 2012-07-07 17:47 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7210E77BD1543310
2012-07-07 15:35 - 2012-07-07 15:35 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0D1FD7C7A112D7EE
2012-07-07 15:32 - 2012-07-07 15:32 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C561E556684A18C9
2012-07-07 15:29 - 2012-07-07 15:29 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4D67A6AF2AC71A4C
2012-07-07 15:26 - 2012-07-07 15:26 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.EF0074AFA93E054C
2012-07-07 15:18 - 2012-07-07 15:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A0FA56E5ACA8E349
2012-07-07 15:14 - 2012-07-07 15:14 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9D233E7114CE6942
2012-07-07 15:03 - 2012-07-07 15:03 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.75C192AF5FB3BFC6
2012-07-07 15:00 - 2012-07-07 15:00 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.04C832EA36C9C51F
2012-07-07 14:56 - 2012-07-07 14:56 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3B0BA2C36EA16753
2012-07-07 14:53 - 2012-07-07 14:53 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8842DB8163DE8A9D
2012-07-07 14:40 - 2012-07-07 14:40 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-07-07 14:40 - 2012-07-07 14:40 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-07-04 19:36 - 2012-07-04 19:37 - 00000000 ____D C:\Users\RuiPedro\Documents\Condominio FNamora
2012-07-04 18:45 - 2012-07-04 18:45 - 00184004 ____A C:\Users\RuiPedro\Desktop\sumotori102.zip
2012-07-04 18:13 - 2012-07-04 18:13 - 00352952 ____A (Softonic) C:\Users\RuiPedro\Downloads\SoftonicDownloader_for_sumotori-dreams.exe
2012-07-03 18:50 - 2007-04-20 05:42 - 00112384 ____A (Huawei Technologies Co., Ltd.) C:\Windows\System32\Drivers\ewusbmdm.sys
2012-07-03 18:50 - 2007-04-20 05:41 - 00029696 ____A (Huawei Tech. Co., Ltd.) C:\Windows\System32\Drivers\ewdcsc.sys
2012-07-03 18:49 - 2012-07-07 14:38 - 00000000 ____D C:\Program Files (x86)\Kanguru
2012-07-01 03:34 - 2012-07-01 03:34 - 00000206 ____A C:\Users\RuiPedro\Desktop\Psychonauts.url
2012-06-28 03:10 - 2012-06-28 03:10 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-06-26 05:16 - 2012-06-26 05:16 - 00000000 ____D C:\Users\RuiPedro\AppData\Local\{DBCA3620-643A-4466-94E4-26A90CCD81F0}
2012-06-26 05:15 - 2012-06-26 05:16 - 00000000 ____D C:\Users\RuiPedro\AppData\Local\{51F6B646-375F-4E3F-AB88-B272AE2F47F8}
2012-06-23 18:51 - 2012-06-23 18:51 - 00000723 ____A C:\Users\RuiPedro\Desktop\Titan Poker.lnk
2012-06-23 18:50 - 2012-06-23 18:50 - 00525144 ____A (Playtech) C:\Users\RuiPedro\Downloads\TitanBSetup_681e8.exe
2012-06-23 05:45 - 2012-06-23 05:45 - 00000000 ____D C:\Windows\DEA314C409294250BC9298E4C105F28D.TMP
2012-06-23 05:45 - 2012-06-23 05:45 - 00000000 ____D C:\Users\RuiPedro\AppData\Roaming\DeadMage
2012-06-22 21:31 - 2012-04-11 06:36 - 00000207 ____A C:\Users\RuiPedro\Desktop\Lucid - Copy.url
2012-06-22 13:33 - 2012-06-02 18:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-22 13:33 - 2012-06-02 18:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-22 13:33 - 2012-06-02 18:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-22 13:33 - 2012-06-02 18:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-22 13:33 - 2012-06-02 10:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-22 13:33 - 2012-06-02 10:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-20 19:58 - 2012-06-20 19:58 - 00000693 ____A C:\Users\Public\Desktop\The Secret World.lnk
2012-06-20 19:58 - 2012-06-20 19:58 - 00000000 ____D C:\Users\RuiPedro\AppData\Local\Funcom
2012-06-20 19:54 - 2012-06-20 19:54 - 10480160 ____A (Funcom ) C:\Users\RuiPedro\Downloads\SecretWorld.exe
2012-06-19 08:15 - 2012-06-19 08:15 - 00000000 ____D C:\Users\RuiPedro\Documents\Ubisoft
2012-06-18 18:22 - 2012-07-07 05:23 - 00000000 ____D C:\Users\RuiPedro\AppData\Local\Ubisoft Game Launcher
2012-06-18 18:21 - 2012-06-18 18:21 - 00000000 ____D C:\Program Files (x86)\Ubisoft
2012-06-18 14:58 - 2012-06-18 14:58 - 00000207 ____A C:\Users\RuiPedro\Desktop\Driver San Francisco.url
2012-06-17 07:48 - 2012-06-17 07:49 - 00000000 ____D C:\Users\RuiPedro\AppData\Local\{B1129602-5E6E-4E87-B47B-ACF2DBA9CF66}

============ 3 Months Modified Files ========================

2012-07-11 16:06 - 2012-07-11 16:06 - 00110064 ____A C:\OTL.Txt
2012-07-11 08:29 - 2012-03-20 15:37 - 00008578 ____A C:\Windows\setupact.log
2012-07-11 08:29 - 2009-07-14 01:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-10 18:45 - 2012-07-10 18:45 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F50C904D28AE52E9
2012-07-10 18:40 - 2012-07-10 18:40 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D88E33018B26E709
2012-07-10 18:36 - 2009-07-13 19:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe
2012-07-10 18:29 - 2012-07-10 18:29 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.901C1604BEA17E52
2012-07-07 18:57 - 2012-07-07 18:57 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.42DF510FEE91AF25
2012-07-07 18:57 - 2012-01-13 18:42 - 00001034 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-251638132-866889896-205452805-1001UA.job
2012-07-07 18:54 - 2012-07-07 18:54 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E6354E53F4A653F6
2012-07-07 18:48 - 2012-07-07 18:48 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5A31AB0D44B4CFA7
2012-07-07 18:43 - 2012-07-07 18:43 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F677F0A77FCAD9DF
2012-07-07 18:41 - 2012-07-07 18:41 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.ADEE51D20A24885C
2012-07-07 18:38 - 2012-07-07 18:38 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.07A9DA281D4DAA56
2012-07-07 18:36 - 2012-07-07 18:36 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.40E01CE2D7061700
2012-07-07 18:33 - 2012-07-07 18:33 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.AB5568716A50EE55
2012-07-07 18:29 - 2012-07-07 18:29 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.BEDB150A737D5823
2012-07-07 18:26 - 2012-07-07 18:26 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.EBE67F4D875B1A91
2012-07-07 18:24 - 2012-07-07 18:24 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.79BBC4A21714F1CA
2012-07-07 18:19 - 2012-07-07 18:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2AE7D42245B3F82D
2012-07-07 18:16 - 2012-07-07 18:16 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5788036570116922
2012-07-07 18:12 - 2012-07-07 18:12 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2E0F01C9446B3D8E
2012-07-07 18:09 - 2012-07-07 18:09 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A95E6E759C10C0C5
2012-07-07 18:05 - 2012-07-07 18:05 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.700BA86AC8B77C2C
2012-07-07 18:02 - 2012-07-07 18:02 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.327DDAF15C310D0A
2012-07-07 17:58 - 2012-07-07 17:58 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A34FBA84DA5780BE
2012-07-07 17:54 - 2012-07-07 17:54 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A7E50ACA02DADE8D
2012-07-07 17:51 - 2012-07-07 17:51 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CEB341C6165429CC
2012-07-07 17:47 - 2012-07-07 17:47 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7210E77BD1543310
2012-07-07 15:35 - 2012-07-07 15:35 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0D1FD7C7A112D7EE
2012-07-07 15:32 - 2012-07-07 15:32 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C561E556684A18C9
2012-07-07 15:29 - 2012-07-07 15:29 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4D67A6AF2AC71A4C
2012-07-07 15:26 - 2012-07-07 15:26 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.EF0074AFA93E054C
2012-07-07 15:26 - 2009-07-14 01:13 - 00782986 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-07 15:18 - 2012-07-07 15:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A0FA56E5ACA8E349
2012-07-07 15:14 - 2012-07-07 15:14 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9D233E7114CE6942
2012-07-07 15:03 - 2012-07-07 15:03 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.75C192AF5FB3BFC6
2012-07-07 15:00 - 2012-07-07 15:00 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.04C832EA36C9C51F
2012-07-07 15:00 - 2011-12-27 17:15 - 00004352 ____A C:\Users\RuiPedro\Desktop\New Text Document.txt
2012-07-07 14:56 - 2012-07-07 14:56 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3B0BA2C36EA16753
2012-07-07 14:53 - 2012-07-07 14:53 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8842DB8163DE8A9D
2012-07-07 14:44 - 2009-07-14 00:45 - 00021200 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-07 14:44 - 2009-07-14 00:45 - 00021200 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-07 14:41 - 2012-01-04 15:09 - 00001945 ____A C:\Windows\epplauncher.mif
2012-07-07 14:41 - 2011-09-06 12:19 - 01071866 ____A C:\Windows\WindowsUpdate.log
2012-07-07 14:40 - 2012-01-04 15:09 - 00788832 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-07-07 14:39 - 2012-01-04 15:08 - 12621696 ____A (Microsoft Corporation) C:\Users\RuiPedro\Downloads\mseinstall.exe
2012-07-07 07:07 - 2012-01-13 18:42 - 00000982 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-251638132-866889896-205452805-1001Core.job
2012-07-06 20:32 - 2012-04-16 10:00 - 00000481 ____A C:\Users\RuiPedro\Desktop\New Text Document (2).txt
2012-07-04 18:45 - 2012-07-04 18:45 - 00184004 ____A C:\Users\RuiPedro\Desktop\sumotori102.zip
2012-07-04 18:13 - 2012-07-04 18:13 - 00352952 ____A (Softonic) C:\Users\RuiPedro\Downloads\SoftonicDownloader_for_sumotori-dreams.exe
2012-07-01 05:15 - 2012-04-13 17:40 - 00168818 ____A C:\Windows\DirectX.log
2012-07-01 03:34 - 2012-07-01 03:34 - 00000206 ____A C:\Users\RuiPedro\Desktop\Psychonauts.url
2012-06-28 03:01 - 2012-04-23 15:43 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-06-28 03:01 - 2012-01-04 17:18 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-06-23 18:51 - 2012-06-23 18:51 - 00000723 ____A C:\Users\RuiPedro\Desktop\Titan Poker.lnk
2012-06-23 18:50 - 2012-06-23 18:50 - 00525144 ____A (Playtech) C:\Users\RuiPedro\Downloads\TitanBSetup_681e8.exe
2012-06-23 05:45 - 2012-02-04 08:56 - 00466456 ____A (Creative Labs) C:\Windows\System32\wrap_oal.dll
2012-06-23 05:45 - 2012-02-04 08:56 - 00444952 ____A (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2012-06-23 05:45 - 2012-02-04 08:56 - 00122904 ____A (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\System32\OpenAL32.dll
2012-06-23 05:45 - 2012-02-04 08:56 - 00109080 ____A (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2012-06-20 19:58 - 2012-06-20 19:58 - 00000693 ____A C:\Users\Public\Desktop\The Secret World.lnk
2012-06-20 19:54 - 2012-06-20 19:54 - 10480160 ____A (Funcom ) C:\Users\RuiPedro\Downloads\SecretWorld.exe
2012-06-18 14:58 - 2012-06-18 14:58 - 00000207 ____A C:\Users\RuiPedro\Desktop\Driver San Francisco.url
2012-06-14 14:39 - 2012-06-14 14:39 - 00000493 ____A C:\Users\RuiPedro\Desktop\Windows Update - Shortcut.lnk
2012-06-13 22:28 - 2012-03-20 15:37 - 00276600 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-13 22:05 - 2012-01-04 15:33 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-06-12 06:47 - 2012-03-07 13:40 - 00001029 ____A C:\Users\RuiPedro\Desktop\Dropbox.lnk
2012-06-07 09:26 - 2012-06-07 09:26 - 00000614 ____A C:\Users\RuiPedro\Desktop\SBKX.lnk
2012-06-07 09:16 - 2012-06-07 09:16 - 00000207 ____A C:\Users\RuiPedro\Desktop\Bad Rats.url
2012-06-02 18:19 - 2012-06-22 13:33 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 18:19 - 2012-06-22 13:33 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 18:19 - 2012-06-22 13:33 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 18:15 - 2012-06-22 13:33 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 10:19 - 2012-06-22 13:33 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 10:15 - 2012-06-22 13:33 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-01 18:53 - 2012-06-01 18:53 - 04744982 ____A C:\Users\RuiPedro\Downloads\Setup_BullzipPDFPrinter_8_2_0_1406.zip
2012-05-30 17:41 - 2012-05-30 17:41 - 00000207 ____A C:\Users\RuiPedro\Desktop\Football Manager 2012.url
2012-05-30 17:41 - 2012-05-30 17:41 - 00000207 ____A C:\Users\RuiPedro\Desktop\Football Manager 2012 Resource Archiver.url
2012-05-30 17:41 - 2012-05-30 17:41 - 00000207 ____A C:\Users\RuiPedro\Desktop\Football Manager 2012 Editor.url
2012-05-29 03:38 - 2011-12-23 16:58 - 00330240 ____A ((?)????) C:\Windows\MASetupCaller.dll
2012-05-27 05:35 - 2012-05-27 05:35 - 00000758 ____A C:\Users\RuiPedro\Desktop\WRC FIA World Rally Championship.lnk
2012-05-26 08:37 - 2012-04-12 17:46 - 00000717 ____A C:\Windows\cedt.INI
2012-05-24 18:16 - 2012-05-24 18:16 - 00001037 ____A C:\Users\RuiPedro\Desktop\Capsule.lnk
2012-05-24 18:15 - 2012-05-24 18:15 - 13092824 ____A (Green Man Gaming Limited) C:\Users\RuiPedro\Downloads\capsulesetup-v2.33.exe
2012-05-21 17:32 - 2012-01-08 13:23 - 00087456 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIRfsClientNP.dll
2012-05-21 17:32 - 2012-01-08 13:23 - 00080768 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIinit.dll
2012-05-21 17:32 - 2012-01-08 13:23 - 00034688 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIport.dll
2012-05-17 22:47 - 2012-06-13 22:00 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-05-17 22:16 - 2012-06-13 22:00 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-05-17 22:06 - 2012-06-13 22:00 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-05-17 21:59 - 2012-06-13 22:00 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-17 21:59 - 2012-06-13 22:00 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-05-17 21:58 - 2012-06-13 22:00 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-05-17 21:58 - 2012-06-13 22:00 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-05-17 21:56 - 2012-06-13 22:00 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-17 21:55 - 2012-06-13 22:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-05-17 21:55 - 2012-06-13 22:00 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-05-17 21:54 - 2012-06-13 22:00 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-05-17 21:51 - 2012-06-13 22:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-05-17 21:51 - 2012-06-13 22:00 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-05-17 21:47 - 2012-06-13 22:00 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-05-17 19:11 - 2012-06-13 22:00 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-05-17 18:48 - 2012-06-13 22:00 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-05-17 18:45 - 2012-06-13 22:00 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-05-17 18:36 - 2012-06-13 22:00 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-05-17 18:35 - 2012-06-13 22:00 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-05-17 18:35 - 2012-06-13 22:00 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-05-17 18:33 - 2012-06-13 22:00 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-05-17 18:31 - 2012-06-13 22:00 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-05-17 18:29 - 2012-06-13 22:00 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-05-17 18:29 - 2012-06-13 22:00 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-05-17 18:27 - 2012-06-13 22:00 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-05-17 18:25 - 2012-06-13 22:00 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-05-17 18:24 - 2012-06-13 22:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-05-17 18:20 - 2012-06-13 22:00 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-05-14 21:32 - 2012-06-13 21:32 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-09 19:29 - 2012-05-09 19:29 - 00000208 ____A C:\Users\RuiPedro\Desktop\Warlock - Master of the Arcane Demo.url
2012-05-09 15:48 - 2012-05-09 15:48 - 00000208 ____A C:\Users\RuiPedro\Desktop\Alan Wake.url
2012-05-09 10:49 - 2012-01-11 18:12 - 00002654 ____N C:\Users\Public\Desktop\WildTangent Games App - wildgames.lnk
2012-05-08 09:22 - 2012-05-08 13:00 - 70185004 ____A C:\Users\RuiPedro\Desktop\12-05-08-13-45-55.wav
2012-05-06 09:12 - 2012-05-06 09:12 - 00000208 ____A C:\Users\RuiPedro\Desktop\BEEP.url
2012-05-06 09:12 - 2012-05-06 09:12 - 00000207 ____A C:\Users\RuiPedro\Desktop\EDGE.url
2012-05-04 07:06 - 2012-06-13 21:32 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 06:03 - 2012-06-13 21:32 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 06:03 - 2012-06-13 21:32 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-01 10:30 - 2012-05-01 10:30 - 02785504 ____A (KessemHoldeings Limited) C:\Users\RuiPedro\Downloads\PoksterCalculator_2.2.16.1.exe
2012-05-01 01:40 - 2012-06-13 21:32 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-29 18:18 - 2012-04-29 18:18 - 00000179 ____A C:\Users\RuiPedro\Desktop\Trapped Dead.url
2012-04-28 19:29 - 2012-04-28 19:29 - 00001135 ____A C:\Users\RuiPedro\Desktop\Sid Meier's Civilization V (DirectX 11).lnk
2012-04-28 03:30 - 2012-04-28 03:30 - 00000206 ____A C:\Users\RuiPedro\Desktop\Sid Meier's Civilization V.url
2012-04-27 23:55 - 2012-06-13 21:32 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-26 01:41 - 2012-06-13 21:32 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-26 01:41 - 2012-06-13 21:32 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-26 01:34 - 2012-06-13 21:32 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-25 10:12 - 2012-04-25 10:12 - 00496448 ____A (Playtech) C:\Users\RuiPedro\Downloads\SetupCasino_24d4.exe
2012-04-24 01:37 - 2012-06-13 21:32 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-24 01:37 - 2012-06-13 21:32 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-24 01:37 - 2012-06-13 21:32 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-04-24 00:36 - 2012-06-13 21:32 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-04-24 00:36 - 2012-06-13 21:32 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-04-24 00:36 - 2012-06-13 21:32 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-04-23 14:50 - 2012-03-20 15:39 - 00062648 ____A C:\Users\RuiPedro\AppData\Local\GDIPFONTCACHEV1.DAT
2012-04-20 04:20 - 2012-04-20 04:20 - 00000207 ____A C:\Users\RuiPedro\Desktop\The Witcher 2 Enhanced Edition.url
2012-04-19 06:26 - 2012-04-19 06:26 - 00000299 ____A C:\Users\RuiPedro\Desktop\The Witcher 2 Enhanced Edition.zip
2012-04-18 18:50 - 2012-04-18 18:46 - 139017086 ____A (www.rigsofrods.com) C:\Users\RuiPedro\Downloads\RoR-Setup-0.38.67.exe


ZeroAccess:
C:\Windows\Installer\{c62b0a38-dd58-4b00-d876-f87272fb67d0}
C:\Windows\Installer\{c62b0a38-dd58-4b00-d876-f87272fb67d0}\@
C:\Windows\Installer\{c62b0a38-dd58-4b00-d876-f87272fb67d0}\L
C:\Windows\Installer\{c62b0a38-dd58-4b00-d876-f87272fb67d0}\n
C:\Windows\Installer\{c62b0a38-dd58-4b00-d876-f87272fb67d0}\U
C:\Windows\Installer\{c62b0a38-dd58-4b00-d876-f87272fb67d0}\U\[email protected]
C:\Windows\Installer\{c62b0a38-dd58-4b00-d876-f87272fb67d0}\U\[email protected]

ZeroAccess:
C:\Users\RuiPedro\AppData\Local\{c62b0a38-dd58-4b00-d876-f87272fb67d0}
C:\Users\RuiPedro\AppData\Local\{c62b0a38-dd58-4b00-d876-f87272fb67d0}\@
C:\Users\RuiPedro\AppData\Local\{c62b0a38-dd58-4b00-d876-f87272fb67d0}\L
C:\Users\RuiPedro\AppData\Local\{c62b0a38-dd58-4b00-d876-f87272fb67d0}\U

========================= Known DLLs (Whitelisted) ============

ATTENTION!:=====> THE OPERATING SYSTEM IS A X64 SYSTEM BUT THE BOOT DISK THAT IS USED TO BOOT TO RECOVERY ENVIRONMENT IS A X86 SYSTEM DISK.

========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe
[2011-09-05 20:55] - [2011-02-25 02:19] - 2871808 ____A (Microsoft Corporation) 332FEAB1435662FC6C672E25BEB37BE3

C:\Windows\System32\winlogon.exe
[2010-11-20 23:24] - [2010-11-20 23:24] - 0390656 ____A (Microsoft Corporation) 1151B1BAA6F350B1DB6598E0FEA7C457

C:\Windows\System32\wininit.exe
[2009-07-13 19:52] - [2009-07-13 21:39] - 0129024 ____A (Microsoft Corporation) 94355C28C1970635A31B3FE52EB7CEBA

C:\Windows\System32\svchost.exe
[2009-07-13 19:31] - [2009-07-13 21:39] - 0027136 ____A (Microsoft Corporation) C78655BC80301D76ED4FEF1C1EA40A7D

C:\Windows\System32\services.exe
[2009-07-13 19:19] - [2012-07-10 18:36] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

C:\Windows\System32\User32.dll
[2010-11-20 23:24] - [2010-11-20 23:24] - 1008128 ____A (Microsoft Corporation) FE70103391A64039A921DBFFF9C7AB1B

C:\Windows\System32\userinit.exe
[2010-11-20 23:24] - [2010-11-20 23:24] - 0030720 ____A (Microsoft Corporation) BAFE84E637BF7388C96EF48D4D3FDD53

C:\Windows\System32\Drivers\volsnap.sys
[2010-11-20 23:23] - [2010-11-20 23:23] - 0295808 ____A (Microsoft Corporation) 0D08D2F3B3FF84E433346669B5E0F639


==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points (XP) =====================


========================= Memory info ======================

Percentage of memory in use: 8%
Total physical RAM: 3498.23 MB
Available physical RAM: 3184.06 MB
Total Pagefile: 3320.32 MB
Available Pagefile: 3259.93 MB
Total Virtual: 2047.88 MB
Available Virtual: 2001.38 MB

======================= Partitions =========================

1 Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS
2 Drive c: () (Fixed) (Total:249 GB) (Free:176.1 GB) NTFS
3 Drive d: () (Fixed) (Total:426.13 GB) (Free:213.15 GB) NTFS
4 Drive f: () (Removable) (Total:0.49 GB) (Free:0.19 GB) FAT
5 Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS
6 Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 699 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 249 GB 101 MB
Partition 3 Extended 426 GB 249 GB
Partition 4 Logical 426 GB 249 GB
Partition 5 Unknown 23 GB 675 GB
==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM NTFS Partition 100 MB Healthy
==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 249 GB Healthy
==================================================================================

Disk: 0
Partition 4
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D NTFS Partition 426 GB Healthy
==================================================================================

Disk: 0
Partition 5
Type : 27
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 SAMSUNG_REC NTFS Partition 23 GB Healthy
==================================================================================

==========================================================

Last Boot: 2012-06-27 21:35

======================= End Of Log ==========================



search.txt
Farbar Recovery Scan Tool Version: 14-07-2012
Ran by SYSTEM at 2012-07-15 01:53:26
Running from F:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 19:19] - [2009-07-13 21:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 19:19] - [2012-07-10 18:36] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

=== End Of Search ===
  • 0

#10
Crag_Hack

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,775 posts
You didn't do anything stupid ... quite smart actually :)
Sorry for the mistake OTLPE is a 32-bit environment based on XP and you are running 7 64-bit. I have looked over your FRST log so that things will go much quicker when I get a FRST64.exe log. I will give you instructions tomorrow about how to run FRST64.exe. It is very simple. Thanks for your patience.
  • 0

Advertisements


#11
Crag_Hack

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,775 posts
I would do things now but I have to consult a colleague first... thought I would give you a heads up.
  • 0

#12
Crag_Hack

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,775 posts
Hi RuiPedro. Sorry about the mistake running frst64 in 32-bit OTLPE. What follows is the proper way to do it. Let me know if you have any problems. Please do the following:

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Close and restart FRST

Type the following in the edit box after "Search:".

services.exe

It then should look like:

Search: services.exe

Click Search button and post the log (Search.txt) it makes to your reply.

Things to see in your next post:
FRST.txt
Search.txt

  • 0

#13
RuiPedro

RuiPedro

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Hello Craig_Hack,

Here are x64 FSRT logs :)

Scan result of Farbar Recovery Scan Tool Version: 14-07-2012 01
Ran by SYSTEM at 16-07-2012 03:46:01
Running from H:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11895400 2011-06-24] (Realtek Semiconductor)
HKLM\...\Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp [10372368 2011-03-30] (Intel Corporation)
HKLM\...\Run: [ETDCtrl] %ProgramFiles%\Elantech\ETDCtrl.exe [2588968 2010-11-12] (ELAN Microelectronics Corp.)
HKLM\...\Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" [57928 2011-09-16] (LogMeIn, Inc.)
HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [HUAWEI E620 Data Card] C:\PROGRA~2\Kanguru\Kanguru.exe [679936 2007-05-16] (HUAWEI Technologies Co., Ltd.)
HKU\RuiPedro\...\Run: [OscarEditor] "C:\Program Files (x86)\OSCAR Editor X7\OscarEditor.exe" Minimum [3357696 2011-02-11] ()
HKU\RuiPedro\...\Run: [Google Update] "C:\Users\RuiPedro\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2012-01-13] (Google Inc.)
HKU\RuiPedro\...\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [21432 2012-06-08] ()
HKU\RuiPedro\...\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s [x]
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
AppInit_DLLs: C:\windows\system32\nvinitx.dll
Tcpip\..\Interfaces\{B6E529D9-DF0F-4E36-AFE5-36AD61491626}: [NameServer]62.169.67.172 62.169.67.171
Startup: C:\Users\RuiPedro\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)

==================== Services (Whitelisted) ======

2 Bluetooth Device Monitor; "C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe" [923984 2011-03-30] (Intel Corporation)
3 Bluetooth Media Service; "C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe" [1321296 2011-03-30] (Intel Corporation)
2 Bluetooth OBEX Service; "C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe" [1001808 2011-03-30] (Intel Corporation)
2 BTHSSecurityMgr; "C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe" [134928 2011-04-21] (Intel® Corporation)
2 LMIGuardianSvc; "C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe" [375176 2012-05-21] (LogMeIn, Inc.)
2 LMIMaint; "C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe" [147336 2012-05-21] (LogMeIn, Inc.)
2 LogMeIn; "C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe" [407424 2011-09-16] (LogMeIn, Inc.)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
2 PnkBstrA; C:\windows\SysWow64\PnkBstrA.exe [75136 2012-01-07] ()
2 RichVideo; "C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe" [244904 2009-11-30] ()
3 Samsung UPD Service; "C:\windows\System32\SUPDSvc.exe" [166704 2010-08-09] (Samsung Electronics CO., LTD.)
2 Simraceway Update Service; C:\Program Files (x86)\SimracewayUpdater\SRWUpdate.exe [466944 2012-03-27] ()
2 UNS; "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" [2656536 2011-05-05] (Intel Corporation)

========================== Drivers (Whitelisted) =============

3 epmntdrv; \??\C:\windows\system32\epmntdrv.sys [16776 2011-07-29] ()
3 EuGdiDrv; \??\C:\windows\system32\EuGdiDrv.sys [9096 2011-07-29] ()
3 flashusb; C:\Windows\System32\Drivers\flashusb.sys [19968 2011-12-07] (Danish Wireless Design A/S)
3 iBtFltCoex; C:\Windows\System32\Drivers\iBtFltCoex.sys [60416 2011-12-09] (Intel Corporation)
2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [15928 2011-09-16] (LogMeIn, Inc.)
3 lmimirr; C:\Windows\System32\Drivers\lmimirr.sys [11552 2011-09-16] (LogMeIn, Inc.)
2 LMIRfsDriver; C:\Windows\System32\Drivers\LMIRfsDriver.sys [72216 2011-09-16] (LogMeIn, Inc.)
3 rtport; C:\Windows\SysWow64\Drivers\rtport.sys [15144 2011-10-06] (Windows ® 2003 DDK 3790 provider)
1 SABI; C:\Windows\System32\Drivers\SABI.sys [13824 2009-05-27] (SAMSUNG ELECTRONICS)
4 LMIRfsClientNP; [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-07-15 15:53 - 2012-07-15 15:53 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0CD0DCFEE00CD9CF
2012-07-15 15:36 - 2012-07-15 15:36 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DFBBF5BC328FD2DE
2012-07-15 15:36 - 2012-07-15 15:36 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ewemqcic.sys
2012-07-14 21:50 - 2012-07-16 03:46 - 00000000 ____D C:\FRST
2012-07-11 12:06 - 2012-07-11 12:06 - 00110064 ____A C:\OTL.Txt
2012-07-10 14:45 - 2012-07-10 14:45 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F50C904D28AE52E9
2012-07-10 14:40 - 2012-07-10 14:40 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D88E33018B26E709
2012-07-10 14:29 - 2012-07-10 14:29 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.901C1604BEA17E52
2012-07-07 14:57 - 2012-07-07 14:57 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.42DF510FEE91AF25
2012-07-07 14:54 - 2012-07-07 14:54 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E6354E53F4A653F6
2012-07-07 14:48 - 2012-07-07 14:48 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5A31AB0D44B4CFA7
2012-07-07 14:43 - 2012-07-07 14:43 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F677F0A77FCAD9DF
2012-07-07 14:41 - 2012-07-07 14:41 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.ADEE51D20A24885C
2012-07-07 14:38 - 2012-07-07 14:38 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.07A9DA281D4DAA56
2012-07-07 14:36 - 2012-07-07 14:36 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.40E01CE2D7061700
2012-07-07 14:33 - 2012-07-07 14:33 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.AB5568716A50EE55
2012-07-07 14:29 - 2012-07-07 14:29 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.BEDB150A737D5823
2012-07-07 14:26 - 2012-07-07 14:26 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.EBE67F4D875B1A91
2012-07-07 14:24 - 2012-07-07 14:24 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.79BBC4A21714F1CA
2012-07-07 14:19 - 2012-07-07 14:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2AE7D42245B3F82D
2012-07-07 14:16 - 2012-07-07 14:16 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5788036570116922
2012-07-07 14:12 - 2012-07-07 14:12 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2E0F01C9446B3D8E
2012-07-07 14:09 - 2012-07-07 14:09 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A95E6E759C10C0C5
2012-07-07 14:05 - 2012-07-07 14:05 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.700BA86AC8B77C2C
2012-07-07 14:02 - 2012-07-07 14:02 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.327DDAF15C310D0A
2012-07-07 13:58 - 2012-07-07 13:58 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A34FBA84DA5780BE
2012-07-07 13:54 - 2012-07-07 13:54 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A7E50ACA02DADE8D
2012-07-07 13:51 - 2012-07-07 13:51 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CEB341C6165429CC
2012-07-07 13:47 - 2012-07-07 13:47 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7210E77BD1543310
2012-07-07 11:35 - 2012-07-07 11:35 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0D1FD7C7A112D7EE
2012-07-07 11:32 - 2012-07-07 11:32 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C561E556684A18C9
2012-07-07 11:29 - 2012-07-07 11:29 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4D67A6AF2AC71A4C
2012-07-07 11:26 - 2012-07-07 11:26 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.EF0074AFA93E054C
2012-07-07 11:18 - 2012-07-07 11:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A0FA56E5ACA8E349
2012-07-07 11:14 - 2012-07-07 11:14 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9D233E7114CE6942
2012-07-07 11:03 - 2012-07-07 11:03 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.75C192AF5FB3BFC6
2012-07-07 11:00 - 2012-07-07 11:00 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.04C832EA36C9C51F
2012-07-07 10:56 - 2012-07-07 10:56 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3B0BA2C36EA16753
2012-07-07 10:53 - 2012-07-07 10:53 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8842DB8163DE8A9D
2012-07-07 10:40 - 2012-07-07 10:40 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-07-07 10:40 - 2012-07-07 10:40 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-07-04 15:36 - 2012-07-04 15:37 - 00000000 ____D C:\Users\RuiPedro\Documents\Condominio FNamora
2012-07-04 14:45 - 2012-07-04 14:45 - 00184004 ____A C:\Users\RuiPedro\Desktop\sumotori102.zip
2012-07-04 14:13 - 2012-07-04 14:13 - 00352952 ____A (Softonic) C:\Users\RuiPedro\Downloads\SoftonicDownloader_for_sumotori-dreams.exe
2012-07-03 14:50 - 2007-04-20 01:42 - 00112384 ____A (Huawei Technologies Co., Ltd.) C:\Windows\System32\Drivers\ewusbmdm.sys
2012-07-03 14:50 - 2007-04-20 01:41 - 00029696 ____A (Huawei Tech. Co., Ltd.) C:\Windows\System32\Drivers\ewdcsc.sys
2012-07-03 14:49 - 2012-07-07 10:38 - 00000000 ____D C:\Program Files (x86)\Kanguru
2012-06-30 23:34 - 2012-06-30 23:34 - 00000206 ____A C:\Users\RuiPedro\Desktop\Psychonauts.url
2012-06-27 23:10 - 2012-06-27 23:10 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-06-26 01:16 - 2012-06-26 01:16 - 00000000 ____D C:\Users\RuiPedro\AppData\Local\{DBCA3620-643A-4466-94E4-26A90CCD81F0}
2012-06-26 01:15 - 2012-06-26 01:16 - 00000000 ____D C:\Users\RuiPedro\AppData\Local\{51F6B646-375F-4E3F-AB88-B272AE2F47F8}
2012-06-23 14:51 - 2012-06-23 14:51 - 00000723 ____A C:\Users\RuiPedro\Desktop\Titan Poker.lnk
2012-06-23 14:50 - 2012-06-23 14:50 - 00525144 ____A (Playtech) C:\Users\RuiPedro\Downloads\TitanBSetup_681e8.exe
2012-06-23 01:45 - 2012-06-23 01:45 - 00000000 ____D C:\Windows\DEA314C409294250BC9298E4C105F28D.TMP
2012-06-23 01:45 - 2012-06-23 01:45 - 00000000 ____D C:\Users\RuiPedro\AppData\Roaming\DeadMage
2012-06-22 17:31 - 2012-04-11 02:36 - 00000207 ____A C:\Users\RuiPedro\Desktop\Lucid - Copy.url
2012-06-22 09:33 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-22 09:33 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-22 09:33 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-22 09:33 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-22 09:33 - 2012-06-02 06:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-22 09:33 - 2012-06-02 06:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-20 15:58 - 2012-06-20 15:58 - 00000693 ____A C:\Users\Public\Desktop\The Secret World.lnk
2012-06-20 15:58 - 2012-06-20 15:58 - 00000000 ____D C:\Users\RuiPedro\AppData\Local\Funcom
2012-06-20 15:54 - 2012-06-20 15:54 - 10480160 ____A (Funcom ) C:\Users\RuiPedro\Downloads\SecretWorld.exe
2012-06-19 04:15 - 2012-06-19 04:15 - 00000000 ____D C:\Users\RuiPedro\Documents\Ubisoft
2012-06-18 14:22 - 2012-07-07 01:23 - 00000000 ____D C:\Users\RuiPedro\AppData\Local\Ubisoft Game Launcher
2012-06-18 14:21 - 2012-06-18 14:21 - 00000000 ____D C:\Program Files (x86)\Ubisoft
2012-06-18 10:58 - 2012-06-18 10:58 - 00000207 ____A C:\Users\RuiPedro\Desktop\Driver San Francisco.url
2012-06-17 03:48 - 2012-06-17 03:49 - 00000000 ____D C:\Users\RuiPedro\AppData\Local\{B1129602-5E6E-4E87-B47B-ACF2DBA9CF66}

============ 3 Months Modified Files ========================

2012-07-15 15:57 - 2012-01-13 14:42 - 00001034 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-251638132-866889896-205452805-1001UA.job
2012-07-15 15:56 - 2009-07-13 15:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe
2012-07-15 15:55 - 2012-03-20 11:37 - 00008858 ____A C:\Windows\setupact.log
2012-07-15 15:55 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-15 15:53 - 2012-07-15 15:53 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0CD0DCFEE00CD9CF
2012-07-15 15:36 - 2012-07-15 15:36 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DFBBF5BC328FD2DE
2012-07-15 15:36 - 2012-07-15 15:36 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ewemqcic.sys
2012-07-11 12:06 - 2012-07-11 12:06 - 00110064 ____A C:\OTL.Txt
2012-07-10 14:45 - 2012-07-10 14:45 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F50C904D28AE52E9
2012-07-10 14:40 - 2012-07-10 14:40 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D88E33018B26E709
2012-07-10 14:29 - 2012-07-10 14:29 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.901C1604BEA17E52
2012-07-07 14:57 - 2012-07-07 14:57 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.42DF510FEE91AF25
2012-07-07 14:54 - 2012-07-07 14:54 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E6354E53F4A653F6
2012-07-07 14:48 - 2012-07-07 14:48 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5A31AB0D44B4CFA7
2012-07-07 14:43 - 2012-07-07 14:43 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F677F0A77FCAD9DF
2012-07-07 14:41 - 2012-07-07 14:41 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.ADEE51D20A24885C
2012-07-07 14:38 - 2012-07-07 14:38 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.07A9DA281D4DAA56
2012-07-07 14:36 - 2012-07-07 14:36 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.40E01CE2D7061700
2012-07-07 14:33 - 2012-07-07 14:33 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.AB5568716A50EE55
2012-07-07 14:29 - 2012-07-07 14:29 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.BEDB150A737D5823
2012-07-07 14:26 - 2012-07-07 14:26 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.EBE67F4D875B1A91
2012-07-07 14:24 - 2012-07-07 14:24 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.79BBC4A21714F1CA
2012-07-07 14:19 - 2012-07-07 14:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2AE7D42245B3F82D
2012-07-07 14:16 - 2012-07-07 14:16 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5788036570116922
2012-07-07 14:12 - 2012-07-07 14:12 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2E0F01C9446B3D8E
2012-07-07 14:09 - 2012-07-07 14:09 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A95E6E759C10C0C5
2012-07-07 14:05 - 2012-07-07 14:05 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.700BA86AC8B77C2C
2012-07-07 14:02 - 2012-07-07 14:02 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.327DDAF15C310D0A
2012-07-07 13:58 - 2012-07-07 13:58 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A34FBA84DA5780BE
2012-07-07 13:54 - 2012-07-07 13:54 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A7E50ACA02DADE8D
2012-07-07 13:51 - 2012-07-07 13:51 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CEB341C6165429CC
2012-07-07 13:47 - 2012-07-07 13:47 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7210E77BD1543310
2012-07-07 11:35 - 2012-07-07 11:35 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0D1FD7C7A112D7EE
2012-07-07 11:32 - 2012-07-07 11:32 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C561E556684A18C9
2012-07-07 11:29 - 2012-07-07 11:29 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4D67A6AF2AC71A4C
2012-07-07 11:26 - 2012-07-07 11:26 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.EF0074AFA93E054C
2012-07-07 11:26 - 2009-07-13 21:13 - 00782986 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-07 11:18 - 2012-07-07 11:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A0FA56E5ACA8E349
2012-07-07 11:14 - 2012-07-07 11:14 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9D233E7114CE6942
2012-07-07 11:03 - 2012-07-07 11:03 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.75C192AF5FB3BFC6
2012-07-07 11:00 - 2012-07-07 11:00 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.04C832EA36C9C51F
2012-07-07 11:00 - 2011-12-27 13:15 - 00004352 ____A C:\Users\RuiPedro\Desktop\New Text Document.txt
2012-07-07 10:56 - 2012-07-07 10:56 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3B0BA2C36EA16753
2012-07-07 10:53 - 2012-07-07 10:53 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8842DB8163DE8A9D
2012-07-07 10:44 - 2009-07-13 20:45 - 00021200 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-07 10:44 - 2009-07-13 20:45 - 00021200 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-07 10:41 - 2012-01-04 11:09 - 00001945 ____A C:\Windows\epplauncher.mif
2012-07-07 10:41 - 2011-09-06 08:19 - 01071866 ____A C:\Windows\WindowsUpdate.log
2012-07-07 10:40 - 2012-01-04 11:09 - 00788832 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-07-07 10:39 - 2012-01-04 11:08 - 12621696 ____A (Microsoft Corporation) C:\Users\RuiPedro\Downloads\mseinstall.exe
2012-07-07 03:07 - 2012-01-13 14:42 - 00000982 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-251638132-866889896-205452805-1001Core.job
2012-07-06 16:32 - 2012-04-16 06:00 - 00000481 ____A C:\Users\RuiPedro\Desktop\New Text Document (2).txt
2012-07-04 14:45 - 2012-07-04 14:45 - 00184004 ____A C:\Users\RuiPedro\Desktop\sumotori102.zip
2012-07-04 14:13 - 2012-07-04 14:13 - 00352952 ____A (Softonic) C:\Users\RuiPedro\Downloads\SoftonicDownloader_for_sumotori-dreams.exe
2012-07-01 01:15 - 2012-04-13 13:40 - 00168818 ____A C:\Windows\DirectX.log
2012-06-30 23:34 - 2012-06-30 23:34 - 00000206 ____A C:\Users\RuiPedro\Desktop\Psychonauts.url
2012-06-27 23:01 - 2012-04-23 11:43 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-06-27 23:01 - 2012-01-04 13:18 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-06-23 14:51 - 2012-06-23 14:51 - 00000723 ____A C:\Users\RuiPedro\Desktop\Titan Poker.lnk
2012-06-23 14:50 - 2012-06-23 14:50 - 00525144 ____A (Playtech) C:\Users\RuiPedro\Downloads\TitanBSetup_681e8.exe
2012-06-23 01:45 - 2012-02-04 04:56 - 00466456 ____A (Creative Labs) C:\Windows\System32\wrap_oal.dll
2012-06-23 01:45 - 2012-02-04 04:56 - 00444952 ____A (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2012-06-23 01:45 - 2012-02-04 04:56 - 00122904 ____A (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\System32\OpenAL32.dll
2012-06-23 01:45 - 2012-02-04 04:56 - 00109080 ____A (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2012-06-20 15:58 - 2012-06-20 15:58 - 00000693 ____A C:\Users\Public\Desktop\The Secret World.lnk
2012-06-20 15:54 - 2012-06-20 15:54 - 10480160 ____A (Funcom ) C:\Users\RuiPedro\Downloads\SecretWorld.exe
2012-06-18 10:58 - 2012-06-18 10:58 - 00000207 ____A C:\Users\RuiPedro\Desktop\Driver San Francisco.url
2012-06-14 10:39 - 2012-06-14 10:39 - 00000493 ____A C:\Users\RuiPedro\Desktop\Windows Update - Shortcut.lnk
2012-06-13 18:28 - 2012-03-20 11:37 - 00276600 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-13 18:05 - 2012-01-04 11:33 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-06-12 02:47 - 2012-03-07 09:40 - 00001029 ____A C:\Users\RuiPedro\Desktop\Dropbox.lnk
2012-06-07 05:26 - 2012-06-07 05:26 - 00000614 ____A C:\Users\RuiPedro\Desktop\SBKX.lnk
2012-06-07 05:16 - 2012-06-07 05:16 - 00000207 ____A C:\Users\RuiPedro\Desktop\Bad Rats.url
2012-06-02 14:19 - 2012-06-22 09:33 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-22 09:33 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-22 09:33 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:15 - 2012-06-22 09:33 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 06:19 - 2012-06-22 09:33 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 06:15 - 2012-06-22 09:33 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-01 14:53 - 2012-06-01 14:53 - 04744982 ____A C:\Users\RuiPedro\Downloads\Setup_BullzipPDFPrinter_8_2_0_1406.zip
2012-05-30 13:41 - 2012-05-30 13:41 - 00000207 ____A C:\Users\RuiPedro\Desktop\Football Manager 2012.url
2012-05-30 13:41 - 2012-05-30 13:41 - 00000207 ____A C:\Users\RuiPedro\Desktop\Football Manager 2012 Resource Archiver.url
2012-05-30 13:41 - 2012-05-30 13:41 - 00000207 ____A C:\Users\RuiPedro\Desktop\Football Manager 2012 Editor.url
2012-05-28 23:38 - 2011-12-23 12:58 - 00330240 ____A ((?)????) C:\Windows\MASetupCaller.dll
2012-05-27 01:35 - 2012-05-27 01:35 - 00000758 ____A C:\Users\RuiPedro\Desktop\WRC FIA World Rally Championship.lnk
2012-05-26 04:37 - 2012-04-12 13:46 - 00000717 ____A C:\Windows\cedt.INI
2012-05-24 14:16 - 2012-05-24 14:16 - 00001037 ____A C:\Users\RuiPedro\Desktop\Capsule.lnk
2012-05-24 14:15 - 2012-05-24 14:15 - 13092824 ____A (Green Man Gaming Limited) C:\Users\RuiPedro\Downloads\capsulesetup-v2.33.exe
2012-05-21 13:32 - 2012-01-08 09:23 - 00087456 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIRfsClientNP.dll
2012-05-21 13:32 - 2012-01-08 09:23 - 00080768 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIinit.dll
2012-05-21 13:32 - 2012-01-08 09:23 - 00034688 ____A (LogMeIn, Inc.) C:\Windows\System32\LMIport.dll
2012-05-17 18:47 - 2012-06-13 18:00 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-05-17 18:16 - 2012-06-13 18:00 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-05-17 18:06 - 2012-06-13 18:00 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-05-17 17:59 - 2012-06-13 18:00 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-17 17:59 - 2012-06-13 18:00 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-05-17 17:58 - 2012-06-13 18:00 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-05-17 17:58 - 2012-06-13 18:00 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-05-17 17:56 - 2012-06-13 18:00 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-17 17:55 - 2012-06-13 18:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-05-17 17:55 - 2012-06-13 18:00 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-05-17 17:54 - 2012-06-13 18:00 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-05-17 17:51 - 2012-06-13 18:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-05-17 17:51 - 2012-06-13 18:00 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-05-17 17:47 - 2012-06-13 18:00 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-05-17 15:11 - 2012-06-13 18:00 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-05-17 14:48 - 2012-06-13 18:00 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-05-17 14:45 - 2012-06-13 18:00 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-05-17 14:36 - 2012-06-13 18:00 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-05-17 14:35 - 2012-06-13 18:00 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-05-17 14:35 - 2012-06-13 18:00 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-05-17 14:33 - 2012-06-13 18:00 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-05-17 14:31 - 2012-06-13 18:00 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-05-17 14:29 - 2012-06-13 18:00 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-05-17 14:29 - 2012-06-13 18:00 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-05-17 14:27 - 2012-06-13 18:00 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-05-17 14:25 - 2012-06-13 18:00 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-05-17 14:24 - 2012-06-13 18:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-05-17 14:20 - 2012-06-13 18:00 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-05-14 17:32 - 2012-06-13 17:32 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-09 15:29 - 2012-05-09 15:29 - 00000208 ____A C:\Users\RuiPedro\Desktop\Warlock - Master of the Arcane Demo.url
2012-05-09 11:48 - 2012-05-09 11:48 - 00000208 ____A C:\Users\RuiPedro\Desktop\Alan Wake.url
2012-05-09 06:49 - 2012-01-11 14:12 - 00002654 ____N C:\Users\Public\Desktop\WildTangent Games App - wildgames.lnk
2012-05-08 05:22 - 2012-05-08 09:00 - 70185004 ____A C:\Users\RuiPedro\Desktop\12-05-08-13-45-55.wav
2012-05-06 05:12 - 2012-05-06 05:12 - 00000208 ____A C:\Users\RuiPedro\Desktop\BEEP.url
2012-05-06 05:12 - 2012-05-06 05:12 - 00000207 ____A C:\Users\RuiPedro\Desktop\EDGE.url
2012-05-04 03:06 - 2012-06-13 17:32 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 02:03 - 2012-06-13 17:32 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 02:03 - 2012-06-13 17:32 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-01 06:30 - 2012-05-01 06:30 - 02785504 ____A (KessemHoldeings Limited) C:\Users\RuiPedro\Downloads\PoksterCalculator_2.2.16.1.exe
2012-04-30 21:40 - 2012-06-13 17:32 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-29 14:18 - 2012-04-29 14:18 - 00000179 ____A C:\Users\RuiPedro\Desktop\Trapped Dead.url
2012-04-28 15:29 - 2012-04-28 15:29 - 00001135 ____A C:\Users\RuiPedro\Desktop\Sid Meier's Civilization V (DirectX 11).lnk
2012-04-27 23:30 - 2012-04-27 23:30 - 00000206 ____A C:\Users\RuiPedro\Desktop\Sid Meier's Civilization V.url
2012-04-27 19:55 - 2012-06-13 17:32 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-25 21:41 - 2012-06-13 17:32 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-25 21:41 - 2012-06-13 17:32 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-25 21:34 - 2012-06-13 17:32 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-25 06:12 - 2012-04-25 06:12 - 00496448 ____A (Playtech) C:\Users\RuiPedro\Downloads\SetupCasino_24d4.exe
2012-04-23 21:37 - 2012-06-13 17:32 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-23 21:37 - 2012-06-13 17:32 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-23 21:37 - 2012-06-13 17:32 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-04-23 20:36 - 2012-06-13 17:32 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-04-23 20:36 - 2012-06-13 17:32 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-04-23 20:36 - 2012-06-13 17:32 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-04-23 10:50 - 2012-03-20 11:39 - 00062648 ____A C:\Users\RuiPedro\AppData\Local\GDIPFONTCACHEV1.DAT
2012-04-20 00:20 - 2012-04-20 00:20 - 00000207 ____A C:\Users\RuiPedro\Desktop\The Witcher 2 Enhanced Edition.url
2012-04-19 02:26 - 2012-04-19 02:26 - 00000299 ____A C:\Users\RuiPedro\Desktop\The Witcher 2 Enhanced Edition.zip
2012-04-18 14:50 - 2012-04-18 14:46 - 139017086 ____A (www.rigsofrods.com) C:\Users\RuiPedro\Downloads\RoR-Setup-0.38.67.exe


ZeroAccess:
C:\Windows\Installer\{c62b0a38-dd58-4b00-d876-f87272fb67d0}
C:\Windows\Installer\{c62b0a38-dd58-4b00-d876-f87272fb67d0}\@
C:\Windows\Installer\{c62b0a38-dd58-4b00-d876-f87272fb67d0}\L
C:\Windows\Installer\{c62b0a38-dd58-4b00-d876-f87272fb67d0}\n
C:\Windows\Installer\{c62b0a38-dd58-4b00-d876-f87272fb67d0}\U
C:\Windows\Installer\{c62b0a38-dd58-4b00-d876-f87272fb67d0}\U\[email protected]
C:\Windows\Installer\{c62b0a38-dd58-4b00-d876-f87272fb67d0}\U\[email protected]

ZeroAccess:
C:\Users\RuiPedro\AppData\Local\{c62b0a38-dd58-4b00-d876-f87272fb67d0}
C:\Users\RuiPedro\AppData\Local\{c62b0a38-dd58-4b00-d876-f87272fb67d0}\@
C:\Users\RuiPedro\AppData\Local\{c62b0a38-dd58-4b00-d876-f87272fb67d0}\L
C:\Users\RuiPedro\AppData\Local\{c62b0a38-dd58-4b00-d876-f87272fb67d0}\U

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 11%
Total physical RAM: 6056.19 MB
Available physical RAM: 5332.04 MB
Total Pagefile: 6054.39 MB
Available Pagefile: 5330.17 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:249 GB) (Free:176.04 GB) NTFS
2 Drive d: () (Fixed) (Total:426.13 GB) (Free:213.15 GB) NTFS
3 Drive f: (SAMSUNG_REC) (Fixed) (Total:23.4 GB) (Free:0.94 GB) NTFS ==>[System with boot components (obtained from reading drive)]
5 Drive h: () (Removable) (Total:0.49 GB) (Free:0.09 GB) FAT
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
7 Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 698 GB 1024 KB
Disk 1 Online 501 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 249 GB 101 MB
Partition 0 Extended 426 GB 249 GB
Partition 4 Logical 426 GB 249 GB
Partition 3 Recovery 23 GB 675 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM NTFS Partition 100 MB Healthy

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 249 GB Healthy

==================================================================================

Disk: 0
Partition 4
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D NTFS Partition 426 GB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 27
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 F SAMSUNG_REC NTFS Partition 23 GB Healthy Hidden

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 500 MB 16 KB

==================================================================================

Disk: 1
Partition 1
Type : 06
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 H FAT Removable 500 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-06-27 17:35

======================= End Of Log ==========================





Farbar Recovery Scan Tool Version: 14-07-2012 01
Ran by SYSTEM at 2012-07-16 04:23:33
Running from H:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2012-07-15 15:56] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

====== End Of Search ======
  • 0

#14
Crag_Hack

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,775 posts
Hi RuiPedro. You are infected with the ZeroAccess rootkit. We will have to replace your infected services.exe with a legitimate copy, zap another malicious file, zap a bunch of nasty files, zap two malicious directories, and list the contents of a probably malicious directory. Then we'll try to boot into Windows. Please do the following:

Step 1

  • Open notepad (Start =>All Programs => Accessories => Notepad) on a working computer. Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste).
  • Save it on the flashdrive as fixlist.txt

2012-07-15 15:36 - 2012-07-15 15:36 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ewemqcic.sys
c:\windows\system32\services.exe.*
C:\Windows\Installer\{c62b0a38-dd58-4b00-d876-f87272fb67d0}
C:\Users\RuiPedro\AppData\Local\{c62b0a38-dd58-4b00-d876-f87272fb67d0}
Replace: C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe C:\Windows\System32\services.exe
Folder: C:\Windows\System32\%APPDATA%


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press the Fix button just once and wait. The tool will make a log on the flashdrive (Fixlog.txt) please post it in your next reply.[/list]
Step 2

Try to boot into normal Windows on your infected machine. If you can do so without the reboot issue please do the following:

  • Download OTL and save to desktop or other convenient location.
  • Double click OTL Posted Image to run it. Make sure all other windows are closed to let it run uninterrupted.
  • Select the Scan All Users box in the middle on the top of the window
  • Under the Custom Scans/Fixes box paste this in:

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    WSHELPER.*
    consrv.dll
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    C:\Windows\assembly\tmp\U\*.* /s
    %Temp%\smtmp\1\*.*
    %Temp%\smtmp\2\*.*
    %Temp%\smtmp\3\*.*
    %Temp%\smtmp\4\*.*
    >C:\commands.txt echo list vol /raw /hide /c
    /wait
    >C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
    /wait
    type c:\diskreport.txt /c
    /wait
    erase c:\commands.txt /hide /c
    /wait
    erase c:\diskreport.txt /hide /c
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. If you have already run OTL it won't open Extras.txt but Extras.txt will be in the same place as the new OTL.txt so simply open it manually.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

Step 3

If you are able to run OTL in Windows please also do this:

  • Download aswMBR.exe ( 1870KB ) to your desktop.
  • Double click the aswMBR.exe to run it
  • It will ask you if you want to download the latest Avast! virus definitions, answer yes

    Posted Image
  • Click the Scan button to start scan

    Posted Image
  • On completion of the scan click Save log, save it to your desktop and post in your next reply

Things to see in your next post:
Fixlog.txt
OTL.txt, Extras.txt, and aswMBR log if you are able to stay in Windows

  • 0

#15
RuiPedro

RuiPedro

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Hello Crag_Hack,

Everything working as intended, I was able to get all desired logs, as I can stay on windows now.


Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 14-07-2012 01
Ran by SYSTEM at 2012-07-17 02:38:55 Run:1
Running from H:\

==============================================

C:\Windows\System32\Drivers\ewemqcic.sys moved successfully.
C:\windows\system32\services.exe.* moved successfully.
C:\Windows\Installer\{c62b0a38-dd58-4b00-d876-f87272fb67d0} moved successfully.
C:\Users\RuiPedro\AppData\Local\{c62b0a38-dd58-4b00-d876-f87272fb67d0} moved successfully.
Could not find C:\Windows\System32\services.exe.
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe

========================= Folder: C:\Windows\System32\%APPDATA% ========================

2012-06-27 23:10 - 2012-06-27 23:10 - 0000000 __SHD () C:\Windows\System32\%APPDATA%\Microsoft
2012-06-27 23:10 - 2012-06-27 23:10 - 0000000 __SHD () C:\Windows\System32\%APPDATA%\Microsoft\Windows
2012-06-27 23:10 - 2012-06-27 23:10 - 0000000 __SHD () C:\Windows\System32\%APPDATA%\Microsoft\Windows\IETldCache
2012-06-27 23:10 - 2012-07-07 10:40 - 0262144 __ASH () C:\Windows\System32\%APPDATA%\Microsoft\Windows\IETldCache\index.dat

====== End of Folder: ======

==== End of Fixlog ====




OTL logfile created on: 7/16/2012 9:55:33 PM - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\RuiPedro\Desktop\rm
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Portugal | Language: PTG | Date Format: dd-MM-yyyy

5.91 Gb Total Physical Memory | 3.96 Gb Available Physical Memory | 66.93% Memory free
11.83 Gb Paging File | 9.86 Gb Available in Paging File | 83.33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 249.00 Gb Total Space | 176.06 Gb Free Space | 70.71% Space Free | Partition Type: NTFS
Drive D: | 426.13 Gb Total Space | 213.15 Gb Free Space | 50.02% Space Free | Partition Type: NTFS
Drive F: | 17.30 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 500.69 Mb Total Space | 97.06 Mb Free Space | 19.39% Space Free | Partition Type: FAT

Computer Name: RUIPEDRO-PC | User Name: RuiPedro | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/16 21:53:54 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\RuiPedro\Desktop\rm\OTL.exe
PRC - [2012/06/24 00:50:12 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/06/14 07:32:18 | 001,535,176 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe
PRC - [2012/06/08 12:02:10 | 000,021,432 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2012/05/24 19:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\RuiPedro\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/03/27 19:24:22 | 000,466,944 | ---- | M] () -- C:\Program Files (x86)\SimracewayUpdater\SRWUpdate.exe
PRC - [2012/02/23 11:40:41 | 002,886,528 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012/02/10 05:13:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/01/08 01:17:51 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012/01/03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/09/04 13:45:26 | 003,398,736 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
PRC - [2011/05/05 13:44:54 | 002,656,536 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/05/05 13:44:52 | 000,326,424 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2011/03/30 15:42:34 | 001,001,808 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
PRC - [2011/03/30 15:42:32 | 001,321,296 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
PRC - [2011/03/30 15:42:30 | 000,923,984 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
PRC - [2011/03/30 15:42:28 | 000,985,424 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
PRC - [2011/02/25 02:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/02/11 11:38:28 | 003,357,696 | ---- | M] () -- C:\Program Files (x86)\OSCAR Editor X7\OscarEditor.exe
PRC - [2011/01/11 07:31:34 | 000,719,360 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
PRC - [2011/01/04 14:06:42 | 007,060,560 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe
PRC - [2010/12/23 07:07:58 | 000,945,232 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2010/11/29 06:42:38 | 000,775,848 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe
PRC - [2010/11/17 09:24:54 | 004,387,632 | ---- | M] (SEC) -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
PRC - [2010/11/10 02:03:52 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2010/09/20 04:24:42 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe
PRC - [2009/11/02 06:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2007/05/16 16:33:40 | 000,679,936 | ---- | M] (HUAWEI Technologies Co., Ltd.) -- C:\Program Files (x86)\Kanguru\Kanguru.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/24 00:50:12 | 002,042,848 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/06/14 07:32:18 | 009,459,912 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll
MOD - [2012/06/14 03:10:30 | 018,019,840 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\063174e87d258ef1db040cbfbdd4cd31\PresentationFramework.ni.dll
MOD - [2012/06/14 03:10:19 | 011,522,048 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\984f8802a334d2ae862b66bf71332c10\PresentationCore.ni.dll
MOD - [2012/06/14 03:10:16 | 013,198,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\d55bed00e3d36b0db5bd3994c77fe850\System.Windows.Forms.ni.dll
MOD - [2012/06/14 03:10:11 | 003,881,984 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\697786bb51408d41d980263d90a56d03\WindowsBase.ni.dll
MOD - [2012/06/14 03:10:08 | 001,666,048 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\9abdaeea6a61127606bbc324d9177579\System.Drawing.ni.dll
MOD - [2012/06/08 12:02:10 | 000,021,432 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MOD - [2012/06/02 16:51:27 | 000,115,137 | ---- | M] () -- C:\Users\RuiPedro\AppData\Local\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll
MOD - [2012/05/11 08:35:49 | 001,218,560 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Management\0189f9fb0ff0476b570aeadfc036ddd6\System.Management.ni.dll
MOD - [2012/05/11 08:34:31 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\1a7c90bf70e6fef2970dd02ca5def39a\System.Runtime.Remoting.ni.dll
MOD - [2012/05/11 08:34:08 | 001,782,272 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\f91c92735c4a913143a0914c8cb531f2\System.Xaml.ni.dll
MOD - [2012/05/11 08:04:05 | 000,595,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\fd52e266873de847aea40b1d0715e0bb\PresentationFramework.Aero.ni.dll
MOD - [2012/05/11 08:01:58 | 007,069,184 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\500ffaf6258746eaf0bfc333ab534a51\System.Core.ni.dll
MOD - [2012/05/11 08:01:55 | 005,617,664 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\b54a85f8f8f5ac297357c80b95834a90\System.Xml.ni.dll
MOD - [2012/05/11 08:01:48 | 009,092,096 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System\360d70391adff56f1d029b1a538d2431\System.ni.dll
MOD - [2012/05/11 08:01:43 | 014,415,360 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\97d737762adec957a2d7c80fafb4703a\mscorlib.ni.dll
MOD - [2012/01/08 14:41:12 | 000,093,696 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
MOD - [2011/02/11 11:38:28 | 003,357,696 | ---- | M] () -- C:\Program Files (x86)\OSCAR Editor X7\OscarEditor.exe
MOD - [2011/02/11 09:29:45 | 000,062,976 | ---- | M] () -- C:\Program Files (x86)\OSCAR Editor X7\dll\DLL_AnalyzeGesturesInRight.dll
MOD - [2010/12/03 13:01:18 | 000,994,304 | ---- | M] () -- C:\Program Files (x86)\OSCAR Editor X7\Data\X7\Forms\TrayIconWebAdvertisement\TrayIconWebAdvertisement.dll
MOD - [2010/12/03 10:56:52 | 000,815,104 | ---- | M] () -- C:\Program Files (x86)\OSCAR Editor X7\Data\X7\Forms\OSD_Text\OSD_Text.dll
MOD - [2010/11/25 02:11:21 | 002,535,936 | ---- | M] () -- C:\Program Files (x86)\OSCAR Editor X7\Data\X7\Forms\ScreenCapture\ScreenCapture.dll
MOD - [2010/11/02 13:16:00 | 000,062,976 | ---- | M] () -- C:\Program Files (x86)\OSCAR Editor X7\dll\DLL_AnalyzeGesturesInOne.dll
MOD - [2010/10/12 03:13:52 | 000,087,040 | ---- | M] () -- C:\Program Files (x86)\OSCAR Editor X7\dll\DLL_MouseDeviceManager.dll
MOD - [2010/09/21 07:18:57 | 000,085,504 | ---- | M] () -- C:\Program Files (x86)\OSCAR Editor X7\dll\DLL_ZoomControl.dll
MOD - [2010/09/21 07:18:54 | 000,054,272 | ---- | M] () -- C:\Program Files (x86)\OSCAR Editor X7\dll\DLL_ScrollbarControl.dll
MOD - [2010/09/21 07:18:50 | 000,117,760 | ---- | M] () -- C:\Program Files (x86)\OSCAR Editor X7\dll\DLL_Wheel4D.dll
MOD - [2010/07/05 11:42:58 | 000,203,776 | ---- | M] () -- C:\Program Files (x86)\Samsung\Movie Color Enhancer\WinCRT.dll
MOD - [2010/05/07 15:22:18 | 001,636,864 | ---- | M] () -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll
MOD - [2009/11/02 06:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009/11/02 06:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2007/05/16 14:33:48 | 004,751,360 | ---- | M] () -- C:\Program Files (x86)\Kanguru\resource.dll
MOD - [2007/05/16 10:59:52 | 001,019,904 | ---- | M] () -- C:\Program Files (x86)\Kanguru\HostAPI.dll
MOD - [2006/08/12 04:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/04/21 10:34:16 | 001,136,640 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV:64bit: - [2011/04/21 09:42:50 | 000,134,928 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr) Intel® Centrino® Wireless Bluetooth®
SRV:64bit: - [2010/10/08 03:24:16 | 000,150,016 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) Intel®
SRV:64bit: - [2010/09/22 10:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/08/09 20:04:12 | 000,166,704 | ---- | M] (Samsung Electronics CO., LTD.) [On_Demand | Stopped] -- C:\Windows\SysNative\SUPDSvc.exe -- (Samsung UPD Service)
SRV - [2012/07/02 08:09:47 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/06/24 00:50:12 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/05/21 22:32:20 | 000,147,336 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\ramaint.exe -- (LMIMaint)
SRV - [2012/05/21 22:32:09 | 000,375,176 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2012/03/27 19:24:22 | 000,466,944 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\SimracewayUpdater\SRWUpdate.exe -- (Simraceway Update Service)
SRV - [2012/02/23 11:40:41 | 002,886,528 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012/02/10 05:13:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/01/24 20:50:56 | 000,131,912 | ---- | M] (Desura Pty Ltd) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Desura\desura_service.exe -- (Desura Install Service)
SRV - [2012/01/08 01:17:51 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/01/03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/09/16 15:10:50 | 000,407,424 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn)
SRV - [2011/05/05 13:44:54 | 002,656,536 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2011/05/05 13:44:52 | 000,326,424 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2011/03/30 15:42:34 | 001,001,808 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2011/03/30 15:42:32 | 001,321,296 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
SRV - [2011/03/30 15:42:30 | 000,923,984 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2011/03/01 13:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 02:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/10/12 18:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/05/21 22:32:10 | 000,087,456 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2012/04/15 12:57:52 | 000,231,376 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/10 05:13:00 | 000,028,992 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2011/12/09 19:45:00 | 000,060,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex)
DRV:64bit: - [2011/12/08 05:22:28 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011/12/08 05:22:28 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV:64bit: - [2011/12/08 05:22:28 | 000,146,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd) SAMSUNG Android USB Diagnostic Serial Port (WDM)
DRV:64bit: - [2011/12/08 05:22:28 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2011/12/08 05:22:28 | 000,019,968 | ---- | M] (Danish Wireless Design A/S) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\flashusb.sys -- (flashusb)
DRV:64bit: - [2011/12/08 05:22:28 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV:64bit: - [2011/11/15 01:13:00 | 000,327,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)
DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/09/16 15:10:50 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2011/09/16 15:10:24 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)
DRV:64bit: - [2011/07/29 13:54:56 | 000,016,776 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\epmntdrv.sys -- (epmntdrv)
DRV:64bit: - [2011/07/29 13:54:56 | 000,009,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\EuGdiDrv.sys -- (EuGdiDrv)
DRV:64bit: - [2011/05/01 06:33:06 | 008,593,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel®
DRV:64bit: - [2011/04/22 11:17:04 | 000,471,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/04/21 10:09:26 | 000,294,912 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP) Intel® Centrino®
DRV:64bit: - [2011/04/21 10:09:26 | 000,294,912 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL) Intel® Centrino®
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/08 15:44:08 | 000,051,712 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux)
DRV:64bit: - [2010/12/17 03:39:08 | 012,256,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/11/21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/12 23:23:38 | 000,138,024 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2010/11/10 02:04:14 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/10/20 17:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®
DRV:64bit: - [2010/10/15 10:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2010/10/08 03:23:38 | 000,019,192 | ---- | M] (Intel® Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2010/09/13 10:24:26 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/28 07:38:04 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SABI.sys -- (SABI)
DRV:64bit: - [2007/04/20 10:42:28 | 000,112,384 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2011/10/07 08:12:08 | 000,015,144 | ---- | M] (Windows ® 2003 DDK 3790 provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\rtport.sys -- (rtport)
DRV - [2011/09/16 15:10:50 | 000,015,928 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo)
DRV - [2011/07/29 13:54:56 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\epmntdrv.sys -- (epmntdrv)
DRV - [2011/07/29 13:54:56 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://samsung.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-251638132-866889896-205452805-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung.msn.com
IE - HKU\S-1-5-21-251638132-866889896-205452805-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://samsung.msn.com
IE - HKU\S-1-5-21-251638132-866889896-205452805-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-251638132-866889896-205452805-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.pt/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.5.0
FF - prefs.js..extensions.enabledItems: [email protected]:11.3.14.0
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.608
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
FF - prefs.js..extensions.enabledItems: [email protected]:5.0.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.60
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: [email protected]:11.0.2.556
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {07b2a769-ed19-4483-87ce-c643914c81bb}:3.0.0.91
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\RuiPedro\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\RuiPedro\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/24 00:50:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/12 07:55:53 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/24 00:50:12 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/12 07:55:53 | 000,000,000 | ---D | M]

[2012/01/06 23:12:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RuiPedro\AppData\Roaming\Mozilla\Extensions
[2010/05/25 20:55:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RuiPedro\AppData\Roaming\Mozilla\Extensions\{ea278cf8-93cd-484f-b951-57360482d33a}
[2012/07/16 21:49:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RuiPedro\AppData\Roaming\Mozilla\Firefox\Profiles\dkn68onu.default\extensions
[2012/01/06 23:12:11 | 000,000,000 | ---D | M] (Screengrab) -- C:\Users\RuiPedro\AppData\Roaming\Mozilla\Firefox\Profiles\dkn68onu.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2012/01/06 23:12:11 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\RuiPedro\AppData\Roaming\Mozilla\Firefox\Profiles\dkn68onu.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2012/01/06 23:12:22 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\RuiPedro\AppData\Roaming\Mozilla\Firefox\Profiles\dkn68onu.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2012/01/06 23:12:06 | 000,000,000 | ---D | M] (20-20 3D Viewer - IKEA) -- C:\Users\RuiPedro\AppData\Roaming\Mozilla\Firefox\Profiles\dkn68onu.default\extensions\[email protected]
[2012/05/19 16:31:29 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Users\RuiPedro\AppData\Roaming\Mozilla\Firefox\Profiles\dkn68onu.default\extensions\[email protected]
[2012/05/23 07:32:23 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Users\RuiPedro\AppData\Roaming\Mozilla\Firefox\Profiles\dkn68onu.default\extensions\[email protected]
[2012/07/02 08:05:34 | 000,000,000 | ---D | M] (Corretor para Português de Portugal) -- C:\Users\RuiPedro\AppData\Roaming\Mozilla\Firefox\Profiles\dkn68onu.default\extensions\[email protected]
[2010/08/26 00:10:14 | 000,001,820 | ---- | M] () -- C:\Users\RuiPedro\AppData\Roaming\Mozilla\Firefox\Profiles\dkn68onu.default\searchplugins\bing.xml
[2012/04/19 16:08:27 | 000,001,490 | ---- | M] () -- C:\Users\RuiPedro\AppData\Roaming\Mozilla\Firefox\Profiles\dkn68onu.default\searchplugins\web-search-powered-by-google.xml
[2010/02/04 09:38:29 | 000,002,795 | ---- | M] () -- C:\Users\RuiPedro\AppData\Roaming\Mozilla\Firefox\Profiles\dkn68onu.default\searchplugins\world-of-warcraft-armory.xml
[2012/02/26 09:51:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/01/06 20:43:09 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]_bak
[2011/10/29 12:05:28 | 000,434,392 | ---- | M] () (No name found) -- C:\USERS\RUIPEDRO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DKN68ONU.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
[2012/02/13 22:01:33 | 000,204,717 | ---- | M] () (No name found) -- C:\USERS\RUIPEDRO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DKN68ONU.DEFAULT\EXTENSIONS\[email protected]
[2011/10/15 06:43:09 | 000,007,927 | ---- | M] () (No name found) -- C:\USERS\RUIPEDRO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DKN68ONU.DEFAULT\EXTENSIONS\[email protected]
[2012/04/19 16:07:52 | 000,344,887 | ---- | M] () (No name found) -- C:\USERS\RUIPEDRO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DKN68ONU.DEFAULT\EXTENSIONS\[email protected]
[2012/06/24 00:50:12 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/02/25 09:05:50 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/06/24 00:50:10 | 000,001,525 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/06/24 00:50:10 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/24 00:50:10 | 000,000,935 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/06/24 00:50:10 | 000,001,166 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/06/24 00:50:10 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
[2012/06/24 00:50:10 | 000,001,121 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\RuiPedro\AppData\Local\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\RuiPedro\AppData\Local\Google\Chrome\Application\20.0.1132.47\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\RuiPedro\AppData\Local\Google\Chrome\Application\20.0.1132.47\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\RuiPedro\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\RuiPedro\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\windows\system32\Adobe\Director\np32dsw.dll
CHR - Extension: YouTube = C:\Users\RuiPedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\RuiPedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Faerie Alchemy HD = C:\Users\RuiPedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\imdilajngppdgdbemeighbingnbmpnpl\1.1.3.7_0\
CHR - Extension: Formula 3D = C:\Users\RuiPedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmennkmmgljpjeihfakkbfadfbbfapgm\1.6.0_0\
CHR - Extension: Gmail = C:\Users\RuiPedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [HUAWEI E620 Data Card] C:\Program Files (x86)\Kanguru\Kanguru.exe (HUAWEI Technologies Co., Ltd.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-251638132-866889896-205452805-1001..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s File not found
O4 - HKU\S-1-5-21-251638132-866889896-205452805-1001..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKU\S-1-5-21-251638132-866889896-205452805-1001..\Run: [OscarEditor] C:\Program Files (x86)\OSCAR Editor X7\OscarEditor.exe ()
O4 - HKU\S-1-5-21-251638132-866889896-205452805-1008..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-251638132-866889896-205452805-1001..\RunOnce: [FlashPlayerUpdate] C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_Plugin.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-251638132-866889896-205452805-1008..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\RuiPedro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\RuiPedro\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{18DBC74A-DE0D-4804-B59B-7EE2A2B67458}: DhcpNameServer = 195.23.129.126 194.79.69.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AD79D44C-578E-4631-893F-93A96C5068BB}: DhcpNameServer = 192.168.3.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B6E529D9-DF0F-4E36-AFE5-36AD61491626}: NameServer = 62.169.67.172 62.169.67.171
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/04/04 18:02:54 | 000,102,400 | R--- | M] (Huawei Technologies Co., Ltd.) - F:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2007/04/17 10:47:36 | 000,000,046 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{6647ca08-cfb0-11e1-b8d9-dca97148803b}\Shell - "" = AutoRun
O33 - MountPoints2\{6647ca08-cfb0-11e1-b8d9-dca97148803b}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2007/04/04 18:02:54 | 000,102,400 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{b92c8547-c59f-11e1-9145-dca97148803b}\Shell - "" = AutoRun
O33 - MountPoints2\{b92c8547-c59f-11e1-9145-dca97148803b}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2007/04/04 18:02:54 | 000,102,400 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{f3c2fce9-c560-11e1-88a8-dca97148803b}\Shell - "" = AutoRun
O33 - MountPoints2\{f3c2fce9-c560-11e1-88a8-dca97148803b}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2007/04/04 18:02:54 | 000,102,400 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{f3c2fcfe-c560-11e1-88a8-dca97148803b}\Shell - "" = AutoRun
O33 - MountPoints2\{f3c2fcfe-c560-11e1-88a8-dca97148803b}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{fa411a09-b651-11e1-bdc6-dca97148803b}\Shell - "" = AutoRun
O33 - MountPoints2\{fa411a09-b651-11e1-bdc6-dca97148803b}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2007/04/04 18:02:54 | 000,102,400 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2007/04/04 18:02:54 | 000,102,400 | R--- | M] (Huawei Technologies Co., Ltd.)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/07/16 21:53:41 | 000,000,000 | ---D | C] -- C:\Users\RuiPedro\Desktop\rm
[2012/07/15 06:50:22 | 000,000,000 | ---D | C] -- C:\FRST
[2012/07/07 19:40:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/07/07 19:40:44 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/07/07 19:40:13 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/07/05 00:36:17 | 000,000,000 | ---D | C] -- C:\Users\RuiPedro\Documents\Condominio FNamora
[2012/07/03 23:50:00 | 000,112,384 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\windows\SysNative\drivers\ewusbmdm.sys
[2012/07/03 23:50:00 | 000,029,696 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\windows\SysNative\drivers\ewdcsc.sys
[2012/07/03 23:49:50 | 000,000,000 | ---D | C] -- C:\Users\RuiPedro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kanguru
[2012/07/03 23:49:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kanguru
[2012/07/03 23:49:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kanguru
[2012/06/28 08:10:01 | 000,000,000 | -HSD | C] -- C:\windows\SysNative\%APPDATA%
[2012/06/26 10:16:08 | 000,000,000 | ---D | C] -- C:\Users\RuiPedro\AppData\Local\{DBCA3620-643A-4466-94E4-26A90CCD81F0}
[2012/06/26 10:15:52 | 000,000,000 | ---D | C] -- C:\Users\RuiPedro\AppData\Local\{51F6B646-375F-4E3F-AB88-B272AE2F47F8}
[2012/06/23 10:45:36 | 000,000,000 | ---D | C] -- C:\Users\RuiPedro\AppData\Roaming\DeadMage
[2012/06/21 00:58:14 | 000,000,000 | ---D | C] -- C:\Users\RuiPedro\AppData\Local\Funcom
[2012/06/21 00:58:05 | 000,000,000 | ---D | C] -- C:\ProgramData\media center programs
[2012/06/21 00:58:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Funcom
[2012/06/19 13:15:54 | 000,000,000 | ---D | C] -- C:\Users\RuiPedro\Documents\Ubisoft
[2012/06/18 23:22:23 | 000,000,000 | ---D | C] -- C:\Users\RuiPedro\AppData\Local\Ubisoft Game Launcher
[2012/06/18 23:21:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubisoft
[2012/06/17 12:48:51 | 000,000,000 | ---D | C] -- C:\Users\RuiPedro\AppData\Local\{B1129602-5E6E-4E87-B47B-ACF2DBA9CF66}
[2 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/17 02:40:46 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/07/17 02:40:39 | 2055,512,063 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/16 21:57:00 | 000,001,034 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-251638132-866889896-205452805-1001UA.job
[2012/07/16 21:55:21 | 000,002,373 | ---- | M] () -- C:\Users\RuiPedro\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/07/16 21:51:33 | 000,021,200 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/16 21:51:33 | 000,021,200 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/16 21:47:18 | 000,782,986 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/07/16 21:47:18 | 000,654,728 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/07/16 21:47:18 | 000,122,302 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/07/07 19:41:13 | 000,001,945 | ---- | M] () -- C:\windows\epplauncher.mif
[2012/07/07 19:40:50 | 000,788,832 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012/07/07 12:07:31 | 000,000,982 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-251638132-866889896-205452805-1001Core.job
[2012/07/04 23:45:19 | 000,184,004 | ---- | M] () -- C:\Users\RuiPedro\Desktop\sumotori102.zip
[2012/07/01 08:34:37 | 000,000,206 | ---- | M] () -- C:\Users\RuiPedro\Desktop\Psychonauts.url
[2012/06/23 23:51:17 | 000,000,747 | ---- | M] () -- C:\Users\RuiPedro\Application Data\Microsoft\Internet Explorer\Quick Launch\Titan Poker.lnk
[2012/06/23 23:51:17 | 000,000,723 | ---- | M] () -- C:\Users\RuiPedro\Desktop\Titan Poker.lnk
[2012/06/23 10:45:28 | 000,466,456 | ---- | M] (Creative Labs) -- C:\windows\SysNative\wrap_oal.dll
[2012/06/23 10:45:28 | 000,444,952 | ---- | M] (Creative Labs) -- C:\windows\SysWow64\wrap_oal.dll
[2012/06/21 00:58:05 | 000,000,693 | ---- | M] () -- C:\Users\Public\Desktop\The Secret World.lnk
[2012/06/18 19:58:09 | 000,000,207 | ---- | M] () -- C:\Users\RuiPedro\Desktop\Driver San Francisco.url
[2 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/07 19:40:53 | 000,001,915 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/07/04 23:45:17 | 000,184,004 | ---- | C] () -- C:\Users\RuiPedro\Desktop\sumotori102.zip
[2012/07/01 08:34:37 | 000,000,206 | ---- | C] () -- C:\Users\RuiPedro\Desktop\Psychonauts.url
[2012/06/23 23:51:17 | 000,000,753 | ---- | C] () -- C:\Users\RuiPedro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Titan Poker.lnk
[2012/06/23 23:51:17 | 000,000,747 | ---- | C] () -- C:\Users\RuiPedro\Application Data\Microsoft\Internet Explorer\Quick Launch\Titan Poker.lnk
[2012/06/23 23:51:17 | 000,000,723 | ---- | C] () -- C:\Users\RuiPedro\Desktop\Titan Poker.lnk
[2012/06/23 02:31:35 | 000,000,207 | ---- | C] () -- C:\Users\RuiPedro\Desktop\Lucid - Copy.url
[2012/06/21 00:58:05 | 000,000,693 | ---- | C] () -- C:\Users\Public\Desktop\The Secret World.lnk
[2012/06/18 19:58:09 | 000,000,207 | ---- | C] () -- C:\Users\RuiPedro\Desktop\Driver San Francisco.url
[2012/04/12 22:46:22 | 000,000,717 | ---- | C] () -- C:\windows\cedt.INI
[2012/04/11 23:43:41 | 000,000,204 | ---- | C] () -- C:\Users\RuiPedro\AppData\Roaming\Lucid_player_profiles_data.dat
[2012/04/11 23:43:41 | 000,000,008 | ---- | C] () -- C:\Users\RuiPedro\AppData\Roaming\Lucid_player_highscore.dat
[2012/04/09 18:44:42 | 002,469,760 | ---- | C] () -- C:\windows\SysWow64\BootMan.exe
[2012/04/09 18:44:42 | 000,086,408 | ---- | C] () -- C:\windows\SysWow64\setupempdrv03.exe
[2012/04/09 18:44:42 | 000,019,840 | ---- | C] () -- C:\windows\SysWow64\EuEpmGdi.dll
[2012/04/09 18:44:42 | 000,014,216 | ---- | C] () -- C:\windows\SysWow64\epmntdrv.sys
[2012/04/09 18:44:42 | 000,008,456 | ---- | C] () -- C:\windows\SysWow64\EuGdiDrv.sys
[2012/02/11 18:35:48 | 000,007,168 | ---- | C] () -- C:\Users\RuiPedro\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/08 01:17:53 | 000,281,656 | ---- | C] () -- C:\windows\SysWow64\PnkBstrB.exe
[2012/01/08 01:17:51 | 000,075,136 | ---- | C] () -- C:\windows\SysWow64\PnkBstrA.exe
[2012/01/05 23:22:01 | 000,000,262 | ---- | C] () -- C:\windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2012/01/04 20:09:48 | 000,788,832 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/12/23 21:58:28 | 000,030,568 | ---- | C] () -- C:\windows\MusiccityDownload.exe
[2011/12/23 21:58:24 | 000,974,848 | ---- | C] () -- C:\windows\SysWow64\cis-2.4.dll
[2011/12/23 21:58:24 | 000,081,920 | ---- | C] () -- C:\windows\SysWow64\issacapi_bs-2.3.dll
[2011/12/23 21:58:24 | 000,065,536 | ---- | C] () -- C:\windows\SysWow64\issacapi_pe-2.3.dll
[2011/12/23 21:58:24 | 000,057,344 | ---- | C] () -- C:\windows\SysWow64\issacapi_se-2.3.dll
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\windows\SysWow64\xlive.dll.cat
[2011/09/06 05:46:14 | 000,258,864 | ---- | C] () -- C:\windows\SUPDRun.exe
[2011/09/06 05:42:16 | 000,960,940 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
[2011/09/06 05:42:15 | 000,207,376 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin
[2011/09/06 05:42:14 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin
[2011/09/06 02:31:49 | 000,307,200 | ---- | C] () -- C:\windows\SetDisplayResolution.exe
[2011/09/06 01:52:57 | 000,000,918 | ---- | C] () -- C:\windows\HotFixList.ini
[2011/09/06 01:52:37 | 000,142,128 | ---- | C] () -- C:\windows\wiainst64.exe

========== LOP Check ==========

[2012/06/07 14:57:03 | 000,000,000 | ---D | M] -- C:\Users\RuiPedro\AppData\Roaming\BlackBean
[2012/01/06 20:44:24 | 000,000,000 | ---D | M] -- C:\Users\RuiPedro\AppData\Roaming\BWMeterPro
[2012/06/23 10:45:36 | 000,000,000 | ---D | M] -- C:\Users\RuiPedro\AppData\Roaming\DeadMage
[2012/07/17 02:45:41 | 000,000,000 | ---D | M] -- C:\Users\RuiPedro\AppData\Roaming\Dropbox
[2012/01/13 00:33:59 | 000,000,000 | ---D | M] -- C:\Users\RuiPedro\AppData\Roaming\Faerie Solitaire
[2012/05/19 17:42:37 | 000,000,000 | ---D | M] -- C:\Users\RuiPedro\AppData\Roaming\FileZilla
[2012/04/06 17:12:41 | 000,000,000 | ---D | M] -- C:\Users\RuiPedro\AppData\Roaming\HackSlashLoot
[2012/02/21 20:12:24 | 000,000,000 | ---D | M] -- C:\Users\RuiPedro\AppData\Roaming\Need for Speed World
[2012/06/01 23:55:45 | 000,000,000 | ---D | M] -- C:\Users\RuiPedro\AppData\Roaming\PDF Writer
[2012/02/11 18:31:17 | 000,000,000 | ---D | M] -- C:\Users\RuiPedro\AppData\Roaming\Samsung
[2012/03/30 23:49:39 | 000,000,000 | ---D | M] -- C:\Users\RuiPedro\AppData\Roaming\Simraceway
[2012/07/07 19:19:07 | 000,000,000 | ---D | M] -- C:\Users\RuiPedro\AppData\Roaming\SoftGrid Client
[2012/05/30 23:04:36 | 000,000,000 | ---D | M] -- C:\Users\RuiPedro\AppData\Roaming\Sports Interactive
[2012/03/03 13:00:07 | 000,000,000 | ---D | M] -- C:\Users\RuiPedro\AppData\Roaming\SystemRequirementsLab
[2012/03/27 13:26:16 | 000,000,000 | ---D | M] -- C:\Users\RuiPedro\AppData\Roaming\TeamViewer
[2012/05/08 22:52:03 | 000,000,000 | ---D | M] -- C:\Users\RuiPedro\AppData\Roaming\Temp
[2012/03/30 23:52:32 | 000,000,000 | -H-D | M] -- C:\Users\RuiPedro\AppData\Roaming\TempMods
[2012/01/04 20:20:57 | 000,000,000 | ---D | M] -- C:\Users\RuiPedro\AppData\Roaming\TP
[2012/04/15 13:04:44 | 000,000,000 | ---D | M] -- C:\Users\RuiPedro\AppData\Roaming\TrueCrypt
[2009/07/14 06:08:49 | 000,028,184 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< etsvcs >

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2011/02/26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/21 04:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/21 04:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: SERVICES >
[2009/06/10 22:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services

< MD5 for: SERVICES.CFG >
[2012/04/04 06:53:54 | 000,585,987 | ---- | M] () MD5=7BAB089A4F862C6BC86E0201D5BF1779 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2011/06/06 13:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg

< MD5 for: SERVICES.CNF >
[2010/08/23 16:07:16 | 000,000,002 | ---- | M] () MD5=A55822426A5330C04625A41D264C190B -- C:\Users\RuiPedro\Documents\Sites\eLojasOnline.com\Backup\backup-elojasonline.com-9-7-2010\public_html\_vti_pvt\services.cnf
[2010/08/23 16:07:16 | 000,000,002 | ---- | M] () MD5=A55822426A5330C04625A41D264C190B -- C:\Users\RuiPedro\Documents\Sites\eLojasOnline.com\Backup\backup-elojasonline.com-9-7-2010\www\_vti_pvt\services.cnf

< MD5 for: SERVICES.EXE >
[2009/07/14 02:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\windows\SysNative\services.exe
[2009/07/14 02:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2012/07/16 00:56:26 | 000,328,704 | ---- | M] () Unable to obtain MD5 -- C:\FRST\Quarantine\services.exe

< MD5 for: SERVICES.EXE.04C832EA36C9C51F >
[2012/07/07 20:00:29 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\FRST\Quarantine\services.exe.04C832EA36C9C51F

< MD5 for: SERVICES.EXE.07A9DA281D4DAA56 >
[2012/07/07 23:38:39 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\FRST\Quarantine\services.exe.07A9DA281D4DAA56

< MD5 for: SERVICES.EXE.0CD0DCFEE00CD9CF >
[2012/07/16 00:53:51 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\FRST\Quarantine\services.exe.0CD0DCFEE00CD9CF

< MD5 for: SERVICES.EXE.0D1FD7C7A112D7EE >
[2012/07/07 20:35:50 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\FRST\Quarantine\services.exe.0D1FD7C7A112D7EE

< MD5 for: SERVICES.EXE.2AE7D42245B3F82D >
[2012/07/07 23:19:41 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\FRST\Quarantine\services.exe.2AE7D42245B3F82D

< MD5 for: SERVICES.EXE.2E0F01C9446B3D8E >
[2012/07/07 23:12:49 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\FRST\Quarantine\services.exe.2E0F01C9446B3D8E

< MD5 for: SERVICES.EXE.327DDAF15C310D0A >
[2012/07/07 23:02:15 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\FRST\Quarantine\services.exe.327DDAF15C310D0A

< MD5 for: SERVICES.EXE.3B0BA2C36EA16753 >
[2012/07/07 19:56:40 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\FRST\Quarantine\services.exe.3B0BA2C36EA16753

< MD5 for: SERVICES.EXE.40E01CE2D7061700 >
[2012/07/07 23:36:08 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\FRST\Quarantine\services.exe.40E01CE2D7061700

< MD5 for: SERVICES.EXE.42DF510FEE91AF25 >
[2012/07/07 23:57:07 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\FRST\Quarantine\services.exe.42DF510FEE91AF25

< MD5 for: SERVICES.EXE.4D67A6AF2AC71A4C >
[2012/07/07 20:29:17 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\FRST\Quarantine\services.exe.4D67A6AF2AC71A4C

< MD5 for: SERVICES.EXE.5788036570116922 >
[2012/07/07 23:16:30 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\FRST\Quarantine\services.exe.5788036570116922

< MD5 for: SERVICES.EXE.5A31AB0D44B4CFA7 >
[2012/07/07 23:48:58 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\FRST\Quarantine\services.exe.5A31AB0D44B4CFA7

< MD5 for: SERVICES.EXE.700BA86AC8B77C2C >
[2012/07/07 23:05:55 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\FRST\Quarantine\services.exe.700BA86AC8B77C2C

< MD5 for: SERVICES.EXE.7210E77BD1543310 >
[2012/07/07 22:47:47 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\FRST\Quarantine\services.exe.7210E77BD1543310

< MD5 for: SERVICES.EXE.75C192AF5FB3BFC6 >
[2012/07/07 20:03:51 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\FRST\Quarantine\services.exe.75C192AF5FB3BFC6

< MD5 for: SERVICES.EXE.79BBC4A21714F1CA >
[2012/07/07 23:24:23 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\FRST\Quarantine\services.exe.79BBC4A21714F1CA

< MD5 for: SERVICES.EXE.8842DB8163DE8A9D >
[2012/07/07 19:53:27 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\FRST\Quarantine\services.exe.8842DB8163DE8A9D

< MD5 for: SERVICES.EXE.901C1604BEA17E52 >
[2012/07/10 23:29:41 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\FRST\Quarantine\services.exe.901C1604BEA17E52

< MD5 for: SERVICES.EXE.9D233E7114CE6942 >
[2012/07/07 20:14:49 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\FRST\Quarantine\services.exe.9D233E7114CE6942

< MD5 for: SERVICES.EXE.A0FA56E5ACA8E349 >
[2012/07/07 20:18:11 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\FRST\Quarantine\services.exe.A0FA56E5ACA8E349

< MD5 for: SERVICES.EXE.A34FBA84DA5780BE >
[2012/07/07 22:58:57 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\FRST\Quarantine\services.exe.A34FBA84DA5780BE

< MD5 for: SERVICES.EXE.A7E50ACA02DADE8D >
[2012/07/07 22:54:30 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\FRST\Quarantine\services.exe.A7E50ACA02DADE8D

< MD5 for: SERVICES.EXE.A95E6E759C10C0C5 >
[2012/07/07 23:09:11 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\FRST\Quarantine\services.exe.A95E6E759C10C0C5

< MD5 for: SERVICES.EXE.AB5568716A50EE55 >
[2012/07/07 23:33:19 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\FRST\Quarantine\services.exe.AB5568716A50EE55

< MD5 for: SERVICES.EXE.ADEE51D20A24885C >
[2012/07/07 23:41:12 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\FRST\Quarantine\services.exe.ADEE51D20A24885C

< MD5 for: SERVICES.EXE.BEDB150A737D5823 >
[2012/07/07 23:29:45 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\FRST\Quarantine\services.exe.BEDB150A737D5823

< MD5 for: SERVICES.EXE.C561E556684A18C9 >
[2012/07/07 20:32:32 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\FRST\Quarantine\services.exe.C561E556684A18C9

< MD5 for: SERVICES.EXE.CEB341C6165429CC >
[2012/07/07 22:51:04 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\FRST\Quarantine\services.exe.CEB341C6165429CC

< MD5 for: SERVICES.EXE.D88E33018B26E709 >
[2012/07/10 23:40:48 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\FRST\Quarantine\services.exe.D88E33018B26E709

< MD5 for: SERVICES.EXE.DFBBF5BC328FD2DE >
[2012/07/16 00:36:22 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\FRST\Quarantine\services.exe.DFBBF5BC328FD2DE

< MD5 for: SERVICES.EXE.E6354E53F4A653F6 >
[2012/07/07 23:54:14 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\FRST\Quarantine\services.exe.E6354E53F4A653F6

< MD5 for: SERVICES.EXE.EBE67F4D875B1A91 >
[2012/07/07 23:26:49 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\FRST\Quarantine\services.exe.EBE67F4D875B1A91

< MD5 for: SERVICES.EXE.EF0074AFA93E054C >
[2012/07/07 20:26:04 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\FRST\Quarantine\services.exe.EF0074AFA93E054C

< MD5 for: SERVICES.EXE.F50C904D28AE52E9 >
[2012/07/10 23:45:29 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\FRST\Quarantine\services.exe.F50C904D28AE52E9

< MD5 for: SERVICES.EXE.F677F0A77FCAD9DF >
[2012/07/07 23:43:41 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\FRST\Quarantine\services.exe.F677F0A77FCAD9DF

< MD5 for: SERVICES.EXE.MUI >
[2010/11/21 08:06:16 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\windows\SysNative\en-US\services.exe.mui
[2010/11/21 08:06:16 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui

< MD5 for: SERVICES.EXE-511D36F4.PF >
[2012/07/07 19:22:56 | 000,058,450 | ---- | M] () MD5=DA03F02D087AFB38B1ACBAAAED19A5E3 -- C:\Windows\Prefetch\SERVICES.EXE-511D36F4.pf

< MD5 for: SERVICES.LNK >
[2009/07/14 05:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 05:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOCHIADS.COM.SOL >
[2012/07/01 19:47:10 | 000,000,351 | ---- | M] () MD5=C8AC961DAD4C3C1123690A8932E42D15 -- C:\Users\RuiPedro\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\TYBPF5TR\mochiads.com\services.mochiads.com.sol

< MD5 for: SERVICES.MOF >
[2009/06/10 21:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\windows\SysNative\wbem\services.mof
[2009/06/10 21:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof

< MD5 for: SERVICES.MSC >
[2010/11/21 08:06:14 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\windows\SysNative\en-US\services.msc
[2009/06/10 21:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\windows\SysNative\services.msc
[2010/11/21 08:06:17 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/06/10 22:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2010/11/21 08:06:14 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 21:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2010/11/21 08:06:17 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 22:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PNG >
[2010/06/01 18:30:42 | 000,036,737 | ---- | M] () MD5=DE73CD8D57FBEB810AE09B146ED235FD -- C:\Users\RuiPedro\Documents\Sites\eLojasOnline.com\Downloads\Icons\256x256-Business-Icons\Services.png

< MD5 for: SERVICES.PTXML >
[2009/07/13 21:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 21:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml

< MD5 for: SERVICES.TPL.PHP >
[2012/05/14 16:32:00 | 000,004,984 | ---- | M] () MD5=EFC83B81C2BB50ED20D695DC464869D8 -- C:\Users\RuiPedro\Documents\Sites\Battery-Live.com\Site\battery-live.com\battery-live.com\public_html\gestao\themes\default\templates\services.tpl.php

< MD5 for: SVCHOST.EXE >
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\windows\SysNative\svchost.exe
[2009/07/14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\windows\SysNative\userinit.exe
[2010/11/21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\windows\SysNative\winlogon.exe
[2010/11/21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

< MD5 for: WSHELPER.DLL >
[2009/07/14 02:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\SysWOW64\wshelper.dll
[2009/07/14 02:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\winsxs\wow64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6ace9e67456cc40b\wshelper.dll
[2009/07/14 02:41:58 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=D314DA4B0B8DCD023D547FC568E34FB6 -- C:\windows\SysNative\wshelper.dll
[2009/07/14 02:41:58 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=D314DA4B0B8DCD023D547FC568E34FB6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\wshelper.dll

< MD5 for: WSHELPER.DLL.MUI >
[2010/11/21 08:06:21 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=CD53AEA05D09943FDAA9E6E779D28A26 -- C:\Windows\SysWOW64\en-US\wshelper.dll.mui
[2010/11/21 08:06:21 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=CD53AEA05D09943FDAA9E6E779D28A26 -- C:\Windows\winsxs\x86_microsoft-windows-w..ure-other.resources_31bf3856ad364e35_6.1.7600.16385_en-us_adb3c1d9fa188607\wshelper.dll.mui
[2010/11/21 08:06:18 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=D3C8A35BD4D7F008A7D37AA6F235C8FD -- C:\windows\SysNative\en-US\wshelper.dll.mui
[2010/11/21 08:06:18 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=D3C8A35BD4D7F008A7D37AA6F235C8FD -- C:\Windows\winsxs\amd64_microsoft-windows-w..ure-other.resources_31bf3856ad364e35_6.1.7600.16385_en-us_09d25d5db275f73d\wshelper.dll.mui

< C:\Windows\assembly\tmp\U\*.* /s >

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< type c:\diskreport.txt /c >
Microsoft DiskPart version 6.1.7601
Copyright © 1999-2008 Microsoft Corporation.
On computer: RUIPEDRO-PC
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 E DVD-ROM 0 B No Media
Volume 1 F KANGURU CDFS CD-ROM 33 MB Healthy
Volume 2 SYSTEM NTFS Partition 100 MB Healthy System
Volume 3 C NTFS Partition 249 GB Healthy Boot
Volume 4 D NTFS Partition 426 GB Healthy
Volume 5 SAMSUNG_REC NTFS Partition 23 GB Healthy Hidden
Volume 6 G FAT Removable 500 MB Healthy

< End of report >




OTL Extras logfile created on: 7/16/2012 9:55:33 PM - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\RuiPedro\Desktop\rm
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Portugal | Language: PTG | Date Format: dd-MM-yyyy

5.91 Gb Total Physical Memory | 3.96 Gb Available Physical Memory | 66.93% Memory free
11.83 Gb Paging File | 9.86 Gb Available in Paging File | 83.33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 249.00 Gb Total Space | 176.06 Gb Free Space | 70.71% Space Free | Partition Type: NTFS
Drive D: | 426.13 Gb Total Space | 213.15 Gb Free Space | 50.02% Space Free | Partition Type: NTFS
Drive F: | 17.30 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 500.69 Mb Total Space | 97.06 Mb Free Space | 19.39% Space Free | Partition Type: FAT

Computer Name: RUIPEDRO-PC | User Name: RuiPedro | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-251638132-866889896-205452805-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{006B5C65-3938-4246-B182-994A7E415EDE}" = Intel® PROSet/Wireless Software for Bluetooth® Technology
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources
"{1685AE50-97ED-485B-80F6-145071EE14B0}" = Windows Live Remote Service Resources
"{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{206BD2C5-DE08-4577-A0D7-D441A79D5A3A}" = Windows Live Remote Client Resources
"{22AB5CFD-B3DB-414E-9F99-4D024CCF1DA6}" = Windows Live Remote Client Resources
"{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources
"{27F3F8DE-AC95-4E10-90A6-EBA999DDBCAF}" = Windows Live Remote Service Resources
"{29CFD07F-4971-41B0-B14D-621ACCC264AC}" = Windows Live Remote Service Resources
"{2C1A6191-9804-4FDC-AB01-6F9183C91A13}" = Windows Live Remote Client Resources
"{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources
"{34384A2A-2CA2-4446-AB0E-1F360BA2AAC5}" = Windows Live Remote Service Resources
"{350FD0E7-175A-4F86-84EF-05B77FCD7161}" = Windows Live Remote Service Resources
"{3921492E-82D2-4180-8124-E347AD2F2DB4}" = Windows Live Remote Client Resources
"{3C41721F-AF0F-4086-AA1C-4C7F29076228}" = Intel® PROSet/Wireless WiFi Software
"{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources
"{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4C2E49C0-9276-4324-841D-774CCCE5DB48}" = Windows Live Remote Client Resources
"{4C9845D5-9FAD-4C52-B389-CAEF0F216215}" = Windows Live Remote Client Resources
"{5141AA6E-5FAC-4473-BFFB-BEE69DDC7F2B}" = Windows Live Remote Service Resources
"{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources
"{57F2BD1C-14A3-4785-8E48-2075B96EB2DF}" = Windows Live Remote Service Resources
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5F44A3A1-5D24-4708-8776-66B42B174C64}" = Windows Live Remote Client Resources
"{5FCD6EFE-C2E7-4D77-8212-4BA223D8DF8E}" = Windows Live Remote Client Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{61407251-7F7D-4303-810D-226A04D5CFF3}" = Windows Live Remote Service Resources
"{641B32DB-8226-4250-86C9-34671162F5D5}" = Windows Live Remote Client Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6A2482BC-733A-404A-939A-2D5BC636E6F9}" = Windows Live Remote Service Resources
"{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{78654366-5889-4A70-90D9-04B00709EEE0}" = Windows Live Remote Client Resources
"{7AEC844D-448A-455E-A34E-E1032196BBCD}" = Windows Live Remote Service Resources
"{811D5159-D798-491F-B9C6-9BDBF6B02D06}" = Windows Live Remote Service Resources
"{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97A295A7-8840-4B35-BB61-27A8F4512CA3}" = Windows Live Remote Service Resources
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{9E9C960F-7F47-46D5-A95D-950B354DE2B8}" = Windows Live Remote Service Resources
"{A060182D-CDBE-4AD6-B9B4-860B435D6CBD}" = Windows Live Remote Client Resources
"{A0E106D2-4815-4B7A-BAA7-7E21B530CFB4}" = Intel® PROSet/Wireless for Bluetooth® 3.0 + High Speed
"{A508D5A2-3AC1-4594-A718-A663D6D3CF11}" = Windows Live Remote Service Resources
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{AE91E0F3-C49A-4EF4-8B98-A07BD409EB90}" = Windows Live Remote Service Resources
"{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}" = Windows Live Remote Client Resources
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.7.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0209
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B680A663-1A15-47A5-A07C-7DF9A97558B7}" = Windows Live Remote Client Resources
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Monitor da tecnologia Intel® Turbo Boost 2.0
"{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{CFF3C688-2198-4BC3-A399-598226949C39}" = Windows Live Remote Client Resources
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources
"{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{ED421F97-E1C3-4E78-9F54-A53888215D58}" = Windows Live Remote Client Resources
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{EFB20CF5-1A6D-41F3-8895-223346CE6291}" = Windows Live Remote Service Resources
"{F0793412-6407-4870-9A8C-6FE198A4EB12}" = Windows Live Remote Client Resources
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources
"{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources
"{FAD0EC0B-753B-4A97-AD34-32AC1EC8DB69}" = Windows Live Remote Client Resources
"Artensoft Tilt Shift Generator_is1" = Artensoft Tilt Shift Generator
"Bullzip PDF Printer_is1" = Bullzip PDF Printer 8.2.0.1406
"CCleaner" = CCleaner
"Elantech" = ETDWare PS/2-X64 8.0.7.2_WHQL
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"WinRAR archiver" = WinRAR 4.10 beta 5 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000F2A10-9CDF-47BF-9CF2-9AC87567B433}" = Windows Live Photo Common
"{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
"{0119B342-476F-4F5A-B712-144B5CFA781F}" = Windows Live Movie Maker
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{03241D8D-2217-42F7-9FCB-6A68D141C14D}" = Windows Live 软件包
"{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh
"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{062E4D94-8306-46D5-81B6-45E6AD09C799}" = Windows Live Messenger
"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
"{073F306D-9851-4969-B828-7B6444D07D55}" = Windows Live Photo Common
"{07E15DDE-CAD9-434D-B24D-35708E3BEA09}" = Windows Live 필수 패키지
"{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack
"{09B7C7EB-3140-4B5E-842F-9C79A7137139}" = Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger
"{0A4C4B29-5A9D-4910-A13C-B920D5758744}" = بريد Windows Live
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack
"{0C975FCC-A06E-4CB6-8F54-A9B52CF37781}" = Windows Liven sähköposti
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
"{110668B7-54C6-47C9-BAC4-1CE77F156AF5}" = Windows Live Mesh
"{11417707-1F72-4279-95A3-01E0B898BBF5}" = Windows Live Mesh
"{11778DA1-0495-4ED9-972F-F9E0B0367CD5}" = Windows Live Writer
"{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar
"{122800FE-3AAF-4974-9FBD-54B023FA756A}" = „Windows Live Messenger“
"{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack
"{133D9D67-D475-4407-AC3C-D558087B2453}" = Windows Live Movie Maker
"{142D8CA7-2C6F-45A7-83E3-099AAFD99133}" = Samsung Update Plus
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 5
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{17835B63-8308-427F-8CF5-D76E0D5FE457}" = Windows Live Essentials
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19ADD3BF-C42B-47DC-81C6-5E9731B668C4}" = „Windows Live Essentials“
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{19CBDE24-2761-49A5-816B-D2BA65D0CA8D}" = Kontrola Windows Live Mesh ActiveX za daljinske veze
"{1A72337E-D126-4BAF-AC89-E6122DB71866}" = Windows Liven valokuvavalikoima
"{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer
"{1DA6D447-C54D-4833-84D4-3EA31CAECE9B}" = Windows Live UX Platform Language Pack
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}" = Bing Bar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite
"{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{220C7F8C-929D-4F71-9DC7-F7A6823B38E4}" = Windows Live UX Platform Language Pack
"{241E7104-937A-4366-AD57-8FDDDB003939}" = Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi
"{249EE21B-8EDD-4F36-8A23-E580E9DBE80A}" = Windows Live Mail
"{24DF33E0-F924-4D0D-9B96-11F28F0D602D}" = Windows Live UX Platform Language Pack
"{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{25CD4B12-8CC5-433E-B723-C9CB41FA8C5A}" = Windows Live Writer
"{260E3D78-94E6-47EC-8E29-46301572BB1E}" = Control ActiveX Windows Live Mesh pentru conexiuni la distanță
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
"{2720009D-9566-45A7-A370-0E6DAC313F3F}" = „Windows Live Mail“
"{28B9D2D8-4304-483F-AD71-51890A063A74}" = Windows Live Photo Common
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2AEDC172-479F-47AE-8A48-A0524D4AED5B}_is1" = Inpaint 3.1
"{2BA5FD10-653F-4CAF-9CCD-F685082A1DC1}" = Windows Live Writer
"{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack
"{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh
"{2CC0789D-D31B-445F-8970-6E058BE39754}" = Windows Live UX Platform Language Pack
"{2D3E034E-F76B-410A-A169-55755D2637BB}" = Windows Live Mesh
"{2D49C296-BCCA-4800-BAF6-A0269EBDCF74}" = Windows Live Messenger
"{2DDC70C1-C77A-4D08-89D2-9AB648504533}" = Easy Content Share
"{2E50E321-4747-4EB5-9ECB-BBC6C3AC0F31}" = Windows Live Writer Resources
"{2F54E453-8C93-4B3B-936A-233C909E6CAC}" = Windows Live Messenger
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources
"{317D56AC-0DB3-48F5-929A-42032DAC9AD7}" = Windows Live Writer
"{331ECF61-69AF-4F57-AC35-AFED610231C3}" = Multimedia POP
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{34FBC7C4-CD31-4D93-A428-0E524EAC4586}" = CyberLink Media+ Player10
"{368BEC2C-B7A2-4762-9213-2D8465D533CA}" = Windows Live UX Platform Language Pack
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{376D59B1-42D9-4FA2-B6CC-E346B6BE14F5}" = ActiveX-kontroll för fjärranslutningar för Windows Live Mesh
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39B3184E-0BFB-40FA-ADDC-E7E2D535CDA9}" = Controle ActiveX do Windows Live Mesh para Conexões Remotas
"{39F95B0B-A0B7-4FA7-BB6C-197DA2546468}" = Windows Live Mesh
"{3B72C1E0-26A1-40F6-8516-D50C651DFB3C}" = Windows Live Essentials
"{3B8F240C-B75E-4A1E-BDCC-6C7F033078A3}" = Windows Live UX Platform Language Pack
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials
"{4264C020-850B-4F08-ACBE-98205D9C336C}" = Windows Live Writer
"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
"{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials
"{442032CB-900C-49C7-B4B4-2B76525DD403}" = Windows Live Photo Common
"{443B561F-DE1B-4DEF-ADD9-484B684653C7}" = Windows Live Messenger
"{4444F27C-B1A8-464E-9486-4C37BAB39A09}" = Фотогалерия на Windows Live
"{458F399F-62AC-4747-99F5-499BBF073D29}" = Windows Live Writer Resources
"{4664ED39-C80A-48F7-93CD-EBDCAFAB6CC5}" = Windows Live Writer Resources
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A04DB63-8F81-4EF4-9D09-61A2057EF419}" = Windows Live Essentials
"{4A331D24-A9E8-484F-835E-1BA7B139689C}" = EasyBatteryManager
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4B744C85-DBB1-4038-B989-4721EB22C582}" = Windows Live Messenger
"{4C378B16-46B7-4DA1-A2CE-2EE676F74680}" = Windows Live UX Platform Language Pack
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4CF6F287-5121-483C-A5A2-07BDE19D8B4E}" = Windows Live Meshin etäyhteyksien ActiveX-komponentti
"{4D141929-141B-4605-95D6-2B8650C1C6DA}" = Windows Live UX Platform Language Pack
"{4D83F339-5A5C-4B21-8FD3-5D407B981E72}" = Windows Live Photo Common
"{4EAE665D-957A-4D04-9679-3AD582008877}" = NVIDIA PhysX
"{4F35DF91-F834-41F7-A287-0E377D55C486}" = Windows Live Photo Common
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{517EAAB9-C35E-4949-B8C2-20C241162BBB}" = Windows Live Pošta
"{51FFAC89-B6B0-4E6E-B76F-6D4E2E83086A}" = Windows Live 메일
"{523DF2BB-3A85-4047-9898-29DC8AEB7E69}" = Windows Live UX Platform Language Pack
"{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources
"{542DA303-FB91-4731-9F37-6E518368D3B9}" = Windows Live Messenger
"{545192D4-E817-4EAA-834D-623EA50CF268}" = Windows Live UX Platform Language Pack
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{57220148-3B2B-412A-A2E0-82B9DF423696}" = Windows Live Mesh ActiveX-objekt til fjernforbindelser
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{588CE0C0-860B-49A8-AFCF-3C69465B345F}" = Windows Live Mesh
"{5C2F5C1B-9732-4F81-8FBF-6711627DC508}" = Windows Live Fotogalleri
"{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh
"{5D163056-96B7-440F-A836-89BA5D3CFF2F}" = Windows Live Photo Common
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{5D2E7BD7-4B6F-4086-BA8A-E88484750624}" = Windows Live Writer Resources
"{5DA7D148-D2D2-4C67-8444-2F0F9BD88A06}" = Windows Live Writer
"{5E627606-53B9-42D1-97E1-D03F6229E248}" = Windows Live UX Platform Language Pack
"{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{61506B53-EE02-46CE-8464-3F806947978F}" = Windows Live Mesh
"{61920449-0393-4707-B7DD-E6C0013C8B2C}" = 원격 연결을 위한 Windows Live Mesh ActiveX 컨트롤
"{622DE1BE-9EDE-49D3-B349-29D64760342A}" = 適用遠端連線的 Windows Live Mesh ActiveX 控制項
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail
"{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker
"{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live
"{644063FA-ABA3-42AC-A8AC-3EDC0706018B}" = Windows Live Mesh
"{6491AB99-A11E-41FD-A5E7-32DE8A097B8E}" = Windows Live Essentials
"{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69C9C672-400A-43A0-B2DE-9DB38C371282}" = Windows Live Writer
"{69CAC24D-B1DC-4B97-A1BE-FE21843108FE}" = Windows Live Writer Resources
"{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack
"{6A67578E-095B-4661-88F7-0B199CEC3371}" = Windows Live Messenger
"{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh
"{6B3BAE39-4ED1-4EEB-9769-A3AA0AA58CB4}" = Windows Live Movie Maker
"{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common
"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
"{6DCE9C3E-3DB7-4C3C-8B80-BC55781BB7B6}" = Windows Live Writer Resources
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}" = Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz
"{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger
"{6EF2BE2C-3121-48B7-B7A6-C56046B3A588}" = Windows Live Movie Maker
"{6F37D92B-41AA-44B7-80D2-457ABDE11896}" = Windows Live Photo Common
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-wildgames" = WildTangent Games App
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7115EEBC-DA7B-434C-B81C-EA5B26EA9A94}" = Windows Live Writer Resources
"{71684DFF-CDED-450C-AF0C-4A1A6438A1A5}" = Windows Live Essentials
"{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer
"{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh
"{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7327080F-6673-421F-BBD9-B618F357EEB3}" = Windows Live UX Platform Language Pack
"{734104DE-C2BF-412F-BB97-FCCE1EC94229}" = Windows Live Writer Resources
"{7373E17D-18E0-44A7-AC3A-6A3BFB85D3B3}" = Windows Live Movie Maker
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{753F0A72-59C3-41CE-A36A-F2DF2079275C}" = Windows Live Mail
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{7780682A-47C9-480D-90BE-247539342595}" = Windows Live UX Platform Language Pack
"{77BC9EAF-14C7-4338-9B1C-D5A3E142C0B8}" = Windows Live Photo Common
"{77DAF553-291A-4471-988C-5677D90DB57E}" = Windows Live Writer Resources
"{77F45ECD-FAFC-45A8-8896-CFFB139DAAA3}" = Fast Start
"{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live
"{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{78DBE8CE-61F6-4D6C-806C-A0FFF65F5E1D}" = Windows Live Messenger
"{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
"{7ADFA72D-2A9F-4DEC-80A5-2FAA27E23F0F}" = Windows Live Photo Common
"{7AF8E500-B349-4A77-8265-9854E9A47925}" = Windows Live Movie Maker
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
"{7B982EBD-D017-4527-BF1A-FC489EC6B100}" = Windows Live 照片库
"{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live
"{7C2A3479-A5A0-412B-B0E6-6D64CBB9B251}" = Windows Live Photo Common
"{7CB529B2-6C74-4878-9C3F-C29C3C3BBDC6}" = Windows Live Writer Resources
"{7D0DE76C-874E-4BDE-A204-F4240160693E}" = Windows Live Photo Common
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources
"{7F6F62F0-7884-4CFB-B86C-597A4A6D9C4D}" = Movie Color Enhancer
"{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources
"{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{80E8C65A-8F70-4585-88A2-ABC54BABD576}" = Windows Live Mesh
"{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
"{82803FF3-563F-414F-A403-8D4C167D4120}" = Windows Live Mail
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83D2FFB0-E378-49FE-8A53-580CA7B5761F}" = Windows Live Messenger
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common
"{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials
"{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{861B1145-7762-4794-B40C-3FF0A389DFE6}" = Windows Live Photo Gallery
"{86E6D3A7-3ADC-44C0-B94E-85D2A9DD36B0}" = Windows Live Writer
"{8732818E-CA78-4ACB-B077-22311BF4C0E4}" = Easy Network Manager
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{885F1BCD-C344-4758-85BD-09640CF449A5}" = Windows Live Photo Gallery
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8909CFA8-97BF-4077-AC0F-6925243FFE08}" = Windows Liven asennustyökalu
"{8985AE5E-622A-4980-8BF8-0A1830643220}" = Windows Live Mesh ActiveX kontrola za daljinske veze
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CF5D47D-27B7-49D6-A14F-10550B92749D}" = Windows Live UX Platform Language Pack
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{9024FE65-46B8-4C8A-9D98-8DCB6BD5F598}" = „Windows Live Mesh ActiveX“ nuotolinių ryšių valdiklis
"{903EDF14-4E28-4463-AA5E-4AEE71C0263B}" = Windows Live Movie Maker
"{924B4D82-1B97-48EB-8F1E-55C4353C22DB}" = Windows Live Mail
"{92D50865-FC60-4EA8-BA7A-5581B0D13EFB}" = ChargeableUSB
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95140000-00AF-0409-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{976475B8-63E9-4559-BE2C-D26086BE4C40}" = LogMeIn
"{97F77D62-5110-4FA3-A2D3-410B92D31199}" = Windows Live Fotogaléria
"{99BE7F5D-AB52-4404-9E03-4240FFAA7DE9}" = Windows Live Mesh
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D4C7DFA-CBBB-4F06-BDAC-94D831406DF0}" = פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DA3F03B-2CEE-4344-838E-117861E61FAF}" = Windows Live Mail
"{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker
"{9E771D5B-C429-4CBC-8730-3EBD9EC99E4C}" = Windows Live Movie Maker
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker
"{A1668729-C4D2-49AE-877B-FB608362FFF1}" = Windows Live Essentials
"{A199DB88-E22D-4CE7-90AC-B8BE396D7BF4}" = Windows Live Movie Maker
"{A2EDAEEB-C981-46D5-8163-CF8F5F640EEE}" = ตัวควบคุม ActiveX ใน Windows Live Mesh สำหรับการเชื่อมต่อระยะไกล (ไทย)
"{A3389C72-1782-4BB4-BBAA-33345DE52E3F}" = Windows Live Messenger
"{A3A775C9-5A63-4C55-8FDD-427A5B8F5D2B}" = Windows Live Mesh ActiveX vadīkla attālajiem savienojumiem
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A7056D45-C63A-4FE4-A69D-FB54EF9B21BB}" = Windows Live Messenger
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB0B2113-5B96-4B95-8AD1-44613384911F}" = Windows Live Mesh
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AB78C965-5C67-409B-8433-D7B5BDB12073}" = Windows Live Writer Resources
"{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials
"{ABE2F2AA-7ADC-4717-9573-BF3F83C696AC}" = Windows Live Mail
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AD001A69-88CC-4766-B2DB-3C1DFAB9AC72}" = Windows Live Mesh
"{AD86049C-3D9C-43E1-BE73-643F57D83D50}" = Easy Migration
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{AF01B90A-D25C-4F60-AECD-6EEDF509DC11}" = Windows Live Mesh
"{B000EFB1-ED0C-4830-9DF1-E0EB1E2899E5}" = OSCAR Editor
"{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}" = Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych
"{B0AD205F-60D0-4084-AFB8-34D9A706D9A8}" = Windows Live Essentials
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common
"{B2E90616-C50D-4B89-A40D-92377AC669E5}" = Windows Live Messenger
"{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common
"{B3BA4D1C-23EF-4859-9C11-1B2CCB7FADBB}" = ActiveX контрола на Windows Live Mesh за отдалечени връзки
"{B3BE54A4-8DFE-4593-8E66-56AB7133B812}" = Windows Live Writer
"{B4712CB7-27D7-4F61-8805-BCF9BE1CFC4A}" = Windows Live Writer Resources
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B6190387-0036-4BEB-8D74-A0AFC5F14706}" = Ovládací prvek ActiveX platformy Windows Live Mesh pro vzdálená připojení
"{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live
"{B7B67AA5-12DA-4F01-918D-B1BF66779D8A}" = Windows Live Writer Resources
"{B81722D3-0A95-4BDE-AA1A-A2A5D12FCDB2}" = Windows Live Foto-galerija
"{B9B66F77-9D00-4CA4-BDF1-BBA8236B4DB6}" = Windows Live Writer
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{BAEE89D5-6E87-4F89-9603-A1C100479181}" = Windows Live Messenger
"{BCB0D6F7-7EAB-4009-A6F2-8E0E7F317773}" = Элемент управления Windows Live Mesh ActiveX для удаленных подключений
"{BD0C3887-64E6-41D8-9A38-BC6F34369352}" = Windows Live Messenger
"{BD4EBDB5-EB14-4120-BB04-BE0A26C7FB3E}" = Windows Live Photo Common
"{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh
"{BFC47A0B-D487-4DF0-889E-D6D392DF31E0}" = Windows Live Messenger
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C01FCACE-CC3D-49A2-ADC2-583A49857C58}" = Windows Live Essentials
"{C08D5964-C42F-48EE-A893-2396F9562A7C}" = Windows Live Mesh
"{C1C9D199-B4DD-4895-92DD-9A726A2FE341}" = Windows Live Writer
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C2FD7DB5-FE30-49B6-8A2F-C5652E053C31}" = Ovládací prvok ActiveX programu Windows Live Mesh pre vzdialené pripojenia
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C454280F-3C3E-4929-B60E-9E6CED5717E7}" = Windows Live Mail
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail
"{C877E454-FA36-409A-A00E-1240CEC61BBD}" = „Windows Live“ fotogalerija
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{C8A2793D-EFF2-4069-95BF-A28192E39DEB}" = Windows Live Writer
"{C95A5A77-622F-45CA-9540-84468FCB18B1}" = Windows Live Messenger
"{C9E1343D-E21E-4508-A1BE-04A089EC137D}" = Windows Live Messenger
"{CA227A9D-09BE-4BFB-9764-48FED2DA5454}" = Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
"{CB66242D-12B1-4494-82D2-6F53A7E024A3}" = Galerie foto Windows Live
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CBFD061C-4B27-4A89-ADD8-210316EEFA11}" = Windows Live Messenger
"{CD442136-9115-4236-9C14-278F6A9DCB3F}" = Windows Live Movie Maker
"{CD7CB1E6-267A-408F-877D-B532AD2C882E}" = Windows Live Photo Common
"{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer
"{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
"{CF936193-C584-458C-B793-15FA945621AF}" = Windows Live fotoattēlu galerija
"{CF9DEFAA-12CD-4D04-AA45-F9F667D21E2E}" = Windows Live Movie Maker
"{D06F10C5-3EDD-4B29-A3B5-16BBB9A047F8}" = Windows Live Mesh
"{D07B1FDA-876B-4914-9E9A-309732B6D44F}" = Windows Live Mail
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D27DF849-C8C7-4892-A7F1-E0B381A1BD01}" = Windows Live Writer
"{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack
"{D31169F2-CD71-4337-B783-3E53F29F4CAD}" = Windows Live Mail
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D47C66BE-0EB5-4587-93FE-D1E176C4B25C}" = Windows Live Messenger
"{D57D43BF-699A-429F-AF8C-AF1867222800}" = Windows Live 사진 갤러리
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6CBB3B2-F510-483D-AE0D-1CF3F43CF1EE}" = Windows Live Writer Resources
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{D987098B-3AD4-4E88-B80E-CF27A32D1955}" = Windows Live Writer Resources
"{DA29F644-2420-4448-8128-1331BE588999}" = Windows Live Writer
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
"{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail
"{DCAB6BA7-6533-44BF-9235-E5BF33B7431C}" = Windows Live Writer
"{DDC1E1BD-7615-4186-89E1-F5F43F9B6491}" = Windows Live Movie Maker
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{DF71ABBB-B834-41C0-BB58-80B0545D754C}" = Windows Live UX Platform Language Pack
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E18B30AA-6E2D-480C-B918-AF61009F4010}" = عنصر تحكم ActiveX الخاص بـ Windows Live Mesh للاتصالات البعيدة
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5377D46-83C5-445A-A1F1-830336B42A10}" = Windows Live Galerija fotografija
"{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas
"{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
"{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack
"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live
"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{E9AD2143-26D5-4201-BED1-19DCC03B407D}" = Windows Live Messenger
"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
"{EA76E65F-6679-495A-A8A6-42AD6602ED4C}" = EasyFileShare
"{EA777812-4905-4C08-8F6E-13BDCC734609}" = Windows Live UX Platform Language Pack
"{EAB1BDF2-734A-4D44-9169-7615D185C974}" = Windows Live Mesh
"{EC20FB81-9B5E-4B97-92A2-8DC52548EFCE}" = Windows Live Mesh
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F0F9505B-3ACF-4158-9311-D0285136AA00}" = Windows Live Essentials
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2979AAA-FDD7-4CB3-93BC-5C24D965D679}" = Windows Live Messenger
"{F35DC85A-E96B-496B-ABE7-F04192824856}" = Windows Live Messenger
"{F4BEA6C1-AAC3-4810-AAEA-588E26E0F237}" = Windows Live UX Platform Language Pack
"{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources
"{F66430D8-08E6-4C96-B9B7-90E66E27D58C}" = Windows Live Mail
"{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}" = Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις
"{F687E657-F636-44DF-8125-9FEEA2C362F5}" = Samsung Support Center 1.0
"{F783464C-C7C6-4E9B-AC40-BC90E5414BAF}" = Windows Live Messenger
"{F7A46527-DF1F-4B0F-9637-98547E189442}" = Windows Live Galeria de Fotos
"{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh
"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{F992409C-9D10-4AE2-BAEB-B5409AD3785E}" = 用于远程连接的 Windows Live Mesh ActiveX 控件(简体中文)
"{FA20D803-14E5-4B00-8F03-B519D46F9D4A}" = Windows Live Messenger
"{FA6CF94F-DACF-4FE7-959D-55C421B91B17}" = Windows Live Mail
"{FB3D07AE-73D0-47A9-AC12-6F50BF8B6202}" = Windows Live Movie Maker
"{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie
"{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}" = معرض صور Windows Live
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials
"{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials
"{FF105207-8423-4E13-B0B1-50753170B245}" = Windows Live Movie Maker
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FF737490-5A2D-4269-9D82-97DB2F7C0B09}" = Windows Live Movie Maker
"{FFD0E594-823B-4E2B-B680-720B3C852588}" = BatteryLifeExtender
"{FFFA0584-8E3D-4195-8283-CCA3AD73C746}" = Windows Live Messenger
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Capsule" = Capsule
"Crimson Editor SVN286M" = Crimson Editor SVN286M
"Desura" = Desura
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 9.1.1 Home Edition
"FileZilla Client" = FileZilla Client 3.5.3
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite
"InstallShield_{34FBC7C4-CD31-4D93-A428-0E524EAC4586}" = CyberLink Media+ Player10
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{B000EFB1-ED0C-4830-9DF1-E0EB1E2899E5}" = X7 Oscar Editor
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"Kanguru" = Kanguru
"Mozilla Firefox 13.0.1 (x86 en-GB)" = Mozilla Firefox 13.0.1 (x86 en-GB)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"OpenAL" = OpenAL
"ProInst" = Intel PROSet Wireless
"PunkBusterSvc" = PunkBuster Services
"Samsung Printer Live Update" = Samsung Printer Live Update
"Samsung Universal Print Driver" = Samsung Universal Print Driver
"Samsung Universal Scan Driver" = Samsung Universal Scan Driver
"SBKX_is1" = SBKX
"Simraceway" = Simraceway 0.28.57
"Steam App 104200" = BEEP
"Steam App 105300" = Critical Mass
"Steam App 107100" = Bastion
"Steam App 108710" = Alan Wake
"Steam App 17730" = Smashball
"Steam App 18500" = Defense Grid: The Awakening
"Steam App 203850" = Microsoft Flight
"Steam App 20920" = The Witcher 2: Enhanced Edition
"Steam App 210840" = Warlock - Master of the Arcane Demo
"Steam App 28050" = Deus Ex: Human Revolution
"Steam App 33440" = Driver San Francisco
"Steam App 34900" = Bad Rats
"Steam App 3590" = Plants vs. Zombies: Game of the Year
"Steam App 3830" = Psychonauts
"Steam App 38740" = EDGE
"Steam App 41050" = Serious Sam Classic: The First Encounter
"Steam App 45450" = Fortix 2
"Steam App 46540" = Trapped Dead
"Steam App 55230" = Saints Row: The Third
"Steam App 58560" = Runaway: A Twist of Fate
"Steam App 61100" = Lucid
"Steam App 6220" = FlatOut
"Steam App 71270" = Football Manager 2012
"Steam App 71400" = Football Manager 2012 Editor
"Steam App 71410" = Football Manager 2012 Resource Archiver
"Steam App 8190" = Just Cause 2
"Steam App 8930" = Sid Meier's Civilization V
"Steam App 91900" = Post Apocalyptic Mayhem
"SystemRequirementsLab" = System Requirements Lab
"TeamViewer 7" = TeamViewer 7
"The Secret World_is1" = The Secret World
"TrueCrypt" = TrueCrypt
"VLC media player" = VLC media player 2.0.1
"WildTangent wildgames Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live Essentials
"WRC FIA World Rally Championship_is1" = WRC FIA World Rally Championship
"WT085559" = Diner Dash 2 Restaurant Rescue
"WT085567" = Chuzzle Deluxe
"WT085580" = John Deere Drive Green
"WT085581" = Penguins!
"WT085583" = Polar Golfer
"WT085587" = Agatha Christie - Death on the Nile
"WT085597" = Build-a-lot
"WT085618" = Farm Frenzy
"WT085622" = Insaniquarium Deluxe
"WT085663" = Peggle
"WT085669" = Plants vs. Zombies
"WT089285" = Zuma Deluxe
"WT089286" = Bejeweled 2 Deluxe

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-251638132-866889896-205452805-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"MyFreeCodec" = MyFreeCodec
"Poker 770" = Poker 770
"Titan Poker" = Titan Poker

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 4/18/2012 10:31:29 PM | Computer Name = RuiPedro-PC | Source = SideBySide | ID = 16842824
Description = Activation context generation failed for "c:\program files\microsoft
security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
security client\MSESysprep.dll" on line 10. The element imaging appears as a child
of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
this version of Windows.

Error - 4/19/2012 9:29:38 PM | Computer Name = RuiPedro-PC | Source = SideBySide | ID = 16842824
Description = Activation context generation failed for "c:\program files\microsoft
security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
security client\MSESysprep.dll" on line 10. The element imaging appears as a child
of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
this version of Windows.

Error - 4/20/2012 8:53:43 PM | Computer Name = RuiPedro-PC | Source = SideBySide | ID = 16842824
Description = Activation context generation failed for "c:\program files\microsoft
security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
security client\MSESysprep.dll" on line 10. The element imaging appears as a child
of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
this version of Windows.

Error - 4/20/2012 9:25:00 PM | Computer Name = RuiPedro-PC | Source = SideBySide | ID = 16842824
Description = Activation context generation failed for "c:\program files\microsoft
security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
security client\MSESysprep.dll" on line 10. The element imaging appears as a child
of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
this version of Windows.

Error - 4/21/2012 2:05:17 AM | Computer Name = RuiPedro-PC | Source = CVHSVC | ID = 100
Description = Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}):
DownloadLatest Failed: There are currently no active network connections. Background
Intelligent Transfer Service (BITS) will try again when an adapter is connected.


Error - 4/21/2012 5:54:26 AM | Computer Name = RuiPedro-PC | Source = SideBySide | ID = 16842824
Description = Activation context generation failed for "c:\program files\microsoft
security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
security client\MSESysprep.dll" on line 10. The element imaging appears as a child
of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
this version of Windows.

Error - 4/22/2012 2:25:28 PM | Computer Name = RuiPedro-PC | Source = SideBySide | ID = 16842824
Description = Activation context generation failed for "c:\program files\microsoft
security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
security client\MSESysprep.dll" on line 10. The element imaging appears as a child
of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
this version of Windows.

Error - 4/23/2012 2:26:59 PM | Computer Name = RuiPedro-PC | Source = WinMgmt | ID = 10
Description =

Error - 4/24/2012 9:51:23 PM | Computer Name = RuiPedro-PC | Source = SideBySide | ID = 16842824
Description = Activation context generation failed for "c:\program files\microsoft
security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
security client\MSESysprep.dll" on line 10. The element imaging appears as a child
of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
this version of Windows.

Error - 4/25/2012 9:24:45 PM | Computer Name = RuiPedro-PC | Source = SideBySide | ID = 16842824
Description = Activation context generation failed for "c:\program files\microsoft
security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
security client\MSESysprep.dll" on line 10. The element imaging appears as a child
of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
this version of Windows.

[ System Events ]
Error - 7/7/2012 5:56:13 PM | Computer Name = RuiPedro-PC | Source = Service Control Manager | ID = 7003
Description = The IPsec Policy Agent service depends the following service: BFE.
This service might not be installed.

Error - 7/7/2012 5:58:57 PM | Computer Name = RuiPedro-PC | Source = Microsoft Antimalware | ID = 1119
Description = %%860 has encountered a critical error when taking action on malware
or other potentially unwanted software. For more information please see the following:
http://go.microsoft....atid=2147655285

Name:
Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\windows\system32\services.exe;file:_C:\windows\system32\services.exe->731;process:_pid:684

Detection
Origin: %%845 Detection Type: %%822 Detection Source: %%820 User: NT AUTHORITY\SYSTEM

Process
Name: C:\windows\system32\services.exe Action: %%809 Action Status: No additional
actions required Error Code: 0x800704ec Error description: This program is blocked
by group policy. For more information, contact your system administrator. Signature
Version: AV: 1.129.1186.0, AS: 1.129.1186.0, NIS: 11.159.0.0 Engine Version: AM:
1.1.8502.0, NIS: 2.0.8001.0

Error - 7/7/2012 6:00:22 PM | Computer Name = RuiPedro-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 22:58:51 on ?07-?07-?2012 was unexpected.

Error - 7/7/2012 6:00:34 PM | Computer Name = RuiPedro-PC | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1060

Error - 7/7/2012 6:00:36 PM | Computer Name = RuiPedro-PC | Source = Service Control Manager | ID = 7003
Description = The IKE and AuthIP IPsec Keying Modules service depends the following
service: BFE. This service might not be installed.

Error - 7/7/2012 6:00:38 PM | Computer Name = RuiPedro-PC | Source = Service Control Manager | ID = 7003
Description = The IPsec Policy Agent service depends the following service: BFE.
This service might not be installed.

Error - 7/7/2012 6:02:15 PM | Computer Name = RuiPedro-PC | Source = Microsoft Antimalware | ID = 1119
Description = %%860 has encountered a critical error when taking action on malware
or other potentially unwanted software. For more information please see the following:
http://go.microsoft....atid=2147655285

Name:
Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\windows\system32\services.exe;file:_C:\windows\system32\services.exe->731;process:_pid:676

Detection
Origin: %%845 Detection Type: %%822 Detection Source: %%820 User: NT AUTHORITY\SYSTEM

Process
Name: C:\windows\system32\services.exe Action: %%809 Action Status: No additional
actions required Error Code: 0x800704ec Error description: This program is blocked
by group policy. For more information, contact your system administrator. Signature
Version: AV: 1.129.1186.0, AS: 1.129.1186.0, NIS: 11.159.0.0 Engine Version: AM:
1.1.8502.0, NIS: 2.0.8001.0

Error - 7/7/2012 6:03:44 PM | Computer Name = RuiPedro-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 23:01:14 on ?07-?07-?2012 was unexpected.

Error - 7/7/2012 6:03:48 PM | Computer Name = RuiPedro-PC | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1060

Error - 7/7/2012 6:03:50 PM | Computer Name = RuiPedro-PC | Source = Service Control Manager | ID = 7003
Description = The IKE and AuthIP IPsec Keying Modules service depends the following
service: BFE. This service might not be installed.


< End of report >



aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-16 22:06:45
-----------------------------
22:06:45.014 OS Version: Windows x64 6.1.7601 Service Pack 1
22:06:45.015 Number of processors: 4 586 0x2A07
22:06:45.015 ComputerName: RUIPEDRO-PC UserName: RuiPedro
22:06:46.415 Initialize success
22:13:10.240 AVAST engine defs: 12071601
22:13:38.362 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:13:38.364 Disk 0 Vendor: Hitachi_ JE4O Size: 715404MB BusType: 3
22:13:38.372 Disk 0 MBR read successfully
22:13:38.374 Disk 0 MBR scan
22:13:38.377 Disk 0 unknown MBR code
22:13:38.381 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
22:13:38.411 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 254976 MB offset 206848
22:13:38.430 Disk 0 Partition - 00 0F Extended LBA 436362 MB offset 522397696
22:13:38.462 Disk 0 Partition 3 00 27 Hidden NTFS WinRE NTFS 23965 MB offset 1416067072
22:13:38.515 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 436361 MB offset 522399744
22:13:38.595 Disk 0 scanning C:\windows\system32\drivers
22:13:52.000 Service scanning
22:14:28.274 Modules scanning
22:14:28.563 Disk 0 trace - called modules:
22:14:28.603 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
22:14:28.606 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80062be060]
22:14:28.609 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8006027050]
22:14:29.849 AVAST engine scan C:\windows
22:14:33.571 AVAST engine scan C:\windows\system32
22:17:53.173 AVAST engine scan C:\windows\system32\drivers
22:18:10.105 AVAST engine scan C:\Users\RuiPedro
22:48:22.593 AVAST engine scan C:\ProgramData
22:51:31.785 Scan finished successfully
22:54:53.766 Disk 0 MBR has been saved successfully to "C:\Users\RuiPedro\Desktop\rm\MBR.dat"
22:54:53.798 The log file has been saved successfully to "C:\Users\RuiPedro\Desktop\rm\aswMBR.txt"







PS1: Can I use my computer now "normaly" or should I refrain from using it until we finish, in particular when connected to the internet ?

PS2: Your link to OTL is not working, got it from here: http://oldtimer.geekstogo.com/OTL.exe
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP