Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

HELP - virus that blocked my antivirus program [Solved]


  • This topic is locked This topic is locked

#1
kykg

kykg

    Member

  • Member
  • PipPip
  • 14 posts
Hello,
I need help. My laptop was infected and viruses blocked my antivirus program (eset smart security 6.0.316.0.)even I can not uninstall any programs from control panel. It has windows 8. I tried to install new antivirus program from internet and from flush drive, but wasn't possible. After that, I read for OTL and I did run scan for 30 day with checks for: scan all users, include 64bit scans, skip Microsoft files, use company white list name, use no company name white list. I added this in custom scans/fixes:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.*
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%PROGRAMFILES%\*.
%userprofile%\Desktop\*.*
%userprofile%\Desktop\*.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

Now I have otl.txt and extras.txt files. If somebody can see these files and help me with the infected because I don't know how to do this I am not specialist with OTL. If somebody can help me, I will appreciate it. Help!!!!!!! Thank you in advance
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you post the logs please
  • 0

#3
kykg

kykg

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Here are otl.txt file:Attached File  OTL.Txt   212.84KB   107 downloads
extras.txt file:Attached File  Extras.Txt   85.7KB   162 downloads
Thank you

OTL logfile created on: 2013-08-30 11:57:54 AM - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Krasimira\Desktop
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: yyyy-MM-dd

7.87 Gb Total Physical Memory | 6.98 Gb Available Physical Memory | 88.68% Memory free
9.06 Gb Paging File | 8.28 Gb Available in Paging File | 91.41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive D: | 25.00 Gb Total Space | 21.86 Gb Free Space | 87.43% Space Free | Partition Type: NTFS

Computer Name: KRASI | User Name: Krasimira | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 180 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Krasimira\Desktop\OTL.exe (OldTimer Tools)


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV:64bit: - (DsmSvc) -- C:\windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)
SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Flexera Software, Inc.)
SRV:64bit: - (netprofm) -- C:\windows\SysNative\netprofmsvc.dll (Microsoft Corporation)
SRV:64bit: - (BrokerInfrastructure) -- C:\windows\SysNative\bisrv.dll (Microsoft Corporation)
SRV:64bit: - (AudioEndpointBuilder) -- C:\windows\SysNative\AudioEndpointBuilder.dll (Microsoft Corporation)
SRV:64bit: - (ekrn) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe (ESET)
SRV:64bit: - (TimeBroker) -- C:\windows\SysNative\TimeBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (SystemEventsBroker) -- C:\windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (wlidsvc) -- C:\windows\SysNative\wlidsvc.dll (Microsoft Corporation)
SRV:64bit: - (LSM) -- C:\windows\SysNative\lsm.dll (Microsoft Corporation)
SRV:64bit: - (PrintNotify) -- C:\windows\SysNative\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV:64bit: - (WSService) -- C:\windows\SysNative\WSService.dll (Microsoft Corporation)
SRV:64bit: - (fhsvc) -- C:\windows\SysNative\fhsvc.dll (Microsoft Corporation)
SRV:64bit: - (WiaRpc) -- C:\windows\SysNative\wiarpc.dll (Microsoft Corporation)
SRV:64bit: - (Wcmsvc) -- C:\windows\SysNative\wcmsvc.dll (Microsoft Corporation)
SRV:64bit: - (VaultSvc) -- C:\windows\SysNative\vaultsvc.dll (Microsoft Corporation)
SRV:64bit: - (svsvc) -- C:\windows\SysNative\svsvc.dll (Microsoft Corporation)
SRV:64bit: - (Netlogon) -- C:\windows\SysNative\netlogon.dll (Microsoft Corporation)
SRV:64bit: - (NcaSvc) -- C:\windows\SysNative\NcaSvc.dll (Microsoft Corporation)
SRV:64bit: - (NcdAutoSetup) -- C:\windows\SysNative\NcdAutoSetup.dll (Microsoft Corporation)
SRV:64bit: - (KeyIso) -- C:\windows\SysNative\keyiso.dll (Microsoft Corporation)
SRV:64bit: - (EFS) -- C:\windows\SysNative\efssvc.dll (Microsoft Corporation)
SRV:64bit: - (DeviceAssociationService) -- C:\windows\SysNative\das.dll (Microsoft Corporation)
SRV:64bit: - (AllUserInstallAgent) -- C:\windows\SysNative\AUInstallAgent.dll (Microsoft Corporation)
SRV:64bit: - (vmicvss) -- C:\windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmictimesync) -- C:\windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicshutdown) -- C:\windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicrdv) -- C:\windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmickvpexchange) -- C:\windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicheartbeat) -- C:\windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (CxAudMsg) -- C:\windows\SysNative\CxAudMsg64.exe (Conexant Systems Inc.)
SRV:64bit: - (Intel® -- C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel® Corporation)
SRV:64bit: - (mi-raysat_3dsmax2013_64) -- C:\Program Files\Autodesk\3ds Max Design 2013\NVIDIA\raysat_3dsmax2013_64server.exe ()
SRV:64bit: - (BITCOMET_HELPER_SERVICE) -- C:\Program Files\BitComet\tools\BitCometService.exe (www.BitComet.com)
SRV:64bit: - (lxdx_device) -- C:\windows\SysNative\lxdxcoms.exe ( )
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Flexera Software, Inc.)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (RealNetworks Downloader Resolver Service) -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe ()
SRV - (MBAMService) -- D:\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- D:\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (cphs) -- C:\windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (AtherosSvc) -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (Qualcomm Atheros Commnucations)
SRV - (ZAtheros Bt and Wlan Coex Agent) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Atheros)
SRV - (PrintNotify) -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV - (StorSvc) -- C:\windows\SysWOW64\StorSvc.dll (Microsoft Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
SRV - (Autodesk Content Service) -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe (Autodesk, Inc.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (sdbus) -- C:\windows\SysNative\Drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (USBXHCI) -- C:\windows\SysNative\Drivers\USBXHCI.SYS (Microsoft Corporation)
DRV:64bit: - (UCX01000) -- C:\windows\SysNative\Drivers\UCX01000.SYS (Microsoft Corporation)
DRV:64bit: - (BthAvrcpTg) -- C:\windows\SysNative\Drivers\BthAvrcpTg.sys (Microsoft Corporation)
DRV:64bit: - (hidi2c) -- C:\windows\SysNative\Drivers\hidi2c.sys (Microsoft Corporation)
DRV:64bit: - (LHDmgr) -- C:\windows\SysNative\Drivers\LhdX64.sys (Lenovo.)
DRV:64bit: - (ACPIVPC) -- C:\windows\SysNative\Drivers\AcpiVpc.sys (Lenovo Corporation)
DRV:64bit: - (USBHUB3) -- C:\windows\SysNative\Drivers\USBHUB3.SYS (Microsoft Corporation)
DRV:64bit: - (spaceport) -- C:\windows\SysNative\Drivers\spaceport.sys (Microsoft Corporation)
DRV:64bit: - (MBAMProtector) -- C:\windows\SysNative\Drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (storahci) -- C:\windows\SysNative\Drivers\storahci.sys (Microsoft Corporation)
DRV:64bit: - (TPM) -- C:\windows\SysNative\Drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (pdc) -- C:\windows\SysNative\Drivers\pdc.sys (Microsoft Corporation)
DRV:64bit: - (epfwwfp) -- C:\windows\SysNative\Drivers\epfwwfp.sys (ESET)
DRV:64bit: - (eamonm) -- C:\windows\SysNative\Drivers\eamonm.sys (ESET)
DRV:64bit: - (igfx) -- C:\windows\SysNative\Drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (WdBoot) -- C:\windows\SysNative\Drivers\WdBoot.sys (Microsoft Corporation)
DRV:64bit: - (WdFilter) -- C:\windows\SysNative\Drivers\WdFilter.sys (Microsoft Corporation)
DRV:64bit: - (BtFilter) -- C:\windows\SysNative\Drivers\btfilter.sys (Qualcomm Atheros)
DRV:64bit: - (BTATH_RCP) -- C:\windows\SysNative\Drivers\btath_rcp.sys (Qualcomm Atheros)
DRV:64bit: - (BTATH_LWFLT) -- C:\windows\SysNative\Drivers\btath_lwflt.sys (Qualcomm Atheros)
DRV:64bit: - (BTATH_A2DP) -- C:\windows\SysNative\Drivers\btath_a2dp.sys (Qualcomm Atheros)
DRV:64bit: - (BTATH_HCRP) -- C:\windows\SysNative\Drivers\btath_hcrp.sys (Qualcomm Atheros)
DRV:64bit: - (btath_avdt) -- C:\windows\SysNative\Drivers\btath_avdt.sys (Qualcomm Atheros)
DRV:64bit: - (AthBTPort) -- C:\windows\SysNative\Drivers\btath_flt.sys (Qualcomm Atheros)
DRV:64bit: - (BTATH_BUS) -- C:\windows\SysNative\Drivers\btath_bus.sys (Qualcomm Atheros)
DRV:64bit: - (epfw) -- C:\windows\SysNative\Drivers\epfw.sys (ESET)
DRV:64bit: - (EpfwLWF) -- C:\windows\SysNative\Drivers\EpfwLWF.sys (ESET)
DRV:64bit: - (ehdrv) -- C:\windows\SysNative\Drivers\ehdrv.sys (ESET)
DRV:64bit: - (msgpiowin32) -- C:\windows\SysNative\Drivers\msgpiowin32.sys (Microsoft Corporation)
DRV:64bit: - (bthhfhid) -- C:\windows\SysNative\Drivers\BthhfHid.sys (Microsoft Corporation)
DRV:64bit: - (FxPPM) -- C:\windows\SysNative\Drivers\fxppm.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\windows\SysNative\Drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (sdstor) -- C:\windows\SysNative\Drivers\sdstor.sys (Microsoft Corporation)
DRV:64bit: - (dam) -- C:\windows\SysNative\Drivers\dam.sys (Microsoft Corporation)
DRV:64bit: - (GPIOClx0101) -- C:\windows\SysNative\Drivers\msgpioclx.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\windows\SysNative\Drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\windows\SysNative\Drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (athr) -- C:\windows\SysNative\Drivers\athw8x.sys (Qualcomm Atheros Communications, Inc.)
DRV:64bit: - (iaStorA) -- C:\windows\SysNative\Drivers\iaStorA.sys (Intel Corporation)
DRV:64bit: - (SynTP) -- C:\windows\SysNative\Drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (SmbDrvI) -- C:\windows\SysNative\Drivers\Smb_driver_Intel.sys (Synaptics Incorporated)
DRV:64bit: - (vm331avs) -- C:\windows\SysNative\Drivers\vm331avs.sys (Vimicro Corporation)
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (condrv) -- C:\windows\SysNative\Drivers\condrv.sys (Microsoft Corporation)
DRV:64bit: - (VSTXRAID) -- C:\windows\SysNative\Drivers\VSTXRAID.SYS (VIA Corporation)
DRV:64bit: - (VerifierExt) -- C:\windows\SysNative\Drivers\VerifierExt.sys (Microsoft Corporation)
DRV:64bit: - (UASPStor) -- C:\windows\SysNative\Drivers\uaspstor.sys (Microsoft Corporation)
DRV:64bit: - (acpiex) -- C:\windows\SysNative\Drivers\acpiex.sys (Microsoft Corporation)
DRV:64bit: - (mvumis) -- C:\windows\SysNative\Drivers\mvumis.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (stexstor) -- C:\windows\SysNative\Drivers\stexstor.sys (Promise Technology, Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\windows\SysNative\Drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (LSI_SSS) -- C:\windows\SysNative\Drivers\lsi_sss.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\windows\SysNative\Drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (EhStorTcgDrv) -- C:\windows\SysNative\Drivers\EhStorTcgDrv.sys (Microsoft Corporation)
DRV:64bit: - (EhStorClass) -- C:\windows\SysNative\Drivers\EhStorClass.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\windows\SysNative\Drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (3ware) -- C:\windows\SysNative\Drivers\3ware.sys (LSI)
DRV:64bit: - (amdsata) -- C:\windows\SysNative\Drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\windows\SysNative\Drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (CLFS) -- C:\windows\SysNative\Drivers\clfs.sys (Microsoft Corporation)
DRV:64bit: - (WFPLWFS) -- C:\windows\SysNative\Drivers\wfplwfs.sys (Microsoft Corporation)
DRV:64bit: - (vpci) -- C:\windows\SysNative\Drivers\vpci.sys (Microsoft Corporation)
DRV:64bit: - (terminpt) -- C:\windows\SysNative\Drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (mshidumdf) -- C:\windows\SysNative\Drivers\mshidumdf.sys (Microsoft Corporation)
DRV:64bit: - (BasicDisplay) -- C:\windows\SysNative\Drivers\BasicDisplay.sys (Microsoft Corporation)
DRV:64bit: - (HyperVideo) -- C:\windows\SysNative\Drivers\HyperVideo.sys (Microsoft Corporation)
DRV:64bit: - (BasicRender) -- C:\windows\SysNative\Drivers\BasicRender.sys (Microsoft Corporation)
DRV:64bit: - (gencounter) -- C:\windows\SysNative\Drivers\vmgencounter.sys (Microsoft Corporation)
DRV:64bit: - (kdnic) -- C:\windows\SysNative\Drivers\kdnic.sys (Microsoft Corporation)
DRV:64bit: - (acpitime) -- C:\windows\SysNative\Drivers\acpitime.sys (Microsoft Corporation)
DRV:64bit: - (npsvctrig) -- C:\windows\SysNative\Drivers\npsvctrig.sys (Microsoft Corporation)
DRV:64bit: - (WpdUpFltr) -- C:\windows\SysNative\Drivers\WpdUpFltr.sys (Microsoft Corporation)
DRV:64bit: - (acpipagr) -- C:\windows\SysNative\Drivers\acpipagr.sys (Microsoft Corporation)
DRV:64bit: - (hyperkbd) -- C:\windows\SysNative\Drivers\hyperkbd.sys (Microsoft Corporation)
DRV:64bit: - (SerCx) -- C:\windows\SysNative\Drivers\SerCx.sys (Microsoft Corporation)
DRV:64bit: - (SpbCx) -- C:\windows\SysNative\Drivers\SpbCx.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\windows\SysNative\Drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (BthHFEnum) -- C:\windows\SysNative\Drivers\bthhfenum.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\windows\SysNative\Drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\windows\SysNative\Drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (wpcfltr) -- C:\windows\SysNative\Drivers\wpcfltr.sys (Microsoft Corporation)
DRV:64bit: - (BthLEEnum) -- C:\windows\SysNative\Drivers\BthLEEnum.sys (Microsoft Corporation)
DRV:64bit: - (NdisImPlatform) -- C:\windows\SysNative\Drivers\NdisImPlatform.sys (Microsoft Corporation)
DRV:64bit: - (MsLldp) -- C:\windows\SysNative\Drivers\mslldp.sys (Microsoft Corporation)
DRV:64bit: - (Ndu) -- C:\windows\SysNative\Drivers\Ndu.sys (Microsoft Corporation)
DRV:64bit: - (L1C) -- C:\windows\SysNative\Drivers\L1C63x64.sys (Qualcomm Atheros Co., Ltd.)
DRV:64bit: - (MEIx64) -- C:\windows\SysNative\Drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (CnxtHdAudService) -- C:\windows\SysNative\Drivers\CHDRT64.sys (Conexant Systems Inc.)
DRV:64bit: - (IntcDAud) -- C:\windows\SysNative\Drivers\IntcDAud.sys (Intel® Corporation)
DRV:64bit: - (RSUSBVSTOR) -- C:\windows\SysNative\Drivers\RtsUVStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (wsvd) -- C:\windows\SysNative\Drivers\wsvd.sys ("CyberLink)
DRV:64bit: - (NETwNs64) -- C:\windows\SysNative\Drivers\NETwNs64.sys (Intel Corporation)
DRV:64bit: - (e1iexpress) -- C:\windows\SysNative\Drivers\e1i63x64.sys (Intel Corporation)
DRV:64bit: - (ssadmdm) -- C:\windows\SysNative\Drivers\ssadmdm.sys (MCCI Corporation)
DRV:64bit: - (ssadserd) -- C:\windows\SysNative\Drivers\ssadserd.sys (MCCI Corporation)
DRV:64bit: - (ssadbus) -- C:\windows\SysNative\Drivers\ssadbus.sys (MCCI Corporation)
DRV:64bit: - (ssadmdfl) -- C:\windows\SysNative\Drivers\ssadmdfl.sys (MCCI Corporation)
DRV:64bit: - (Sentinel64) -- C:\windows\SysNative\Drivers\sentinel64.sys (SafeNet, Inc.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{74556233-7F34-4D69-A8A0-74A0D7386839}: "URL" = http://www.bing.com/...E10TR&pc=MALNJS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.smilebo...3-2CD05AF21698}
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snap.do/...Date=20/05/2013
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://start.smilebo...3-2CD05AF21698}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3645740697-2236784829-290951543-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com
IE - HKU\S-1-5-21-3645740697-2236784829-290951543-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com [binary data]
IE - HKU\S-1-5-21-3645740697-2236784829-290951543-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snap.do/...Date=20/05/2013
IE - HKU\S-1-5-21-3645740697-2236784829-290951543-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snap.do/...Date=20/05/2013
IE - HKU\S-1-5-21-3645740697-2236784829-290951543-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3645740697-2236784829-290951543-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snap.do/...Date=20/05/2013
IE - HKU\S-1-5-21-3645740697-2236784829-290951543-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snap.do/...Date=20/05/2013
IE - HKU\S-1-5-21-3645740697-2236784829-290951543-1001\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-3645740697-2236784829-290951543-1001\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snap.do/...Date=20/05/2013
IE - HKU\S-1-5-21-3645740697-2236784829-290951543-1001\..\SearchScopes\{394E4C6B-95BC-44F6-97CA-FA8E20DF5B43}: "URL" = http://www.mysearchr...q={searchTerms}
IE - HKU\S-1-5-21-3645740697-2236784829-290951543-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7GGIE_enCA551
IE - HKU\S-1-5-21-3645740697-2236784829-290951543-1001\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://start.smilebo...3-2CD05AF21698}
IE - HKU\S-1-5-21-3645740697-2236784829-290951543-1001\..\SearchScopes\{FEB00F85-BDF7-45BB-AB23-AB6E3F6FEBC8}: "URL" = http://search.condui...9562848259&UM=2
IE - HKU\S-1-5-21-3645740697-2236784829-290951543-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.2.32: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.2.32: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}: C:\PROGRAM FILES\UPDATER BY SMILEBOX\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}: C:\Program Files\Updater By Smilebox\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FCE04E1F-9378-4f39-96F6-5689A9159E45}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013-06-30 09:27:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-06-30 09:27:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\McAfee\MSK
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2013-07-18 00:33:04 | 000,000,000 | ---D | M]

[2013-07-15 13:26:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Krasimira\AppData\Roaming\Mozilla\Extensions
[2013-05-18 12:59:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Krasimira\AppData\Roaming\Mozilla\Firefox\Profiles\[ofr2][opt]rs0\extensions

O1 HOSTS File: ([2013-08-30 11:35:45 | 000,000,098 | ---- | M]) - C:\windows\SysNative\Drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-3645740697-2236784829-290951543-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe (Autodesk, Inc.)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SACpl.exe (Conexant Systems, Inc.)
O4 - HKLM..\Run: [331BigDog] C:\Program Files (x86)\USB Camera\VM331STI.EXE (Vimicro)
O4 - HKLM..\Run: [CStart8] C:\Program Files (x86)\CStart8\CStart8Tray64.exe (Crawler.com)
O4 - HKLM..\Run: [Dolby Advanced Audio v2] C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe (Dolby Laboratories Inc.)
O4 - HKLM..\Run: [Intel AppUp(SM) center] C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe (Intel Corporation)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [YouCam Mirage] C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (CyberLink)
O4 - HKLM..\Run: [YouCam Tray] C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe (CyberLink Corp.)
O4 - HKU\S-1-5-21-3645740697-2236784829-290951543-1001..\Run: [BitComet] C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O4 - HKU\S-1-5-21-3645740697-2236784829-290951543-1001..\Run: [Green Christmas Tree] C:\Users\Krasimira\Desktop\? ???????????!!!!.exe ()
O4 - HKU\S-1-5-21-3645740697-2236784829-290951543-1001..\Run: [X-Lite] C:\Program Files (x86)\CounterPath\X-Lite\X-Lite.exe (CounterPath)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: BtvStack = "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe" (Qualcomm Atheros Commnucations)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
O1364bit: - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.59.135.143 64.59.128.113
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EF718535-6535-4CE9-B1B2-1B6A5AA1792E}: DhcpNameServer = 64.59.135.143 64.59.128.113
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs:64bit: wlidsvc - C:\windows\SysNative\wlidsvc.dll (Microsoft Corporation)
NetSvcs:64bit: DsmSvc - C:\windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)
NetSvcs:64bit: NcaSvc - C:\windows\SysNative\NcaSvc.dll (Microsoft Corporation)
NetSvcs:64bit: SystemEventsBroker - C:\windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation)


SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: BasicDisplay.sys - C:\windows\SysNative\Drivers\BasicDisplay.sys (Microsoft Corporation)
SafeBootMin:64bit: BasicRender.sys - C:\windows\SysNative\Drivers\BasicRender.sys (Microsoft Corporation)
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: BrokerInfrastructure - C:\windows\SysNative\bisrv.dll (Microsoft Corporation)
SafeBootMin:64bit: EFS - C:\windows\SysNative\efssvc.dll (Microsoft Corporation)
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: KeyIso - C:\windows\SysNative\keyiso.dll (Microsoft Corporation)
SafeBootMin:64bit: LSM - C:\windows\SysNative\lsm.dll (Microsoft Corporation)
SafeBootMin:64bit: MCODS - Reg Error: Value error.
SafeBootMin:64bit: Netlogon - C:\windows\SysNative\netlogon.dll (Microsoft Corporation)
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: TBS - Service
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {9DA2B80F-F89F-4A49-A5C2-511B085B9E8A} - Enhanced Storage Devices
SafeBootMin:64bit: {A0A588A4-C46F-4B37-B7EA-C82FE89870C6} - SDA Standard Compliant SD Host Controller
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MCODS - Reg Error: Value error.
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: TBS - Service
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {9DA2B80F-F89F-4A49-A5C2-511B085B9E8A} - Enhanced Storage Devices
SafeBootMin: {A0A588A4-C46F-4B37-B7EA-C82FE89870C6} - SDA Standard Compliant SD Host Controller
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: BasicDisplay.sys - C:\windows\SysNative\Drivers\BasicDisplay.sys (Microsoft Corporation)
SafeBootNet:64bit: BasicRender.sys - C:\windows\SysNative\Drivers\BasicRender.sys (Microsoft Corporation)
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: BrokerInfrastructure - C:\windows\SysNative\bisrv.dll (Microsoft Corporation)
SafeBootNet:64bit: EFS - C:\windows\SysNative\efssvc.dll (Microsoft Corporation)
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: KeyIso - C:\windows\SysNative\keyiso.dll (Microsoft Corporation)
SafeBootNet:64bit: LSM - C:\windows\SysNative\lsm.dll (Microsoft Corporation)
SafeBootNet:64bit: MCODS - Reg Error: Value error.
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Netlogon - C:\windows\SysNative\netlogon.dll (Microsoft Corporation)
SafeBootNet:64bit: netprofm - C:\windows\SysNative\netprofmsvc.dll (Microsoft Corporation)
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdpencdd.sys - Driver
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: SmartcardSimulator - Driver
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TBS - Service
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: VaultSvc - C:\windows\SysNative\vaultsvc.dll (Microsoft Corporation)
SafeBootNet:64bit: VirtualSmartcardReader - Driver
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: Wcmsvc - C:\windows\SysNative\wcmsvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {9DA2B80F-F89F-4A49-A5C2-511B085B9E8A} - Enhanced Storage Devices
SafeBootNet:64bit: {A0A588A4-C46F-4B37-B7EA-C82FE89870C6} - SDA Standard Compliant SD Host Controller
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: MCODS - Reg Error: Value error.
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdpencdd.sys - Driver
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: SmartcardSimulator - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TBS - Service
SafeBootNet: TDI - Driver Group
SafeBootNet: VirtualSmartcardReader - Driver
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {9DA2B80F-F89F-4A49-A5C2-511B085B9E8A} - Enhanced Storage Devices
SafeBootNet: {A0A588A4-C46F-4B37-B7EA-C82FE89870C6} - SDA Standard Compliant SD Host Controller
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {30FB467D-7995-51F9-1D46-3E2E9B277EE7} - Offline Browsing Pack
ActiveX:64bit: {3711FAF6-9F93-B813-E0E9-3647D3824E49} - Offline Browsing Pack
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {74166507-F39E-305E-A972-2C3478E47350} - .NET Framework
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U %SystemRoot%\System32\shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\System32\Rundll32.exe C:\Windows\System32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C1C858E6-3DDD-DD69-0D5C-A77FA099A36D} - Offline Browsing Pack
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {CC3A48F1-B1DF-08A6-96F8-08562A724DEA} - Offline Browsing Pack
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {EA2C1926-5DB2-180C-E1E6-637FE7FFC860} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {3A8403F3-90B5-35DC-8926-EB9B907209F9} - .NET Framework
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} -
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A3593175-5BD2-6082-DCD8-95C831BFF3E0} - DirectX
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E06E04C4-8C37-3848-85D2-29A1255258CD} - Offline Browsing Pack
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - ff_vfw.dll File not found
Drivers32: vidc.tscc - C:\Program Files (x86)\MpcStar\Codecs\tscc\tsccvid.dll (TechSmith Corporation)

========== Files/Folders - Created Within 180 Days ==========

[2013-08-29 11:13:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
[2013-08-29 10:46:17 | 260,038,464 | ---- | C] (Kaspersky Lab) -- C:\Users\Krasimira\Desktop\kis14.0.0.4651aEN_4879.exe
[2013-08-28 15:56:25 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Krasimira\Desktop\OTL.exe
[2013-08-28 14:13:12 | 000,000,000 | ---D | C] -- C:\Users\Krasimira\AppData\Roaming\Malwarebytes
[2013-08-28 14:13:00 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2013-08-28 14:13:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013-08-28 14:13:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013-08-28 14:11:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013-08-09 14:24:07 | 000,000,000 | ---D | C] -- C:\Users\Krasimira\AppData\Local\Microsoft_Corporation
[2013-07-27 08:27:10 | 000,000,000 | ---D | C] -- C:\Users\Krasimira\AppData\Local\Apps
[2013-07-27 08:20:14 | 000,000,000 | ---D | C] -- C:\Users\Krasimira\AppData\Local\Diagnostics
[2013-07-22 15:52:23 | 000,000,000 | ---D | C] -- C:\Users\Krasimira\AppData\Local\Autodesk, Inc
[2013-07-18 00:35:15 | 000,000,000 | ---D | C] -- C:\Users\Krasimira\AppData\Roaming\ESET
[2013-07-18 00:35:15 | 000,000,000 | ---D | C] -- C:\Users\Krasimira\AppData\Local\ESET
[2013-07-18 00:32:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
[2013-07-18 00:32:36 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2013-07-18 00:32:36 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013-07-15 13:26:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Feven
[2013-07-11 22:38:46 | 000,000,000 | ---D | C] -- C:\ProgramData\StarApp
[2013-07-11 21:07:52 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2013-07-08 10:54:06 | 000,000,000 | ---D | C] -- C:\Users\Krasimira\AppData\Roaming\DivX
[2013-07-08 10:52:14 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2013-07-08 10:51:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DivX
[2013-07-08 10:50:32 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2013-07-04 08:33:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CounterPath X-Lite
[2013-07-04 08:33:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CounterPath
[2013-06-30 09:27:57 | 000,000,000 | ---D | C] -- C:\Users\Krasimira\AppData\Roaming\RealNetworks
[2013-06-30 09:27:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RealNetworks
[2013-06-30 09:27:09 | 000,000,000 | ---D | C] -- C:\ProgramData\RealNetworks
[2013-06-30 09:27:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2013-06-30 09:26:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
[2013-06-30 09:26:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Real
[2013-06-30 09:26:22 | 000,000,000 | ---D | C] -- C:\Users\Krasimira\AppData\Roaming\Real
[2013-06-30 09:25:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2013-06-24 07:54:47 | 000,000,000 | ---D | C] -- C:\Users\Krasimira\AppData\Roaming\SketchUp
[2013-06-24 07:54:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SketchUp 2013
[2013-06-24 07:54:11 | 000,000,000 | ---D | C] -- C:\ProgramData\SketchUp
[2013-06-24 07:54:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SketchUp
[2013-06-24 07:52:16 | 000,000,000 | ---D | C] -- C:\Users\Krasimira\AppData\Roaming\Google
[2013-06-24 07:49:52 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2013-06-24 07:48:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google SketchUp 8
[2013-06-24 07:48:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013-06-24 07:48:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2013-06-24 07:42:25 | 000,000,000 | ---D | C] -- C:\Users\Krasimira\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bandizip
[2013-06-24 07:42:24 | 000,000,000 | ---D | C] -- C:\Users\Krasimira\AppData\Local\Bandizip
[2013-06-24 07:31:21 | 000,000,000 | ---D | C] -- C:\Users\Krasimira\AppData\Roaming\DefaultTab
[2013-06-16 22:03:29 | 000,000,000 | ---D | C] -- C:\Users\Krasimira\Documents\Business-in-a-Box Files
[2013-05-28 06:48:49 | 000,000,000 | ---D | C] -- C:\ProgramData\lx_Cats
[2013-05-25 18:54:31 | 000,000,000 | ---D | C] -- C:\Users\Krasimira\Desktop\RESUMES
[2013-05-25 18:53:57 | 000,000,000 | ---D | C] -- C:\Users\Krasimira\Desktop\SECOND YEAR
[2013-05-25 18:53:35 | 000,000,000 | ---D | C] -- C:\Users\Krasimira\Desktop\FIRST YEAR
[2013-05-23 17:19:15 | 000,000,000 | ---D | C] -- C:\Users\Krasimira\AppData\Local\VisualBeeExe
[2013-05-23 17:18:57 | 000,000,000 | ---D | C] -- C:\ProgramData\VisualBee
[2013-05-23 17:03:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2013-05-23 17:03:19 | 000,000,000 | ---D | C] -- C:\Users\Krasimira\AppData\Local\Conduit
[2013-05-23 16:27:12 | 000,000,000 | ---D | C] -- C:\Users\Krasimira\AppData\Roaming\player
[2013-05-23 16:26:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyPC Backup
[2013-05-23 16:26:32 | 000,000,000 | ---D | C] -- C:\Users\Krasimira\AppData\Roaming\DealPly
[2013-05-23 16:26:20 | 000,000,000 | ---D | C] -- C:\Users\Krasimira\AppData\Local\Google
[2013-05-22 11:27:31 | 000,000,000 | ---D | C] -- C:\Users\Krasimira\Desktop\Musika
[2013-05-21 16:24:25 | 000,000,000 | ---D | C] -- C:\Users\Krasimira\AppData\Roaming\Identities
[2013-05-21 16:06:33 | 000,000,000 | ---D | C] -- C:\Users\Krasimira\Documents\OneNote Notebooks
[2013-05-21 15:57:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2013-05-21 15:56:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works
[2013-05-21 15:55:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio
[2013-05-21 15:55:14 | 000,000,000 | ---D | C] -- C:\windows\PCHEALTH
[2013-05-21 15:52:38 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2013-05-21 15:52:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2013-05-21 15:51:47 | 000,000,000 | ---D | C] -- C:\Users\Krasimira\AppData\Local\Microsoft Help
[2013-05-20 21:58:51 | 000,000,000 | ---D | C] -- C:\Users\Krasimira\AppData\Roaming\BitComet
[2013-05-20 21:58:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitComet (64-bit)
[2013-05-20 21:58:49 | 000,000,000 | ---D | C] -- C:\Program Files\BitComet
[2013-05-20 08:33:47 | 000,000,000 | ---D | C] -- C:\Users\Krasimira\AppData\Local\Programs
[2013-05-19 16:41:46 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2013-05-19 16:41:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MpcStar
[2013-05-19 16:41:30 | 000,000,000 | ---D | C] -- C:\Users\Krasimira\AppData\Roaming\tigerplayer
[2013-05-19 16:41:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MpcStar
[2013-05-19 16:41:30 | 000,000,000 | ---D | C] -- C:\Users\Krasimira\AppData\Roaming\CometPlayer
[2013-05-19 16:36:13 | 000,000,000 | ---D | C] -- C:\Users\Krasimira\AppData\Roaming\WebApp
[2013-05-19 16:34:39 | 000,000,000 | ---D | C] -- C:\Users\Krasimira\AppData\Local\Cyberlink
[2013-05-19 16:34:37 | 000,000,000 | ---D | C] -- C:\Users\Krasimira\Documents\Lenovo
[2013-05-19 16:34:37 | 000,000,000 | ---D | C] -- C:\Users\Krasimira\Documents\CyberLink
[2013-05-19 16:34:16 | 000,000,000 | ---D | C] -- C:\Users\Krasimira\AppData\Roaming\CyberLink
[2013-05-19 16:11:28 | 000,000,000 | ---D | C] -- C:\Users\Krasimira\Desktop\Friends - full serial
[2013-05-19 10:45:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Navisworks 2013
[2013-05-19 10:45:08 | 000,000,000 | ---D | C] -- C:\Users\Krasimira\AppData\Roaming\Autodesk Navisworks Manage 2013
[2013-05-19 10:45:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Autodesk Navisworks Manage 2013
[2013-05-19 10:43:37 | 000,000,000 | ---D | C] -- C:\Users\Krasimira\Documents\Autodesk Showcase 2013
[2013-05-19 10:40:50 | 000,000,000 | ---D | C] -- C:\Users\Krasimira\AppData\Local\Autodesk,_Inc
[2013-05-19 10:26:39 | 000,000,000 | ---D | C] -- C:\Users\Krasimira\Documents\Infrastructure Models
[2013-05-18 14:05:03 | 000,000,000 | ---D | C] -- C:\Users\Krasimira\Desktop\snimki
[2013-05-18 14:02:34 | 000,000,000 | ---D | C] -- C:\Users\Krasimira\Desktop\documenti za bliznaci
[2013-05-18 13:58:49 | 001,962,344 | ---- | C] (Crawler, LLC ) -- C:\Users\Krasimira\Documents\ClassicStart8Setup.exe
[2013-05-18 12:59:30 | 000,000,000 | ---D | C] -- C:\Users\Krasimira\AppData\Local\SwvUpdater
[2013-05-18 12:59:02 | 000,000,000 | ---D | C] -- C:\Users\Krasimira\AppData\Roaming\Mozilla
[2013-05-18 12:59:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TornTV.com
[2013-05-18 11:47:36 | 000,000,000 | ---D | C] -- C:\ProgramData\APN
[2013-05-18 11:40:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2013-05-18 11:17:47 | 000,142,120 | ---- | C] (SafeNet, Inc.) -- C:\windows\SysNative\drivers\sentinel64.sys
[2013-05-18 11:16:24 | 000,000,000 | -H-D | C] -- C:\windows\PIF
[2013-05-18 08:53:50 | 000,000,000 | ---D | C] -- C:\Users\Krasimira\AppData\Local\CounterPath Corporation
[2013-05-18 08:53:45 | 000,000,000 | ---D | C] -- C:\Users\Krasimira\AppData\Local\CounterPath
[2013-05-18 08:52:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2013-05-18 08:52:09 | 047,103,224 | ---- | C] (CounterPath Corporation ) -- C:\Users\Krasimira\Documents\X-Lite_Win32_4.5.2_70142.exe
[2013-05-17 23:57:57 | 000,000,000 | ---D | C] -- C:\Users\Krasimira\Documents\thediction.com_10Alpha3
[2013-05-17 22:58:17 | 000,000,000 | ---D | C] -- C:\Users\Krasimira\AppData\Local\cache
[2013-05-17 22:55:20 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2013-05-17 22:42:29 | 000,000,000 | ---D | C] -- C:\Users\Krasimira\Documents\Inventor Server x64 3dsMaxDesign
[2013-05-17 22:27:35 | 000,000,000 | ---D | C] -- C:\Users\Krasimira\Documents\Inventor
[2013-05-17 22:22:12 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Autodesk
[2013-05-17 22:20:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DWG TrueView 2013
[2013-05-17 22:20:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Designer
[2013-05-17 22:12:38 | 000,000,000 | ---D | C] -- C:\Users\Krasimira\Documents\Inventor Server SDK MEP 2013
[2013-05-17 22:09:07 | 000,000,000 | ---D | C] -- C:\Users\Krasimira\Documents\Inventor Server SDK ACA 2013
[2013-05-17 22:06:17 | 000,000,000 | ---D | C] -- C:\Users\Krasimira\Documents\Inventor Server x64 Showcase2013
[2013-05-17 21:56:00 | 000,000,000 | ---D | C] -- C:\Users\Krasimira\Documents\3dsMaxDesign
[2013-05-17 21:54:51 | 000,000,000 | ---D | C] -- C:\Users\Krasimira\Documents\Inventor Server x64 Direct Connect
[2013-05-17 21:52:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Macrovision Shared
[2013-05-17 21:51:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Business Objects
[2013-05-17 21:51:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Autodesk
[2013-05-17 21:50:48 | 000,000,000 | ---D | C] -- C:\Users\Krasimira\Documents\Autodesk
[2013-05-17 21:41:40 | 000,000,000 | ---D | C] -- C:\Users\Krasimira\Documents\Inventor Server x64 InvSvr_x64_NAVMAN_10
[2013-05-17 21:37:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2013-05-17 21:36:51 | 000,000,000 | ---D | C] -- C:\Users\Krasimira\Documents\Inventor Server SDK ACAD 2013
[2013-05-17 21:35:31 | 000,000,000 | ---D | C] -- C:\Users\Krasimira\AppData\Local\Autodesk
[2013-05-17 21:32:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Autodesk
[2013-05-17 21:32:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2013-05-17 21:31:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
[2013-05-17 21:25:41 | 000,000,000 | ---D | C] -- C:\Users\Krasimira\AppData\Local\Adobe
[2013-05-17 21:24:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Autodesk Shared
[2013-05-17 21:24:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Autodesk Shared
[2013-05-17 21:23:46 | 000,000,000 | ---D | C] -- C:\Program Files\Autodesk
[2013-05-17 20:40:27 | 000,000,000 | ---D | C] -- C:\Users\Krasimira\AppData\Roaming\Autodesk
[2013-05-17 20:40:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Autodesk
[2013-05-17 17:05:28 | 000,000,000 | ---D | C] -- C:\Users\Krasimira\AppData\Local\CrashDumps
[2013-05-17 17:03:49 | 000,000,000 | ---D | C] -- C:\Users\Krasimira\AppData\Local\ElevatedDiagnostics
[2013-05-17 16:55:25 | 000,000,000 | ---D | C] -- C:\Users\Krasimira\AppData\Roaming\CStart8
[2013-05-17 16:55:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Classic Start 8
[2013-05-17 16:55:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CStart8
[2013-05-17 16:53:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Stardock
[2013-05-17 16:52:58 | 000,000,000 | ---D | C] -- C:\Users\Krasimira\AppData\Roaming\Nitro
[2013-05-17 16:02:01 | 000,000,000 | ---D | C] -- C:\Users\Krasimira\AppData\Roaming\Skype
[2013-05-17 16:01:52 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2013-05-17 16:01:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013-05-17 16:01:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013-05-17 16:01:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2013-05-17 16:00:53 | 001,337,448 | ---- | C] (Skype Technologies S.A.) -- C:\Users\Krasimira\Documents\SkypeSetup.exe
[2013-05-17 14:43:17 | 000,000,000 | ---D | C] -- C:\Users\Krasimira\AppData\Local\LSC
[2013-05-17 14:43:11 | 000,000,000 | ---D | C] -- C:\Users\Krasimira\AppData\Roaming\Nitro PDF
[2013-05-17 14:42:59 | 000,000,000 | ---D | C] -- C:\Users\Krasimira\AppData\Roaming\LSC
[2013-05-17 14:35:27 | 000,000,000 | ---D | C] -- C:\Users\Krasimira\AppData\Local\BMExplorer
[2013-05-17 14:35:27 | 000,000,000 | ---D | C] -- C:\Users\Krasimira\Documents\Bluetooth Folder
[2013-05-17 14:35:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Energy Management
[2013-05-17 14:35:14 | 000,000,000 | ---D | C] -- C:\Users\Krasimira\AppData\Roaming\Lenovo
[2013-05-17 14:35:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Atheros
[2013-05-17 14:35:07 | 000,000,000 | ---D | C] -- C:\Users\Krasimira\AppData\Roaming\Atheros
[2013-05-17 14:34:37 | 000,000,000 | R--D | C] -- C:\Users\Krasimira\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013-05-17 14:34:37 | 000,000,000 | R--D | C] -- C:\Users\Krasimira\Searches
[2013-05-17 14:34:37 | 000,000,000 | R--D | C] -- C:\Users\Krasimira\Contacts
[2013-05-17 14:34:37 | 000,000,000 | R--D | C] -- C:\Users\Krasimira\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013-05-17 14:34:37 | 000,000,000 | -H-D | C] -- C:\Users\Krasimira\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2013-05-17 14:34:24 | 000,000,000 | ---D | C] -- C:\ProgramData\eBay
[2013-05-17 14:33:55 | 000,000,000 | ---D | C] -- C:\Users\Krasimira\AppData\Roaming\Adobe
[2013-05-17 14:33:11 | 000,000,000 | ---D | C] -- C:\Users\Krasimira\AppData\Local\VirtualStore
[2013-05-17 14:33:03 | 000,000,000 | ---D | C] -- C:\Users\Krasimira\AppData\Local\Packages
[2013-05-17 14:32:52 | 000,000,000 | -HSD | C] -- C:\Users\Krasimira\AppData\Local\Temporary Internet Files
[2013-05-17 14:32:52 | 000,000,000 | -HSD | C] -- C:\Users\Krasimira\Templates
[2013-05-17 14:32:52 | 000,000,000 | -HSD | C] -- C:\Users\Krasimira\Start Menu
[2013-05-17 14:32:52 | 000,000,000 | -HSD | C] -- C:\Users\Krasimira\SendTo
[2013-05-17 14:32:52 | 000,000,000 | -HSD | C] -- C:\Users\Krasimira\Recent
[2013-05-17 14:32:52 | 000,000,000 | -HSD | C] -- C:\Users\Krasimira\PrintHood
[2013-05-17 14:32:52 | 000,000,000 | -HSD | C] -- C:\Users\Krasimira\NetHood
[2013-05-17 14:32:52 | 000,000,000 | -HSD | C] -- C:\Users\Krasimira\Documents\My Videos
[2013-05-17 14:32:52 | 000,000,000 | -HSD | C] -- C:\Users\Krasimira\Documents\My Pictures
[2013-05-17 14:32:52 | 000,000,000 | -HSD | C] -- C:\Users\Krasimira\Documents\My Music
[2013-05-17 14:32:52 | 000,000,000 | -HSD | C] -- C:\Users\Krasimira\My Documents
[2013-05-17 14:32:52 | 000,000,000 | -HSD | C] -- C:\Users\Krasimira\Local Settings
[2013-05-17 14:32:52 | 000,000,000 | -HSD | C] -- C:\Users\Krasimira\AppData\Local\History
[2013-05-17 14:32:52 | 000,000,000 | -HSD | C] -- C:\Users\Krasimira\Cookies
[2013-05-17 14:32:52 | 000,000,000 | -HSD | C] -- C:\Users\Krasimira\Application Data
[2013-05-17 14:32:52 | 000,000,000 | -HSD | C] -- C:\Users\Krasimira\AppData\Local\Application Data
[2013-05-17 14:32:51 | 000,000,000 | --SD | C] -- C:\Users\Krasimira\AppData\Roaming\Microsoft
[2013-05-17 14:32:51 | 000,000,000 | R--D | C] -- C:\Users\Krasimira\Videos
[2013-05-17 14:32:51 | 000,000,000 | R--D | C] -- C:\Users\Krasimira\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[2013-05-17 14:32:51 | 000,000,000 | R--D | C] -- C:\Users\Krasimira\Saved Games
[2013-05-17 14:32:51 | 000,000,000 | R--D | C] -- C:\Users\Krasimira\Pictures
[2013-05-17 14:32:51 | 000,000,000 | R--D | C] -- C:\Users\Krasimira\Music
[2013-05-17 14:32:51 | 000,000,000 | R--D | C] -- C:\Users\Krasimira\Links
[2013-05-17 14:32:51 | 000,000,000 | R--D | C] -- C:\Users\Krasimira\Favorites
[2013-05-17 14:32:51 | 000,000,000 | R--D | C] -- C:\Users\Krasimira\Downloads
[2013-05-17 14:32:51 | 000,000,000 | R--D | C] -- C:\Users\Krasimira\Documents
[2013-05-17 14:32:51 | 000,000,000 | R--D | C] -- C:\Users\Krasimira\Desktop
[2013-05-17 14:32:51 | 000,000,000 | R--D | C] -- C:\Users\Krasimira\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013-05-17 14:32:51 | 000,000,000 | R--D | C] -- C:\Users\Krasimira\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[2013-05-17 14:32:51 | 000,000,000 | -H-D | C] -- C:\Users\Krasimira\AppData
[2013-05-17 14:32:51 | 000,000,000 | ---D | C] -- C:\Users\Krasimira\AppData\Local\Temp
[2013-05-17 14:32:51 | 000,000,000 | ---D | C] -- C:\Users\Krasimira\AppData\Local\Microsoft
[2013-05-17 14:32:51 | 000,000,000 | ---D | C] -- C:\Users\Krasimira\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013-05-17 14:32:51 | 000,000,000 | ---D | C] -- C:\Users\Krasimira\AppData\Roaming\Macromedia
[2013-05-08 08:14:58 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2013-05-08 08:14:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations
[2013-05-08 08:14:33 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneKey Recovery
[2013-05-08 08:14:32 | 000,102,376 | ---- | C] ("CyberLink) -- C:\windows\SysNative\drivers\wsvd.sys
[2013-05-08 08:14:32 | 000,000,000 | ---D | C] -- C:\ProgramData\OneKey Recovery
[2013-05-08 08:14:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel AppUp(SM) center
[2013-05-08 08:12:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Lenovo
[2013-05-08 08:10:21 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2013-05-08 08:09:50 | 000,000,000 | ---D | C] -- C:\Program Files\Lenovo
[2013-05-08 08:09:49 | 000,000,000 | ---D | C] -- C:\windows\Downloaded Installations
[2013-05-08 08:09:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2013-05-08 08:09:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2013-05-08 08:09:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2013-05-08 08:08:59 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2013-05-08 08:08:54 | 000,000,000 | ---D | C] -- C:\windows\fr-FR
[2013-05-08 08:07:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SugarSync
[2013-05-08 08:06:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cyberlink
[2013-05-08 08:05:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp
[2013-05-08 08:05:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
[2013-05-08 08:05:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lenovo
[2013-05-08 08:03:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Nitro
[2013-05-08 08:02:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2013-05-08 07:53:20 | 000,136,424 | ---- | C] (Qualcomm Atheros) -- C:\windows\SysNative\drivers\btath_rcp.sys
[2013-05-08 07:53:19 | 000,179,432 | ---- | C] (Qualcomm Atheros) -- C:\windows\SysNative\drivers\btath_hcrp.sys
[2013-05-08 07:53:19 | 000,077,464 | ---- | C] (Qualcomm Atheros) -- C:\windows\SysNative\drivers\btath_lwflt.sys
[2013-05-08 07:53:18 | 000,346,192 | ---- | C] (Qualcomm Atheros) -- C:\windows\SysNative\drivers\btath_a2dp.sys
[2013-05-08 07:53:18 | 000,115,280 | ---- | C] (Qualcomm Atheros) -- C:\windows\SysNative\drivers\btath_avdt.sys
[2013-05-08 07:53:18 | 000,089,168 | ---- | C] (Qualcomm Atheros) -- C:\windows\SysNative\drivers\btath_flt.sys
[2013-05-08 07:53:17 | 000,581,200 | ---- | C] (Qualcomm Atheros) -- C:\windows\SysNative\drivers\btfilter.sys
[2013-05-08 07:53:17 | 000,034,384 | ---- | C] (Qualcomm Atheros) -- C:\windows\SysNative\drivers\btath_bus.sys
[2013-05-08 07:53:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Atheros
[2013-05-08 07:52:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\QCA_Bluetooth
[2013-05-08 07:52:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bluetooth Suite
[2013-05-08 07:51:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\USB Camera
[2013-05-08 07:51:38 | 000,975,104 | ---- | C] (Vimicro Corporation) -- C:\windows\SysNative\drivers\vm331avs.sys
[2013-05-08 07:51:38 | 000,311,808 | ---- | C] (Vimicro Corporation) -- C:\windows\SysNative\VmCoinst.dll
[2013-05-08 07:51:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vimicro
[2013-05-08 07:49:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Qualcomm Atheros
[2013-05-08 07:49:28 | 003,653,632 | ---- | C] (Qualcomm Atheros Communications, Inc.) -- C:\windows\SysNative\drivers\athw8x.sys
[2013-05-08 07:49:28 | 003,653,632 | ---- | C] (Qualcomm Atheros Communications, Inc.) -- C:\windows\SysNative\athw8x.sys
[2013-05-08 07:49:28 | 000,000,000 | ---D | C] -- C:\windows\Options
[2013-05-08 07:49:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Qualcomm Atheros
[2013-05-08 07:47:06 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2013-05-08 07:46:06 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\Atheros_L1e
[2013-05-08 07:45:51 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\sda
[2013-05-08 07:45:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2013-05-08 07:45:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dolby Advanced Audio v2
[2013-05-08 07:45:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dolby
[2013-05-08 07:44:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Conexant
[2013-05-08 07:44:21 | 000,000,000 | ---D | C] -- C:\Program Files\CONEXANT
[2013-05-08 07:38:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel
[2013-05-08 07:38:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel
[2013-05-08 07:38:26 | 000,056,832 | ---- | C] (Khronos Group) -- C:\windows\SysNative\OpenCL.DLL
[2013-05-08 07:38:26 | 000,056,320 | ---- | C] (Khronos Group) -- C:\windows\SysWow64\OpenCL.DLL
[2013-05-08 07:37:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel
[2013-05-08 07:37:14 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2013-05-08 07:36:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\postureAgent
[2013-05-08 07:36:47 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2013-05-08 07:33:16 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\windows\SysWow64\CSVer.dll
[2013-05-08 07:33:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2013-05-08 07:23:29 | 000,000,000 | ---D | C] -- C:\windows\SoftwareDistribution
[2013-03-13 18:19:10 | 000,056,832 | ---- | C] (Khronos Group) -- C:\windows\SysNative\Intel_OpenCL_ICD64.dll
[2013-03-13 18:19:10 | 000,056,320 | ---- | C] (Khronos Group) -- C:\windows\SysWow64\Intel_OpenCL_ICD32.dll

========== Files - Modified Within 180 Days ==========

[2013-08-30 11:56:10 | 000,848,230 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013-08-30 11:56:10 | 000,722,260 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013-08-30 11:56:10 | 000,136,434 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013-08-30 11:54:52 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013-08-29 10:52:27 | 260,038,464 | ---- | M] (Kaspersky Lab) -- C:\Users\Krasimira\Desktop\kis14.0.0.4651aEN_4879.exe
[2013-08-28 15:56:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Krasimira\Desktop\OTL.exe
[2013-08-28 15:50:38 | 000,139,264 | ---- | M] () -- C:\Users\Krasimira\Desktop\SystemLook.exe
[2013-07-27 07:41:02 | 000,013,689 | ---- | M] () -- C:\Users\Krasimira\Desktop\Microsoft Office 2007 Enterprise UG VL DVD-ZWTiSO.torrent
[2013-07-23 17:11:02 | 000,350,467 | ---- | M] () -- C:\Users\Krasimira\Desktop\2013 Q2.pdf
[2013-07-18 00:09:00 | 000,000,916 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013-07-17 23:45:35 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013-07-13 09:08:47 | 000,582,632 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013-07-04 08:33:56 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\X-Lite.lnk
[2013-06-30 09:27:14 | 000,001,275 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2013-06-29 21:25:25 | 072,099,420 | ---- | M] () -- C:\Users\Krasimira\Desktop\Google SketchUp Pro 8.0.4811 incl crack-serials(www.pkgames.net).rar
[2013-06-24 07:54:26 | 000,003,120 | ---- | M] () -- C:\windows\SysWow64\ALLFSAF13a.ocx
[2013-06-24 07:54:25 | 000,002,199 | ---- | M] () -- C:\Users\Public\Desktop\Style Builder 2013.lnk
[2013-06-24 07:54:25 | 000,002,113 | ---- | M] () -- C:\Users\Public\Desktop\LayOut 2013.lnk
[2013-06-24 07:54:25 | 000,002,028 | ---- | M] () -- C:\Users\Public\Desktop\SketchUp 2013.lnk
[2013-06-24 07:49:08 | 000,003,120 | ---- | M] () -- C:\windows\SysWow64\ALLFSAF8a.ocx
[2013-06-24 07:48:22 | 000,002,207 | ---- | M] () -- C:\Users\Public\Desktop\Style Builder 2.lnk
[2013-06-24 07:48:22 | 000,002,121 | ---- | M] () -- C:\Users\Public\Desktop\LayOut 3.lnk
[2013-06-24 07:48:22 | 000,002,036 | ---- | M] () -- C:\Users\Public\Desktop\Google SketchUp 8.lnk
[2013-06-24 07:42:25 | 000,001,197 | ---- | M] () -- C:\Users\Krasimira\Application Data\Microsoft\Internet Explorer\Quick Launch\Bandizip.lnk
[2013-06-24 07:42:25 | 000,001,195 | ---- | M] () -- C:\Users\Krasimira\Desktop\Bandizip.lnk
[2013-06-24 07:31:23 | 000,000,258 | RHS- | M] () -- C:\Users\Krasimira\ntuser.pol
[2013-06-21 07:40:02 | 000,000,369 | ---- | M] () -- C:\Users\Krasimira\AppData\Local\RegisteredPackageInformation.xml
[2013-06-17 21:18:47 | 000,002,002 | ---- | M] () -- C:\Users\Public\Desktop\Lenovo Solution Center.lnk
[2013-06-16 22:04:00 | 000,000,670 | ---- | M] () -- C:\Users\Krasimira\AppData\Roaming\bibstats
[2013-05-28 06:48:49 | 000,000,154 | ---- | M] () -- C:\windows\SysNative\LexFiles.ulf
[2013-05-25 18:50:24 | 009,543,774 | ---- | M] () -- C:\Users\Krasimira\Documents\BlueWater.themepack
[2013-05-25 18:47:11 | 018,848,284 | ---- | M] () -- C:\Users\Krasimira\Documents\QueenstownNZIanRushton.themepack
[2013-05-23 17:00:40 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_User_LocationProvider_01_11_00.Wdf
[2013-05-21 16:06:31 | 000,001,317 | ---- | M] () -- C:\Users\Krasimira\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2013-05-20 22:15:08 | 000,357,853 | ---- | M] () -- C:\Users\Krasimira\Documents\treti file ms office.png
[2013-05-20 22:13:12 | 000,705,708 | ---- | M] () -- C:\Users\Krasimira\Documents\vtori file ms office.png
[2013-05-20 21:58:52 | 000,000,823 | ---- | M] () -- C:\Users\Public\Desktop\BitComet.lnk
[2013-05-20 21:58:24 | 010,889,568 | ---- | M] () -- C:\Users\Krasimira\Documents\BitComet_1-35_x64_setup.exe
[2013-05-19 18:08:47 | 000,386,642 | ---- | M] () -- C:\windows\SysNative\ApnDatabase.xml
[2013-05-19 16:41:32 | 000,001,152 | ---- | M] () -- C:\Users\Krasimira\Documents\Comet Player.lnk
[2013-05-19 16:41:32 | 000,001,002 | ---- | M] () -- C:\Users\Public\Desktop\MpcStar.lnk
[2013-05-19 10:30:46 | 000,000,144 | ---- | M] () -- C:\Users\Krasimira\Documents\acad.err
[2013-05-18 08:52:09 | 047,103,224 | ---- | M] (CounterPath Corporation ) -- C:\Users\Krasimira\Documents\X-Lite_Win32_4.5.2_70142.exe
[2013-05-17 23:57:36 | 007,535,127 | ---- | M] () -- C:\Users\Krasimira\Documents\thediction.com_10Alpha3.zip
[2013-05-17 22:38:56 | 000,002,080 | ---- | M] () -- C:\Users\Public\Desktop\Inventor Fusion 2013.lnk
[2013-05-17 22:34:03 | 000,002,145 | ---- | M] () -- C:\Users\Public\Desktop\Autodesk Infrastructure Modeler 2013.lnk
[2013-05-17 22:25:26 | 000,002,230 | ---- | M] () -- C:\Users\Public\Desktop\Autodesk Inventor 2013.lnk
[2013-05-17 22:21:18 | 000,002,110 | ---- | M] () -- C:\Users\Public\Desktop\DWG TrueView 2013.lnk
[2013-05-17 22:20:05 | 000,001,950 | ---- | M] () -- C:\Users\Public\Desktop\SketchBook Designer 2013.lnk
[2013-05-17 22:18:17 | 000,002,190 | ---- | M] () -- C:\Users\Public\Desktop\Autodesk Design Review 2013.lnk
[2013-05-17 22:17:49 | 000,002,261 | ---- | M] () -- C:\Users\Public\Desktop\AutoCAD Structural Detailing 2013 - English.lnk
[2013-05-17 22:14:27 | 000,002,373 | ---- | M] () -- C:\Users\Public\Desktop\AutoCAD MEP 2013 - English (Global).lnk
[2013-05-17 22:11:00 | 000,002,415 | ---- | M] () -- C:\Users\Public\Desktop\AutoCAD Architecture 2013 - English (US Metric).lnk
[2013-05-17 22:11:00 | 000,002,409 | ---- | M] () -- C:\Users\Public\Desktop\AutoCAD Architecture 2013 - English (Global).lnk
[2013-05-17 22:06:08 | 000,001,870 | ---- | M] () -- C:\Users\Krasimira\Application Data\Microsoft\Internet Explorer\Quick Launch\Autodesk Showcase 2013 (64-bit).lnk
[2013-05-17 22:06:08 | 000,001,846 | ---- | M] () -- C:\Users\Public\Desktop\Autodesk Showcase 2013 (64-bit).lnk
[2013-05-17 22:00:20 | 000,002,026 | ---- | M] () -- C:\Users\Public\Desktop\Autodesk 3ds Max Design 2013 64-bit.lnk
[2013-05-17 21:52:11 | 000,001,100 | ---- | M] () -- C:\Users\Public\Desktop\Autodesk Quantity Takeoff 2013.lnk
[2013-05-17 21:50:39 | 000,002,369 | ---- | M] () -- C:\Users\Public\Desktop\Autodesk Robot Structural Analysis Professional 2013.lnk
[2013-05-17 21:41:22 | 000,002,061 | ---- | M] () -- C:\Users\Public\Desktop\Navisworks Manage 2013.lnk
[2013-05-17 21:36:57 | 000,002,109 | ---- | M] () -- C:\Users\Public\Desktop\AutoCAD 2013 - English.lnk
[2013-05-17 21:36:07 | 000,000,153 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2013-05-17 21:31:56 | 000,002,078 | ---- | M] () -- C:\Users\Public\Desktop\Revit 2013.lnk
[2013-05-17 16:55:15 | 001,962,344 | ---- | M] (Crawler, LLC ) -- C:\Users\Krasimira\Documents\ClassicStart8Setup.exe
[2013-05-17 16:52:29 | 008,369,112 | ---- | M] () -- C:\Users\Krasimira\Documents\Start8-cnet-setup.exe
[2013-05-17 16:01:52 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013-05-17 16:00:53 | 001,337,448 | ---- | M] (Skype Technologies S.A.) -- C:\Users\Krasimira\Documents\SkypeSetup.exe
[2013-05-17 14:38:31 | 000,001,435 | ---- | M] () -- C:\Users\Krasimira\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013-05-08 08:18:04 | 002,271,773 | ---- | M] () -- C:\windows\MFGSTAT.zip
[2013-05-08 08:16:28 | 000,000,011 | ---- | M] () -- C:\windows\SysNative\lendrvchk.scp
[2013-05-08 08:14:33 | 000,002,097 | ---- | M] () -- C:\Users\Public\Desktop\OneKey Recovery.lnk
[2013-05-08 08:14:01 | 000,002,238 | ---- | M] () -- C:\Users\Public\Desktop\Intel AppUp(SM) center.lnk
[2013-05-08 08:12:23 | 000,000,198 | -H-- | M] () -- C:\ProgramData\Lenovo-25628.vbs
[2013-05-08 08:09:02 | 000,002,188 | ---- | M] () -- C:\Users\Public\Desktop\Lenovo PowerDVD 10.lnk
[2013-05-08 08:06:58 | 000,001,241 | ---- | M] () -- C:\Users\Public\Desktop\Lenovo YouCam.lnk
[2013-05-08 08:05:07 | 000,002,083 | ---- | M] () -- C:\Users\Krasimira\Documents\UserGuide.lnk
[2013-05-08 07:47:09 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2013-05-08 07:47:07 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_Kernel_Smb_driver_Intel_01009.Wdf
[2013-05-08 07:45:36 | 000,000,000 | -H-- | M] () -- C:\ProgramData\DP45977C.lfl
[2013-05-08 07:42:21 | 000,016,238 | ---- | M] () -- C:\windows\SysNative\results.xml
[2013-05-08 07:32:33 | 000,000,042 | ---- | M] () -- C:\windows\SysWow64\drivers\17AA_Lenovo_Lenovo_G780_20138.MRK
[2013-04-04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2013-08-28 15:50:37 | 000,139,264 | ---- | C] () -- C:\Users\Krasimira\Desktop\SystemLook.exe
[2013-07-27 07:40:57 | 000,013,689 | ---- | C] () -- C:\Users\Krasimira\Desktop\Microsoft Office 2007 Enterprise UG VL DVD-ZWTiSO.torrent
[2013-07-23 17:10:59 | 000,350,467 | ---- | C] () -- C:\Users\Krasimira\Desktop\2013 Q2.pdf
[2013-07-13 09:08:12 | 000,582,632 | ---- | C] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013-07-09 12:53:44 | 000,386,642 | ---- | C] () -- C:\windows\SysNative\ApnDatabase.xml
[2013-07-04 08:33:56 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\X-Lite.lnk
[2013-06-30 09:27:14 | 000,001,275 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2013-06-24 07:54:26 | 000,003,120 | ---- | C] () -- C:\windows\SysWow64\ALLFSAF13a.ocx
[2013-06-24 07:54:25 | 000,002,199 | ---- | C] () -- C:\Users\Public\Desktop\Style Builder 2013.lnk
[2013-06-24 07:54:25 | 000,002,113 | ---- | C] () -- C:\Users\Public\Desktop\LayOut 2013.lnk
[2013-06-24 07:54:25 | 000,002,028 | ---- | C] () -- C:\Users\Public\Desktop\SketchUp 2013.lnk
[2013-06-24 07:49:59 | 000,000,916 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013-06-24 07:49:57 | 000,000,912 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013-06-24 07:49:08 | 000,003,120 | ---- | C] () -- C:\windows\SysWow64\ALLFSAF8a.ocx
[2013-06-24 07:48:22 | 000,002,207 | ---- | C] () -- C:\Users\Public\Desktop\Style Builder 2.lnk
[2013-06-24 07:48:22 | 000,002,121 | ---- | C] () -- C:\Users\Public\Desktop\LayOut 3.lnk
[2013-06-24 07:48:22 | 000,002,036 | ---- | C] () -- C:\Users\Public\Desktop\Google SketchUp 8.lnk
[2013-06-24 07:42:25 | 000,001,197 | ---- | C] () -- C:\Users\Krasimira\Application Data\Microsoft\Internet Explorer\Quick Launch\Bandizip.lnk
[2013-06-24 07:42:25 | 000,001,195 | ---- | C] () -- C:\Users\Krasimira\Desktop\Bandizip.lnk
[2013-06-24 07:35:53 | 072,099,420 | ---- | C] () -- C:\Users\Krasimira\Desktop\Google SketchUp Pro 8.0.4811 incl crack-serials(www.pkgames.net).rar
[2013-06-24 07:31:23 | 000,000,258 | RHS- | C] () -- C:\Users\Krasimira\ntuser.pol
[2013-06-21 07:39:53 | 000,000,369 | ---- | C] () -- C:\Users\Krasimira\AppData\Local\RegisteredPackageInformation.xml
[2013-06-17 21:18:47 | 000,002,002 | ---- | C] () -- C:\Users\Public\Desktop\Lenovo Solution Center.lnk
[2013-06-16 22:03:40 | 000,000,670 | ---- | C] () -- C:\Users\Krasimira\AppData\Roaming\bibstats
[2013-05-28 06:48:49 | 000,000,154 | ---- | C] () -- C:\windows\SysNative\LexFiles.ulf
[2013-05-28 06:48:30 | 000,299,520 | ---- | C] () -- C:\windows\SysNative\lxdxgrd.dll
[2013-05-28 06:48:24 | 001,734,144 | ---- | C] ( ) -- C:\windows\SysNative\lxdxserv.dll
[2013-05-28 06:48:24 | 000,514,048 | ---- | C] ( ) -- C:\windows\SysNative\lxdxih.exe
[2013-05-28 06:48:24 | 000,109,056 | ---- | C] () -- C:\windows\SysNative\lxdxvs.dll
[2013-05-28 06:48:24 | 000,047,104 | ---- | C] ( ) -- C:\windows\SysNative\lxdxprox.dll
[2013-05-28 06:48:23 | 001,039,872 | ---- | C] ( ) -- C:\windows\SysNative\lxdxcoms.exe
[2013-05-28 06:48:23 | 000,977,920 | ---- | C] ( ) -- C:\windows\SysNative\lxdxpmui.dll
[2013-05-28 06:48:23 | 000,884,736 | ---- | C] ( ) -- C:\windows\SysNative\lxdxlmpm.dll
[2013-05-28 06:48:23 | 000,578,560 | ---- | C] ( ) -- C:\windows\SysNative\lxdxcomm.dll
[2013-05-28 06:48:22 | 000,545,792 | ---- | C] ( ) -- C:\windows\SysNative\lxdxinpa.dll
[2013-05-28 06:48:22 | 000,509,952 | ---- | C] ( ) -- C:\windows\SysNative\lxdxiesc.dll
[2013-05-28 06:48:21 | 001,472,512 | ---- | C] ( ) -- C:\windows\SysNative\lxdxcomc.dll
[2013-05-28 06:48:21 | 001,319,936 | ---- | C] ( ) -- C:\windows\SysNative\lxdxusb1.dll
[2013-05-28 06:48:21 | 001,069,056 | ---- | C] ( ) -- C:\windows\SysNative\lxdxhbn3.dll
[2013-05-28 06:48:17 | 000,598,528 | ---- | C] ( ) -- C:\windows\SysNative\lxdxcfg.exe
[2013-05-28 06:47:47 | 001,024,512 | ---- | C] () -- C:\windows\SysNative\lxdxdrs64.dll
[2013-05-28 06:47:47 | 000,782,336 | ---- | C] () -- C:\windows\SysWow64\lxdxdrs.dll
[2013-05-28 06:47:47 | 000,081,920 | ---- | C] () -- C:\windows\SysWow64\lxdxcaps.dll
[2013-05-28 06:47:47 | 000,069,632 | ---- | C] () -- C:\windows\SysWow64\lxdxcnv4.dll
[2013-05-28 06:47:47 | 000,054,784 | ---- | C] () -- C:\windows\SysNative\lxdxcnv464.dll
[2013-05-28 06:47:47 | 000,025,600 | ---- | C] () -- C:\windows\SysNative\lxdxcaps64.dll
[2013-05-25 18:52:04 | 018,848,284 | ---- | C] () -- C:\Users\Krasimira\Documents\QueenstownNZIanRushton.themepack
[2013-05-25 18:52:00 | 009,543,774 | ---- | C] () -- C:\Users\Krasimira\Documents\BlueWater.themepack
[2013-05-23 17:00:40 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_User_LocationProvider_01_11_00.Wdf
[2013-05-21 16:06:31 | 000,001,317 | ---- | C] () -- C:\Users\Krasimira\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2013-05-20 22:15:08 | 000,357,853 | ---- | C] () -- C:\Users\Krasimira\Documents\treti file ms office.png
[2013-05-20 22:13:12 | 000,705,708 | ---- | C] () -- C:\Users\Krasimira\Documents\vtori file ms office.png
[2013-05-20 21:58:52 | 000,000,823 | ---- | C] () -- C:\Users\Public\Desktop\BitComet.lnk
[2013-05-20 21:58:17 | 010,889,568 | ---- | C] () -- C:\Users\Krasimira\Documents\BitComet_1-35_x64_setup.exe
[2013-05-19 16:41:32 | 000,001,152 | ---- | C] () -- C:\Users\Krasimira\Documents\Comet Player.lnk
[2013-05-19 16:41:32 | 000,001,002 | ---- | C] () -- C:\Users\Public\Desktop\MpcStar.lnk
[2013-05-19 10:30:46 | 000,000,144 | ---- | C] () -- C:\Users\Krasimira\Documents\acad.err
[2013-05-18 11:16:19 | 000,007,782 | ---- | C] () -- C:\windows\b4800.ini
[2013-05-18 11:16:19 | 000,004,777 | ---- | C] () -- C:\windows\B4NP.ini
[2013-05-18 11:16:19 | 000,004,156 | ---- | C] () -- C:\windows\b4.INI
[2013-05-18 11:16:19 | 000,003,425 | ---- | C] () -- C:\windows\bw41024L.ini
[2013-05-18 11:16:19 | 000,003,302 | ---- | C] () -- C:\windows\bw41024s.ini
[2013-05-18 11:16:19 | 000,000,813 | ---- | C] () -- C:\windows\B4User.ini
[2013-05-17 23:57:08 | 007,535,127 | ---- | C] () -- C:\Users\Krasimira\Documents\thediction.com_10Alpha3.zip
[2013-05-17 22:38:56 | 000,002,080 | ---- | C] () -- C:\Users\Public\Desktop\Inventor Fusion 2013.lnk
[2013-05-17 22:34:03 | 000,002,145 | ---- | C] () -- C:\Users\Public\Desktop\Autodesk Infrastructure Modeler 2013.lnk
[2013-05-17 22:25:26 | 000,002,230 | ---- | C] () -- C:\Users\Public\Desktop\Autodesk Inventor 2013.lnk
[2013-05-17 22:21:18 | 000,002,110 | ---- | C] () -- C:\Users\Public\Desktop\DWG TrueView 2013.lnk
[2013-05-17 22:20:05 | 000,001,950 | ---- | C] () -- C:\Users\Public\Desktop\SketchBook Designer 2013.lnk
[2013-05-17 22:18:17 | 000,002,190 | ---- | C] () -- C:\Users\Public\Desktop\Autodesk Design Review 2013.lnk
[2013-05-17 22:16:35 | 000,002,261 | ---- | C] () -- C:\Users\Public\Desktop\AutoCAD Structural Detailing 2013 - English.lnk
[2013-05-17 22:14:27 | 000,002,373 | ---- | C] () -- C:\Users\Public\Desktop\AutoCAD MEP 2013 - English (Global).lnk
[2013-05-17 22:11:00 | 000,002,415 | ---- | C] () -- C:\Users\Public\Desktop\AutoCAD Architecture 2013 - English (US Metric).lnk
[2013-05-17 22:11:00 | 000,002,409 | ---- | C] () -- C:\Users\Public\Desktop\AutoCAD Architecture 2013 - English (Global).lnk
[2013-05-17 22:06:08 | 000,001,870 | ---- | C] () -- C:\Users\Krasimira\Application Data\Microsoft\Internet Explorer\Quick Launch\Autodesk Showcase 2013 (64-bit).lnk
[2013-05-17 22:06:08 | 000,001,846 | ---- | C] () -- C:\Users\Public\Desktop\Autodesk Showcase 2013 (64-bit).lnk
[2013-05-17 22:00:20 | 000,002,026 | ---- | C] () -- C:\Users\Public\Desktop\Autodesk 3ds Max Design 2013 64-bit.lnk
[2013-05-17 21:52:11 | 000,001,100 | ---- | C] () -- C:\Users\Public\Desktop\Autodesk Quantity Takeoff 2013.lnk
[2013-05-17 21:50:39 | 000,002,369 | ---- | C] () -- C:\Users\Public\Desktop\Autodesk Robot Structural Analysis Professional 2013.lnk
[2013-05-17 21:41:22 | 000,002,061 | ---- | C] () -- C:\Users\Public\Desktop\Navisworks Manage 2013.lnk
[2013-05-17 21:36:07 | 000,000,153 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2013-05-17 21:35:31 | 000,002,109 | ---- | C] () -- C:\Users\Public\Desktop\AutoCAD 2013 - English.lnk
[2013-05-17 21:31:56 | 000,002,078 | ---- | C] () -- C:\Users\Public\Desktop\Revit 2013.lnk
[2013-05-17 16:52:29 | 008,369,112 | ---- | C] () -- C:\Users\Krasimira\Documents\Start8-cnet-setup.exe
[2013-05-17 16:01:52 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2013-05-17 14:38:31 | 000,001,435 | ---- | C] () -- C:\Users\Krasimira\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013-05-17 14:34:31 | 000,001,441 | ---- | C] () -- C:\Users\Krasimira\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013-05-17 14:32:51 | 000,000,352 | ---- | C] () -- C:\Users\Krasimira\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2013-05-17 14:32:51 | 000,000,334 | ---- | C] () -- C:\Users\Krasimira\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2013-05-17 14:32:51 | 000,000,189 | ---- | C] () -- C:\Users\Krasimira\Documents\Lenovo Telephony Start Now.url
[2013-05-08 08:18:04 | 002,271,773 | ---- | C] () -- C:\windows\MFGSTAT.zip
[2013-05-08 08:14:33 | 000,002,097 | ---- | C] () -- C:\Users\Public\Desktop\OneKey Recovery.lnk
[2013-05-08 08:14:01 | 000,002,238 | ---- | C] () -- C:\Users\Public\Desktop\Intel AppUp(SM) center.lnk
[2013-05-08 08:12:23 | 000,000,198 | -H-- | C] () -- C:\ProgramData\Lenovo-25628.vbs
[2013-05-08 08:09:02 | 000,002,188 | ---- | C] () -- C:\Users\Public\Desktop\Lenovo PowerDVD 10.lnk
[2013-05-08 08:07:20 | 000,001,973 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo Cloud Storage by SugarSync.lnk
[2013-05-08 08:06:58 | 000,001,241 | ---- | C] () -- C:\Users\Public\Desktop\Lenovo YouCam.lnk
[2013-05-08 08:05:07 | 000,002,083 | ---- | C] () -- C:\Users\Krasimira\Documents\UserGuide.lnk
[2013-05-08 07:51:38 | 001,069,056 | ---- | C] () -- C:\windows\SysNative\331prx64.ax
[2013-05-08 07:51:38 | 000,659,456 | ---- | C] () -- C:\windows\SysWow64\vmprp331.ax
[2013-05-08 07:51:38 | 000,001,897 | ---- | C] () -- C:\windows\vm331Rmv.ini
[2013-05-08 07:51:38 | 000,001,897 | ---- | C] () -- C:\windows\SysWow64\vm331Rmv.ini
[2013-05-08 07:51:38 | 000,000,356 | ---- | C] () -- C:\windows\System\vm331avs.rsf
[2013-05-08 07:49:28 | 000,331,272 | ---- | C] () -- C:\windows\SysNative\athw8x.inf
[2013-05-08 07:49:28 | 000,080,062 | ---- | C] () -- C:\windows\SysNative\athw8x.cat
[2013-05-08 07:47:09 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2013-05-08 07:47:07 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_Kernel_Smb_driver_Intel_01009.Wdf
[2013-05-08 07:45:36 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2013-05-08 07:42:21 | 000,016,238 | ---- | C] () -- C:\windows\SysNative\results.xml
[2013-05-08 07:32:09 | 000,000,042 | ---- | C] () -- C:\windows\SysWow64\drivers\17AA_Lenovo_Lenovo_G780_20138.MRK
[2013-05-08 07:23:12 | 000,000,011 | ---- | C] () -- C:\windows\SysNative\lendrvchk.scp
[2013-03-13 18:19:10 | 000,598,780 | ---- | C] () -- C:\windows\SysWow64\igvpkrng700.bin
[2013-03-13 18:19:10 | 000,598,780 | ---- | C] () -- C:\windows\SysNative\igvpkrng700.bin
[2013-03-13 18:19:10 | 000,017,062 | ---- | C] () -- C:\windows\SysNative\iglhxs64.vp
[2013-03-13 18:19:08 | 000,009,216 | ---- | C] ( ) -- C:\windows\SysNative\IGFXDEVLib.dll
[2013-03-13 18:19:06 | 000,080,896 | ---- | C] () -- C:\windows\SysNative\igdde64.dll
[2013-03-13 18:19:06 | 000,064,512 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
[2013-03-13 18:19:05 | 000,755,048 | ---- | C] () -- C:\windows\SysWow64\igcodeckrng700.bin
[2013-03-13 18:19:05 | 000,755,048 | ---- | C] () -- C:\windows\SysNative\igcodeckrng700.bin
[2013-03-13 18:19:04 | 000,223,233 | ---- | C] () -- C:\windows\SysNative\Gfxres.th-TH.resources
[2013-03-13 18:19:04 | 000,209,727 | ---- | C] () -- C:\windows\SysNative\Gfxres.el-GR.resources
[2013-03-13 18:19:04 | 000,193,862 | ---- | C] () -- C:\windows\SysNative\Gfxres.ru-RU.resources
[2013-03-13 18:19:04 | 000,165,865 | ---- | C] () -- C:\windows\SysNative\Gfxres.ar-SA.resources
[2013-03-13 18:19:04 | 000,163,120 | ---- | C] () -- C:\windows\SysNative\Gfxres.ja-JP.resources
[2013-03-13 18:19:04 | 000,158,727 | ---- | C] () -- C:\windows\SysNative\Gfxres.he-IL.resources
[2013-03-13 18:19:04 | 000,149,390 | ---- | C] () -- C:\windows\SysNative\Gfxres.it-IT.resources
[2013-03-13 18:19:04 | 000,147,759 | ---- | C] () -- C:\windows\SysNative\Gfxres.ko-KR.resources
[2013-03-13 18:19:04 | 000,147,101 | ---- | C] () -- C:\windows\SysNative\Gfxres.de-DE.resources
[2013-03-13 18:19:04 | 000,147,010 | ---- | C] () -- C:\windows\SysNative\Gfxres.es-ES.resources
[2013-03-13 18:19:04 | 000,145,730 | ---- | C] () -- C:\windows\SysNative\Gfxres.ro-RO.resources
[2013-03-13 18:19:04 | 000,145,211 | ---- | C] () -- C:\windows\SysNative\Gfxres.fr-FR.resources
[2013-03-13 18:19:04 | 000,144,378 | ---- | C] () -- C:\windows\SysNative\Gfxres.tr-TR.resources
[2013-03-13 18:19:04 | 000,143,976 | ---- | C] () -- C:\windows\SysNative\Gfxres.pt-BR.resources
[2013-03-13 18:19:04 | 000,143,730 | ---- | C] () -- C:\windows\SysNative\Gfxres.nl-NL.resources
[2013-03-13 18:19:04 | 000,143,657 | ---- | C] () -- C:\windows\SysNative\Gfxres.hu-HU.resources
[2013-03-13 18:19:04 | 000,142,990 | ---- | C] () -- C:\windows\SysNative\Gfxres.pt-PT.resources
[2013-03-13 18:19:04 | 000,142,617 | ---- | C] () -- C:\windows\SysNative\Gfxres.sv-SE.resources
[2013-03-13 18:19:04 | 000,142,423 | ---- | C] () -- C:\windows\SysNative\Gfxres.pl-PL.resources
[2013-03-13 18:19:04 | 000,142,008 | ---- | C] () -- C:\windows\SysNative\Gfxres.cs-CZ.resources
[2013-03-13 18:19:04 | 000,141,739 | ---- | C] () -- C:\windows\SysNative\Gfxres.fi-FI.resources
[2013-03-13 18:19:04 | 000,141,582 | ---- | C] () -- C:\windows\SysNative\Gfxres.sk-SK.resources
[2013-03-13 18:19:04 | 000,140,779 | ---- | C] () -- C:\windows\SysNative\Gfxres.hr-HR.resources
[2013-03-13 18:19:04 | 000,137,621 | ---- | C] () -- C:\windows\SysNative\Gfxres.sl-SI.resources
[2013-03-13 18:19:04 | 000,137,519 | ---- | C] () -- C:\windows\SysNative\Gfxres.nb-NO.resources
[2013-03-13 18:19:04 | 000,136,873 | ---- | C] () -- C:\windows\SysNative\Gfxres.da-DK.resources
[2013-03-13 18:19:04 | 000,132,360 | ---- | C] () -- C:\windows\SysNative\Gfxres.en-US.resources
[2013-03-13 18:19:04 | 000,126,035 | ---- | C] () -- C:\windows\SysNative\Gfxres.zh-TW.resources
[2013-03-13 18:19:04 | 000,124,403 | ---- | C] () -- C:\windows\SysNative\Gfxres.zh-CN.resources
[2013-03-13 18:19:04 | 000,094,208 | ---- | C] () -- C:\windows\SysNative\IccLibDll_x64.dll
[2013-03-13 18:19:04 | 000,000,255 | ---- | C] () -- C:\windows\SysNative\GfxUI.exe.config
[2012-10-11 10:47:49 | 000,083,968 | ---- | C] () -- C:\windows\SysWow64\OEMLicense.dll
[2012-07-26 02:13:10 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2012-07-26 02:13:09 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2012-07-26 01:21:26 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2012-07-25 19:17:42 | 000,043,520 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2012-07-25 14:37:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2012-07-25 14:28:31 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2012-07-25 14:22:56 | 000,267,284 | ---- | C] () -- C:\windows\SysWow64\igvpkrng600.bin
[2012-07-25 14:22:54 | 000,963,376 | ---- | C] () -- C:\windows\SysWow64\igcodeckrng600.bin
[2012-06-02 08:31:19 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat
[2012-04-20 14:59:44 | 000,001,536 | ---- | C] () -- C:\windows\SysWow64\IusEventLog.dll

========== ZeroAccess Check ==========

[2013-05-17 21:03:50 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\windows\SysNative\shell32.dll -- [2013-03-06 00:31:28 | 019,758,592 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013-03-05 23:03:37 | 017,561,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\windows\SysNative\wbem\fastprox.dll -- [2012-07-25 21:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012-07-25 21:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\windows\SysNative\wbem\wbemess.dll -- [2012-07-25 21:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %PROGRAMFILES%\*. >
[2013-05-08 08:09:46 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Adobe
[2013-05-17 22:40:59 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Autodesk
[2013-05-08 07:53:01 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Bluetooth Suite
[2013-07-17 23:45:07 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files
[2013-05-23 17:03:20 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Conduit
[2013-07-04 08:33:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\CounterPath
[2013-05-17 16:55:25 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\CStart8
[2013-05-08 08:06:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Cyberlink
[2013-07-08 10:56:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\DivX
[2013-05-08 07:45:28 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Dolby Advanced Audio v2
[2013-05-17 22:20:23 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\DWG TrueView 2013
[2013-08-28 14:11:24 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ESET
[2013-07-15 13:31:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Feven
[2013-06-24 07:49:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Google
[2013-07-08 11:02:38 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\InstallShield Installation Information
[2013-05-08 08:13:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Intel
[2013-07-11 20:22:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Internet Explorer
[2013-07-08 11:02:29 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Lenovo
[2013-05-21 15:55:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Office
[2013-05-21 15:55:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Visual Studio
[2013-05-21 15:52:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2013-05-21 16:33:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Works
[2013-05-21 15:55:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft.NET
[2013-05-19 16:41:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MpcStar
[2013-05-21 15:55:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSBuild
[2013-06-24 16:42:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MyPC Backup
[2013-05-08 07:49:46 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Qualcomm Atheros
[2013-06-30 09:27:03 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Real
[2013-06-30 09:27:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\RealNetworks
[2013-05-08 07:45:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Realtek
[2012-10-11 10:41:50 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Reference Assemblies
[2013-06-24 07:54:10 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\SketchUp
[2013-07-17 10:20:36 | 000,000,000 | R--D | M] -- C:\Program Files (x86)\Skype
[2013-05-08 08:07:20 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\SugarSync
[2013-05-18 13:07:46 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\TornTV.com
[2013-05-08 07:51:43 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\USB Camera
[2013-05-08 07:51:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Vimicro
[2013-05-21 15:58:50 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Defender
[2013-05-17 21:10:23 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Mail
[2013-05-17 21:10:22 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Media Player
[2012-07-26 02:13:01 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Multimedia Platform
[2012-07-26 02:12:59 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows NT
[2013-06-20 07:25:43 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Photo Viewer
[2012-07-26 02:13:01 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Portable Devices
[2012-07-26 02:12:59 | 000,000,000 | -HSD | M] -- C:\Program Files (x86)\Windows Sidebar

< %userprofile%\Desktop\*.* >
[2013-07-23 17:11:02 | 000,350,467 | ---- | M] () -- C:\Users\Krasimira\Desktop\2013 Q2.pdf
[2013-06-24 07:42:25 | 000,001,195 | ---- | M] () -- C:\Users\Krasimira\Desktop\Bandizip.lnk
[2013-08-28 10:37:58 | 004,421,008 | ---- | M] () -- C:\Users\Krasimira\Desktop\Doc1.docx
[2013-08-30 11:56:04 | 000,086,806 | ---- | M] () -- C:\Users\Krasimira\Desktop\Extras.Txt
[2013-08-30 11:36:19 | 000,042,756 | ---- | M] () -- C:\Users\Krasimira\Desktop\forum.docx
[2013-06-29 21:25:25 | 072,099,420 | ---- | M] () -- C:\Users\Krasimira\Desktop\Google SketchUp Pro 8.0.4811 incl crack-serials(www.pkgames.net).rar
[2013-08-29 08:41:40 | 000,011,398 | ---- | M] () -- C:\Users\Krasimira\Desktop\help otl.docx
[2013-08-29 10:52:27 | 260,038,464 | ---- | M] (Kaspersky Lab) -- C:\Users\Krasimira\Desktop\kis14.0.0.4651aEN_4879.exe
[2013-07-27 07:41:02 | 000,013,689 | ---- | M] () -- C:\Users\Krasimira\Desktop\Microsoft Office 2007 Enterprise UG VL DVD-ZWTiSO.torrent
[2013-08-30 11:35:05 | 000,015,528 | ---- | M] () -- C:\Users\Krasimira\Desktop\my otl fix-1.docx
[2013-08-28 15:56:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Krasimira\Desktop\OTL.exe
[2013-08-30 11:55:28 | 000,171,462 | ---- | M] () -- C:\Users\Krasimira\Desktop\OTL.Txt
[2013-08-28 15:50:38 | 000,139,264 | ---- | M] () -- C:\Users\Krasimira\Desktop\SystemLook.exe
[2013-08-30 11:43:46 | 000,000,600 | ---- | M] () -- C:\Users\Krasimira\Desktop\SystemLook.txt
[2013-08-30 11:42:05 | 000,000,162 | -H-- | M] () -- C:\Users\Krasimira\Desktop\~$forum.docx

< %userprofile%\Desktop\*. >
[2013-07-25 12:31:06 | 000,000,000 | ---D | M] -- C:\Users\Krasimira\Desktop\documenti za bliznaci
[2013-05-28 17:24:01 | 000,000,000 | ---D | M] -- C:\Users\Krasimira\Desktop\FIRST YEAR
[2013-05-19 18:32:29 | 000,000,000 | ---D | M] -- C:\Users\Krasimira\Desktop\Friends - full serial
[2013-08-23 23:06:34 | 000,000,000 | ---D | M] -- C:\Users\Krasimira\Desktop\Musika
[2013-08-22 12:44:07 | 000,000,000 | ---D | M] -- C:\Users\Krasimira\Desktop\RESUMES
[2013-05-31 22:49:34 | 000,000,000 | ---D | M] -- C:\Users\Krasimira\Desktop\SECOND YEAR
[2013-08-23 23:06:27 | 000,000,000 | ---D | M] -- C:\Users\Krasimira\Desktop\snimki

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

========== Files - Unicode (All) ==========
[2013-08-27 21:03:17 | 000,000,000 | ---D | M](C:\Users\Krasimira\Desktop\???????) -- C:\Users\Krasimira\Desktop\рецепти
[2013-08-27 21:03:17 | 000,000,000 | ---D | M](C:\Users\Krasimira\Desktop\???????) -- C:\Users\Krasimira\Desktop\рецепти
[2013-06-04 18:11:42 | 000,000,000 | ---D | C](C:\Users\Krasimira\Desktop\???????) -- C:\Users\Krasimira\Desktop\рецепти
[2013-05-26 12:47:14 | 001,170,432 | ---- | C] ()(C:\Users\Krasimira\Desktop\? ???????????!!!!.exe) -- C:\Users\Krasimira\Desktop\С наступаюшим!!!!.exe
[2013-01-03 12:27:56 | 001,170,432 | ---- | M] ()(C:\Users\Krasimira\Desktop\? ???????????!!!!.exe) -- C:\Users\Krasimira\Desktop\С наступаюшим!!!!.exe

< End of report >
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi could you confirm that you are aware of the Russian programmes\files on your computer

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:Commands
[CREATERESTOREPOINT]

:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.smilebo...3-2CD05AF21698}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snap.do/...Date=20/05/2013
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://start.smilebo...3-2CD05AF21698}
IE - HKU\S-1-5-21-3645740697-2236784829-290951543-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snap.do/...Date=20/05/2013
IE - HKU\S-1-5-21-3645740697-2236784829-290951543-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snap.do/...Date=20/05/2013
IE - HKU\S-1-5-21-3645740697-2236784829-290951543-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snap.do/...Date=20/05/2013
IE - HKU\S-1-5-21-3645740697-2236784829-290951543-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snap.do/...Date=20/05/2013
IE - HKU\S-1-5-21-3645740697-2236784829-290951543-1001\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snap.do/...Date=20/05/2013
IE - HKU\S-1-5-21-3645740697-2236784829-290951543-1001\..\SearchScopes\{394E4C6B-95BC-44F6-97CA-FA8E20DF5B43}: "URL" = http://www.mysearchr...q={searchTerms}
IE - HKU\S-1-5-21-3645740697-2236784829-290951543-1001\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://start.smilebo...3-2CD05AF21698}
IE - HKU\S-1-5-21-3645740697-2236784829-290951543-1001\..\SearchScopes\{FEB00F85-BDF7-45BB-AB23-AB6E3F6FEBC8}: "URL" = http://search.condui...9562848259&UM=2
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

:Commands
[resethosts]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

THEN

Run OTL again with the following script
[*]Select All Users
[*]Under the Custom Scan box paste this in


dir "%systemdrive%\*" /S /A:L /C


[*]Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • 0

#5
kykg

kykg

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hi,
What do you mean for Russian programs? Which of them are Russian? I have some word's documents on Bulgarian on my desktop.
Thank you
  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Ah OK Russian and Bulgarian look very similar to me :)
  • 0

#7
kykg

kykg

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hi again, I did what you told me. When I reboot the system I lost my OTL.exe file and I install it again.
Here are the new otl.txt and extras.txt files:Attached File  OTL.Txt   96.29KB   122 downloadsAttached File  Extras.Txt   83.9KB   147 downloads
Thank you for your help.

OTL logfile created on: 2013-08-31 8:31:24 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Krasimira\Desktop
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: yyyy-MM-dd

7.87 Gb Total Physical Memory | 6.67 Gb Available Physical Memory | 84.74% Memory free
9.06 Gb Paging File | 7.91 Gb Available in Paging File | 87.38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive D: | 25.00 Gb Total Space | 21.86 Gb Free Space | 87.43% Space Free | Partition Type: NTFS

Computer Name: KRASI | User Name: Krasimira | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013-08-31 08:29:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Krasimira\Desktop\OTL.exe


========== Modules (No Company Name) ==========

MOD - [2011-10-05 03:52:30 | 000,756,048 | ---- | M] () -- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL


========== Services (SafeList) ==========

SRV:64bit: - [2013-06-01 03:19:58 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2013-05-17 21:32:00 | 001,432,400 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2013-05-04 00:58:02 | 000,470,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013-05-04 00:57:05 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2013-04-08 22:48:42 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2013-03-21 15:19:46 | 001,341,664 | ---- | M] (ESET) [Auto | Stopped] -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2013-03-01 20:45:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013-03-01 20:45:05 | 000,180,224 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2013-01-28 19:57:14 | 000,014,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2013-01-09 17:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2013-01-09 17:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2012-11-05 22:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2012-09-20 03:10:47 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2012-09-20 00:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2012-07-25 21:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2012-07-25 21:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2012-07-25 21:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2012-07-25 21:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2012-07-25 21:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2012-07-25 21:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2012-07-25 21:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012-07-25 21:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012-07-25 21:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2012-07-25 21:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2012-07-25 21:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:64bit: - [2012-07-25 18:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2012-07-25 18:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2012-07-25 18:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2012-07-25 18:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2012-07-25 18:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2012-07-25 18:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2012-06-08 03:07:16 | 000,201,376 | ---- | M] (Conexant Systems Inc.) [Auto | Stopped] -- C:\windows\SysNative\CxAudMsg64.exe -- (CxAudMsg)
SRV:64bit: - [2012-04-20 15:16:12 | 000,635,104 | ---- | M] (Intel® Corporation) [Auto | Stopped] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV:64bit: - [2011-09-14 23:19:54 | 000,086,016 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Autodesk\3ds Max Design 2013\NVIDIA\raysat_3dsmax2013_64server.exe -- (mi-raysat_3dsmax2013_64)
SRV:64bit: - [2010-12-28 02:00:34 | 001,296,728 | ---- | M] (www.BitComet.com) [On_Demand | Stopped] -- C:\Program Files\BitComet\tools\BitCometService.exe -- (BITCOMET_HELPER_SERVICE)
SRV:64bit: - [2009-10-16 18:10:46 | 001,039,872 | ---- | M] ( ) [Auto | Stopped] -- C:\windows\SysNative\lxdxcoms.exe -- (lxdx_device)
SRV - [2013-07-12 14:37:18 | 003,289,472 | ---- | M] (Skype Technologies S.A.) [Auto | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013-05-17 21:52:18 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2013-04-19 16:14:16 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013-04-16 03:07:08 | 000,039,056 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2013-04-04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- D:\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013-02-06 19:36:49 | 000,277,488 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2013-01-25 01:12:12 | 000,227,456 | ---- | M] (Qualcomm Atheros Commnucations) [Auto | Stopped] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2013-01-25 00:18:32 | 000,323,584 | R--- | M] (Atheros) [Auto | Stopped] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (ZAtheros Bt and Wlan Coex Agent)
SRV - [2012-11-05 22:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012-07-25 21:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2012-07-17 15:57:22 | 000,365,376 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012-07-17 15:57:20 | 000,277,824 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012-06-25 11:57:14 | 000,166,720 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2012-01-31 10:46:56 | 000,019,232 | ---- | M] (Autodesk, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe -- (Autodesk Content Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013-06-01 05:54:16 | 000,194,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2013-06-01 05:29:35 | 000,337,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2013-06-01 05:29:35 | 000,213,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2013-05-31 21:08:57 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013-05-08 08:17:34 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2013-05-08 08:14:46 | 000,039,008 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\windows\SysNative\Drivers\LhdX64.sys -- (LHDmgr)
DRV:64bit: - [2013-05-08 08:14:46 | 000,033,560 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\windows\SysNative\Drivers\AcpiVpc.sys -- (ACPIVPC)
DRV:64bit: - [2013-05-04 01:34:17 | 000,446,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2013-05-04 01:34:15 | 000,284,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2013-03-02 04:57:46 | 000,077,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013-03-02 04:45:20 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013-03-02 04:39:38 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:64bit: - [2013-02-20 11:07:40 | 000,058,416 | ---- | M] (ESET) [Kernel | Boot | Stopped] -- C:\windows\SysNative\Drivers\epfwwfp.sys -- (epfwwfp)
DRV:64bit: - [2013-02-20 11:07:38 | 000,213,416 | ---- | M] (ESET) [File_System | System | Stopped] -- C:\windows\SysNative\Drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2013-02-04 23:43:24 | 008,987,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2013-01-28 19:57:05 | 000,035,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2013-01-28 17:08:22 | 000,230,904 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2013-01-25 00:46:26 | 000,581,200 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2013-01-25 00:46:24 | 000,136,424 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2013-01-25 00:46:22 | 000,077,464 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2013-01-25 00:46:20 | 000,346,192 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2013-01-25 00:46:20 | 000,179,432 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2013-01-25 00:46:20 | 000,115,280 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\btath_avdt.sys -- (btath_avdt)
DRV:64bit: - [2013-01-25 00:46:20 | 000,089,168 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2013-01-25 00:46:20 | 000,034,384 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\windows\SysNative\Drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2013-01-10 15:08:16 | 000,190,232 | ---- | M] (ESET) [Kernel | Auto | Stopped] -- C:\windows\SysNative\Drivers\epfw.sys -- (epfw)
DRV:64bit: - [2013-01-10 15:08:16 | 000,059,440 | ---- | M] (ESET) [Kernel | System | Running] -- C:\windows\SysNative\Drivers\EpfwLWF.sys -- (EpfwLWF)
DRV:64bit: - [2013-01-10 15:08:14 | 000,150,616 | ---- | M] (ESET) [Kernel | System | Stopped] -- C:\windows\SysNative\Drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2013-01-09 19:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2012-11-26 21:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2012-11-05 21:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2012-10-12 02:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012-10-11 01:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2012-10-11 01:13:49 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\windows\SysNative\Drivers\dam.sys -- (dam)
DRV:64bit: - [2012-09-20 01:55:30 | 000,120,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2012-09-20 01:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Running] -- C:\windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2012-09-20 01:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Running] -- C:\windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2012-09-19 01:15:20 | 003,653,632 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\windows\SysNative\Drivers\athw8x.sys -- (athr)
DRV:64bit: - [2012-09-01 19:01:56 | 000,647,736 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\windows\SysNative\Drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2012-08-26 20:52:42 | 000,448,312 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\windows\SysNative\Drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2012-08-26 20:52:40 | 000,043,832 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\windows\SysNative\Drivers\Smb_driver_Intel.sys -- (SmbDrvI)
DRV:64bit: - [2012-08-24 03:07:36 | 000,975,104 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\vm331avs.sys -- (vm331avs)
DRV:64bit: - [2012-07-25 23:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012-07-25 23:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:64bit: - [2012-07-25 23:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Running] -- C:\windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2012-07-25 23:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2012-07-25 23:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2012-07-25 23:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2012-07-25 23:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2012-07-25 23:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2012-07-25 23:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2012-07-25 23:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2012-07-25 23:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2012-07-25 23:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2012-07-25 23:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2012-07-25 23:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2012-07-25 23:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Running] -- C:\windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:64bit: - [2012-07-25 23:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012-07-25 23:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012-07-25 22:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2012-07-25 22:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2012-07-25 22:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:64bit: - [2012-07-25 21:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012-07-25 20:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2012-07-25 20:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2012-07-25 20:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2012-07-25 20:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2012-07-25 20:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2012-07-25 20:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2012-07-25 20:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2012-07-25 20:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2012-07-25 20:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2012-07-25 20:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2012-07-25 20:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2012-07-25 20:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2012-07-25 20:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2012-07-25 20:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012-07-25 20:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2012-07-25 20:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2012-07-25 20:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012-07-25 20:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2012-07-25 20:25:02 | 000,202,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\BthLEEnum.sys -- (BthLEEnum)
DRV:64bit: - [2012-07-25 20:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2012-07-25 20:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2012-07-25 20:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2012-07-19 03:21:42 | 000,110,744 | ---- | M] (Qualcomm Atheros Co., Ltd.) [Kernel | On_Demand | Running] -- C:\windows\SysNative\Drivers\L1C63x64.sys -- (L1C)
DRV:64bit: - [2012-07-02 16:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\windows\SysNative\Drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012-06-26 20:08:32 | 001,608,864 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2012-06-19 08:40:51 | 000,342,528 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2012-06-14 23:50:46 | 000,315,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\RtsUVStor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2012-06-13 18:10:32 | 000,102,376 | ---- | M] ("CyberLink) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2012-06-02 08:31:50 | 008,604,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2012-06-02 08:31:38 | 000,333,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\e1i63x64.sys -- (e1iexpress)
DRV:64bit: - [2011-05-13 03:21:04 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011-05-13 03:21:04 | 000,146,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\ssadserd.sys -- (ssadserd)
DRV:64bit: - [2011-05-13 03:21:02 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2011-05-13 03:21:02 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\Drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:64bit: - [2007-04-27 07:40:00 | 000,142,120 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Stopped] -- C:\windows\SysNative\Drivers\sentinel64.sys -- (Sentinel64)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{74556233-7F34-4D69-A8A0-74A0D7386839}: "URL" = http://www.bing.com/...E10TR&pc=MALNJS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3645740697-2236784829-290951543-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com
IE - HKU\S-1-5-21-3645740697-2236784829-290951543-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com [binary data]
IE - HKU\S-1-5-21-3645740697-2236784829-290951543-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-3645740697-2236784829-290951543-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-3645740697-2236784829-290951543-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3645740697-2236784829-290951543-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
IE - HKU\S-1-5-21-3645740697-2236784829-290951543-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKU\S-1-5-21-3645740697-2236784829-290951543-1001\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-3645740697-2236784829-290951543-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7GGIE_enCA551
IE - HKU\S-1-5-21-3645740697-2236784829-290951543-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.2.32: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.2.32: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}: C:\PROGRAM FILES\UPDATER BY SMILEBOX\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FCE04E1F-9378-4f39-96F6-5689A9159E45}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013-06-30 09:27:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-06-30 09:27:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\McAfee\MSK
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2013-07-18 00:33:04 | 000,000,000 | ---D | M]

[2013-07-15 13:26:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Krasimira\AppData\Roaming\Mozilla\Extensions
[2013-05-18 12:59:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Krasimira\AppData\Roaming\Mozilla\Firefox\Profiles\[ofr2][opt]rs0\extensions

O1 HOSTS File: ([2013-08-31 08:20:44 | 000,000,098 | ---- | M]) - C:\windows\SysNative\Drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4:64bit: - HKLM..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe (Autodesk, Inc.)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SACpl.exe (Conexant Systems, Inc.)
O4 - HKLM..\Run: [331BigDog] C:\Program Files (x86)\USB Camera\VM331STI.EXE (Vimicro)
O4 - HKLM..\Run: [CStart8] C:\Program Files (x86)\CStart8\CStart8Tray64.exe (Crawler.com)
O4 - HKLM..\Run: [Dolby Advanced Audio v2] C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe (Dolby Laboratories Inc.)
O4 - HKLM..\Run: [Intel AppUp(SM) center] C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe (Intel Corporation)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [YouCam Mirage] C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (CyberLink)
O4 - HKLM..\Run: [YouCam Tray] C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe (CyberLink Corp.)
O4 - HKU\S-1-5-21-3645740697-2236784829-290951543-1001..\Run: [BitComet] C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O4 - HKU\S-1-5-21-3645740697-2236784829-290951543-1001..\Run: [Green Christmas Tree] C:\Users\Krasimira\Desktop\? ???????????!!!!.exe ()
O4 - HKU\S-1-5-21-3645740697-2236784829-290951543-1001..\Run: [X-Lite] C:\Program Files (x86)\CounterPath\X-Lite\X-Lite.exe (CounterPath)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] D:\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: BtvStack = "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe" (Qualcomm Atheros Commnucations)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O8:64bit: - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8:64bit: - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
O1364bit: - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.59.135.143 64.59.128.113
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EF718535-6535-4CE9-B1B2-1B6A5AA1792E}: DhcpNameServer = 64.59.135.143 64.59.128.113
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013-08-31 08:29:12 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Krasimira\Desktop\OTL.exe
[2013-08-30 16:34:57 | 000,000,000 | ---D | C] -- C:\Users\Krasimira\Desktop\New folder
[2013-08-29 11:13:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
[2013-08-28 14:13:12 | 000,000,000 | ---D | C] -- C:\Users\Krasimira\AppData\Roaming\Malwarebytes
[2013-08-28 14:13:00 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2013-08-28 14:13:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013-08-28 14:13:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013-08-28 14:11:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013-08-09 14:24:07 | 000,000,000 | ---D | C] -- C:\Users\Krasimira\AppData\Local\Microsoft_Corporation

========== Files - Modified Within 30 Days ==========

[2013-08-31 08:29:19 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013-08-31 08:29:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Krasimira\Desktop\OTL.exe
[2013-08-31 08:26:35 | 009,175,040 | -HS- | M] () -- C:\Users\Krasimira\NTUSER.DAT
[2013-08-31 08:26:34 | 000,028,634 | -H-- | M] () -- C:\Users\Krasimira\AppData\Local\IconCache.db
[2013-08-31 08:26:23 | 000,848,230 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013-08-31 08:26:23 | 000,723,700 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013-08-31 08:26:23 | 000,136,838 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013-08-30 14:38:10 | 000,000,642 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

========== Files Created - No Company Name ==========

[2013-08-31 08:26:34 | 000,028,634 | -H-- | C] () -- C:\Users\Krasimira\AppData\Local\IconCache.db
[2013-08-30 14:27:24 | 000,000,642 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013-06-24 07:31:23 | 000,000,258 | RHS- | C] () -- C:\Users\Krasimira\ntuser.pol
[2013-06-21 07:39:53 | 000,000,369 | ---- | C] () -- C:\Users\Krasimira\AppData\Local\RegisteredPackageInformation.xml
[2013-06-16 22:03:40 | 000,000,670 | ---- | C] () -- C:\Users\Krasimira\AppData\Roaming\bibstats
[2013-05-28 06:47:47 | 000,782,336 | ---- | C] () -- C:\windows\SysWow64\lxdxdrs.dll
[2013-05-28 06:47:47 | 000,081,920 | ---- | C] () -- C:\windows\SysWow64\lxdxcaps.dll
[2013-05-28 06:47:47 | 000,069,632 | ---- | C] () -- C:\windows\SysWow64\lxdxcnv4.dll
[2013-05-18 14:36:41 | 000,174,840 | ---- | C] () -- C:\Users\Krasimira\AppData\Local\GDIPFONTCACHEV1.DAT
[2013-05-18 11:16:19 | 000,007,782 | ---- | C] () -- C:\windows\b4800.ini
[2013-05-18 11:16:19 | 000,004,777 | ---- | C] () -- C:\windows\B4NP.ini
[2013-05-18 11:16:19 | 000,004,156 | ---- | C] () -- C:\windows\b4.INI
[2013-05-18 11:16:19 | 000,003,425 | ---- | C] () -- C:\windows\bw41024L.ini
[2013-05-18 11:16:19 | 000,003,302 | ---- | C] () -- C:\windows\bw41024s.ini
[2013-05-18 11:16:19 | 000,000,813 | ---- | C] () -- C:\windows\B4User.ini
[2013-05-17 21:36:07 | 000,000,153 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2013-05-17 14:32:52 | 000,524,288 | -HS- | C] () -- C:\Users\Krasimira\NTUSER.DAT{97e1de87-d6fa-11e1-be62-94c0340a1222}.TMContainer00000000000000000002.regtrans-ms
[2013-05-17 14:32:52 | 000,524,288 | -HS- | C] () -- C:\Users\Krasimira\NTUSER.DAT{97e1de87-d6fa-11e1-be62-94c0340a1222}.TMContainer00000000000000000001.regtrans-ms
[2013-05-17 14:32:52 | 000,065,536 | -HS- | C] () -- C:\Users\Krasimira\NTUSER.DAT{97e1de87-d6fa-11e1-be62-94c0340a1222}.TM.blf
[2013-05-17 14:32:52 | 000,000,020 | -HS- | C] () -- C:\Users\Krasimira\ntuser.ini
[2013-05-17 14:32:51 | 009,175,040 | -HS- | C] () -- C:\Users\Krasimira\NTUSER.DAT
[2013-05-08 08:12:23 | 000,000,198 | -H-- | C] () -- C:\ProgramData\Lenovo-25628.vbs
[2013-05-08 07:51:38 | 000,001,897 | ---- | C] () -- C:\windows\vm331Rmv.ini
[2013-05-08 07:51:38 | 000,001,897 | ---- | C] () -- C:\windows\SysWow64\vm331Rmv.ini
[2013-05-08 07:45:36 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2013-03-13 18:19:10 | 000,598,780 | ---- | C] () -- C:\windows\SysWow64\igvpkrng700.bin
[2013-03-13 18:19:06 | 000,064,512 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
[2013-03-13 18:19:05 | 000,755,048 | ---- | C] () -- C:\windows\SysWow64\igcodeckrng700.bin
[2012-10-11 10:47:49 | 000,083,968 | ---- | C] () -- C:\windows\SysWow64\OEMLicense.dll
[2012-07-26 02:13:10 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2012-07-26 02:13:09 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2012-07-26 01:21:26 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2012-07-25 23:26:52 | 000,000,219 | ---- | C] () -- C:\windows\system.ini
[2012-07-25 23:26:52 | 000,000,167 | ---- | C] () -- C:\windows\win.ini
[2012-07-25 19:17:42 | 000,043,520 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2012-07-25 14:37:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2012-07-25 14:28:31 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2012-07-25 14:22:56 | 000,267,284 | ---- | C] () -- C:\windows\SysWow64\igvpkrng600.bin
[2012-07-25 14:22:54 | 000,963,376 | ---- | C] () -- C:\windows\SysWow64\igcodeckrng600.bin
[2012-06-02 08:31:19 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat
[2012-04-20 14:59:44 | 000,001,536 | ---- | C] () -- C:\windows\SysWow64\IusEventLog.dll

========== ZeroAccess Check ==========

[2013-05-17 21:03:50 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\windows\SysNative\shell32.dll -- [2013-03-06 00:31:28 | 019,758,592 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013-03-05 23:03:37 | 017,561,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\windows\SysNative\wbem\fastprox.dll -- [2012-07-25 21:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012-07-25 21:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\windows\SysNative\wbem\wbemess.dll -- [2012-07-25 21:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Custom Scans ==========

< dir "%systemdrive%\*" /S /A:L /C >

========== Files - Unicode (All) ==========
[2013-08-27 21:03:17 | 000,000,000 | ---D | M](C:\Users\Krasimira\Desktop\???????) -- C:\Users\Krasimira\Desktop\рецепти
[2013-06-04 18:11:42 | 000,000,000 | ---D | C](C:\Users\Krasimira\Desktop\???????) -- C:\Users\Krasimira\Desktop\рецепти
[2013-05-26 12:47:14 | 001,170,432 | ---- | C] ()(C:\Users\Krasimira\Desktop\? ???????????!!!!.exe) -- C:\Users\Krasimira\Desktop\С наступаюшим!!!!.exe
[2013-01-03 12:27:56 | 001,170,432 | ---- | M] ()(C:\Users\Krasimira\Desktop\? ???????????!!!!.exe) -- C:\Users\Krasimira\Desktop\С наступаюшим!!!!.exe

< End of report >
  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hmm not the infection I expected to see. When you try to download something what error\warning do you get ?

The following programme may be run from a flash drive



  • Download RogueKiller and save it on your desktop.

    NOTE: If using IE8 or better Smartscreen Filter will need to be disabled
  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Click on Scan
Posted Image

  • Wait for the end of the scan.
  • The report has been created on the desktop.
  • Click on the Delete button.
Posted Image
  • The report has been created on the desktop.

  • Next click on the ShortcutsFix
    Posted Image
  • The report has been created on the desktop.

Please attach: All RKreport.txt text files located on your desktop.
  • 0

#9
kykg

kykg

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hi,
I did everything that you told me. I had three reports and one rk quarantine files. Here are the three reports:Attached File  RKreport0_D_08312013_092059.txt   8.31KB   131 downloadsAttached File  RKreport0_SC_08312013_092153.txt   1.35KB   98 downloadsAttached File  RKreport0_S_08312013_092004.txt   7.43KB   114 downloads
Thank you for your time and help
  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you run this quick fix and then try to download a programme

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:Commands
[CREATERESTOREPOINT]
:Files
ipconfig /flushdns /c
ipconfig /release /c
ipconfig /renew /c
netsh winsock reset /c
netsh advfirewall reset /c

:Commands
[resethosts]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

Advertisements


#11
kykg

kykg

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hi here is the otl.txt file of the last quick scan:
Attached File  OTL.Txt   187.06KB   93 downloads
I tried to install another antivirus but it couldn't and give me error 1719
  • 0

#12
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Ta that lets me know where the error is :)

Run the MSFixit on this page http://support.micro...l_and_uninstall
Follow the instructions as it runs, then reboot and try to install again
  • 0

#13
kykg

kykg

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
I tried but I couldn't It told me:
An error occurred while troubleshooting:
A problem is preventing a troubleshooter from starting.

Path: c:\Users\KRASIM~1\AppData\Local\Temp\msdtadmin\_985EEBC1-C5C5-4043-BEB7-62A0B5D5EC7A_\cabpkg\
Error code: 0x80070005
User: Krasi\Krasimira
Context: Elevated

Thank you
  • 0

#14
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
This appears to be an installer problem

We will reset that to default.

Download the attached file to your desktop

Right click the file and select "Run as Administrator"
Accept the warnings
Reboot and try again
  • 0

#15
kykg

kykg

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hi, I did it on Safe mode but after when I reboot my laptop and when it wasn't on safe mode it didn't started. I went on safe mode again and started this file again it safe some key and values to the registry. Thank you
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP