Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Rundll.exe [Closed]

Started by Valoni , Aug 31 2012 07:17 PM

  • This topic is locked This topic is locked

#1
Valoni
Posted 31 August 2012 - 07:17 PM

Valoni

    Member

  • Member
  • PipPip
  • 41 posts
When I start a game in my Laptop if I don't have internet connection the game wont start and tons of rundll.exe processes appear. I scanned it with Malwarebytes with and without Internet Connection but no result as infected.
  • 0

Advertisements

#2
Valoni
Posted 31 August 2012 - 07:40 PM

Valoni

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Here's the OTL log.

OTL logfile created on: 2012-09-01 3:23:28 PD - Run 4
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Setki\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000041C | Country: Albania | Language: SQI | Date Format: yyyy-MM-dd

3,75 Gb Total Physical Memory | 2,20 Gb Available Physical Memory | 58,78% Memory free
9,37 Gb Paging File | 7,30 Gb Available in Paging File | 77,92% Paging File free
Paging file location(s): C:\pagefile.sys 5755 5755 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 219,77 Gb Total Space | 34,75 Gb Free Space | 15,81% Space Free | Partition Type: NTFS
Drive D: | 13,11 Gb Total Space | 2,00 Gb Free Space | 15,27% Space Free | Partition Type: NTFS

Computer Name: SETKI-PC | User Name: Setki | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-09-01 03:22:47 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Setki\Desktop\OTL.exe
PRC - [2012-07-03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012-06-01 21:40:50 | 000,136,336 | ---- | M] (RockMelt Inc.) -- C:\Users\Setki\AppData\Local\RockMelt\Update\1.2.189.1\RockMeltCrashHandler.exe
PRC - [2012-05-27 01:30:33 | 000,880,496 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
PRC - [2011-09-29 22:37:29 | 000,064,048 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\Bitdefender\BitDefender 2011\Antispam32\pchooklaunch32.exe
PRC - [2011-03-28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010-05-27 12:42:24 | 000,385,024 | ---- | M] () -- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraGrd.exe
PRC - [2010-05-10 11:04:16 | 000,465,536 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe
PRC - [2009-01-21 17:23:16 | 000,210,216 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe
PRC - [2008-12-25 23:41:20 | 000,189,736 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2008-12-25 23:41:16 | 001,316,136 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
PRC - [2008-12-03 04:28:22 | 000,365,952 | ---- | M] () -- C:\Program Files (x86)\SMINST\BLService.exe
PRC - [2008-11-29 04:04:26 | 001,148,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2008-11-27 03:13:08 | 000,296,320 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
PRC - [2008-11-27 03:13:08 | 000,116,096 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
PRC - [2007-11-27 16:38:04 | 000,695,136 | ---- | M] (National Instruments, Inc.) -- C:\Windows\SysWOW64\lkcitdl.exe
PRC - [2007-11-27 14:57:52 | 000,213,552 | ---- | M] (National Instruments Corporation) -- C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
PRC - [2007-11-27 14:57:20 | 000,050,736 | ---- | M] (National Instruments Corporation) -- C:\Windows\SysWOW64\lktsrv.exe
PRC - [2007-11-27 14:56:48 | 000,040,488 | ---- | M] (National Instruments Corporation) -- C:\Windows\SysWOW64\lkads.exe
PRC - [2007-07-19 17:38:16 | 000,048,704 | ---- | M] (National Instruments Corp.) -- C:\Windows\SysWOW64\nisvcloc.exe
PRC - [2002-09-20 16:16:30 | 000,090,112 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\Logitech\QCDriver2\LVComS.exe


========== Modules (No Company Name) ==========

MOD - [2012-08-18 00:28:55 | 000,442,392 | ---- | M] () -- C:\Users\Setki\AppData\Local\Google\Chrome\Application\21.0.1180.83\ppgooglenaclpluginchrome.dll
MOD - [2012-08-18 00:28:54 | 012,236,824 | ---- | M] () -- C:\Users\Setki\AppData\Local\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll
MOD - [2012-08-18 00:28:52 | 003,997,720 | ---- | M] () -- C:\Users\Setki\AppData\Local\Google\Chrome\Application\21.0.1180.83\pdf.dll
MOD - [2012-08-18 00:27:36 | 000,526,872 | ---- | M] () -- C:\Users\Setki\AppData\Local\Google\Chrome\Application\21.0.1180.83\libglesv2.dll
MOD - [2012-08-18 00:27:35 | 000,104,984 | ---- | M] () -- C:\Users\Setki\AppData\Local\Google\Chrome\Application\21.0.1180.83\libegl.dll
MOD - [2012-08-18 00:27:23 | 000,144,424 | ---- | M] () -- C:\Users\Setki\AppData\Local\Google\Chrome\Application\21.0.1180.83\avutil-51.dll
MOD - [2012-08-18 00:27:22 | 000,266,792 | ---- | M] () -- C:\Users\Setki\AppData\Local\Google\Chrome\Application\21.0.1180.83\avformat-54.dll
MOD - [2012-08-18 00:27:21 | 002,480,680 | ---- | M] () -- C:\Users\Setki\AppData\Local\Google\Chrome\Application\21.0.1180.83\avcodec-54.dll
MOD - [2012-02-20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012-02-20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010-05-27 12:42:24 | 000,385,024 | ---- | M] () -- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraGrd.exe
MOD - [2008-12-25 23:41:24 | 000,881,960 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
MOD - [2008-11-27 03:13:08 | 000,263,560 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\CLCapEngine.dll
MOD - [2008-11-27 03:13:08 | 000,124,288 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\CLSchMgr.dll
MOD - [2008-11-27 03:13:08 | 000,038,184 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\CLCapSvcps.dll
MOD - [2008-11-27 03:13:06 | 000,349,480 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\CLTinyDB.dll
MOD - [2008-09-15 16:13:38 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Shared files\richvideops.dll


========== Services (SafeList) ==========

SRV:64bit: - [2011-01-26 13:38:11 | 000,350,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\inetsrv\ftpsvc.dll -- (ftpsvc)
SRV:64bit: - [2010-09-22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010-07-16 16:03:58 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2010-05-27 18:59:40 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010-03-23 15:53:06 | 000,247,808 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010-03-15 17:23:12 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2009-07-14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009-07-14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009-06-03 03:13:02 | 000,721,712 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysNative\vfsFPService.exe -- (vfsFPService)
SRV:64bit: - [2009-03-02 19:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008-08-26 20:02:20 | 000,016,896 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV - [2012-08-24 00:11:42 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012-08-15 10:10:36 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012-07-03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011-09-09 17:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011-06-08 13:02:00 | 000,633,856 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011-03-28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010-06-28 23:38:46 | 000,077,944 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2010-03-23 15:53:06 | 000,247,808 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe -- (STacSV)
SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010-03-15 17:22:57 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009-06-03 03:12:50 | 000,599,344 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vfsFPService.exe -- (vfsFPService)
SRV - [2009-03-02 19:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe -- (AESTFilters)
SRV - [2008-12-03 04:28:22 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008-11-27 03:13:08 | 000,296,320 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe -- (TVCapSvc)
SRV - [2008-11-27 03:13:08 | 000,116,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- (TVSched)
SRV - [2007-11-27 16:38:04 | 000,695,136 | ---- | M] (National Instruments, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\lkcitdl.exe -- (LkCitadelServer)
SRV - [2007-11-27 14:57:52 | 000,213,552 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe -- (NIDomainService)
SRV - [2007-11-27 14:57:20 | 000,050,736 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Windows\SysWOW64\lktsrv.exe -- (lkTimeSync)
SRV - [2007-11-27 14:56:48 | 000,040,488 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Windows\SysWOW64\lkads.exe -- (lkClassAds)
SRV - [2007-07-19 17:38:16 | 000,048,704 | ---- | M] (National Instruments Corp.) [Auto | Running] -- C:\Windows\SysWOW64\nisvcloc.exe -- (niSvcLoc)
SRV - [2007-01-29 16:19:48 | 001,007,616 | ---- | M] (Macrovision Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe -- (NILM License Manager)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012-07-03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012-04-07 22:21:49 | 000,564,792 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2012-03-08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012-03-01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012-02-15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011-09-29 22:39:47 | 000,099,408 | ---- | M] (BitDefender) [Kernel | System | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys -- (bdfwfpf)
DRV:64bit: - [2011-09-29 22:38:16 | 000,431,176 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\bdfsfltr.sys -- (bdfsfltr)
DRV:64bit: - [2011-08-17 10:58:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2011-08-17 10:58:22 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2011-08-17 10:58:20 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2011-08-17 10:58:16 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2011-03-11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011-03-11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010-11-20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010-11-20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010-11-20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010-11-20 12:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010-07-16 16:04:04 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2010-07-16 16:03:48 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2010-06-28 12:55:44 | 001,040,976 | ---- | M] (BitDefender) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\avckf.sys -- (avckf)
DRV:64bit: - [2010-06-28 12:55:38 | 000,692,816 | ---- | M] (BitDefender) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\avc3.sys -- (avc3)
DRV:64bit: - [2010-06-23 00:39:52 | 002,978,296 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010-06-23 00:37:15 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010-05-27 19:39:12 | 006,856,192 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010-05-27 19:39:12 | 006,856,192 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010-05-27 18:25:36 | 000,264,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010-05-13 16:52:08 | 000,162,896 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bdfm.sys -- (BDFM)
DRV:64bit: - [2010-05-05 16:38:26 | 000,014,592 | ---- | M] (ASUSTek Computer Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AiCharger.sys -- (AiCharger)
DRV:64bit: - [2010-03-23 15:53:06 | 000,505,344 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010-02-28 17:16:17 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2010-02-28 17:16:16 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2010-01-19 19:32:40 | 000,103,944 | ---- | M] (BitDefender) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\bdvedisk.sys -- (Bdvedisk)
DRV:64bit: - [2009-09-02 04:09:34 | 000,221,696 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009-05-20 15:09:00 | 000,070,656 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\enecir.sys -- (enecir)
DRV:64bit: - [2009-05-18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009-05-13 11:39:00 | 000,239,152 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009-04-29 08:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2009-03-18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2008-11-21 23:05:22 | 001,253,376 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2008-08-28 12:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2008-07-21 11:53:04 | 000,145,496 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2008-06-27 08:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV:64bit: - [2008-05-28 18:54:18 | 000,026,168 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2008-04-28 07:25:06 | 000,016,400 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV - [2011-03-24 15:36:18 | 000,353,096 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\Windows\SysWOW64\drivers\bdfsfltr.sys -- (bdfsfltr)
DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008-11-29 04:04:24 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/02/27 02:40:48] [Kernel | Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})
DRV - [2008-08-14 08:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\URLSearchHook: {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - No CLSID value found
IE - HKLM\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{D15581E7-ED7E-41FB-95A2-05CDF3376D01}: "URL" = http://search.condui...&ctid=CT2233703

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\URLSearchHook: {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - No CLSID value found
IE - HKCU\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF}: "URL" = http://vshare.toolba...Terms}&srch=dsp
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{D15581E7-ED7E-41FB-95A2-05CDF3376D01}: "URL" = http://search.condui...&ctid=CT2233703
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;*.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Setki\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Setki\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Setki\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Setki\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Setki\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\@us-w1.rockmelt.com/RockMelt Update;version=8: C:\Users\Setki\AppData\Local\RockMelt\Update\1.2.189.1\npRockMeltOneClick8.dll (RockMelt Inc.)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Setki\AppData\Local\Facebook\Messenger\2.1.4590.0\npFbDesktopPlugin.dll (Facebook, Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\PROGRAM FILES\BITDEFENDER\BITDEFENDER 2011\BDAPHFFEXT\ [2011-10-12 18:48:26 | 000,000,000 | ---D | M]
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\PROGRAM FILES\BITDEFENDER\BITDEFENDER 2011\BDTBEXT\ [2011-10-12 18:48:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011-03-26 01:01:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011-03-26 01:01:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011-08-15 19:38:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\BitDefender\BitDefender 2011\bdaphffext\ [2011-10-12 18:48:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011-08-15 19:38:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\BitDefender\BitDefender 2011\bdtbext\ [2011-10-12 18:48:26 | 000,000,000 | ---D | M]

[2012-05-27 01:31:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Setki\AppData\Roaming\Mozilla\Firefox\extensions
[2012-05-27 01:31:36 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\Setki\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Setki\AppData\Local\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Setki\AppData\Local\Google\Chrome\Application\21.0.1180.83\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Setki\AppData\Local\Google\Chrome\Application\21.0.1180.83\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Setki\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: HP Product Detection Plugin for Mozilla (Enabled) = C:\Users\Setki\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnhbepgnjnaoahohppnffanmkjkjoglp\1.0.15.0_0\plugins/npProductDetectPlugin.dll
CHR - plugin: HP Active Check Plugin (Enabled) = C:\Users\Setki\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnhbepgnjnaoahohppnffanmkjkjoglp\1.0.15.0_0\plugins/npAclmPlugin.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files (x86)\Veetle\Player\npvlc.dll
CHR - plugin: Veetle Broadcaster Plugin (Enabled) = C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Setki\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Setki\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Setki\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Click to activate/deactivate ProxTube = C:\Users\Setki\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek\1.1.2_0\
CHR - Extension: YouTube = C:\Users\Setki\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Setki\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: DivX HiQ = C:\Users\Setki\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\
CHR - Extension: Windows Media Player Extension for HTML5 = C:\Users\Setki\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak\1.0_1\
CHR - Extension: HP Product Detection Plugin = C:\Users\Setki\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnhbepgnjnaoahohppnffanmkjkjoglp\1.0.15.0_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Setki\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\
CHR - Extension: uTorrentControl2 = C:\Users\Setki\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\2.3.15.10_0\
CHR - Extension: Facebook Sidebar Chat Reversion = C:\Users\Setki\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfophgoebcoehkldfgeffhnlcabhhomn\1.5.3_0\
CHR - Extension: Gmail = C:\Users\Setki\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2011-08-14 17:36:23 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3:64bit: - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4F90-B10D-FC6124A40F8C} - C:\Program Files\Bitdefender\BitDefender 2011\ietoolbar.dll (BitDefender S.R.L.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4F90-B10D-FC6124A40F8C} - C:\Program Files\Bitdefender\BitDefender 2011\Antispam32\ietoolbar.dll (BitDefender S.R.L.)
O3 - HKLM\..\Toolbar: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {09EC805C-CB2E-4D53-B0D3-A75A428B81C7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentControl2 Toolbar) - {687578B9-7132-4A7A-80E4-30EE31099E03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [BDAgent] C:\Program Files\BitDefender\BitDefender 2011\bdagent.exe (BitDefender S.R.L.)
O4:64bit: - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2011\ieshow.exe (BitDefender S.R.L.)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ASUS Ai Charger] C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2011\Antispam32\ieshow.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [DVDAgent] C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [LVCOMS] C:\Program Files (x86)\Common Files\Logitech\QCDriver2\LVComS.exe (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NI Background Service] C:\Program Files (x86)\National Instruments\Shared\Update Service\BackgroundService.exe (National Instruments)
O4 - HKLM..\Run: [TSMAgent] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [TVAgent] C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (Wondershare)
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [cdloader] C:\Users\Setki\AppData\Roaming\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Setki\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [Grid] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraGrd.exe ()
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [RockMelt Update] C:\Users\Setki\AppData\Local\RockMelt\Update\RockMeltUpdate.exe (RockMelt Inc.)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_271_Plugin.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Users\Setki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk = C:\Users\Setki\AppData\Local\Facebook\Messenger\2.1.4590.0\FacebookMessenger.exe (Facebook)
O4 - Startup: C:\Users\Setki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Warkeys Update.lnk = C:\Program Files (x86)\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} http://content.syste...ri_4.1.71.0.cab (SysInfo Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.4.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{636C9744-F3E6-4564-BBED-288CCDAA5BC7}: NameServer = 80.80.160.8,80.80.160.9
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{693D1A46-98CA-45EC-A086-75F86574466F}: NameServer = 80.80.160.9,80.80.160.8
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\vsharechrome - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\vsharechrome - No CLSID value found
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - File not found
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - File not found
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - File not found
O29 - HKLM SecurityProviders - (credssp.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010-03-15 08:42:31 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\Setup.exe
O33 - MountPoints2\G\Shell\setup\command - "" = G:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012-09-01 03:22:42 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Users\Setki\Desktop\OTL.exe
[2012-09-01 03:00:26 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2012-09-01 03:00:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager
[2012-09-01 03:00:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Security Task Manager
[2012-08-29 14:05:06 | 000,000,000 | ---D | C] -- C:\Users\Setki\AppData\Local\My Games
[2012-08-29 13:45:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firaxis Games
[2012-08-29 13:44:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Firaxis Games
[2012-08-23 01:59:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\directx
[2012-08-23 01:55:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Commandos II
[2012-08-23 01:55:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Commandos II
[2012-08-12 05:25:42 | 000,000,000 | ---D | C] -- C:\Users\Setki\AppData\Local\Navnet_Solutions
[2012-08-12 05:13:10 | 000,000,000 | ---D | C] -- C:\Users\Setki\AppData\Roaming\NavNet Solutions
[2012-08-05 22:36:39 | 000,000,000 | ---D | C] -- C:\Users\Setki\Desktop\Foto 2
[2010-03-15 17:41:38 | 003,795,456 | ---- | C] (Adobe Systems, Incorporated) -- C:\Program Files\amtlib (2).dll
[2010-03-15 17:41:06 | 002,826,240 | ---- | C] (Adobe Systems, Incorporated) -- C:\Program Files\amtlib.dll

========== Files - Modified Within 30 Days ==========

[2012-09-01 03:22:47 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Setki\Desktop\OTL.exe
[2012-09-01 03:21:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012-09-01 03:08:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012-09-01 03:04:01 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-857608778-1826442614-4203300717-1000UA.job
[2012-09-01 02:46:00 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\RockMeltUpdateTaskUserS-1-5-21-857608778-1826442614-4203300717-1000UA.job
[2012-09-01 02:43:02 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-857608778-1826442614-4203300717-1000UA.job
[2012-09-01 02:35:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012-09-01 00:12:17 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-857608778-1826442614-4203300717-1000Core.job
[2012-08-31 21:46:00 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\RockMeltUpdateTaskUserS-1-5-21-857608778-1826442614-4203300717-1000Core.job
[2012-08-31 19:20:02 | 000,793,666 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012-08-31 19:20:02 | 000,662,034 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012-08-31 19:20:02 | 000,126,120 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012-08-31 18:54:42 | 000,013,456 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012-08-31 18:54:42 | 000,013,456 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012-08-31 18:44:56 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012-08-31 18:44:33 | 3018,186,752 | -HS- | M] () -- C:\hiberfil.sys
[2012-08-30 18:59:24 | 000,025,975 | ---- | M] () -- C:\Users\Setki\Desktop\543668_496746643687364_211430972_n.jpg
[2012-08-30 18:54:15 | 000,000,498 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Setki.job
[2012-08-30 17:20:53 | 000,001,016 | ---- | M] () -- C:\Users\Setki\Desktop\comm2.exe - Shortcut.lnk
[2012-08-29 13:53:20 | 000,001,324 | ---- | M] () -- C:\Users\Public\Desktop\Launch Sid Meier's Civilization 4.lnk
[2012-08-26 14:53:47 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-857608778-1826442614-4203300717-1000Core.job
[2012-08-22 00:12:00 | 000,002,280 | ---- | M] () -- C:\Users\Setki\Desktop\Google Chrome.lnk
[2012-08-22 00:12:00 | 000,002,157 | ---- | M] () -- C:\Users\Setki\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012-08-21 11:18:23 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForSetki.job
[2012-08-15 16:37:02 | 000,004,150 | ---- | M] () -- C:\Users\Setki\AppData\Roaming\wklnhst.dat
[2012-08-15 10:40:15 | 003,112,640 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012-08-13 14:46:31 | 000,000,991 | ---- | M] () -- C:\Users\Setki\Desktop\magicJack.lnk
[2012-08-08 13:41:31 | 000,001,850 | ---- | M] () -- C:\Users\Setki\Desktop\Counter-Strike 1.6.lnk
[2012-08-08 03:23:00 | 000,061,440 | ---- | M] () -- C:\Users\Setki\Desktop\552019_10150998384607005_1039139948_n.jpg

========== Files Created - No Company Name ==========

[2012-08-30 18:59:33 | 000,025,975 | ---- | C] () -- C:\Users\Setki\Desktop\543668_496746643687364_211430972_n.jpg
[2012-08-30 17:20:53 | 000,001,016 | ---- | C] () -- C:\Users\Setki\Desktop\comm2.exe - Shortcut.lnk
[2012-08-29 13:45:38 | 000,001,324 | ---- | C] () -- C:\Users\Public\Desktop\Launch Sid Meier's Civilization 4.lnk
[2012-08-08 13:41:31 | 000,001,850 | ---- | C] () -- C:\Users\Setki\Desktop\Counter-Strike 1.6.lnk
[2012-08-08 03:23:14 | 000,061,440 | ---- | C] () -- C:\Users\Setki\Desktop\552019_10150998384607005_1039139948_n.jpg
[2012-03-31 10:28:59 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\zyadeizbstq.ini
[2012-03-31 10:28:59 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\yruogei.ini
[2012-03-31 10:28:59 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\yft.ini
[2012-03-31 10:28:59 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\yeqc.ini
[2012-03-31 10:28:59 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\xhliavnncf.ini
[2012-03-31 10:28:59 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\xhepiahgu.ini
[2012-03-31 10:28:59 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\xitroqxj.dat
[2012-03-31 10:28:59 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\xdu.dat
[2012-03-31 10:28:59 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\xabxrnwognq.ini
[2012-03-31 10:28:59 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\wmaeoulj.ini
[2012-03-31 10:28:59 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\wgfzxqxc.dat
[2012-03-31 10:28:59 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\vwvpxtf.dat
[2012-03-31 10:28:59 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\vtccpjjxhbl.ini
[2012-03-31 10:28:59 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\vpymgh.ini
[2012-03-31 10:28:59 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\vhgdwwy.ini
[2012-03-31 10:28:59 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\uilhoi.dat
[2012-03-31 10:28:59 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\ugh.ini
[2012-03-31 10:28:59 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\uaqqwmjt.ini
[2012-03-31 10:28:59 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\tubh.ini
[2012-03-31 10:28:59 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\tjerrruiu.ini
[2012-03-31 10:28:59 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\tgysztaa.ini
[2012-03-31 10:28:59 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\tgp.dat
[2012-03-31 10:28:59 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\szanch.dat
[2012-03-31 10:28:59 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\skjqlknoa.ini
[2012-03-31 10:28:59 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\rvitifkhda.ini
[2012-03-31 10:28:59 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\rfbddh.dat
[2012-03-31 10:28:59 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\qzegqoobxiy.ini
[2012-03-31 10:28:59 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\qpghwlpi.ini
[2012-03-31 10:28:59 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\qnretzig.ini
[2012-03-31 10:28:59 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\pvsbacopgo.ini
[2012-03-31 10:28:59 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\ptfcgaof.dat
[2012-03-31 10:28:59 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\pefaimbebk.ini
[2012-03-31 10:28:59 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\okbzdweogsf.ini
[2012-03-31 10:28:59 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\ocduhsoaeky.ini
[2012-03-31 10:28:59 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\netcd.ini
[2012-03-31 10:28:59 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\mxdvmytw.ini
[2012-03-31 10:28:59 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\mlfml.ini
[2012-03-31 10:28:59 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\lxjydaq.dat
[2012-03-31 10:28:59 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\ldna.ini
[2012-03-31 10:28:59 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\kgqeevfnt.dat
[2012-03-31 10:28:59 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\kfkegdfzsmf.dat
[2012-03-31 10:28:59 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\kblu.ini
[2012-03-31 10:28:59 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\kaddzumq.ini
[2012-03-31 10:28:59 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\jxqxva.ini
[2012-03-31 10:28:59 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\ifvbafbi.dat
[2012-03-31 10:28:59 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\hxpuo.dat
[2012-03-31 10:28:59 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\hgdxppghmnp.dat
[2012-03-31 10:28:59 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\gksspjwk.dat
[2012-03-31 10:28:59 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\ggjxmqh.ini
[2012-03-31 10:28:59 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\gbx.ini
[2012-03-31 10:28:59 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\fyvyvw.ini
[2012-03-31 10:28:59 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\fqat.dat
[2012-03-31 10:28:59 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\fnyj.ini
[2012-03-31 10:28:59 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\fkuuzbgv.dat
[2012-03-31 10:28:59 | 000,000,028 | ---- | C] () -- C:\Windows\err.ini
[2012-03-31 10:28:59 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\dmtlsnues.dat
[2012-03-31 10:28:59 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\cqbt.ini
[2012-03-31 10:28:59 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\cntaml.ini
[2012-03-31 10:28:59 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\cfclssx.ini
[2012-03-31 10:28:59 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\cbgvboorrjj.dat
[2012-03-31 10:28:59 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\aclcvmx.ini
[2012-03-31 10:28:58 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\zmpm.dat
[2012-03-31 10:28:58 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\zlvlgaoro.dat
[2012-03-31 10:28:58 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\zbu.ini
[2012-03-31 10:28:58 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\yqwnxmuqkr.ini
[2012-03-31 10:28:58 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\ynbpico.ini
[2012-03-31 10:28:58 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\yfddtyco.ini
[2012-03-31 10:28:58 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\xhi.dat
[2012-03-31 10:28:58 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\xkiazoygsu.dat
[2012-03-31 10:28:58 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\xei.ini
[2012-03-31 10:28:58 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\xbwudob.ini
[2012-03-31 10:28:58 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\wztapis.ini
[2012-03-31 10:28:58 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\wvpmojcpagc.ini
[2012-03-31 10:28:58 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\wuienx.ini
[2012-03-31 10:28:58 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\wjd.ini
[2012-03-31 10:28:58 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\vwx.ini
[2012-03-31 10:28:58 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\vky.dat
[2012-03-31 10:28:58 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\vexcv.ini
[2012-03-31 10:28:58 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\uuknvmo.ini
[2012-03-31 10:28:58 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\tmksiwyo.ini
[2012-03-31 10:28:58 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\swrosmstc.ini
[2012-03-31 10:28:58 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\surl.ini
[2012-03-31 10:28:58 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\sthnpbr.ini
[2012-03-31 10:28:58 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\ruwy.dat
[2012-03-31 10:28:58 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\rtsquze.dat
[2012-03-31 10:28:58 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\rnaxcorvnpm.ini
[2012-03-31 10:28:58 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\rmkgnn.ini
[2012-03-31 10:28:58 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\rbou.dat
[2012-03-31 10:28:58 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\qqqewpfdl.ini
[2012-03-31 10:28:58 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\qheefqe.dat
[2012-03-31 10:28:58 | 000,000,028 | ---- | C] () -- C:\Windows\qgqkumwr.ini
[2012-03-31 10:28:58 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\psxulyb.ini
[2012-03-31 10:28:58 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\psuezqksw.dat
[2012-03-31 10:28:58 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\pqjjgvrcrr.ini
[2012-03-31 10:28:58 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\pplmagu.ini
[2012-03-31 10:28:58 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\onuhfaqdr.dat
[2012-03-31 10:28:58 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\ogn.ini
[2012-03-31 10:28:58 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\ogknbwh.ini
[2012-03-31 10:28:58 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\mpuqpwyjjoe.ini
[2012-03-31 10:28:58 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\mcrrrdylbyb.dat
[2012-03-31 10:28:58 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\mbpbf.ini
[2012-03-31 10:28:58 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\lhlcj.ini
[2012-03-31 10:28:58 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\htzs.dat
[2012-03-31 10:28:58 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\hoboh.dat
[2012-03-31 10:28:58 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\hmzimwaq.dat
[2012-03-31 10:28:58 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\hhxjfatux.dat
[2012-03-31 10:28:58 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\hbqnkzjqm.dat
[2012-03-31 10:28:58 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\gjrxn.dat
[2012-03-31 10:28:58 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\gzswrdxw.ini
[2012-03-31 10:28:58 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\giemuzl.ini
[2012-03-31 10:28:58 | 000,000,028 | ---- | C] () -- C:\Windows\fas.ini
[2012-03-31 10:28:58 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\ezafudvoiyt.ini
[2012-03-31 10:28:58 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\ehe.dat
[2012-03-31 10:28:58 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\egskehx.ini
[2012-03-31 10:28:58 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\edsljcdivuy.ini
[2012-03-31 10:28:58 | 000,000,028 | ---- | C] () -- C:\Windows\ecisfvuhpa.ini
[2012-03-31 10:28:58 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\dqajfj.ini
[2012-03-31 10:28:58 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\civwzqm.ini
[2012-03-31 10:28:58 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\cdntf.dat
[2012-03-31 10:28:58 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\blxcchdo.dat
[2012-03-31 10:28:58 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\aso.dat
[2012-03-31 10:28:58 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\apluecjxljh.ini
[2012-03-31 10:28:57 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\yztg.dat
[2012-03-31 10:28:57 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\ywcotf.ini
[2012-03-31 10:28:57 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\xrjmwls.ini
[2012-03-31 10:28:57 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\xratz.ini
[2012-03-31 10:28:57 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\xnrwoffi.ini
[2012-03-31 10:28:57 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\upqsk.dat
[2012-03-31 10:28:57 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\ubomomrwsdk.dat
[2012-03-31 10:28:57 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\svh.dat
[2012-03-31 10:28:57 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\sqrvkkbktxz.dat
[2012-03-31 10:28:57 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\rzuc.ini
[2012-03-31 10:28:57 | 000,000,028 | ---- | C] () -- C:\Windows\rnni.ini
[2012-03-31 10:28:57 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\riffaw.ini
[2012-03-31 10:28:57 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\rifbww.ini
[2012-03-31 10:28:57 | 000,000,028 | ---- | C] () -- C:\Windows\refyhravcw.dat
[2012-03-31 10:28:57 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\rckntimj.dat
[2012-03-31 10:28:57 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\qxbus.dat
[2012-03-31 10:28:57 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\qbdvroefxtf.ini
[2012-03-31 10:28:57 | 000,000,028 | ---- | C] () -- C:\Windows\pxluctu.dat
[2012-03-31 10:28:57 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\puxozpwjj.dat
[2012-03-31 10:28:57 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\pcpmvigyknw.dat
[2012-03-31 10:28:57 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\oxxpcqneqfk.dat
[2012-03-31 10:28:57 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\olcfhmx.ini
[2012-03-31 10:28:57 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\ndpxrjvfik.dat
[2012-03-31 10:28:57 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\mhymnl.ini
[2012-03-31 10:28:57 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\mhefcltipun.ini
[2012-03-31 10:28:57 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\lwcnbd.ini
[2012-03-31 10:28:57 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\lvjfqnrfy.dat
[2012-03-31 10:28:57 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\lmkwvtfa.ini
[2012-03-31 10:28:57 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\liif.ini
[2012-03-31 10:28:57 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\ktkvvqws.dat
[2012-03-31 10:28:57 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\kokjkgnayl.dat
[2012-03-31 10:28:57 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\jscxtijpp.ini
[2012-03-31 10:28:57 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\ixrmyzmuf.ini
[2012-03-31 10:28:57 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\itshnv.ini
[2012-03-31 10:28:57 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\isnvgwxvzx.ini
[2012-03-31 10:28:57 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\ikvd.ini
[2012-03-31 10:28:57 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\iduxw.ini
[2012-03-31 10:28:57 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\ict.ini
[2012-03-31 10:28:57 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\ibqvywo.ini
[2012-03-31 10:28:57 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\htubwk.ini
[2012-03-31 10:28:57 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\hqwxnfwmq.ini
[2012-03-31 10:28:57 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\hgu.ini
[2012-03-31 10:28:57 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\hfaptb.dat
[2012-03-31 10:28:57 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\gxveh.dat
[2012-03-31 10:28:57 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\gxiglgpq.ini
[2012-03-31 10:28:57 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\gswxesatox.ini
[2012-03-31 10:28:57 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\gecrm.ini
[2012-03-31 10:28:57 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\gcgii.ini
[2012-03-31 10:28:57 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\epuzw.ini
[2012-03-31 10:28:57 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\dxrnzku.ini
[2012-03-31 10:28:57 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\dkfd.ini
[2012-03-31 10:28:57 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\defhdp.ini
[2012-03-31 10:28:57 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\bzyz.dat
[2012-03-31 10:28:57 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\bsmobir.dat
[2012-03-31 10:28:57 | 000,000,028 | ---- | C] () -- C:\Windows\baxqskha.dat
[2012-03-31 10:28:57 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\ayyyufnvi.ini
[2012-03-31 10:28:57 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\arembuqqlhl.ini
[2012-03-31 10:28:57 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\akjgqsepny.ini
[2012-03-31 10:28:57 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\ajnzyssdz.dat
[2012-03-31 10:28:57 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\ajfm.ini
[2012-03-31 10:28:57 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\aesvs.dat
[2012-03-31 10:28:56 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\zhbezzk.ini
[2012-03-31 10:28:56 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\zzmbkjttcv.ini
[2012-03-31 10:28:56 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\zvxuplfqaiv.dat
[2012-03-31 10:28:56 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\zmulmsalvp.ini
[2012-03-31 10:28:56 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\zgtn.dat
[2012-03-31 10:28:56 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\yfguqg.dat
[2012-03-31 10:28:56 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\ybcwdcj.ini
[2012-03-31 10:28:56 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\xhxj.ini
[2012-03-31 10:28:56 | 000,000,028 | ---- | C] () -- C:\Windows\xibfo.dat
[2012-03-31 10:28:56 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\xbeumyws.ini
[2012-03-31 10:28:56 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\wvmaql.ini
[2012-03-31 10:28:56 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\wtkvqxla.ini
[2012-03-31 10:28:56 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\wmcwjfwebcg.dat
[2012-03-31 10:28:56 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\wjjkwjxof.dat
[2012-03-31 10:28:56 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\vuzy.ini
[2012-03-31 10:28:56 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\vekhfmquvd.dat
[2012-03-31 10:28:56 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\uvhkeoo.dat
[2012-03-31 10:28:56 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\ujupkolaxz.ini
[2012-03-31 10:28:56 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\uhgxcxne.ini
[2012-03-31 10:28:56 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\udixx.ini
[2012-03-31 10:28:56 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\tttpgilubhz.ini
[2012-03-31 10:28:56 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\tixbprzs.dat
[2012-03-31 10:28:56 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\tcu.ini
[2012-03-31 10:28:56 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\swmx.dat
[2012-03-31 10:28:56 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\srt.ini
[2012-03-31 10:28:56 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\sntlrnm.dat
[2012-03-31 10:28:56 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\slfzi.ini
[2012-03-31 10:28:56 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\skcx.dat
[2012-03-31 10:28:56 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\sjzadmi.ini
[2012-03-31 10:28:56 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\sfsz.dat
[2012-03-31 10:28:56 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\rumiqlhw.dat
[2012-03-31 10:28:56 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\rpz.ini
[2012-03-31 10:28:56 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\rhw.dat
[2012-03-31 10:28:56 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\qttwzyei.dat
[2012-03-31 10:28:56 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\qsopsnklrnj.dat
[2012-03-31 10:28:56 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\qrpcq.dat
[2012-03-31 10:28:56 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\qqqt.ini
[2012-03-31 10:28:56 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\pqognjycvt.dat
[2012-03-31 10:28:56 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\pjtdqi.ini
[2012-03-31 10:28:56 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\phcioojd.ini
[2012-03-31 10:28:56 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\pedcjlq.ini
[2012-03-31 10:28:56 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\pclkwlz.ini
[2012-03-31 10:28:56 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\pathdekgnl.dat
[2012-03-31 10:28:56 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\ousspnt.ini
[2012-03-31 10:28:56 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\otvbczqzr.dat
[2012-03-31 10:28:56 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\otorwgb.ini
[2012-03-31 10:28:56 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\oofzxmm.dat
[2012-03-31 10:28:56 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\oofsbkfk.ini
[2012-03-31 10:28:56 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\ooaomuyhvz.ini
[2012-03-31 10:28:56 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\olhdsirhbjm.dat
[2012-03-31 10:28:56 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\oicryjbsxhd.ini
[2012-03-31 10:28:56 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\ntpp.ini
[2012-03-31 10:28:56 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\npuailglpt.dat
[2012-03-31 10:28:56 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\narceunvfsr.ini
[2012-03-31 10:28:56 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\mwzhlh.ini
[2012-03-31 10:28:56 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\mwuwz.dat
[2012-03-31 10:28:56 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\mvhxlyyr.dat
[2012-03-31 10:28:56 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\minowwpnhw.dat
[2012-03-31 10:28:56 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\mflohpswrxl.dat
[2012-03-31 10:28:56 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\mbufohzbd.dat
[2012-03-31 10:28:56 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\maynwlp.ini
[2012-03-31 10:28:56 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\lvzw.dat
[2012-03-31 10:28:56 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\lqya.dat
[2012-03-31 10:28:56 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\lnm.ini
[2012-03-31 10:28:56 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\lffhqjpt.dat
[2012-03-31 10:28:56 | 000,000,028 | ---- | C] () -- C:\Windows\kragnbr.dat
[2012-03-31 10:28:56 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\kppamcnflm.dat
[2012-03-31 10:28:56 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\knk.ini
[2012-03-31 10:28:56 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\kkrk.ini
[2012-03-31 10:28:56 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\kjvzwobzke.ini
[2012-03-31 10:28:56 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\jvpytddxshm.ini
[2012-03-31 10:28:56 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\jvanbm.ini
[2012-03-31 10:28:56 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\jecbuzopv.ini
[2012-03-31 10:28:56 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\jazdltqdat.ini
[2012-03-31 10:28:56 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\ivz.ini
[2012-03-31 10:28:56 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\ithugwck.dat
[2012-03-31 10:28:56 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\imisiwl.ini
[2012-03-31 10:28:56 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\ilppyukvb.ini
[2012-03-31 10:28:56 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\hxokmtz.ini
[2012-03-31 10:28:56 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\hulemjbpzih.dat
[2012-03-31 10:28:56 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\hrfumedgw.ini
[2012-03-31 10:28:56 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\hiushfclfla.ini
[2012-03-31 10:28:56 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\gwegf.dat
[2012-03-31 10:28:56 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\ghdvcccqxcv.ini
[2012-03-31 10:28:56 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\fzzu.dat
[2012-03-31 10:28:56 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\fnxe.dat
[2012-03-31 10:28:56 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\fmlgoxxnn.ini
[2012-03-31 10:28:56 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\fhagevihj.dat
[2012-03-31 10:28:56 | 000,000,028 | ---- | C] () -- C:\Windows\eewo.ini
[2012-03-31 10:28:56 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\eesejbzog.ini
[2012-03-31 10:28:56 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\dmuuqmc.ini
[2012-03-31 10:28:56 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\djzobvavx.ini
[2012-03-31 10:28:56 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\dgppwo.dat
[2012-03-31 10:28:56 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\dgckkqqq.ini
[2012-03-31 10:28:56 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\dfswulgomz.ini
[2012-03-31 10:28:56 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\detwvkklv.ini
[2012-03-31 10:28:56 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\ctxnogspj.ini
[2012-03-31 10:28:56 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\cbqynozbpo.ini
[2012-03-31 10:28:56 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\byoqvakieh.ini
[2012-03-31 10:28:56 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\bxqecmpfn.ini
[2012-03-31 10:28:56 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\bulcyfilrrd.dat
[2012-03-31 10:28:56 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\bsxkwl.dat
[2012-03-31 10:28:56 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\betjex.ini
[2012-03-31 10:28:56 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\azuxhafgo.ini
[2012-03-31 10:28:56 | 000,000,028 | ---- | C] () -- C:\Windows\SysWow64\auemdu.ini
[2011-09-19 21:57:04 | 000,000,190 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011-08-24 18:41:51 | 000,017,408 | ---- | C] () -- C:\Users\Setki\AppData\Local\WebpageIcons.db
[2011-08-24 17:45:18 | 000,015,678 | ---- | C] () -- C:\ProgramData\1314200714.bdinstall.bin
[2011-08-24 17:44:37 | 000,084,994 | ---- | C] () -- C:\ProgramData\1314200656.bdinstall.bin
[2011-08-24 17:24:40 | 000,351,056 | ---- | C] () -- C:\ProgramData\bdinstall.bin
[2011-08-14 17:06:22 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011-08-14 17:06:22 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011-08-14 17:06:22 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011-08-14 17:06:22 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011-08-14 17:06:22 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011-06-22 21:38:39 | 000,000,144 | ---- | C] () -- C:\Windows\Sierra.ini
[2011-06-10 10:28:00 | 000,000,000 | ---- | C] () -- C:\Users\Setki\AppData\Local\{57855E01-4CFA-47B3-B132-B78A87F3821E}
[2011-06-07 19:02:07 | 000,780,226 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011-06-02 08:43:41 | 000,000,000 | ---- | C] () -- C:\Users\Setki\AppData\Local\{A4BE1F84-A88A-4DF9-9D7D-4C0EFE9EEAC5}
[2011-05-26 20:06:24 | 000,000,227 | ---- | C] () -- C:\Windows\PowerReg.dat
[2011-05-26 20:06:20 | 000,045,568 | ---- | C] () -- C:\Windows\UniFish3.exe
[2011-05-25 23:06:03 | 000,045,270 | ---- | C] () -- C:\Users\Setki\AppData\Roaming\room_v3.dat
[2011-05-24 20:41:56 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2011-04-09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011-03-25 16:12:18 | 000,046,742 | ---- | C] () -- C:\Users\Setki\AppData\Roaming\room.dat
[2011-02-13 18:16:09 | 000,001,854 | ---- | C] () -- C:\Users\Setki\AppData\Roaming\GhostObjGAFix.xml
[2010-11-20 17:10:07 | 000,000,565 | ---- | C] () -- C:\Users\Setki\AppData\Roaming\myMPQ.ini
[2010-11-12 20:35:21 | 000,000,039 | ---- | C] () -- C:\Windows\WININIT.INI
[2010-10-31 23:02:50 | 000,000,241 | ---- | C] () -- C:\Windows\QSync.INI
[2010-10-31 22:58:55 | 000,081,920 | ---- | C] () -- C:\Windows\bwUnin-6.1.4.36-8876480L.exe
[2010-09-26 12:46:03 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010-07-08 10:37:14 | 000,101,544 | ---- | C] () -- C:\Program Files\Common Files\LinkInstaller.exe
[2010-05-15 21:24:22 | 000,042,496 | ---- | C] () -- C:\Users\Setki\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-05-11 13:44:57 | 000,004,150 | ---- | C] () -- C:\Users\Setki\AppData\Roaming\wklnhst.dat
[2010-03-20 17:47:38 | 000,000,017 | ---- | C] () -- C:\Users\Setki\AppData\Local\resmon.resmoncfg

========== LOP Check ==========

[2012-08-11 22:43:30 | 000,000,000 | ---D | M] -- C:\Users\Setki\AppData\Roaming\.minecraft
[2012-08-30 20:03:27 | 000,000,000 | ---D | M] -- C:\Users\Setki\AppData\Roaming\.techniclauncher
[2010-06-28 23:34:34 | 000,000,000 | ---D | M] -- C:\Users\Setki\AppData\Roaming\Autodesk
[2011-09-29 21:15:04 | 000,000,000 | ---D | M] -- C:\Users\Setki\AppData\Roaming\BitDefender
[2012-04-29 01:32:55 | 000,000,000 | ---D | M] -- C:\Users\Setki\AppData\Roaming\BSplayer
[2012-04-28 23:00:03 | 000,000,000 | ---D | M] -- C:\Users\Setki\AppData\Roaming\BSplayer Pro
[2011-10-22 12:56:13 | 000,000,000 | ---D | M] -- C:\Users\Setki\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2012-02-12 01:35:58 | 000,000,000 | ---D | M] -- C:\Users\Setki\AppData\Roaming\CoreFTP
[2012-04-13 12:48:22 | 000,000,000 | ---D | M] -- C:\Users\Setki\AppData\Roaming\DAEMON Tools Lite
[2010-04-16 20:15:18 | 000,000,000 | ---D | M] -- C:\Users\Setki\AppData\Roaming\Facebook
[2010-03-20 21:13:15 | 000,000,000 | ---D | M] -- C:\Users\Setki\AppData\Roaming\funkitron
[2010-11-27 22:06:19 | 000,000,000 | ---D | M] -- C:\Users\Setki\AppData\Roaming\GetRightToGo
[2010-03-14 16:32:49 | 000,000,000 | ---D | M] -- C:\Users\Setki\AppData\Roaming\ImgBurn
[2011-08-06 15:09:50 | 000,000,000 | ---D | M] -- C:\Users\Setki\AppData\Roaming\LolClient
[2010-04-30 00:41:37 | 000,000,000 | ---D | M] -- C:\Users\Setki\AppData\Roaming\Ludia
[2012-08-13 14:46:34 | 000,000,000 | ---D | M] -- C:\Users\Setki\AppData\Roaming\mjusbsp
[2011-12-24 19:20:32 | 000,000,000 | ---D | M] -- C:\Users\Setki\AppData\Roaming\MoreTerra
[2012-08-12 05:13:10 | 000,000,000 | ---D | M] -- C:\Users\Setki\AppData\Roaming\NavNet Solutions
[2010-08-02 15:09:33 | 000,000,000 | ---D | M] -- C:\Users\Setki\AppData\Roaming\Nokia
[2011-12-26 02:19:25 | 000,000,000 | ---D | M] -- C:\Users\Setki\AppData\Roaming\ooVoo Details
[2010-08-02 15:08:30 | 000,000,000 | ---D | M] -- C:\Users\Setki\AppData\Roaming\PC Suite
[2011-05-15 22:18:24 | 000,000,000 | ---D | M] -- C:\Users\Setki\AppData\Roaming\PlayFirst
[2011-09-29 21:07:09 | 000,000,000 | ---D | M] -- C:\Users\Setki\AppData\Roaming\QuickScan
[2012-07-11 20:07:28 | 000,000,000 | ---D | M] -- C:\Users\Setki\AppData\Roaming\redsn0w
[2011-03-27 19:42:30 | 000,000,000 | ---D | M] -- C:\Users\Setki\AppData\Roaming\Registry Mechanic
[2012-01-30 16:09:53 | 000,000,000 | ---D | M] -- C:\Users\Setki\AppData\Roaming\SystemRequirementsLab
[2010-05-11 13:45:02 | 000,000,000 | ---D | M] -- C:\Users\Setki\AppData\Roaming\Template
[2010-03-14 16:33:08 | 000,000,000 | ---D | M] -- C:\Users\Setki\AppData\Roaming\Ubisoft
[2012-09-01 03:29:25 | 000,000,000 | ---D | M] -- C:\Users\Setki\AppData\Roaming\uTorrent
[2010-03-14 16:33:09 | 000,000,000 | ---D | M] -- C:\Users\Setki\AppData\Roaming\WildTangent
[2010-03-22 03:09:11 | 000,000,000 | ---D | M] -- C:\Users\Setki\AppData\Roaming\WinBatch
[2012-06-01 20:31:52 | 000,000,000 | ---D | M] -- C:\Users\Setki\AppData\Roaming\Wondershare Video Converter Ultimate
[2012-09-01 00:12:17 | 000,000,906 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-857608778-1826442614-4203300717-1000Core.job
[2012-09-01 02:43:02 | 000,000,928 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-857608778-1826442614-4203300717-1000UA.job
[2012-08-31 21:46:00 | 000,000,876 | ---- | M] () -- C:\Windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-857608778-1826442614-4203300717-1000Core.job
[2012-09-01 02:46:00 | 000,000,928 | ---- | M] () -- C:\Windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-857608778-1826442614-4203300717-1000UA.job
[2012-07-01 09:42:22 | 000,032,590 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2011-12-03 20:26:18 | 000,000,000 | ---- | M] ()(C:\Windows\SysNative\?????) -- C:\Windows\SysNative\獷楬汢捯污
[2011-12-03 20:19:09 | 000,000,000 | ---- | C] ()(C:\Windows\SysNative\?????) -- C:\Windows\SysNative\獷楬汢捯污

========== Alternate Data Streams ==========

@Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:D1B5B4F1

< End of report >

Attached Files

  • Attached File  OTL.Txt   174.67KB   82 downloads

  • 0

#3
Render
Posted 01 September 2012 - 10:31 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi and welcome to GeeksToGo! Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out :)

It may well be worth you printing/saving the instructions throughout the fix, so you have them to hand just in case you are unable to access this site.

Please note:
  • Remember to post your logs, not attach them. So, any logs from any programs we run, should be just 'copied & pasted' into your reply.
  • Please only run the tools that I request. I know malware can be frustrating but running other tools in the meantime and between posts, only makes it harder for us to analyse and fix your PC in the long run.
  • Please subscribe to this topic if you have not already done so. Please check back just in case, as the email system can fail at times.
  • Just because your machine is running better does not mean it is completely cleaned. Please wait for the 'all clear' from me to say when we are done.
  • Please reply within 3 days to be fair to other people asking for help.
  • Please tell me if you have your original Windows CD/DVD available
  • When in doubt, please stop and ask first. There's no harm in asking questions!

  • Please download aswMBR.exe to your desktop.
  • Double click the aswMBR.exe to run it.

    Posted Image
  • When asked if you want to download Avast's virus definitions please select Yes.
    Note: If avast! antivirus is already installed, just do the next step.
  • Click the Scan button to start scan.

    Posted Image
  • On completion of the scan click Save log, save it to your desktop and post in your next reply.
  • Also on Desktop there should be a file called MBR.dat after that. Please attach it here.

How to add an attachment to a new topic or reply
  • 0

#4
Valoni
Posted 01 September 2012 - 03:38 PM

Valoni

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
I don't have an original Windows CD/DVD available.
and here's the log you requested:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-01 21:50:01
-----------------------------
21:50:01.180 OS Version: Windows x64 6.1.7601 Service Pack 1
21:50:01.180 Number of processors: 2 586 0x301
21:50:01.217 ComputerName: SETKI-PC UserName: Setki
21:50:04.292 Initialize success
21:52:34.902 AVAST engine defs: 12090100
21:54:23.095 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
21:54:23.100 Disk 0 Vendor: WDC_WD2500BEVT-60ZCT1 13.01A13 Size: 238475MB BusType: 11
21:54:23.121 Disk 0 MBR read successfully
21:54:23.125 Disk 0 MBR scan
21:54:23.132 Disk 0 Windows 7 default MBR code
21:54:23.145 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 225045 MB offset 2048
21:54:23.197 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 13426 MB offset 460894208
21:54:23.247 Disk 0 scanning C:\Windows\system32\drivers
21:54:43.733 Service scanning
21:55:36.440 Modules scanning
21:55:36.456 Disk 0 trace - called modules:
21:55:36.511 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys >>UNKNOWN [0xfffffa800499e2c0]<<sptd.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
21:55:36.519 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004ce5790]
21:55:36.888 3 CLASSPNP.SYS[fffff88001bb443f] -> nt!IofCallDriver -> [0xfffffa8004ce4040]
21:55:36.897 5 hpdskflt.sys[fffff88001b952bd] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004c56060]
21:55:36.908 \Driver\atapi[0xfffffa8004a377d0] -> IRP_MJ_CREATE -> 0xfffffa800499e2c0
21:55:38.601 AVAST engine scan C:\Windows
21:55:45.499 AVAST engine scan C:\Windows\system32
22:02:45.024 AVAST engine scan C:\Windows\system32\drivers
22:03:16.138 AVAST engine scan C:\Users\Setki
22:41:32.241 AVAST engine scan C:\ProgramData
22:50:11.627 Scan finished successfully
23:03:58.370 Disk 0 MBR has been saved successfully to "C:\Users\Setki\Desktop\MBR.dat"
23:03:58.383 The log file has been saved successfully to "C:\Users\Setki\Desktop\aswMBR.txt"
  • 0

#5
Render
Posted 02 September 2012 - 12:26 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Please download fix.txt to your Desktop. Attached File  fix.txt   19.8KB   152 downloads

We need to run an OTL Fix

Note: If you have MalwareBytes Anti-Malware 1.6 or higher installed and are using the Pro version or trial version, please temporarily disable it for the duration of this fix as it may interfere with the successfully execution of the script below.

Warning This fix is only relevant for this system and no other, using on another computer may cause problems.

  • Please double click on Posted Image on your Desktop (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
  • Click on Run fix button and then on OK.
  • Navigate to fix.txt file on your Desktop, select it and click on Open button.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • Click on Posted Image button.
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click on Posted Image button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#6
Valoni
Posted 03 September 2012 - 04:31 PM

Valoni

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Here's the fix log:


Files\Folders moved on Reboot...
C:\Users\Setki\AppData\Local\Temp\ehmsas.txt moved successfully.
C:\Users\Setki\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

OTL quickscan is running I'll edit the log when it finishes.


EDIT:
Here's the OTL log:

OTL logfile created on: 2012-09-04 12:30:35 PD - Run 5
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Setki\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000041C | Country: Albania | Language: SQI | Date Format: yyyy-MM-dd

3,75 Gb Total Physical Memory | 2,20 Gb Available Physical Memory | 58,81% Memory free
9,37 Gb Paging File | 7,58 Gb Available in Paging File | 80,94% Paging File free
Paging file location(s): C:\pagefile.sys 5755 5755 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 219,77 Gb Total Space | 32,06 Gb Free Space | 14,59% Space Free | Partition Type: NTFS
Drive D: | 13,11 Gb Total Space | 2,00 Gb Free Space | 15,27% Space Free | Partition Type: NTFS

Computer Name: SETKI-PC | User Name: Setki | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-09-01 03:22:47 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Setki\Desktop\OTL.exe
PRC - [2012-08-24 00:11:42 | 000,529,744 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2012-08-04 10:37:05 | 001,353,080 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2012-07-03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012-06-01 21:40:50 | 000,136,336 | ---- | M] (RockMelt Inc.) -- C:\Users\Setki\AppData\Local\RockMelt\Update\1.2.189.1\RockMeltCrashHandler.exe
PRC - [2011-09-29 22:37:29 | 000,064,048 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\Bitdefender\BitDefender 2011\Antispam32\pchooklaunch32.exe
PRC - [2011-08-05 23:33:15 | 003,077,528 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
PRC - [2011-03-28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011-02-15 03:32:52 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010-05-27 12:42:24 | 000,385,024 | ---- | M] () -- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraGrd.exe
PRC - [2010-05-10 11:04:16 | 000,465,536 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe
PRC - [2009-01-21 17:23:16 | 000,210,216 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe
PRC - [2008-12-25 23:41:20 | 000,189,736 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2008-12-25 23:41:16 | 001,316,136 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
PRC - [2008-12-03 04:28:22 | 000,365,952 | ---- | M] () -- C:\Program Files (x86)\SMINST\BLService.exe
PRC - [2008-11-29 04:04:26 | 001,148,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2008-11-27 03:13:08 | 000,296,320 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
PRC - [2008-11-27 03:13:08 | 000,116,096 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
PRC - [2007-11-27 16:38:04 | 000,695,136 | ---- | M] (National Instruments, Inc.) -- C:\Windows\SysWOW64\lkcitdl.exe
PRC - [2007-11-27 14:57:52 | 000,213,552 | ---- | M] (National Instruments Corporation) -- C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
PRC - [2007-11-27 14:57:20 | 000,050,736 | ---- | M] (National Instruments Corporation) -- C:\Windows\SysWOW64\lktsrv.exe
PRC - [2007-11-27 14:56:48 | 000,040,488 | ---- | M] (National Instruments Corporation) -- C:\Windows\SysWOW64\lkads.exe
PRC - [2007-07-19 17:38:16 | 000,048,704 | ---- | M] (National Instruments Corp.) -- C:\Windows\SysWOW64\nisvcloc.exe
PRC - [2002-09-20 16:16:30 | 000,090,112 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\Logitech\QCDriver2\LVComS.exe


========== Modules (No Company Name) ==========

MOD - [2012-08-30 04:58:45 | 000,442,392 | ---- | M] () -- C:\Users\Setki\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppgooglenaclpluginchrome.dll
MOD - [2012-08-30 04:58:42 | 003,997,720 | ---- | M] () -- C:\Users\Setki\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll
MOD - [2012-08-30 04:57:15 | 000,144,424 | ---- | M] () -- C:\Users\Setki\AppData\Local\Google\Chrome\Application\21.0.1180.89\avutil-51.dll
MOD - [2012-08-30 04:57:13 | 000,266,792 | ---- | M] () -- C:\Users\Setki\AppData\Local\Google\Chrome\Application\21.0.1180.89\avformat-54.dll
MOD - [2012-08-30 04:57:12 | 002,480,680 | ---- | M] () -- C:\Users\Setki\AppData\Local\Google\Chrome\Application\21.0.1180.89\avcodec-54.dll
MOD - [2012-08-24 00:11:41 | 020,317,008 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2012-08-24 00:11:39 | 001,099,616 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2012-08-24 00:11:39 | 000,902,480 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2012-08-24 00:11:39 | 000,190,816 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2012-08-24 00:11:39 | 000,123,232 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2012-02-20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012-02-20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011-08-05 23:33:15 | 003,077,528 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
MOD - [2011-02-15 03:33:34 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011-02-15 03:32:52 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2010-05-27 12:42:24 | 000,385,024 | ---- | M] () -- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraGrd.exe
MOD - [2008-12-25 23:41:24 | 000,881,960 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
MOD - [2008-11-27 03:13:08 | 000,263,560 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\CLCapEngine.dll
MOD - [2008-11-27 03:13:08 | 000,124,288 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\CLSchMgr.dll
MOD - [2008-11-27 03:13:08 | 000,038,184 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\CLCapSvcps.dll
MOD - [2008-11-27 03:13:06 | 000,349,480 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\CLTinyDB.dll


========== Services (SafeList) ==========

SRV:64bit: - [2011-01-26 13:38:11 | 000,350,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\inetsrv\ftpsvc.dll -- (ftpsvc)
SRV:64bit: - [2010-09-22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010-07-16 16:03:58 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2010-05-27 18:59:40 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010-03-23 15:53:06 | 000,247,808 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010-03-15 17:23:12 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2009-07-14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009-07-14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009-06-03 03:13:02 | 000,721,712 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysNative\vfsFPService.exe -- (vfsFPService)
SRV:64bit: - [2009-03-02 19:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008-08-26 20:02:20 | 000,016,896 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV - [2012-08-24 00:11:42 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012-08-15 10:10:36 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012-07-03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011-09-09 17:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011-06-08 13:02:00 | 000,633,856 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011-03-28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010-06-28 23:38:46 | 000,077,944 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2010-03-23 15:53:06 | 000,247,808 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe -- (STacSV)
SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010-03-15 17:22:57 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009-06-03 03:12:50 | 000,599,344 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vfsFPService.exe -- (vfsFPService)
SRV - [2009-03-02 19:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe -- (AESTFilters)
SRV - [2008-12-03 04:28:22 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008-11-27 03:13:08 | 000,296,320 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe -- (TVCapSvc)
SRV - [2008-11-27 03:13:08 | 000,116,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- (TVSched)
SRV - [2007-11-27 16:38:04 | 000,695,136 | ---- | M] (National Instruments, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\lkcitdl.exe -- (LkCitadelServer)
SRV - [2007-11-27 14:57:52 | 000,213,552 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe -- (NIDomainService)
SRV - [2007-11-27 14:57:20 | 000,050,736 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Windows\SysWOW64\lktsrv.exe -- (lkTimeSync)
SRV - [2007-11-27 14:56:48 | 000,040,488 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Windows\SysWOW64\lkads.exe -- (lkClassAds)
SRV - [2007-07-19 17:38:16 | 000,048,704 | ---- | M] (National Instruments Corp.) [Auto | Running] -- C:\Windows\SysWOW64\nisvcloc.exe -- (niSvcLoc)
SRV - [2007-01-29 16:19:48 | 001,007,616 | ---- | M] (Macrovision Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe -- (NILM License Manager)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012-07-03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012-04-07 22:21:49 | 000,564,792 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2012-03-08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012-03-01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012-02-15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011-09-29 22:39:47 | 000,099,408 | ---- | M] (BitDefender) [Kernel | System | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys -- (bdfwfpf)
DRV:64bit: - [2011-09-29 22:38:16 | 000,431,176 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\bdfsfltr.sys -- (bdfsfltr)
DRV:64bit: - [2011-08-17 10:58:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2011-08-17 10:58:22 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2011-08-17 10:58:20 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2011-08-17 10:58:16 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2011-03-11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011-03-11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010-11-20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010-11-20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010-11-20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010-11-20 12:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010-07-16 16:04:04 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2010-07-16 16:03:48 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2010-06-28 12:55:44 | 001,040,976 | ---- | M] (BitDefender) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\avckf.sys -- (avckf)
DRV:64bit: - [2010-06-28 12:55:38 | 000,692,816 | ---- | M] (BitDefender) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\avc3.sys -- (avc3)
DRV:64bit: - [2010-06-23 00:39:52 | 002,978,296 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010-06-23 00:37:15 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010-05-27 19:39:12 | 006,856,192 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010-05-27 19:39:12 | 006,856,192 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010-05-27 18:25:36 | 000,264,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010-05-13 16:52:08 | 000,162,896 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bdfm.sys -- (BDFM)
DRV:64bit: - [2010-05-05 16:38:26 | 000,014,592 | ---- | M] (ASUSTek Computer Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AiCharger.sys -- (AiCharger)
DRV:64bit: - [2010-03-23 15:53:06 | 000,505,344 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010-02-28 17:16:17 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2010-02-28 17:16:16 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2010-01-19 19:32:40 | 000,103,944 | ---- | M] (BitDefender) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\bdvedisk.sys -- (Bdvedisk)
DRV:64bit: - [2009-09-02 04:09:34 | 000,221,696 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009-05-20 15:09:00 | 000,070,656 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\enecir.sys -- (enecir)
DRV:64bit: - [2009-05-18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009-05-13 11:39:00 | 000,239,152 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009-04-29 08:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2009-03-18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2008-11-21 23:05:22 | 001,253,376 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2008-08-28 12:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2008-07-21 11:53:04 | 000,145,496 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2008-06-27 08:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV:64bit: - [2008-05-28 18:54:18 | 000,026,168 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2008-04-28 07:25:06 | 000,016,400 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV - [2011-03-24 15:36:18 | 000,353,096 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\Windows\SysWOW64\drivers\bdfsfltr.sys -- (bdfsfltr)
DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008-11-29 04:04:24 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/02/27 02:40:48] [Kernel | Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})
DRV - [2008-08-14 08:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\URLSearchHook: {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - No CLSID value found
IE - HKLM\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{D15581E7-ED7E-41FB-95A2-05CDF3376D01}: "URL" = http://search.condui...&ctid=CT2233703

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\URLSearchHook: {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - No CLSID value found
IE - HKCU\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF}: "URL" = http://vshare.toolba...Terms}&srch=dsp
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{D15581E7-ED7E-41FB-95A2-05CDF3376D01}: "URL" = http://search.condui...&ctid=CT2233703
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;*.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Setki\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Setki\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Setki\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Setki\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Setki\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\@us-w1.rockmelt.com/RockMelt Update;version=8: C:\Users\Setki\AppData\Local\RockMelt\Update\1.2.189.1\npRockMeltOneClick8.dll (RockMelt Inc.)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Setki\AppData\Local\Facebook\Messenger\2.1.4623.0\npFbDesktopPlugin.dll (Facebook, Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\PROGRAM FILES\BITDEFENDER\BITDEFENDER 2011\BDAPHFFEXT\ [2011-10-12 18:48:26 | 000,000,000 | ---D | M]
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\PROGRAM FILES\BITDEFENDER\BITDEFENDER 2011\BDTBEXT\ [2011-10-12 18:48:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011-03-26 01:01:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011-03-26 01:01:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011-08-15 19:38:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\BitDefender\BitDefender 2011\bdaphffext\ [2011-10-12 18:48:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011-08-15 19:38:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\BitDefender\BitDefender 2011\bdtbext\ [2011-10-12 18:48:26 | 000,000,000 | ---D | M]

[2012-05-27 01:31:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Setki\AppData\Roaming\Mozilla\Firefox\extensions
[2012-05-27 01:31:36 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\Setki\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Setki\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Setki\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Setki\AppData\Local\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Setki\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: HP Product Detection Plugin for Mozilla (Enabled) = C:\Users\Setki\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnhbepgnjnaoahohppnffanmkjkjoglp\1.0.15.0_0\plugins/npProductDetectPlugin.dll
CHR - plugin: HP Active Check Plugin (Enabled) = C:\Users\Setki\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnhbepgnjnaoahohppnffanmkjkjoglp\1.0.15.0_0\plugins/npAclmPlugin.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files (x86)\Veetle\Player\npvlc.dll
CHR - plugin: Veetle Broadcaster Plugin (Enabled) = C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Setki\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Setki\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Setki\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Click to activate/deactivate ProxTube = C:\Users\Setki\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek\1.1.2_0\
CHR - Extension: YouTube = C:\Users\Setki\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Setki\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: DivX HiQ = C:\Users\Setki\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\
CHR - Extension: Windows Media Player Extension for HTML5 = C:\Users\Setki\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak\1.0_1\
CHR - Extension: HP Product Detection Plugin = C:\Users\Setki\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnhbepgnjnaoahohppnffanmkjkjoglp\1.0.15.0_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Setki\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\
CHR - Extension: uTorrentControl2 = C:\Users\Setki\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\2.3.15.10_0\
CHR - Extension: Facebook Sidebar Chat Reversion = C:\Users\Setki\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfophgoebcoehkldfgeffhnlcabhhomn\1.5.3_0\
CHR - Extension: Gmail = C:\Users\Setki\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2011-08-14 17:36:23 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3:64bit: - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4F90-B10D-FC6124A40F8C} - C:\Program Files\Bitdefender\BitDefender 2011\ietoolbar.dll (BitDefender S.R.L.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4F90-B10D-FC6124A40F8C} - C:\Program Files\Bitdefender\BitDefender 2011\Antispam32\ietoolbar.dll (BitDefender S.R.L.)
O3 - HKLM\..\Toolbar: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {09EC805C-CB2E-4D53-B0D3-A75A428B81C7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentControl2 Toolbar) - {687578B9-7132-4A7A-80E4-30EE31099E03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [BDAgent] C:\Program Files\BitDefender\BitDefender 2011\bdagent.exe (BitDefender S.R.L.)
O4:64bit: - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2011\ieshow.exe (BitDefender S.R.L.)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ASUS Ai Charger] C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2011\Antispam32\ieshow.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [DVDAgent] C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [LVCOMS] C:\Program Files (x86)\Common Files\Logitech\QCDriver2\LVComS.exe (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NI Background Service] C:\Program Files (x86)\National Instruments\Shared\Update Service\BackgroundService.exe (National Instruments)
O4 - HKLM..\Run: [TSMAgent] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [TVAgent] C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (Wondershare)
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [cdloader] C:\Users\Setki\AppData\Roaming\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Setki\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [Grid] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraGrd.exe ()
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [RockMelt Update] C:\Users\Setki\AppData\Local\RockMelt\Update\RockMeltUpdate.exe (RockMelt Inc.)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Setki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk = C:\Users\Setki\AppData\Local\Facebook\Messenger\2.1.4623.0\FacebookMessenger.exe (Facebook)
O4 - Startup: C:\Users\Setki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Warkeys Update.lnk = C:\Program Files (x86)\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} http://content.syste...ri_4.1.71.0.cab (SysInfo Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.4.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{636C9744-F3E6-4564-BBED-288CCDAA5BC7}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{693D1A46-98CA-45EC-A086-75F86574466F}: NameServer = 80.80.160.9,80.80.160.8
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\vsharechrome - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\vsharechrome - No CLSID value found
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - File not found
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - File not found
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - File not found
O29 - HKLM SecurityProviders - (credssp.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010-03-15 08:42:31 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\Setup.exe
O33 - MountPoints2\G\Shell\setup\command - "" = G:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012-09-04 00:22:03 | 000,000,000 | ---D | C] -- C:\_OTL
[2012-09-03 11:28:28 | 000,000,000 | ---D | C] -- C:\Users\Setki\AppData\Roaming\Unity
[2012-09-01 23:44:59 | 000,000,000 | ---D | C] -- C:\Users\Setki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook
[2012-09-01 03:22:42 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Users\Setki\Desktop\OTL.exe
[2012-09-01 03:00:26 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2012-09-01 03:00:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager
[2012-09-01 03:00:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Security Task Manager
[2012-08-29 14:05:06 | 000,000,000 | ---D | C] -- C:\Users\Setki\AppData\Local\My Games
[2012-08-29 13:45:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firaxis Games
[2012-08-29 13:44:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Firaxis Games
[2012-08-23 01:59:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\directx
[2012-08-23 01:55:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Commandos II
[2012-08-23 01:55:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Commandos II
[2012-08-12 05:25:42 | 000,000,000 | ---D | C] -- C:\Users\Setki\AppData\Local\Navnet_Solutions
[2012-08-12 05:13:10 | 000,000,000 | ---D | C] -- C:\Users\Setki\AppData\Roaming\NavNet Solutions
[2012-08-05 22:36:39 | 000,000,000 | ---D | C] -- C:\Users\Setki\Desktop\Foto 2
[2010-03-15 17:41:38 | 003,795,456 | ---- | C] (Adobe Systems, Incorporated) -- C:\Program Files\amtlib (2).dll
[2010-03-15 17:41:06 | 002,826,240 | ---- | C] (Adobe Systems, Incorporated) -- C:\Program Files\amtlib.dll

========== Files - Modified Within 30 Days ==========

[2012-09-04 00:33:55 | 000,013,456 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012-09-04 00:33:55 | 000,013,456 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012-09-04 00:25:05 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012-09-04 00:24:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012-09-04 00:24:31 | 3018,186,752 | -HS- | M] () -- C:\hiberfil.sys
[2012-09-04 00:21:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012-09-04 00:19:44 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012-09-04 00:04:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-857608778-1826442614-4203300717-1000UA.job
[2012-09-03 23:46:02 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\RockMeltUpdateTaskUserS-1-5-21-857608778-1826442614-4203300717-1000UA.job
[2012-09-03 23:43:03 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-857608778-1826442614-4203300717-1000UA.job
[2012-09-03 23:43:02 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-857608778-1826442614-4203300717-1000Core.job
[2012-09-03 21:46:00 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\RockMeltUpdateTaskUserS-1-5-21-857608778-1826442614-4203300717-1000Core.job
[2012-09-03 20:17:43 | 000,000,498 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Setki.job
[2012-09-03 15:53:23 | 000,002,157 | ---- | M] () -- C:\Users\Setki\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012-09-03 15:53:22 | 000,002,280 | ---- | M] () -- C:\Users\Setki\Desktop\Google Chrome.lnk
[2012-09-03 11:04:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-857608778-1826442614-4203300717-1000Core.job
[2012-09-01 23:45:00 | 000,001,332 | ---- | M] () -- C:\Users\Setki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
[2012-09-01 23:03:58 | 000,000,512 | ---- | M] () -- C:\Users\Setki\Desktop\MBR.dat
[2012-09-01 03:22:47 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Setki\Desktop\OTL.exe
[2012-08-31 19:20:02 | 000,793,666 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012-08-31 19:20:02 | 000,662,034 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012-08-31 19:20:02 | 000,126,120 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012-08-30 18:59:24 | 000,025,975 | ---- | M] () -- C:\Users\Setki\Desktop\543668_496746643687364_211430972_n.jpg
[2012-08-30 17:20:53 | 000,001,016 | ---- | M] () -- C:\Users\Setki\Desktop\comm2.exe - Shortcut.lnk
[2012-08-29 13:53:20 | 000,001,324 | ---- | M] () -- C:\Users\Public\Desktop\Launch Sid Meier's Civilization 4.lnk
[2012-08-21 11:18:23 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForSetki.job
[2012-08-15 16:37:02 | 000,004,150 | ---- | M] () -- C:\Users\Setki\AppData\Roaming\wklnhst.dat
[2012-08-15 10:40:15 | 003,112,640 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012-08-13 14:46:31 | 000,000,991 | ---- | M] () -- C:\Users\Setki\Desktop\magicJack.lnk
[2012-08-08 13:41:31 | 000,001,850 | ---- | M] () -- C:\Users\Setki\Desktop\Counter-Strike 1.6.lnk
[2012-08-08 03:23:00 | 000,061,440 | ---- | M] () -- C:\Users\Setki\Desktop\552019_10150998384607005_1039139948_n.jpg

========== Files Created - No Company Name ==========

[2012-09-01 23:03:58 | 000,000,512 | ---- | C] () -- C:\Users\Setki\Desktop\MBR.dat
[2012-08-30 18:59:33 | 000,025,975 | ---- | C] () -- C:\Users\Setki\Desktop\543668_496746643687364_211430972_n.jpg
[2012-08-30 17:20:53 | 000,001,016 | ---- | C] () -- C:\Users\Setki\Desktop\comm2.exe - Shortcut.lnk
[2012-08-29 13:45:38 | 000,001,324 | ---- | C] () -- C:\Users\Public\Desktop\Launch Sid Meier's Civilization 4.lnk
[2012-08-08 13:41:31 | 000,001,850 | ---- | C] () -- C:\Users\Setki\Desktop\Counter-Strike 1.6.lnk
[2012-08-08 03:23:14 | 000,061,440 | ---- | C] () -- C:\Users\Setki\Desktop\552019_10150998384607005_1039139948_n.jpg
[2011-09-19 21:57:04 | 000,000,190 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011-08-24 18:41:51 | 000,017,408 | ---- | C] () -- C:\Users\Setki\AppData\Local\WebpageIcons.db
[2011-08-24 17:45:18 | 000,015,678 | ---- | C] () -- C:\ProgramData\1314200714.bdinstall.bin
[2011-08-24 17:44:37 | 000,084,994 | ---- | C] () -- C:\ProgramData\1314200656.bdinstall.bin
[2011-08-24 17:24:40 | 000,351,056 | ---- | C] () -- C:\ProgramData\bdinstall.bin
[2011-08-14 17:06:22 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011-08-14 17:06:22 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011-08-14 17:06:22 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011-08-14 17:06:22 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011-08-14 17:06:22 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011-06-22 21:38:39 | 000,000,144 | ---- | C] () -- C:\Windows\Sierra.ini
[2011-06-10 10:28:00 | 000,000,000 | ---- | C] () -- C:\Users\Setki\AppData\Local\{57855E01-4CFA-47B3-B132-B78A87F3821E}
[2011-06-07 19:02:07 | 000,780,226 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011-06-02 08:43:41 | 000,000,000 | ---- | C] () -- C:\Users\Setki\AppData\Local\{A4BE1F84-A88A-4DF9-9D7D-4C0EFE9EEAC5}
[2011-05-26 20:06:24 | 000,000,227 | ---- | C] () -- C:\Windows\PowerReg.dat
[2011-05-26 20:06:20 | 000,045,568 | ---- | C] () -- C:\Windows\UniFish3.exe
[2011-05-25 23:06:03 | 000,045,270 | ---- | C] () -- C:\Users\Setki\AppData\Roaming\room_v3.dat
[2011-05-24 20:41:56 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2011-04-09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011-03-25 16:12:18 | 000,046,742 | ---- | C] () -- C:\Users\Setki\AppData\Roaming\room.dat
[2011-02-13 18:16:09 | 000,001,854 | ---- | C] () -- C:\Users\Setki\AppData\Roaming\GhostObjGAFix.xml
[2010-11-20 17:10:07 | 000,000,565 | ---- | C] () -- C:\Users\Setki\AppData\Roaming\myMPQ.ini
[2010-11-12 20:35:21 | 000,000,039 | ---- | C] () -- C:\Windows\WININIT.INI
[2010-10-31 23:02:50 | 000,000,241 | ---- | C] () -- C:\Windows\QSync.INI
[2010-10-31 22:58:55 | 000,081,920 | ---- | C] () -- C:\Windows\bwUnin-6.1.4.36-8876480L.exe
[2010-09-26 12:46:03 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010-07-08 10:37:14 | 000,101,544 | ---- | C] () -- C:\Program Files\Common Files\LinkInstaller.exe
[2010-05-15 21:24:22 | 000,042,496 | ---- | C] () -- C:\Users\Setki\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-05-11 13:44:57 | 000,004,150 | ---- | C] () -- C:\Users\Setki\AppData\Roaming\wklnhst.dat
[2010-03-20 17:47:38 | 000,000,017 | ---- | C] () -- C:\Users\Setki\AppData\Local\resmon.resmoncfg

========== LOP Check ==========

[2012-08-11 22:43:30 | 000,000,000 | ---D | M] -- C:\Users\Setki\AppData\Roaming\.minecraft
[2012-08-30 20:03:27 | 000,000,000 | ---D | M] -- C:\Users\Setki\AppData\Roaming\.techniclauncher
[2010-06-28 23:34:34 | 000,000,000 | ---D | M] -- C:\Users\Setki\AppData\Roaming\Autodesk
[2011-09-29 21:15:04 | 000,000,000 | ---D | M] -- C:\Users\Setki\AppData\Roaming\BitDefender
[2012-04-29 01:32:55 | 000,000,000 | ---D | M] -- C:\Users\Setki\AppData\Roaming\BSplayer
[2012-04-28 23:00:03 | 000,000,000 | ---D | M] -- C:\Users\Setki\AppData\Roaming\BSplayer Pro
[2011-10-22 12:56:13 | 000,000,000 | ---D | M] -- C:\Users\Setki\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2012-02-12 01:35:58 | 000,000,000 | ---D | M] -- C:\Users\Setki\AppData\Roaming\CoreFTP
[2012-04-13 12:48:22 | 000,000,000 | ---D | M] -- C:\Users\Setki\AppData\Roaming\DAEMON Tools Lite
[2010-04-16 20:15:18 | 000,000,000 | ---D | M] -- C:\Users\Setki\AppData\Roaming\Facebook
[2010-03-20 21:13:15 | 000,000,000 | ---D | M] -- C:\Users\Setki\AppData\Roaming\funkitron
[2010-11-27 22:06:19 | 000,000,000 | ---D | M] -- C:\Users\Setki\AppData\Roaming\GetRightToGo
[2010-03-14 16:32:49 | 000,000,000 | ---D | M] -- C:\Users\Setki\AppData\Roaming\ImgBurn
[2011-08-06 15:09:50 | 000,000,000 | ---D | M] -- C:\Users\Setki\AppData\Roaming\LolClient
[2010-04-30 00:41:37 | 000,000,000 | ---D | M] -- C:\Users\Setki\AppData\Roaming\Ludia
[2012-08-13 14:46:34 | 000,000,000 | ---D | M] -- C:\Users\Setki\AppData\Roaming\mjusbsp
[2011-12-24 19:20:32 | 000,000,000 | ---D | M] -- C:\Users\Setki\AppData\Roaming\MoreTerra
[2012-08-12 05:13:10 | 000,000,000 | ---D | M] -- C:\Users\Setki\AppData\Roaming\NavNet Solutions
[2010-08-02 15:09:33 | 000,000,000 | ---D | M] -- C:\Users\Setki\AppData\Roaming\Nokia
[2011-12-26 02:19:25 | 000,000,000 | ---D | M] -- C:\Users\Setki\AppData\Roaming\ooVoo Details
[2010-08-02 15:08:30 | 000,000,000 | ---D | M] -- C:\Users\Setki\AppData\Roaming\PC Suite
[2011-05-15 22:18:24 | 000,000,000 | ---D | M] -- C:\Users\Setki\AppData\Roaming\PlayFirst
[2011-09-29 21:07:09 | 000,000,000 | ---D | M] -- C:\Users\Setki\AppData\Roaming\QuickScan
[2012-07-11 20:07:28 | 000,000,000 | ---D | M] -- C:\Users\Setki\AppData\Roaming\redsn0w
[2011-03-27 19:42:30 | 000,000,000 | ---D | M] -- C:\Users\Setki\AppData\Roaming\Registry Mechanic
[2012-01-30 16:09:53 | 000,000,000 | ---D | M] -- C:\Users\Setki\AppData\Roaming\SystemRequirementsLab
[2010-05-11 13:45:02 | 000,000,000 | ---D | M] -- C:\Users\Setki\AppData\Roaming\Template
[2010-03-14 16:33:08 | 000,000,000 | ---D | M] -- C:\Users\Setki\AppData\Roaming\Ubisoft
[2012-09-03 11:28:28 | 000,000,000 | ---D | M] -- C:\Users\Setki\AppData\Roaming\Unity
[2012-09-01 03:29:25 | 000,000,000 | ---D | M] -- C:\Users\Setki\AppData\Roaming\uTorrent
[2010-03-14 16:33:09 | 000,000,000 | ---D | M] -- C:\Users\Setki\AppData\Roaming\WildTangent
[2010-03-22 03:09:11 | 000,000,000 | ---D | M] -- C:\Users\Setki\AppData\Roaming\WinBatch
[2012-06-01 20:31:52 | 000,000,000 | ---D | M] -- C:\Users\Setki\AppData\Roaming\Wondershare Video Converter Ultimate
[2012-09-03 23:43:02 | 000,000,906 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-857608778-1826442614-4203300717-1000Core.job
[2012-09-03 23:43:03 | 000,000,928 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-857608778-1826442614-4203300717-1000UA.job
[2012-09-03 21:46:00 | 000,000,876 | ---- | M] () -- C:\Windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-857608778-1826442614-4203300717-1000Core.job
[2012-09-04 00:46:00 | 000,000,928 | ---- | M] () -- C:\Windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-857608778-1826442614-4203300717-1000UA.job
[2012-07-01 09:42:22 | 000,032,590 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:D1B5B4F1

< End of report >

Edited by Valoni, 03 September 2012 - 04:47 PM.

  • 0

#7
Render
Posted 03 September 2012 - 04:52 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Please download ComboFix from one of the following locations to your Desktop:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here.
  • Double click on ComboFix.exe and follow the prompts.
  • Accept the disclaimer and allow to update if it asks.

Posted Image

Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.
  • 0

#8
Valoni
Posted 03 September 2012 - 09:01 PM

Valoni

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Combo fix log:

ComboFix 12-09-03.07 - Setki 2012-09-04 4:26.2.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.355.1033.18.3838.2441 [GMT 2:00]
Running from: c:\users\Setki\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\prefs.js
c:\programdata\1314200656.bdinstall.bin
c:\programdata\1314200714.bdinstall.bin
c:\windows\SysWow64\DEBUG.log
c:\windows\SysWow64\FlashPlayerInstaller.exe
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
.
---- Previous Run -------
.
C:\install.exe
c:\program files (x86)\Steam\Steam.exe
c:\users\Setki\AppData\Roaming\Kaspersky_Key_Finder_(KKF\Kaspersky_Key_Finder_V1.5_Url_qcjblpscoso22zzriewcnsmeddzo20a4\1.5.0.0\user.config
c:\users\Setki\AppData\Roaming\Kaspersky_Key_Finder_(KKF\Kaspersky_Key_Finder_V1.5_Url_rtsgutrkghphnqxebxe3jub45pjsbg0q\1.5.0.0\user.config
c:\users\Setki\AppData\Roaming\Kaspersky_Key_Finder_(KKF\Kaspersky_Key_Finder_V1.5_Url_sjmao2vghhb24qpveypeqaxd5v3nevsx\1.5.2.0\user.config
c:\windows\7Loader.TAG
c:\windows\IsUn0410.exe
c:\windows\security\Database\tmp.edb
c:\windows\systems.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-08-04 to 2012-09-04 )))))))))))))))))))))))))))))))
.
.
2012-09-04 02:42 . 2012-09-04 02:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-03 22:22 . 2012-09-03 22:22 -------- d-----w- C:\_OTL
2012-09-03 09:28 . 2012-09-03 09:28 -------- d-----w- c:\users\Setki\AppData\Roaming\Unity
2012-09-01 01:00 . 2012-09-01 01:13 -------- d-----w- c:\programdata\SecTaskMan
2012-09-01 01:00 . 2012-09-01 01:00 -------- d-----w- c:\program files (x86)\Security Task Manager
2012-08-29 12:05 . 2012-08-29 12:05 -------- d-----w- c:\users\Setki\AppData\Local\My Games
2012-08-29 11:44 . 2012-08-29 11:44 -------- d-----w- c:\program files (x86)\Firaxis Games
2012-08-22 23:59 . 2012-08-22 23:59 -------- d-----w- c:\program files (x86)\directx
2012-08-22 23:55 . 2012-08-23 00:00 -------- d-----w- c:\program files (x86)\Commandos II
2012-08-15 07:58 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll
2012-08-15 07:58 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2012-08-15 07:58 . 2012-02-11 06:43 751104 ----a-w- c:\windows\system32\win32spl.dll
2012-08-15 07:58 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
2012-08-15 07:58 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
2012-08-15 07:50 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-08-15 07:50 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll
2012-08-15 07:50 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll
2012-08-15 07:50 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2012-08-15 07:49 . 2012-07-18 18:15 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-08-15 07:49 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll
2012-08-12 03:25 . 2012-08-12 03:25 -------- d-----w- c:\users\Setki\AppData\Local\Navnet_Solutions
2012-08-12 03:13 . 2012-08-12 03:13 -------- d-----w- c:\users\Setki\AppData\Roaming\NavNet Solutions
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-02 18:39 . 2012-09-01 00:44 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5ED0F5AA-D57A-48EF-9625-0CB0B229B587}\offreg.dll
2012-08-23 08:26 . 2012-08-31 16:52 9310152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5ED0F5AA-D57A-48EF-9625-0CB0B229B587}\mpengine.dll
2012-08-15 08:16 . 2010-04-17 16:18 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-08-15 08:10 . 2012-04-29 14:04 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-15 08:10 . 2012-04-29 14:04 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-03 11:46 . 2010-03-06 12:16 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-29 00:09 . 2012-08-15 08:29 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-06-09 05:43 . 2012-07-11 23:17 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-06-09 04:41 . 2012-07-11 23:17 12873728 ----a-w- c:\windows\SysWow64\shell32.dll
2012-06-06 06:49 . 2012-06-06 06:49 1070152 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-06-06 06:06 . 2012-07-11 23:17 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-11 23:17 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-11 23:17 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-11 23:17 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-11 23:17 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-11 23:17 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2010-07-08 08:37 . 2010-07-08 08:37 101544 ----a-w- c:\program files\Common Files\LinkInstaller.exe
2008-10-19 14:10 . 2010-03-15 15:41 2826240 ----a-w- c:\program files\amtlib.dll
2008-10-19 06:02 . 2010-03-15 15:41 3795456 ----a-w- c:\program files\amtlib (2).dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files (x86)\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{687578b9-7132-4a7a-80e4-30ee31099e03}]
2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\uTorrentControl2\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files (x86)\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2010-11-20 163328]
"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-10-25 1668664]
"Grid"="c:\program files (x86)\ATI Technologies\HydraVision\HydraGrd.exe" [2010-05-27 385024]
"cdloader"="c:\users\Setki\AppData\Roaming\mjusbsp\cdloader2.exe" [2012-02-01 50592]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-08-05 3077528]
"Facebook Update"="c:\users\Setki\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2012-08-04 1353080]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-02-13 3481408]
"RockMelt Update"="c:\users\Setki\AppData\Local\RockMelt\Update\RockMeltUpdate.exe" [2012-06-01 136336]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"CLMLServer for HP TouchSmart"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2008-12-25 189736]
"DVDAgent"="c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2008-11-29 1148200]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-24 323640]
"TSMAgent"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2008-12-25 1316136]
"TVAgent"="c:\program files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe" [2009-01-21 210216]
"UCam_Menu"="c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2008-11-15 218408]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-10-30 210216]
"UpdatePDIRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-11-26 210216]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-12-08 432432]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"LVCOMS"="c:\program files (x86)\Common Files\Logitech\QCDriver2\LVCOMS.EXE" [2002-09-20 90112]
"NI Background Service"="c:\program files (x86)\National Instruments\Shared\Update Service\BackgroundService.exe" [2008-04-03 77824]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-02-15 1230704]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2011\Antispam32\ieshow.exe" [2011-09-29 92352]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-06 421736]
"Wondershare Helper Compact.exe"="c:\program files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" [2012-03-27 1686528]
"ASUS Ai Charger"="c:\program files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe" [2010-05-10 465536]
.
c:\users\Setki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Facebook Messenger.lnk - c:\users\Setki\AppData\Local\Facebook\Messenger\2.1.4623.0\FacebookMessenger.exe [2012-8-28 246704]
Warkeys Update.lnk - c:\program files (x86)\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe [2009-9-25 245248]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-3-15 110592]
AutoCAD Startup Accelerator.lnk - c:\program files (x86)\Common Files\Autodesk Shared\acstart17.exe [2006-3-5 11000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R1 bdfwfpf;bdfwfpf;c:\program files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys [2011-09-29 99408]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-28 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-15 250056]
R3 BDFM;BDFM;c:\windows\system32\DRIVERS\bdfm.sys [2010-05-13 162896]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-03-15 1038088]
R3 ftpsvc;Microsoft FTP Service;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena\safedrv.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-28 136176]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-14 1255736]
R4 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys [2010-06-28 692816]
R4 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys [2010-06-28 1040976]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys [2010-05-05 14592]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 Bdvedisk;Bdvedisk;c:\windows\system32\DRIVERS\bdvedisk.sys [2010-01-19 103944]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2010/02/27 02:40];c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2008-11-29 02:04 146928]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [2009-03-02 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-05-27 203264]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2010-07-16 30520]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files (x86)\SMINST\BLService.exe [2008-12-03 365952]
S2 TVCapSvc;TV Background Capture Service (TVBCS);c:\program files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [2008-11-27 296320]
S2 TVSched;TV Task Scheduler (TVTS);c:\program files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [2008-11-27 116096]
S2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [2009-06-03 721712]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-05-27 6856192]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-05-27 264192]
S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2009-05-20 70656]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-07-21 145496]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-22 215040]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2008-05-28 26168]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - eeCtrl
*Deregistered* - EraserUtilRebootDrv
*Deregistered* - IDSVia64
*Deregistered* - SymEFA
*Deregistered* - SymEvent
*Deregistered* - SYMFW
*Deregistered* - SYMNDISV
*Deregistered* - SYMTDI
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-29 08:10]
.
2012-09-03 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-857608778-1826442614-4203300717-1000Core.job
- c:\users\Setki\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-30 21:38]
.
2012-09-04 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-857608778-1826442614-4203300717-1000UA.job
- c:\users\Setki\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-30 21:38]
.
2012-09-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-10 06:15]
.
2012-09-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-10 06:15]
.
2012-09-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-857608778-1826442614-4203300717-1000Core.job
- c:\users\Setki\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-27 11:05]
.
2012-09-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-857608778-1826442614-4203300717-1000UA.job
- c:\users\Setki\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-27 11:05]
.
2012-08-21 c:\windows\Tasks\HPCeeScheduleForSetki.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 20:15]
.
2012-09-03 c:\windows\Tasks\Norton Security Scan for Setki.job
- c:\program files (x86)\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-10-03 08:06]
.
2012-09-03 c:\windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-857608778-1826442614-4203300717-1000Core.job
- c:\users\Setki\AppData\Local\RockMelt\Update\RockMeltUpdate.exe [2012-06-01 19:40]
.
2012-09-04 c:\windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-857608778-1826442614-4203300717-1000UA.job
- c:\users\Setki\AppData\Local\RockMelt\Update\RockMeltUpdate.exe [2012-06-01 19:40]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-05-15 318464]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-03-23 487424]
"fssui"="c:\program files (x86)\Windows Live\Family Safety\fsui.exe" [2012-03-08 884584]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2011\ieshow.exe" [2011-09-29 109344]
"BDAgent"="c:\program files\BitDefender\BitDefender 2011\bdagent.exe" [2011-09-29 2026680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = localhost;*.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{693D1A46-98CA-45EC-A086-75F86574466F}: NameServer = 80.80.160.9,80.80.160.8
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
URLSearchHooks-{09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - (no file)
Toolbar-Locked - (no file)
Toolbar-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
Toolbar-{09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - (no file)
Toolbar-Locked - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
WebBrowser-{09EC805C-CB2E-4D53-B0D3-A75A428B81C7} - (no file)
WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file)
HKLM-Run-SmartMenu - c:\program files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\windows\SysWOW64\lkcitdl.exe
c:\windows\SysWOW64\lkads.exe
c:\windows\SysWOW64\lktsrv.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files (x86)\National Instruments\Shared\Security\nidmsrv.exe
c:\windows\SysWOW64\nisvcloc.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\users\Setki\AppData\Local\RockMelt\Update\1.2.189.1\RockMeltCrashHandler.exe
c:\program files\Bitdefender\BitDefender 2011\Antispam32\pchooklaunch32.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
.
**************************************************************************
.
Completion time: 2012-09-04 04:54:56 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-04 02:54
.
Pre-Run: 35.217.326.080 bytes free
Post-Run: 35.634.855.936 bytes free
.
- - End Of File - - 64314AA74379DD5B5E801ED4355430E0
  • 0

#9
Render
Posted 04 September 2012 - 01:46 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
We should proceed with general antimalware scan which can take quite a long time so please be patient.

Download Virus Removal Tool (VRT) from Here to your desktop
(You have to enter your e-mail address and click on Submit Form button. Please download latest English version of this tool)

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
(Please be patient as this scan can take a few hours)
Posted Image

Allow VRT to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post


Now the Analysis

Rerun VRT and select the Manual Disinfection tab and press Start Gathering System Information

Posted Image

On completion click on Report sending and then the link avptool sysinfo.zip (open the file manager) to locate the zip file to upload and attach to your next post

Posted Image
  • 0

#10
Render
Posted 04 October 2012 - 10:07 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP