Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

svchost.exe virus [Solved]


  • This topic is locked This topic is locked

#1
macman90

macman90

    New Member

  • Member
  • Pip
  • 8 posts
I will try to be fast, cuz I get blue screens when I use the PC too long.

UPDATE: OS: Windows 7 Ultimate SP1 [32-bit]

Saw this topic: http://www.geekstogo...ostexe32-virus/

Ran OTL[3.2.69.0] with the same settings except that I have a 32-bit OS with patch for the usage of the whole 4GB RAM installed on the system.

[Extras.Txt]
OTL Extras logfile created on: 27.2.2014 14:08:28 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = E:\FF-Downloads
 Ultimate Edition Service Pack 1 (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16721)
Locale: 00000402 | Country: Bulgaria | Language: BGR | Date Format: d.M.yyyy
 
4,00 Gb Total Physical Memory | 2,55 Gb Available Physical Memory | 63,71% Memory free
7,00 Gb Paging File | 5,45 Gb Available in Paging File | 77,85% Paging File free
Paging file location(s): e:\pagefile.sys 3072 6144 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 38,96 Gb Total Space | 9,33 Gb Free Space | 23,94% Space Free | Partition Type: NTFS
Drive D: | 232,82 Gb Total Space | 8,10 Gb Free Space | 3,48% Space Free | Partition Type: NTFS
Drive E: | 232,81 Gb Total Space | 16,22 Gb Free Space | 6,96% Space Free | Partition Type: NTFS
Drive F: | 193,82 Gb Total Space | 17,07 Gb Free Space | 8,81% Space Free | Partition Type: NTFS
Drive H: | 4,29 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: TONI-CP | User Name: toni | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-3986450965-706548418-1934913071-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[color=#E56717]========== Firewall Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Windows\Temp\svhost.exe" = C:\Windows\Temp\svhost.exe:*:Enabled:Windows Messanger
"C:\Users\toni\AppData\Roaming\svchost.exe" = C:\Users\toni\AppData\Roaming\svchost.exe:*:Enabled:Windows Messanger -- (Microsoft Corporation)
 
 
[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07EA706B-56ED-41C9-A931-BFB3C9D2D19E}" = lport=20443 | protocol=6 | dir=in | name=war thunder | 
"{0C31098E-7A11-4A33-B73D-5A49F163E604}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{18678ADD-6E31-4A12-82F0-C4BFFCEA0F11}" = lport=139 | protocol=6 | dir=in | app=system | 
"{1D6311BC-D0AD-4369-A2FB-7F8F98613DEF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{292B6098-7AC4-45C1-BD83-A6E5C4796ED3}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{32B1AC34-ECD3-46A4-97B9-F0295190378D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected]allapi.dll,-28539 | 
"{3695ABFF-03AD-44F4-AE52-9627B46F1EBA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{421F7D44-4181-4977-8933-A202E7AE2BD0}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{46F04216-3B43-4B59-A119-3A1089CC0296}" = lport=5432 | protocol=6 | dir=in | name=postgres | 
"{49DC223A-472C-442C-807C-356E359C8FA4}" = lport=27022 | protocol=6 | dir=in | name=war thunder | 
"{4E4FAE7B-62B0-41EC-9BB8-4F2D1FF00985}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{51616FE4-3631-4290-AE33-6FA98DEE7B3A}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe | 
"{5B933FC5-624D-4FCC-AE12-AB78FE77F8EE}" = lport=8090 | protocol=6 | dir=in | name=war thunder | 
"{5D9CA299-80C1-4C69-B94F-0953E3198558}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{767C0ADF-9530-4277-A9CF-A95178D4FDBA}" = rport=445 | protocol=6 | dir=out | app=system | 
"{78626C93-112D-4913-A767-B5C0EBA9C74A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{7E546522-934B-47F3-A889-8D6B598E6156}" = rport=138 | protocol=17 | dir=out | app=system | 
"{7EE05382-C16D-4233-943E-71F81D9413B5}" = rport=139 | protocol=6 | dir=out | app=system | 
"{8F7E4BF8-6AB1-40D2-8009-13CDAAA6151E}" = lport=7850 | protocol=6 | dir=in | name=war thunder | 
"{9159C538-4AB6-428C-928E-D02472C2EFFF}" = lport=445 | protocol=6 | dir=in | app=system | 
"{96865578-2594-49F2-AB05-11208704D409}" = lport=138 | protocol=17 | dir=in | app=system | 
"{9A728453-DAD7-4B8B-8376-16CFAA03948A}" = lport=3478 | protocol=17 | dir=in | name=war thunder | 
"{9AAB4938-C902-4B39-B400-76B6AB7E71B4}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{A5E96693-012E-4241-AE36-468F92652DA1}" = lport=20010 | protocol=17 | dir=in | name=war thunder | 
"{A8965767-E829-446F-A503-2CF3E7A5DFC5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A9674138-6C4C-4D63-87E1-FD91DCAD06ED}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{AA3B083C-240A-4D34-BC9A-804DF5B47FCB}" = lport=33333 | protocol=6 | dir=in | name=war thunder | 
"{B2526BA1-5619-4E71-BAC4-5C216DAB68B3}" = rport=137 | protocol=17 | dir=out | app=system | 
"{BB292E04-083A-4742-81C0-E2E9E396398E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D7F741CA-8A70-4F94-8776-FCAE7A369206}" = lport=6881 | protocol=6 | dir=in | name=war thunder | 
"{EC2A99CD-5B3C-46E6-87C6-66BE8F67C643}" = lport=3702 | protocol=17 | dir=in | app=c:\program files\microsoft visual studio 12.0\common7\ide\devenv.exe | 
"{EF89E573-0EE8-4A4D-9E37-6EA6AED02061}" = lport=80 | protocol=6 | dir=in | name=war thunder | 
"{EFC6CD63-95FA-4BAE-9A34-13D6FA0DEBB3}" = lport=137 | protocol=17 | dir=in | app=system | 
"{FB72C8A8-801E-4D10-9906-315892A82AFC}" = lport=443 | protocol=6 | dir=in | name=war thunder | 
 
[color=#E56717]========== Vista Active Application Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0918E3C3-F576-40A2-9B7A-624FD7F897D2}" = protocol=58 | dir=out | [email protected],-503 | 
"{0A23A04E-B035-4F93-B449-4DCA84279E7A}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe | 
"{1B893230-3FF3-41A4-951C-29FF70492D7D}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{1CD7072E-42D9-4F1E-A0EF-14FA4F2120ED}" = protocol=58 | dir=in | [email protected],-28545 | 
"{21E073E8-251A-4270-AA0B-81213833A89E}" = protocol=1 | dir=out | [email protected],-28544 | 
"{22539430-A825-46DB-A323-67B20D2426D6}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe | 
"{2CB90585-971C-4DEF-BF4E-D9658C96E8ED}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{2DED5EED-683B-4D88-A6CB-151E799093EC}" = protocol=58 | dir=out | [email protected],-28546 | 
"{2E59B53B-0C7E-4542-AC1F-609FF31A2A64}" = dir=in | app=f:\games\assassin's creed iii\assassinscreed3.exe | 
"{31585E0C-82BA-4D3A-900F-632E7E38E047}" = dir=in | app=c:\program files\eslwire\wire.exe | 
"{363F94EE-C20E-4B97-A970-62C229729845}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe | 
"{40A9BD1D-D348-40AF-8198-C533A1FCDD5A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4162133F-6CAF-474E-8B7D-26DF6C764E38}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{41FBFB19-54DA-48F3-8321-FB2D89BAAB5E}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe | 
"{42B43C84-D430-45F3-BB5F-6DB75A1171AA}" = dir=in | app=f:\games\assassin's creed iii\ac3mp.exe | 
"{5416C144-D196-4E43-85B2-7CBB22FDFB9A}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe | 
"{572686D9-32B6-41C4-AD87-04546C6F19DD}" = protocol=6 | dir=in | app=e:\games\warthunder\launcher.exe | 
"{57F4CCB1-635B-405C-B786-FC23A88E9C01}" = dir=out | app=f:\games\assassin's creed iii\ac3sp.exe | 
"{617C2AD3-3274-4191-92EE-F3539AD0E39F}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe | 
"{63804A50-1B2F-458B-8822-03FDB3066CB9}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe | 
"{640E8409-65D3-48CF-B47F-27396989D1CF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{6DFD7570-B4C8-4E10-92BC-1F199C0B9338}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe | 
"{73A48545-94D0-4637-8D34-63BC8C75C660}" = dir=out | app=f:\games\assassin's creed iii\ac3mp.exe | 
"{7826EB68-23B2-485B-BCC4-D77336609812}" = protocol=58 | dir=in | app=system | 
"{787E46BA-6484-4EA6-9E9A-160F82E4EE1C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{7C2C4F0A-064A-453D-83AE-63897BFB9A50}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7C625B82-9338-4F7E-AF06-FF10045F877B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{7FD0CE97-F14F-461E-9B93-A76A05C8FBF9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{81BD1FA5-5FE1-4EE4-832D-DEE870750A07}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{87294915-47AD-4312-B74A-DBEDACA49571}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{897E069C-5FD0-4531-8044-C97774BC934F}" = protocol=6 | dir=in | app=c:\users\toni\appdata\roaming\utorrent\utorrent.exe | 
"{92ADAA06-17C3-48C7-9C7B-E789C082896C}" = protocol=17 | dir=in | app=e:\games\warthunder\launcher.exe | 
"{95B7D7BA-D20B-404A-9C16-A980C24C20F2}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe | 
"{9A90972F-CB60-4A39-B40E-0DF06AF77A9E}" = dir=out | app=c:\program files\eslwire\wire.exe | 
"{9BDE9BBF-4065-49DB-9339-BC4D3979E79D}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe | 
"{AB9DC989-A1C9-47AC-AA32-8286AB2EC4A2}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{B1755C2D-027C-41EA-B0B1-541E725F3B31}" = protocol=17 | dir=in | app=c:\users\toni\appdata\roaming\utorrent\utorrent.exe | 
"{BDEA2D11-A86C-44CB-81FA-77BC79480204}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{BE7EFF04-46DC-4E51-8890-A1A2368D49B1}" = dir=in | app=f:\games\assassin's creed iii\assassinscreed3.exe | 
"{C247D9E7-F5D8-4CDD-8732-00B396094D52}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe | 
"{C2492D7A-5650-47AF-BD12-E4201F299F96}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{D783CCFC-A593-4D7A-A2EF-FC362E22071C}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe | 
"{D9F5C2BB-FE8C-46AB-8AC2-056E06C12299}" = dir=out | app=f:\games\assassin's creed iii\assassinscreed3.exe | 
"{E5FE106C-EB90-4E3C-A7E8-096F5814FEC5}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe | 
"{E60646E0-4DFC-45D7-933D-B63E736A00C8}" = protocol=6 | dir=out | app=system | 
"{E6874583-8A01-46A1-8CDB-28BF2D8F4BFE}" = protocol=1 | dir=in | [email protected],-28543 | 
"{E7085850-C14D-452F-B5DF-78242B64C63D}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe | 
"{EF8D272C-08AB-4E11-81AE-7A27D81C246B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F2448AC0-AB0F-4EF3-91B4-EE576FD9DA1C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F5CDFE3E-89C0-4EB8-BB8F-0250F0ED6415}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F6CB5A47-2881-4FAC-A038-71E81C552445}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{FC572770-BCB9-4EFA-9AF5-536F6EA9A31D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"TCP Query User{121D19F1-9998-484D-8309-AFDC44ADB5CE}E:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=e:\games\world_of_tanks\worldoftanks.exe | 
"TCP Query User{393CAE51-BF38-4F8B-BF82-0B502DDB5929}F:\games\grid\grid.exe" = protocol=6 | dir=in | app=f:\games\grid\grid.exe | 
"TCP Query User{56976E7E-504F-4036-BB9B-A8779605CE64}E:\games\assassin's creed revelations\acrsp.exe" = protocol=6 | dir=in | app=e:\games\assassin's creed revelations\acrsp.exe | 
"TCP Query User{B4942EF6-6ECE-4EF1-9F71-28091268DF33}E:\games\wot_ct\wotlauncher.exe" = protocol=6 | dir=in | app=e:\games\wot_ct\wotlauncher.exe | 
"TCP Query User{D9396636-3847-4697-AA37-F6D3870E6499}E:\games\assassin's creed brotherhood\acbsp.exe" = protocol=6 | dir=in | app=e:\games\assassin's creed brotherhood\acbsp.exe | 
"TCP Query User{EBC08DA8-A63B-4E72-A9ED-DA0F1735345B}E:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=e:\games\world_of_tanks\worldoftanks.exe | 
"TCP Query User{F02196B5-8639-45F5-9007-CD8CA10E8778}E:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=e:\games\world_of_tanks\wotlauncher.exe | 
"TCP Query User{F388E2EA-D706-4676-8294-A84F0CE9CD2B}E:\games\wot_ct\worldoftanks.exe" = protocol=6 | dir=in | app=e:\games\wot_ct\worldoftanks.exe | 
"TCP Query User{F6BE6B48-B4FC-49AB-BC17-61152C552EFA}E:\games\warthunder\aces.exe" = protocol=6 | dir=in | app=e:\games\warthunder\aces.exe | 
"UDP Query User{2BD73674-CDAD-4F20-9C3E-93FD99140CFB}E:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=e:\games\world_of_tanks\worldoftanks.exe | 
"UDP Query User{2FE9402D-DB05-4E15-A562-8865BE41253E}E:\games\assassin's creed revelations\acrsp.exe" = protocol=17 | dir=in | app=e:\games\assassin's creed revelations\acrsp.exe | 
"UDP Query User{3839370E-45F6-41D7-B84C-13CCE1E134F8}E:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=e:\games\world_of_tanks\wotlauncher.exe | 
"UDP Query User{391A19A5-0AFC-42A3-9122-8FEE4153D57A}E:\games\warthunder\aces.exe" = protocol=17 | dir=in | app=e:\games\warthunder\aces.exe | 
"UDP Query User{4B9B3E0A-1AC6-4196-96AB-2470AE00FE57}E:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=e:\games\world_of_tanks\worldoftanks.exe | 
"UDP Query User{5C5F0083-B96C-4A51-AE2E-86652603E529}E:\games\wot_ct\wotlauncher.exe" = protocol=17 | dir=in | app=e:\games\wot_ct\wotlauncher.exe | 
"UDP Query User{799D17AE-124D-4127-B2AA-28B67E9CFA02}F:\games\grid\grid.exe" = protocol=17 | dir=in | app=f:\games\grid\grid.exe | 
"UDP Query User{B642C422-5E05-4331-94D5-539C1988A93D}E:\games\wot_ct\worldoftanks.exe" = protocol=17 | dir=in | app=e:\games\wot_ct\worldoftanks.exe | 
"UDP Query User{D66F3C53-2E87-4058-A41F-F3944BBA75F3}E:\games\assassin's creed brotherhood\acbsp.exe" = protocol=17 | dir=in | app=e:\games\assassin's creed brotherhood\acbsp.exe | 
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0099B899-7894-3B1D-9FF3-5992F84E631F}" = Microsoft LightSwitch for Visual Studio 2013 Core
"{0398BFBC-991B-3275-9463-D2BF91B3C80B}" = Microsoft Help Viewer 2.1
"{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}" = Microsoft SQL Server 2012 T-SQL Language Service 
"{0610DFB0-CCEA-6EC0-E3C3-A0160AD7FD98}" = Windows Runtime Intellisense Content - en-us
"{06EEE072-B561-38E5-85D9-485ABCBE8342}" = Visual F# 3.1 SDK
"{070C38AC-05CE-43DF-9A20-141332F6AB2B}" = Microsoft System CLR Types for SQL Server 2012
"{08AEF86A-1956-4846-B906-B01350E96E30}" = Entity Framework Tools for Visual Studio 2013
"{09E00386-E94A-3130-BC07-C74D829D612A}" = Microsoft Visual Studio Team Foundation Server 2013 Storyboarding Language Pack (x86) - ENU
"{0A17C91C-A455-3E89-B8B7-44E192F79635}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"{0B5E43C7-965D-4AF4-A33E-5FA35B6660C8}" = Behaviors SDK (XAML) for Visual Studio
"{0B698858-DAB0-4F9E-A10A-125B274EDA06}" = Microsoft Visual C++  x64 Libraries
"{0C03A66F-1FF0-45F9-8D67-0D806EBFFBA1}" = Blend for Visual Studio SDK for Silverlight 5
"{0D7FCBFB-F478-4D32-901C-83F0BF5A3501}" = Microsoft SQL Server Data Tools - enu (12.0.30919.1)
"{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}" = Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
"{14C8CE46-C68C-461B-BCA9-E276A85851C6}" = TuneUp Utilities 2014 (en-US)
"{1690CE56-2231-4E59-9006-A0876D949EA8}" =  Tools for .Net 3.5
"{16A901BB-CD8E-3B48-9932-5927FB13508D}" = Microsoft SharePoint 2013 Developer Tools for Visual Studio
"{19A5926D-66E1-46FC-854D-163AA10A52D3}" = Microsoft .NET Framework 4.5.1 SDK
"{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}" = Microsoft SQL Server 2012 Data-Tier App Framework 
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{2386192E-D6DB-4AD2-9564-65586A0AE53E}" = Dotfuscator and Analytics Community Edition
"{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1" = Geeks3D.com FurMark 1.10.6
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 51
"{2F7DBBE6-8EBC-495C-9041-46A772F4E311}" = Microsoft SQL Server 2012 Management Objects 
"{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1" = lightshot-4.4.2.10
"{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}" = Prerequisites for SSDT 
"{37464E70-B0B9-9DFF-649A-CBE169BAD657}" = Windows Software Development Kit for Windows Store Apps
"{37E53780-3944-4A6A-842F-727128E8616E}" = Blend for Visual Studio SDK for .NET 4.5
"{3D6AD258-61EA-35F5-812C-B7A02152996E}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610
"{3E456233-1EA5-42ED-8556-0481BA728B41}" = Microsoft NuGet - Visual Studio 2013
"{3EA16E23-14D2-466A-8268-D7CD40DC46B6}" = Open XML SDK 2.5 for Microsoft Office
"{3FBFCF2C-392A-4632-9442-14C305B44D5E}" = AzureTools.Notifications
"{4345E9A5-1300-4710-919D-077BA7E6B3DA}" = Windows Azure Mobile Services SDK
"{46910786-E4AC-41E4-A4A0-C086EA85242D}" = WCF Data Services 5.6.0 Runtime
"{4903D172-DCCB-392F-93A3-34CA9D47FE3D}" = Microsoft .NET Framework 4.5.1
"{492498A3-F88C-FE2F-755C-9B1B91724CA5}" = LocalESPC Dev12
"{492FCC0B-45E1-383A-A2CF-9E7F305AC200}" = Microsoft Visual Studio 2013 Team Explorer Language Pack - ENU
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AE57014-05C4-4864-A13D-86517A7E1BA4}" = Microsoft .NET Framework 4.5 SDK
"{51B17CAB-7FAC-48C9-A994-04CE379A9034}" = Microsoft Visual Studio 2013 Preparation
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.2
"{53DBDBE5-D55D-40C5-99CF-1A06D33FC440}" = Workflow Manager Client 1.0
"{5411060C-8F8C-393D-8D3B-26AF2C92FABB}" = Microsoft Visual Studio 2013 Shell (Minimum)
"{544ACD54-9FAA-4A60-A1E7-B2EC3AA75D24}" = Microsoft SQL Server 2012 Native Client 
"{5481F163-B9E5-30A8-8441-4DBBB87D6AA2}" = Microsoft Visual C++ 2013 Microsoft Foundation Class Libraries
"{550760A2-DC4A-CD2B-3C1B-01E0F9F1279E}" = Windows App Certification Kit Native Components
"{56AD3004-0B49-967F-F682-B05650B61A78}" = Windows Software Development Kit for Windows Store Apps DirectX x86 Remote
"{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}" = Microsoft .NET Framework 4.5 Multi-Targeting Pack
"{5AB1493D-D1AB-3697-9B58-55EF48E565ED}" = Microsoft Office 2013 Developer Tools for Microsoft Visual Studio (x86)
"{5CD1B40A-969C-4D7A-B5C2-DAFCB82C53CD}" = Microsoft Web Deploy 3.5
"{5D5CFAD6-9F93-8C63-3EB0-B6A0D3D4BD12}" = Windows Software Development Kit
"{5D8DD6A8-C4D7-4554-93F9-F1CC28C72600}" = WCF RIA Services V1.0 SP2
"{5EF1EBC5-4A40-4D1C-B02E-0C54BC93FD06}" = Microsoft SQL Server 2012 Command Line Utilities 
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6321F2D4-366B-3AE4-877A-8E539EC3331A}" = Visual F# 3.1 VS
"{64297226-2B81-4588-89BD-76440BC0BCFC}" = Microsoft ASP.NET Web Pages 2 - Visual Studio 2013 - ENU
"{6781FF9B-E87D-4A03-9373-A55A288B83FA}" = Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1)
"{678800C0-D94E-4513-89CB-478F2B781A0B}" = Microsoft Visual C++ 2013 x86-x64 Compilers
"{698BBAD8-B116-495D-B879-0F07A533E57F}" = Samsung Story Album Viewer
"{6A0C6700-EA93-372C-8871-DCCF13D160A4}" = Microsoft .NET Framework 4.5.1 Multi-Targeting Pack
"{6AB13C21-C3EC-46E1-8009-6FD5EBEE515B}" = Microsoft Advertising SDK for Windows 8.1 - ENU
"{6B4D9BCF-6CA1-4843-96B5-3421E1E2D6E9}" = Microsoft Visual Studio 2013 Performance Collection Tools - ENU
"{6C06FEE9-C64E-453F-B8A5-D9E9B79ED040}" = Microsoft Visual C++ 2013 32bit Compilers - ENU Resources
"{6EE9E2DF-2CD7-4952-A649-95DEA8697BD8}" = Microsoft Exchange Web Services Managed API 2.0
"{72076159-B94A-42AE-A64C-CA3855E9CB28}" = Windows Azure Tools for LightSwitch for Visual Studio 2013 - v2.1
"{721C380F-E296-4118-9ACE-589E8EF86208}" = Microsoft Visual Studio 2013 Profiling Tools
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{76FF502F-6811-F75B-2FEB-0B69BB584031}" = Windows App Certification Kit x86
"{773AC1E4-5F27-4DF6-A932-7FDDE35C069D}" = Microsoft SQL Server Compact 4.0 SP1 ENU
"{794D38B6-C8B2-4DFC-BF1B-122233A336F3}" = Microsoft ASP.NET Web Frameworks and Tools - Visual Studio 2013 - ENU
"{80407BA7-7763-4395-AB98-5233F1B34E65}" = NVIDIA PhysX
"{81DB4C1C-8B59-42D4-B94E-A9168F2FE1D7}" = Workflow Manager Tools 1.0 for Visual Studio
"{81FAD5EA-19B2-4A06-89EC-D65CD23AAD55}" = AVG 2013
"{82DAD82D-0139-3F7A-A22F-67A694F9CAA4}" = Microsoft LightSwitch for Visual Studio 2013 CoreRes - ENU
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84D88F57-4130-30FE-A0B6-1E04428FE1F6}" = Microsoft Visual C++ 2013 Core Libraries
"{851FB37B-65AD-43FD-AB4C-0D69310AD7AC}" = AVG 2013
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9027FE9C-5488-30C3-AA42-7330D25BF92D}" = Microsoft Portable Library Multi-Targeting Pack
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{9347889B-C22A-3905-901F-C05D8F73C929}" = Build Tools Language Resources - x86
"{943F3FB1-3F9C-4FB7-A4E2-6D53617068C3}" = PreEmptive Analytics Visual Studio Components
"{95150001-1163-0409-0000-0000000FF1CE}" = SharePoint Client Components
"{95716cce-fc71-413f-8ad5-56c2892d4b3a}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
"{97592A5E-6A50-38E0-885C-7334BA7A43D8}" = Microsoft SharePoint 2013 Developer Tools for Visual Studio 2012 Nuget Package
"{976C3D92-0DEC-37A6-A870-FF4FC18CD029}" = Microsoft .NET Framework 4.5.1 RC Multi-Targeting Pack for Windows Store Apps
"{979C7495-FB42-484E-92EA-7F2A59DD7718}" = Microsoft ASP.NET MVC 4 - Visual Studio 2013 - ENU
"{984022F2-9BCA-A41D-6A38-1AE658F01415}" = Windows Software Development Kit
"{985EF141-95DD-3934-8F23-7C2C4C61E5F7}" = Microsoft Visual Studio 2013 Shell (Minimum) Resources
"{996E8B9B-33D8-369A-9DBE-D2776451FB53}" = Microsoft Office 2013 Developer Tools for Microsoft Visual Studio (x86) - ENU Language Pack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B3A1C97-A361-463E-8817-444F9F88CDFE}" = Microsoft Expression Blend SDK for .NET 4
"{9C593464-7F2F-37B3-89F8-7E894E3B09EA}" = Microsoft Visual Studio Professional 2013
"{9E673C3F-423B-458E-8EA4-9AE87C49AFC8}" = Microsoft LightSwitch for Visual Studio 2013 v4.0 Tools
"{9ED1634C-4E71-4992-A1BA-7C4BE6EE39E1}" = Blend for Visual Studio 2013 ENU resources
"{A1CB8286-CFB3-A985-D799-721A0F2A27F3}" = Windows Software Development Kit DirectX x86 Remote
"{A1D06677-1103-32DE-AA74-6EE44DCF7F81}" = Microsoft Visual C++ 2013 Extended Libraries
"{A223B446-EC3D-3031-828D-5188800AB782}" = Microsoft .NET Framework 4.5.1 RC Multi-Targeting Pack for Windows Store Apps (ENU)
"{A2CCB3C1-3DF9-4E3E-8D3F-DDBBCDDB28B5}" = Microsoft C++ REST SDK for Visual Studio 2013
"{A3B8D9FB-CA7D-4487-8CA2-A6A2C8AD1077}" = Microsoft Visual C++  x86 Libraries
"{A47FD1BF-A815-4A76-BE65-53A15BD5D25D}" = Microsoft SQL Server System CLR Types
"{A6030DAD-1600-F767-C8DD-C722ADFE8FBC}" = Windows Software Development Kit DirectX x86 Remote
"{A8229A09-E570-412B-8D18-E78985673E34}" = Microsoft Visual C++  ARM Libraries
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA0964AF-0F95-4A72-BD29-F833A382EDC2}" = Microsoft Visual Studio 2013 IntelliTrace Core x86
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.06)
"{AE937DBA-FEFD-3BFE-9860-0591C0F91D61}" = Microsoft Visual Studio 2013 Shell (Minimum) Interop Assemblies
"{B0A82E02-E959-3C46-AB11-D38527BC573E}" = Microsoft Visual Studio Premium 2013
"{B1C38F27-D377-8C98-D98D-29B67C0B978D}" = LocalESPCui for en-us Dev12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 334.89
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 334.89
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.13.1220
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B536762B-1047-4B51-8ECF-46D5686E5416}" = Microsoft ASP.NET Web Pages 2 Runtime
"{B6A0A174-33E0-3D42-92EA-547D318CB149}" = Microsoft Visual Studio 2013 Devenv
"{B86C786E-11A2-4CAB-BB2E-D7CD5D65D552}" = Microsoft LightSwitch v4.0 SDK
"{B8FFB7D6-6ABD-47C3-8BAD-86FF5D8F3EDC}" = IIS 8.0 Express
"{BD63060C-F4C7-4E86-9C2A-4A102E7EE12C}" = Microsoft Web Developer Tools 2013 - Visual Studio 2013
"{BD72C04F-892F-48EE-A236-CC10891610D6}" = Windows Azure Shared Components for Microsoft Visual Studio 2013 - v1.0
"{BDAF08A3-35A8-369E-8379-03BB6B78FBCF}" = Microsoft Team Foundation Server 2013 Object Model (x86)
"{BF3E2194-F89B-44FB-A801-464BF787599F}" = WCF Data Services Tools for Microsoft Visual Studio 2013
"{C00453B2-27AD-4858-A20D-F44E39481C7D}" = Microsoft Report Viewer Add-On for Visual Studio 2013
"{C26C1495-8EBE-3F71-BDA1-7DE2010840D8}" = Microsoft Visual Studio 2013 Devenv Resources
"{C5A17590-8CBE-3581-965D-EF183BE07920}" = Microsoft Visual Studio Ultimate 2013 XAML UI Designer Core
"{C9E7751E-88ED-36CF-B610-71A1D262E906}" = Team Explorer for Microsoft Visual Studio 2013
"{CDECCD37-EBCE-4AF8-8D1C-5DF13194FEA1}" = Microsoft Advertising Service Extension for Visual Studio
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D3517C62-68A5-37CF-92F7-93C029A89681}" = Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU)
"{d3ab6132-e182-4c47-bf3f-fbf79ab78f07}" = Microsoft Visual Studio Premium 2013
"{D42681AA-BC16-3C84-949E-45F05D2AA997}" = Microsoft Visual C++ 2013 Core Libraries
"{D574CE3E-0376-4BED-B609-5C2C2AD655ED}" = Microsoft LightSwitch for Visual Studio 2013 v4.0 ToolsRes - ENU
"{D69874BF-D864-4EB2-91C3-2EDD05A64F70}" = Windows Azure Mobile Services Tools for Visual Studio 2013 Preview - v1.0
"{DA37746C-C25C-341C-AAF6-4C23A30C882A}" = Microsoft Team Foundation Server 2013 Object Model Language Pack (x86) - ENU
"{DB5600F1-DE83-46DE-B162-5FC4400EAF5B}" = Microsoft Visual C++ 2013 Compilers
"{DDA3C325-47B2-4730-9672-BF3771C08799}_is1" = XMedia Recode version 3.1.5.8
"{DF15CD8F-9295-3AD9-B814-7A60184AA1CD}" = Microsoft SharePoint 2013 Developer Tools for Visual Studio ENU Language Pack
"{E1FBB3D4-ADB0-4949-B101-855DA061C735}" = Microsoft Silverlight 5 SDK
"{E305E065-F8AB-3D72-B04E-4ADED3875BC5}" = Microsoft Visual Studio Team Foundation Server 2013 Storyboarding (x86)
"{E5CAE8D2-9F9F-3BEA-AA0F-B5B40611C704}" = Microsoft Visual C++ 2013 x86 Debug Runtime - 12.0.21005
"{E6CBC979-E613-49E6-A37B-3C342DE35235}_is1" = PDF to Word
"{E6F3851E-CEEB-4ECB-A6FA-337C8F662E3D}" = Microsoft Visual C++ 2013 Compilers - ENU Resources
"{E7654811-38F9-4225-9688-827FDA716582}" = Microsoft SQL Server 2012 Transact-SQL ScriptDom 
"{E7D4E834-93EB-351F-B8FB-82CDAE623003}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610
"{E9674444-9491-3961-873C-017D8912185E}" = Microsoft Visual Studio Professional 2013 - ENU
"{EB25848D-AADC-40D7-914E-CB2E25AB5E59}" = Microsoft ASP.NET MVC 4 Runtime
"{EB37C117-9C83-4696-A493-8AFBAC8F9FFC}" = JavaScript Tooling
"{EB514FFD-5FBA-3C53-94F8-3A2B96C5E7A8}" = Microsoft Visual Studio Ultimate 2013 XAML UI Designer enu Resources
"{EBC890A6-DE7C-44B4-AA03-119B6190D3E1}" = Blend for Visual Studio 2013
"{ED6C8E61-363B-355C-80C7-E676BC781478}" = Microsoft Visual Studio Premium 2013 - ENU
"{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1" = War Thunder Launcher 1.0.1.278
"{EDB13CB8-993C-4D6F-B2BD-7A5800DF15FC}" = Microsoft Visual Studio 2013 Performance Collection Tools
"{EE541DCE-3018-4A12-B0A3-7C55D62B3D01}" = Python Tools Redirection Template
"{F07DB5C1-34F6-48A7-B23E-682ACBF27338}" = OpenAL 1.1 Core PC SDK (ver 3.03)
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F20914BB-FD5F-3A3A-8CDF-DF5ADEFD9451}" = Microsoft Portable Library Multi-Targeting Pack Language Pack - enu
"{F361FE04-789E-42F3-BBAB-E7B380AA5E06}" = Windows XP Targeting with C++
"{F3FCB08B-E752-444D-86A0-0634A4F3B23D}" = System Requirements Lab CYRI
"{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}" = Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
"{F99F24BF-0B90-463E-9658-3FD2EFC3C992}" = Microsoft Identity Extensions
"{FB3A15FD-FC67-3A2F-892B-6890B0C56EA9}" = Build Tools - x86
"{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb" = IIS Express Application Compatibility Database for x86
"{FE939060-416C-4ECD-890E-13776E2707C4}" = Microsoft SQL Server 2012 Express LocalDB 
"{FF39514D-E2EB-40BA-A23F-C83B8E0ED110}" = Visual Studio Extensions for Windows Library for JavaScript
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Assassin's Creed Revelations_is1" = Assassin's Creed Revelations v1.0 Rus-Eng
"AVG" = AVG 2013
"DAEMON Tools Lite" = DAEMON Tools Lite
"dBpoweramp [Calculate Audio CRC] Codec" = dBpoweramp [Calculate Audio CRC] Codec
"dBpoweramp mp3 (Fraunhofer IIS) Codec" = dBpoweramp mp3 (Fraunhofer IIS) Codec
"dBpoweramp Music Converter" = dBpoweramp Music Converter
"ESL Wire_is1" = ESL Wire 1.17.3
"Fraps" = Fraps (remove only)
"Google Chrome" = Google Chrome
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}" = Samsung Story Album Viewer
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{F07DB5C1-34F6-48A7-B23E-682ACBF27338}" = OpenAL 1.1 Core PC SDK (ver 3.03)
"Internet Download Manager" = Internet Download Manager
"IrfanView" = IrfanView (remove only)
"Microsoft Help Viewer 2.1" = Microsoft Help Viewer 2.1
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"Mozilla Firefox 28.0 (x86 en-GB)" = Mozilla Firefox 28.0 (x86 en-GB)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NFOPad" = NFOPad 1.66
"Notepad++" = Notepad++
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"OpenAL" = OpenAL
"Precision" = EVGA Precision 2.0.4
"Prio" = Prio
"PunkBusterSvc" = PunkBuster Services
"Super Meat Boy 1.28" = Super Meat Boy 1.28
"Unlocker" = Unlocker 1.9.0
"VLC media player" = VLC media player 2.0.6
"Winamp" = Winamp
"WinRAR archiver" = WinRAR archiver
 
[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]
 
[HKEY_USERS\S-1-5-21-3986450965-706548418-1934913071-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"uTorrent" = µTorrent
 
[color=#E56717]========== Last 20 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 27.2.2014 07:28:00 | Computer Name = toni-CP | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
 when process Performance extension counter provider. The BaseIndex value from the
 Performance registry is the first DWORD in the Data section, LastCounter value 
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
 the Data section.
 
Error - 27.2.2014 07:28:00 | Computer Name = toni-CP | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
 failed. The first DWORD in the Data section contains the error code.
 
Error - 27.2.2014 07:44:04 | Computer Name = toni-CP | Source = WinMgmt | ID = 10
Description = 
 
Error - 27.2.2014 07:54:26 | Computer Name = toni-CP | Source = WinMgmt | ID = 10
Description = 
 
Error - 27.2.2014 07:57:32 | Computer Name = toni-CP | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
 when process Performance extension counter provider. The BaseIndex value from the
 Performance registry is the first DWORD in the Data section, LastCounter value 
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
 the Data section.
 
Error - 27.2.2014 07:57:32 | Computer Name = toni-CP | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
 failed. The first DWORD in the Data section contains the error code.
 
Error - 27.2.2014 08:07:24 | Computer Name = toni-CP | Source = WinMgmt | ID = 10
Description = 
 
Error - 27.2.2014 08:07:32 | Computer Name = toni-CP | Source = ESENT | ID = 489
Description = taskhost (3792) An attempt to open the file "C:\Users\toni\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat"
 for read only access failed with system error 32 (0x00000020): "The process cannot
 access the file because it is being used by another process. ".  The open file 
operation will fail with error -1032 (0xfffffbf8).
 
Error - 27.2.2014 08:12:10 | Computer Name = toni-CP | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
 when process Performance extension counter provider. The BaseIndex value from the
 Performance registry is the first DWORD in the Data section, LastCounter value 
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
 the Data section.
 
Error - 27.2.2014 08:12:10 | Computer Name = toni-CP | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
 failed. The first DWORD in the Data section contains the error code.
 
[ System Events ]
Error - 5.12.2013 22:41:45 | Computer Name = toni-CP | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
 error:   %%5
 
Error - 6.12.2013 04:50:34 | Computer Name = toni-CP | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
 error:   %%5
 
Error - 6.12.2013 23:40:45 | Computer Name = toni-CP | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
 error:   %%5
 
Error - 7.12.2013 19:36:58 | Computer Name = toni-CP | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
 error:   %%5
 
Error - 8.12.2013 19:54:16 | Computer Name = toni-CP | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
 error:   %%5
 
Error - 9.12.2013 04:28:25 | Computer Name = toni-CP | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
 storage could not grow due to a user imposed limit.
 
Error - 9.12.2013 20:50:45 | Computer Name = toni-CP | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
 error:   %%5
 
Error - 10.12.2013 19:43:44 | Computer Name = toni-CP | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
 error:   %%5
 
Error - 11.12.2013 03:05:04 | Computer Name = toni-CP | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
 error:   %%5
 
Error - 11.12.2013 03:22:37 | Computer Name = toni-CP | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
 error:   %%5
 
 
< End of report >

[OTL.Txt]
OTL logfile created on: 27.2.2014 14:08:28 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = E:\FF-Downloads
 Ultimate Edition Service Pack 1 (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16721)
Locale: 00000402 | Country: Bulgaria | Language: BGR | Date Format: d.M.yyyy
 
4,00 Gb Total Physical Memory | 2,55 Gb Available Physical Memory | 63,71% Memory free
7,00 Gb Paging File | 5,45 Gb Available in Paging File | 77,85% Paging File free
Paging file location(s): e:\pagefile.sys 3072 6144 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 38,96 Gb Total Space | 9,33 Gb Free Space | 23,94% Space Free | Partition Type: NTFS
Drive D: | 232,82 Gb Total Space | 8,10 Gb Free Space | 3,48% Space Free | Partition Type: NTFS
Drive E: | 232,81 Gb Total Space | 16,22 Gb Free Space | 6,96% Space Free | Partition Type: NTFS
Drive F: | 193,82 Gb Total Space | 17,07 Gb Free Space | 8,81% Space Free | Partition Type: NTFS
Drive H: | 4,29 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: TONI-CP | User Name: toni | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2014.02.27 14:07:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- E:\FF-Downloads\OTL(1).exe
PRC - [2014.02.26 16:26:48 | 000,277,616 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2014.02.08 19:11:48 | 000,941,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2013.12.21 08:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.11.20 01:54:20 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe
PRC - [2013.11.20 01:54:00 | 004,411,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe
PRC - [2013.11.02 03:29:09 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2013.10.23 01:06:16 | 001,117,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgnsx.exe
PRC - [2013.10.23 01:05:52 | 000,799,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgemcx.exe
PRC - [2013.09.27 12:39:50 | 000,313,120 | ---- | M] (Skillbrains) -- C:\Users\toni\AppData\Local\Skillbrains\lightshot\4.4.2.10\Lightshot.exe
PRC - [2013.07.15 12:21:26 | 000,844,656 | ---- | M] (Samsung) -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2013.07.15 12:21:22 | 000,311,152 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
PRC - [2013.07.15 12:21:20 | 001,564,016 | ---- | M] (Samsung) -- C:\Program Files\Samsung\Kies\Kies.exe
PRC - [2013.07.10 00:33:22 | 000,452,144 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcsrvx.exe
PRC - [2013.07.04 14:53:28 | 000,763,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgrsx.exe
PRC - [2013.07.04 14:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe
PRC - [2013.06.11 10:51:46 | 000,614,416 | ---- | M] () -- C:\Program Files\EslWire\service\WireHelperSvc.exe
PRC - [2012.11.14 16:13:23 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2012.11.08 21:29:12 | 000,012,656 | ---- | M] () -- C:\Program Files\Prio\prio_svc.exe
PRC - [2012.10.25 16:26:18 | 004,045,432 | R--- | M] (VIA) -- C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
PRC - [2012.10.22 15:43:44 | 000,027,768 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\System32\ViakaraokeSrv.exe
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
MOD - [2014.02.26 16:26:47 | 003,622,512 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013.11.05 11:12:47 | 017,280,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Theme\a71cb77685efcceb29fbbb2adc9ad3c5\Kies.Theme.ni.dll
MOD - [2013.11.05 11:12:35 | 000,236,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\1f0027391b7dd5a510bbe91b94f9836d\ASF_cSharpAPI.ni.dll
MOD - [2013.11.05 11:12:35 | 000,064,512 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.AllShare\6bea61d803ee18e2fbfb979499e5f7c1\Kies.Common.AllShare.ni.dll
MOD - [2013.11.05 11:12:12 | 002,196,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common23b84511#\3b4f0e3fb4f6c619a51a60b483942e04\Kies.Common.Multimedia.ni.dll
MOD - [2013.11.05 11:12:10 | 000,184,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Commonc65c5a95#\bf42dab8b38494947d4a3086916e0dd0\Kies.Common.DeviceServiceLib.Interface.ni.dll
MOD - [2013.11.05 11:12:02 | 000,306,176 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Util\e6738007af6dec0f68f7abcc824a79da\Kies.Common.Util.ni.dll
MOD - [2013.11.05 11:12:01 | 001,795,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.UI\ed7108bd2d9dbc3a331f0cf0d6d09a11\Kies.UI.ni.dll
MOD - [2013.11.05 11:12:01 | 001,639,424 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Locale\54bf34319fd5fd1e4e6894c3e382681d\Kies.Locale.ni.dll
MOD - [2013.11.05 11:12:01 | 000,081,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\d7ac977334ddb07e8c8cd933d1344171\Kies.MVVM.ni.dll
MOD - [2013.11.05 11:11:58 | 001,244,160 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Interface\44ae28dad78716f8407aca682bbc84cd\Kies.Interface.ni.dll
MOD - [2013.11.05 11:11:53 | 002,137,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies\8dbf940dd16e53e34599c8813ee1a1ad\Kies.ni.exe
MOD - [2013.11.05 10:21:42 | 000,223,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\3bc7ec22c021d74dce4f8230f3631fca\System.ServiceProcess.ni.dll
MOD - [2013.11.05 10:21:35 | 001,889,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\639f444db9491d25b5d158531e1f7d9b\System.Xaml.ni.dll
MOD - [2013.11.05 10:21:33 | 000,802,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\034c34ee777c7a2efc9c631b1179211c\System.Runtime.Remoting.ni.dll
MOD - [2013.11.05 10:21:27 | 018,813,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\a2eb039301af47660eebc7566ce02b9c\PresentationFramework.ni.dll
MOD - [2013.11.05 10:21:16 | 011,025,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b9fe579783a35b57dd7e69375f35e239\PresentationCore.ni.dll
MOD - [2013.11.05 10:21:15 | 000,976,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\1f56d5786274992934de0c900431c447\System.Configuration.ni.dll
MOD - [2013.11.05 10:21:09 | 003,950,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\ef90aeb894485d14b249d102309b6df3\WindowsBase.ni.dll
MOD - [2013.11.05 10:21:07 | 006,990,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\4e69f1e7d86d79012db2d7e0dadc8880\System.Core.ni.dll
MOD - [2013.11.05 10:21:06 | 007,662,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d91f3556f8011a5d48e1448e3fa8df9e\System.Xml.ni.dll
MOD - [2013.11.05 10:21:02 | 010,060,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\79f6324a598a7c4446a4a1168be7c4b1\System.ni.dll
MOD - [2013.11.05 10:20:57 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\045c9588954c3662d542b53f4462268b\mscorlib.ni.dll
MOD - [2012.10.25 16:25:48 | 000,113,272 | R--- | M] () -- C:\Program Files\VIA\VIAudioi\VDeck\Dts2ApoApi.dll
MOD - [2012.10.25 16:25:48 | 000,080,504 | R--- | M] () -- C:\Program Files\VIA\VIAudioi\VDeck\QsApoApi.dll
MOD - [2011.03.16 23:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010.10.20 14:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
 
 
[color=#E56717]========== Services (SafeList) ==========[/color]
 
SRV - [2014.02.26 16:26:48 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.12.21 08:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.11.20 01:54:20 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2013.10.05 02:38:22 | 000,071,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe -- (VsEtwService120)
SRV - [2013.08.21 20:55:10 | 000,091,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe -- (Te.Service)
SRV - [2013.08.21 20:33:20 | 000,140,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Kits\8.1\App Certification Kit\fussvc.exe -- (fussvc)
SRV - [2013.07.04 14:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013.06.11 10:51:46 | 000,614,416 | ---- | M] () [Auto | Running] -- C:\Program Files\EslWire\service\WireHelperSvc.exe -- (EslWireHelper)
SRV - [2012.11.14 16:07:38 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2012.11.08 21:29:12 | 000,012,656 | ---- | M] () [Auto | Running] -- C:\Program Files\Prio\prio_svc.exe -- (prio_svc)
SRV - [2012.10.22 15:43:44 | 000,027,768 | ---- | M] (VIA Technologies, Inc.) [Auto | Running] -- C:\Windows\System32\ViakaraokeSrv.exe -- (VIAKaraokeService)
SRV - [2010.12.27 22:50:30 | 031,124,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010.02.03 01:03:04 | 000,015,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe -- (c2wts)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\toni\AppData\Local\Temp\SPDTool.sys -- (SPDTool)
DRV - [2014.02.08 20:27:20 | 010,180,896 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2013.11.25 01:48:36 | 000,208,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2013.10.23 01:05:20 | 000,022,328 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2013.10.23 01:05:10 | 000,039,224 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2013.07.20 00:51:00 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avglogx.sys -- (Avglogx)
DRV - [2013.07.20 00:50:56 | 000,060,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2013.07.20 00:50:50 | 000,171,320 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2013.07.01 00:45:28 | 000,096,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2013.06.21 02:07:52 | 000,181,912 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2013.06.21 02:07:52 | 000,084,248 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2013.04.05 17:39:02 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2013.04.05 13:32:40 | 000,101,168 | ---- | M] (Tonec Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\idmwfp.sys -- (IDMWFP)
DRV - [2013.03.21 02:08:24 | 000,182,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012.11.14 16:19:42 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2012.11.14 16:19:42 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012.11.14 16:19:41 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2012.11.14 16:19:41 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\terminpt.sys -- (terminpt)
DRV - [2012.11.08 21:29:32 | 000,054,128 | ---- | M] (Xeno) [Kernel | System | Running] -- C:\Windows\System32\drivers\prio.sys -- (prio)
DRV - [2012.10.22 15:43:36 | 001,841,272 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2010.11.20 23:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 23:29:03 | 000,112,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - [2010.11.20 23:29:03 | 000,077,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV - [2010.11.20 23:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010.11.20 23:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 23:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 23:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 23:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 23:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.07.04 21:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2010.03.23 01:17:06 | 001,812,512 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL85n86.sys -- (RTL85n86)
DRV - [2009.10.26 14:54:24 | 000,025,088 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2009.07.14 00:02:52 | 000,043,008 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2009.07.14 00:02:47 | 000,047,104 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1E62x86.sys -- (L1E)
DRV - [2006.11.01 17:45:14 | 000,219,264 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BTCamDrv.sys -- (BTCAMDRV)
DRV - [2004.08.13 08:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3986450965-706548418-1934913071-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.bg/
IE - HKU\S-1-5-21-3986450965-706548418-1934913071-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3986450965-706548418-1934913071-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-3986450965-706548418-1934913071-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A0 DB C1 BF F4 31 CE 01  [binary data]
IE - HKU\S-1-5-21-3986450965-706548418-1934913071-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3986450965-706548418-1934913071-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-3986450965-706548418-1934913071-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.selectedEngine: "Delta Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.bg/"
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.21
FF - prefs.js..extensions.enabledAddons: %7B5384767E-00D9-40E9-B72F-9CC39D655D6F%7D:1.4.2.4
FF - prefs.js..extensions.enabledAddons: %7BE6C93316-271E-4b3d-8D7E-FE11B4350AEB%7D:2.1.25
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.0
FF - prefs.js..network.proxy.type: 0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\toni\AppData\Roaming\IDM\idmmzcc5 [2013.04.05 15:38:39 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Users\toni\AppData\Roaming\IDM\idmmzcc5 [2013.04.05 15:38:39 | 000,000,000 | ---D | M]
 
[2013.04.05 16:40:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\toni\AppData\Roaming\Mozilla\Extensions
[2014.02.26 16:20:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\toni\AppData\Roaming\Mozilla\Firefox\Profiles\k23rglzt.default\extensions
[2013.12.01 19:18:21 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Users\toni\AppData\Roaming\Mozilla\Firefox\Profiles\k23rglzt.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2013.10.23 20:52:29 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\toni\AppData\Roaming\Mozilla\Firefox\Profiles\k23rglzt.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013.10.23 20:52:29 | 000,000,000 | ---D | M] (WebCake) -- C:\Users\toni\AppData\Roaming\Mozilla\Firefox\Profiles\k23rglzt.default\extensions\[email protected]
[2013.11.20 17:57:01 | 000,619,291 | ---- | M] () (No name found) -- C:\Users\toni\AppData\Roaming\Mozilla\Firefox\Profiles\k23rglzt.default\extensions\[email protected]
[2014.01.05 03:50:20 | 000,534,563 | ---- | M] () (No name found) -- C:\Users\toni\AppData\Roaming\Mozilla\Firefox\Profiles\k23rglzt.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi
[2011.07.15 19:27:22 | 000,089,442 | ---- | M] () (No name found) -- C:\Users\toni\AppData\Roaming\Mozilla\Firefox\Profiles\k23rglzt.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.xpi
[2014.02.26 16:20:38 | 000,957,290 | ---- | M] () (No name found) -- C:\Users\toni\AppData\Roaming\Mozilla\Firefox\Profiles\k23rglzt.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014.01.23 13:50:25 | 000,009,489 | ---- | M] () (No name found) -- C:\Users\toni\AppData\Roaming\Mozilla\Firefox\Profiles\k23rglzt.default\extensions\{E6C93316-271E-4b3d-8D7E-FE11B4350AEB}.xpi
[2014.02.26 16:26:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014.02.26 16:26:41 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
[color=#E56717]========== Chrome  ==========[/color]
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: https://play.google.com/store/apps
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.57\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U25 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw_1202122.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll
CHR - plugin: Java Deployment Toolkit 7.0.250.17 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - Extension: Google Docs = C:\Users\toni\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\toni\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\toni\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\toni\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: APK Downloader = C:\Users\toni\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdpglblnnaocjhfenhockgamhoogihfi\1.5.1_0\
CHR - Extension: APK Downloader = C:\Users\toni\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdpglblnnaocjhfenhockgamhoogihfi\2.0.0_0\
CHR - Extension: IDM Integration = C:\Users\toni\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmolcgpienlcieaajfkkdamlngancncm\6.15.10_0\
CHR - Extension: Google Wallet = C:\Users\toni\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: Google Wallet = C:\Users\toni\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Gmail = C:\Users\toni\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2014.02.27 13:40:55 | 000,000,321 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 vscan.novirusthanks.org
O1 - Hosts: 127.0.0.1 irusscan.jotti.org
O1 - Hosts: 127.0.0.1 www.virus-trap.org
O1 - Hosts: 127.0.0.1 www.filterbit.com
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [TiltBreaker] C:\Program Files\Tilt Breaker\rundll32.exe File not found
O4 - HKLM..\Run: [Windows Services for Processes] C:\Users\toni\AppData\Roaming\svchost.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3986450965-706548418-1934913071-1000..\Run: [] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKU\S-1-5-21-3986450965-706548418-1934913071-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (Disc Soft Ltd)
O4 - HKU\S-1-5-21-3986450965-706548418-1934913071-1000..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung)
O4 - HKU\S-1-5-21-3986450965-706548418-1934913071-1000..\Run: [LightShot] C:\Users\toni\AppData\Local\Skillbrains\lightshot\LightShot.exe ()
O4 - HKU\S-1-5-21-3986450965-706548418-1934913071-1000..\Run: [rundll32] C:\Users\toni\AppData\Roaming\rundll32 .exe File not found
O4 - HKU\S-1-5-21-3986450965-706548418-1934913071-1000..\Run: [TiltBreaker] C:\Program Files\Tilt Breaker\rundll32.exe File not found
O4 - HKU\S-1-5-21-3986450965-706548418-1934913071-1000..\Run: [Windows Services for Processes] C:\Users\toni\AppData\Roaming\svchost.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Windows Services for Processes = C:\Users\toni\AppData\Roaming\svchost.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 95.111.35.129 89.190.192.248
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7C05BF13-B336-4FBD-9CB1-FD0B9CA8B01E}: DhcpNameServer = 95.111.35.129 89.190.192.248
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (prio.dll) - C:\Program Files\Prio\prio.dll (O&K Software)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010.03.28 19:37:55 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011.11.23 18:38:29 | 000,147,034 | R--- | M] () - H:\autorun.ico -- [ CDFS ]
O32 - AutoRun File - [2009.10.10 02:05:02 | 000,000,045 | R--- | M] () - H:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{88b2c9c7-9df3-11e2-b9e9-002354f5e8d4}\Shell - "" = AutoRun
O33 - MountPoints2\{88b2c9c7-9df3-11e2-b9e9-002354f5e8d4}\Shell\AutoRun\command - "" = H:\setup.exe -- [2011.11.24 04:41:59 | 001,021,452 | R--- | M] (                                                            )
O33 - MountPoints2\{cfec4efd-9de8-11e2-9f90-002354f5e8d4}\Shell - "" = AutoRun
O33 - MountPoints2\{cfec4efd-9de8-11e2-9f90-002354f5e8d4}\Shell\AutoRun\command - "" = I:\SETUP.EXE
O33 - MountPoints2\{cfec4efd-9de8-11e2-9f90-002354f5e8d4}\Shell\configure\command - "" = I:\SETUP.EXE
O33 - MountPoints2\{cfec4efd-9de8-11e2-9f90-002354f5e8d4}\Shell\install\command - "" = I:\SETUP.EXE
O33 - MountPoints2\{d3499297-0ca8-11e3-af0e-002354f5e8d4}\Shell - "" = AutoRun
O33 - MountPoints2\{d3499297-0ca8-11e3-af0e-002354f5e8d4}\Shell\AutoRun\command - "" = I:\HTC_Sync_Manager_PC.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2014.02.27 14:00:04 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2014.02.27 13:57:05 | 000,000,000 | ---D | C] -- C:\Program Files\AGEIA Technologies
[2014.02.27 13:56:50 | 004,348,704 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcpl.dll
[2014.02.27 13:56:50 | 003,045,664 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvsvc.dll
[2014.02.27 13:56:50 | 002,555,168 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvsvcr.dll
[2014.02.27 13:56:50 | 000,376,096 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvmctray.dll
[2014.02.27 13:56:50 | 000,062,752 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvshext.dll
[2014.02.27 13:56:25 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2014.02.27 13:55:30 | 015,740,232 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvwgf2um.dll
[2014.02.27 13:55:29 | 023,683,360 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll
[2014.02.27 13:55:29 | 014,669,032 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvd3dum.dll
[2014.02.27 13:55:29 | 010,180,896 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys
[2014.02.27 13:55:29 | 009,690,424 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvopencl.dll
[2014.02.27 13:55:29 | 002,956,576 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll
[2014.02.27 13:55:29 | 002,410,784 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll
[2014.02.27 13:55:29 | 000,863,520 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvIFR.dll
[2014.02.27 13:55:29 | 000,844,576 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvFBC.dll
[2014.02.27 13:55:28 | 009,728,064 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll
[2014.02.27 13:55:26 | 017,560,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll
[2014.02.27 13:55:26 | 002,713,728 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvapi.dll
[2014.02.27 13:11:29 | 001,049,888 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispco3233489.dll
[2014.02.27 13:11:29 | 000,895,264 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispgenco3233489.dll
[2014.02.26 18:03:33 | 000,000,000 | ---D | C] -- C:\Users\toni\Documents\ESL Match Media
[2014.02.26 17:53:00 | 000,000,000 | ---D | C] -- C:\Users\toni\AppData\Local\ESL_Wire_Plugin_Container
[2014.02.26 17:49:22 | 000,000,000 | ---D | C] -- C:\Users\toni\AppData\Local\ESL Wire Game Client
[2014.02.26 17:49:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESL Wire
[2014.02.26 17:49:20 | 000,000,000 | ---D | C] -- C:\Program Files\EslWire
[2014.02.26 17:49:20 | 000,000,000 | ---D | C] -- C:\ProgramData\ESL Wire
[2014.02.26 16:26:41 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2014.02.25 01:00:48 | 000,000,000 | ---D | C] -- C:\Users\toni\Desktop\ESL_logo
[2014.02.24 01:49:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2014.02.24 01:49:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2014.02.24 01:49:51 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2014.02.23 22:37:20 | 000,000,000 | ---D | C] -- C:\Users\toni\AppData\Local\Hold'em_Manager
[2014.02.23 22:24:16 | 000,000,000 | ---D | C] -- C:\Users\toni\AppData\Roaming\HEM Data
[2014.02.23 22:22:17 | 000,000,000 | ---D | C] -- C:\ProgramData\TiltBreaker
[2014.02.23 22:17:53 | 000,000,000 | ---D | C] -- C:\ProgramData\XHEO INC
[2014.02.23 22:17:53 | 000,000,000 | ---D | C] -- C:\Users\toni\AppData\Local\IsolatedStorage
[2014.02.23 22:08:42 | 000,000,000 | ---D | C] -- C:\Users\toni\AppData\Roaming\HoldemManager
[2014.02.23 22:08:41 | 001,169,224 | ---- | C] (Microsoft Corporation) -- C:\Users\toni\AppData\Roaming\svchost.exe
[2014.02.23 22:05:33 | 000,000,000 | ---D | C] -- C:\Program Files\PSQLINSTALL
[2014.02.21 18:01:06 | 000,000,000 | ---D | C] -- C:\Users\toni\AppData\Local\Ubisoft Game Launcher
[2014.02.21 18:01:05 | 000,000,000 | ---D | C] -- C:\Users\toni\Documents\Assassin's Creed Revelations
[2014.02.21 18:00:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Assassin's Creed Revelations
[2014.02.21 15:05:09 | 000,000,000 | ---D | C] -- C:\Users\toni\AppData\Roaming\PunkBuster
[2014.02.21 13:29:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Orbit
[2014.02.21 13:29:27 | 000,000,000 | ---D | C] -- C:\Users\toni\Documents\Assassin's Creed III
[2014.02.18 22:22:52 | 000,000,000 | ---D | C] -- C:\Users\toni\Desktop\dsadsa2
[2014.02.18 21:30:01 | 000,000,000 | ---D | C] -- C:\Users\toni\Desktop\asddddas
[2014.02.14 17:03:42 | 000,000,000 | ---D | C] -- C:\Users\toni\Documents\Aiseesoft Studio
[2014.02.11 17:00:51 | 000,000,000 | ---D | C] -- C:\Users\toni\AppData\Roaming\Ubisoft
[2014.02.11 15:55:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Ubisoft
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2014.02.27 14:07:22 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014.02.27 14:06:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014.02.27 13:58:42 | 000,021,280 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014.02.27 13:58:42 | 000,021,280 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014.02.27 13:57:35 | 002,361,242 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014.02.27 13:57:35 | 001,752,990 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014.02.27 13:52:05 | 000,006,608 | ---- | M] () -- C:\bootsqm.dat
[2014.02.27 13:43:00 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\update-S-1-5-21-3986450965-706548418-1934913071-1000.job
[2014.02.27 13:40:55 | 000,000,344 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20140227-134055.backup
[2014.02.27 13:40:55 | 000,000,321 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2014.02.27 13:40:55 | 000,000,239 | ---- | M] () -- C:\Windows\wininit.ini
[2014.02.27 13:38:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014.02.27 11:16:00 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\update-sys.job
[2014.02.26 17:49:22 | 000,000,932 | ---- | M] () -- C:\Users\Public\Desktop\ESL Wire.lnk
[2014.02.26 12:55:13 | 000,344,664 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014.02.23 23:35:20 | 016,122,362 | ---- | M] () -- C:\Users\toni\Desktop\Hold_em_Manager_Tutorial_Part_1.flv
[2014.02.23 22:09:41 | 000,000,246 | ---- | M] () -- C:\Users\toni\AppData\Roaming\IDK
[2014.02.23 22:08:39 | 000,000,107 | -HS- | M] () -- C:\Users\toni\AppData\Roaming\per.bat
[2014.02.14 17:12:01 | 000,000,368 | ---- | M] () -- C:\Windows\pdf2word.INI
[2014.02.14 10:15:39 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014.02.14 10:15:38 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2014.02.13 02:35:31 | 005,013,269 | ---- | M] () -- C:\Users\toni\Desktop\1912683_531129373651859_1383019678_n.mp4
[2014.02.08 20:27:20 | 023,683,360 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll
[2014.02.08 20:27:20 | 017,560,352 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll
[2014.02.08 20:27:20 | 015,740,232 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvwgf2um.dll
[2014.02.08 20:27:20 | 014,669,032 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvd3dum.dll
[2014.02.08 20:27:20 | 010,180,896 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys
[2014.02.08 20:27:20 | 009,728,064 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll
[2014.02.08 20:27:20 | 009,690,424 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvopencl.dll
[2014.02.08 20:27:20 | 002,956,576 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll
[2014.02.08 20:27:20 | 002,713,728 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvapi.dll
[2014.02.08 20:27:20 | 002,410,784 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll
[2014.02.08 20:27:20 | 001,049,888 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvdispco3233489.dll
[2014.02.08 20:27:20 | 000,895,264 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvdispgenco3233489.dll
[2014.02.08 20:27:20 | 000,863,520 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\NvIFR.dll
[2014.02.08 20:27:20 | 000,844,576 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\NvFBC.dll
[2014.02.08 20:27:20 | 000,053,024 | ---- | M] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2014.02.08 20:27:20 | 000,019,204 | ---- | M] () -- C:\Windows\System32\nvinfo.pb
[2014.02.08 19:11:47 | 004,348,704 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcpl.dll
[2014.02.08 19:11:47 | 003,045,664 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvsvc.dll
[2014.02.08 19:11:44 | 002,555,168 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvsvcr.dll
[2014.02.08 19:11:44 | 000,376,096 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvmctray.dll
[2014.02.08 19:11:44 | 000,062,752 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvshext.dll
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2014.02.27 13:55:29 | 000,019,204 | ---- | C] () -- C:\Windows\System32\nvinfo.pb
[2014.02.27 13:52:05 | 000,006,608 | ---- | C] () -- C:\bootsqm.dat
[2014.02.27 13:40:55 | 000,000,239 | ---- | C] () -- C:\Windows\wininit.ini
[2014.02.26 17:49:22 | 000,000,932 | ---- | C] () -- C:\Users\Public\Desktop\ESL Wire.lnk
[2014.02.23 23:35:08 | 016,122,362 | ---- | C] () -- C:\Users\toni\Desktop\Hold_em_Manager_Tutorial_Part_1.flv
[2014.02.23 22:09:11 | 000,000,246 | ---- | C] () -- C:\Users\toni\AppData\Roaming\IDK
[2014.02.23 22:08:39 | 000,000,107 | -HS- | C] () -- C:\Users\toni\AppData\Roaming\per.bat
[2014.02.21 12:46:39 | 000,189,248 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2014.02.21 12:46:38 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2014.02.14 17:11:20 | 000,000,368 | ---- | C] () -- C:\Windows\pdf2word.INI
[2014.02.13 02:35:25 | 005,013,269 | ---- | C] () -- C:\Users\toni\Desktop\1912683_531129373651859_1383019678_n.mp4
[2014.02.07 12:44:03 | 003,197,355 | ---- | C] () -- C:\Users\toni\Desktop\20140101_002156.jpg
[2014.02.07 12:44:02 | 003,561,219 | ---- | C] () -- C:\Users\toni\Desktop\20140101_002135.jpg
[2014.02.07 12:43:59 | 090,112,349 | ---- | C] () -- C:\Users\toni\Desktop\20131212_232611.mp4
[2013.11.30 21:34:11 | 000,000,037 | -HS- | C] () -- C:\Users\toni\AppData\Local\70149b02515b3bb20dd492.47983420
[2013.10.14 13:49:34 | 000,008,096 | ---- | C] () -- C:\Windows\GROUPS.EXE
[2013.10.14 13:49:34 | 000,000,144 | ---- | C] () -- C:\Windows\TDW.INI
[2013.09.23 00:08:01 | 000,007,602 | ---- | C] () -- C:\Users\toni\AppData\Local\Resmon.ResmonCfg
[2013.06.26 08:17:33 | 000,000,439 | ---- | C] () -- C:\Users\toni\AppData\Local\UserProducts.xml
[2013.06.26 08:06:11 | 000,180,624 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll
[2013.05.22 19:43:52 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2013.05.22 19:43:48 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2013.05.22 19:43:48 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2013.05.22 19:43:48 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2013.05.22 19:43:48 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2013.05.05 06:42:15 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2013.04.05 15:35:24 | 000,003,153 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp mp3 (Fraunhofer IIS) Codec.dat
[2013.04.05 15:35:02 | 000,002,878 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp [Calculate Audio CRC] Codec.dat
[2013.04.05 15:34:48 | 004,047,024 | ---- | C] () -- C:\Windows\System32\SpoonUninstall.exe
[2013.04.05 15:34:48 | 000,017,993 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp Music Converter.dat
[2012.11.21 00:32:40 | 003,123,272 | R--- | C] () -- C:\Windows\System32\pbsvc.exe
 
[color=#E56717]========== ZeroAccess Check ==========[/color]
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.11.14 16:30:11 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 23:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2013.05.10 09:55:54 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2013.05.10 09:55:54 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
[2013.05.10 09:55:54 | 000,000,000 | ---D | M] -- C:\Users\postgres\AppData\Roaming\TuneUp Software
[2013.05.10 09:55:54 | 000,000,000 | ---D | M] -- C:\Users\postgres.toni-CP\AppData\Roaming\TuneUp Software
[2013.04.05 22:06:56 | 000,000,000 | ---D | M] -- C:\Users\toni\AppData\Roaming\AVG2013
[2013.05.05 00:48:33 | 000,000,000 | ---D | M] -- C:\Users\toni\AppData\Roaming\DAEMON Tools Lite
[2013.09.20 20:38:12 | 000,000,000 | ---D | M] -- C:\Users\toni\AppData\Roaming\dBpoweramp
[2013.06.17 10:56:29 | 000,000,000 | ---D | M] -- C:\Users\toni\AppData\Roaming\DMCache
[2013.06.26 08:06:54 | 000,000,000 | ---D | M] -- C:\Users\toni\AppData\Roaming\FileOpen
[2013.04.05 15:11:34 | 000,000,000 | ---D | M] -- C:\Users\toni\AppData\Roaming\GlobalSCAPE
[2014.02.23 22:24:16 | 000,000,000 | ---D | M] -- C:\Users\toni\AppData\Roaming\HEM Data
[2014.02.23 23:25:11 | 000,000,000 | ---D | M] -- C:\Users\toni\AppData\Roaming\HoldemManager
[2013.05.17 10:23:22 | 000,000,000 | ---D | M] -- C:\Users\toni\AppData\Roaming\IDM
[2013.09.16 13:51:54 | 000,000,000 | ---D | M] -- C:\Users\toni\AppData\Roaming\IrfanView
[2013.06.26 08:06:54 | 000,000,000 | ---D | M] -- C:\Users\toni\AppData\Roaming\Nitro
[2013.05.05 00:25:08 | 000,000,000 | ---D | M] -- C:\Users\toni\AppData\Roaming\Notepad++
[2013.11.05 11:20:37 | 000,000,000 | ---D | M] -- C:\Users\toni\AppData\Roaming\NuGet
[2013.06.26 08:06:12 | 000,000,000 | ---D | M] -- C:\Users\toni\AppData\Roaming\OpenCandy
[2013.06.25 15:06:33 | 000,000,000 | ---D | M] -- C:\Users\toni\AppData\Roaming\Oracle
[2014.02.21 15:05:09 | 000,000,000 | ---D | M] -- C:\Users\toni\AppData\Roaming\PunkBuster
[2013.04.05 15:11:39 | 000,000,000 | ---D | M] -- C:\Users\toni\AppData\Roaming\Rovio
[2013.07.26 11:12:38 | 000,000,000 | ---D | M] -- C:\Users\toni\AppData\Roaming\Samsung
[2013.06.20 05:34:41 | 000,000,000 | ---D | M] -- C:\Users\toni\AppData\Roaming\SWI-Prolog
[2014.02.23 21:25:31 | 000,000,000 | ---D | M] -- C:\Users\toni\AppData\Roaming\TeamViewer
[2013.08.20 09:23:49 | 000,000,000 | ---D | M] -- C:\Users\toni\AppData\Roaming\Tepfel
[2014.02.26 20:28:58 | 000,000,000 | ---D | M] -- C:\Users\toni\AppData\Roaming\TS3Client
[2013.10.05 15:30:32 | 000,000,000 | ---D | M] -- C:\Users\toni\AppData\Roaming\TuneUp Software
[2014.02.13 15:41:19 | 000,000,000 | ---D | M] -- C:\Users\toni\AppData\Roaming\Ubisoft
[2014.02.26 02:27:12 | 000,000,000 | ---D | M] -- C:\Users\toni\AppData\Roaming\uTorrent
[2013.04.05 15:11:52 | 000,000,000 | ---D | M] -- C:\Users\toni\AppData\Roaming\Wargaming.net
[2013.06.24 18:49:08 | 000,000,000 | ---D | M] -- C:\Users\toni\AppData\Roaming\XMedia Recode
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
 
[color=#E56717]========== Custom Scans ==========[/color]
 
[color=#E56717]========== Base Services ==========[/color]
SRV - [2009.07.14 03:14:53 | 000,062,464 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\aelupsvc.dll -- (AeLookupSvc)
SRV - [2010.11.20 23:29:19 | 000,047,104 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appinfo.dll -- (Appinfo)
SRV - [2009.07.14 03:14:11 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\alg.exe -- (ALG)
SRV - [2010.11.20 23:29:08 | 000,585,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\qmgr.dll -- (BITS)
SRV - [2010.11.20 23:29:12 | 000,494,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\BFE.DLL -- (BFE)
SRV - [2012.11.14 16:18:36 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\lsass.exe -- (KeyIso)
SRV - [2009.07.14 03:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\es.dll -- (EventSystem)
SRV - [2012.11.14 16:31:19 | 000,102,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\browser.dll -- (Browser)
SRV - [2012.11.14 16:27:33 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\cryptsvc.dll -- (CryptSvc)
SRV - [2010.11.20 23:29:12 | 000,376,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (DcomLaunch)
SRV - [2010.11.20 23:29:12 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2012.11.14 16:12:26 | 000,132,608 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dnsrslvr.dll -- (Dnscache)
SRV - [2009.07.14 03:15:13 | 000,098,304 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\eapsvc.dll -- (EapHost)
SRV - [2009.07.14 03:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\hidserv.dll -- (hidserv)
SRV - [2009.07.14 03:15:33 | 000,300,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess)
SRV - [2010.11.20 23:29:07 | 000,350,208 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV - [2009.07.14 03:16:15 | 000,313,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\swprv.dll -- (swprv)
SRV - [2009.07.14 03:15:41 | 000,049,664 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\mmcss.dll -- (MMCSS)
SRV - [2009.07.14 03:16:03 | 000,280,576 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netman.dll -- (Netman)
SRV - [2009.07.14 03:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netprofm.dll -- (netprofm)
SRV - [2012.11.14 16:37:05 | 000,242,176 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nlasvc.dll -- (NlaSvc)
SRV - [2009.07.14 03:16:11 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nsisvc.dll -- (nsi)
SRV - [2012.11.14 16:16:50 | 000,293,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpnpmgr.dll -- (PlugPlay)
SRV - [2012.11.14 16:24:30 | 000,317,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\spoolsv.exe -- (Spooler)
SRV - [2012.11.14 16:18:36 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV - [2009.07.14 03:16:12 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasauto.dll -- (RasAuto)
SRV - [2010.11.20 23:29:24 | 000,286,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasmans.dll -- (RasMan)
SRV - [2010.11.20 23:29:12 | 000,376,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (RpcSs)
SRV - [2009.07.14 03:16:13 | 000,021,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\seclogon.dll -- (seclogon)
SRV - [2012.11.14 16:18:36 | 000,022,528 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsass.exe -- (SamSs)
SRV - [2009.07.14 03:16:20 | 000,073,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wscsvc.dll -- (wscsvc)
SRV - [2010.11.20 23:29:07 | 000,168,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\srvsvc.dll -- (LanmanServer)
SRV - [2010.11.20 23:29:12 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV - [2010.11.20 23:29:21 | 000,750,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\schedsvc.dll -- (Schedule)
SRV - [2010.11.20 23:29:07 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\tapisrv.dll -- (TapiSrv)
SRV - [2009.07.14 03:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2012.11.14 16:31:34 | 000,164,352 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\profsvc.dll -- (ProfSvc)
SRV - [2010.11.20 23:29:12 | 001,025,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\VSSVC.exe -- (VSS)
SRV - [2010.11.20 23:29:07 | 000,473,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (Audiosrv)
SRV - [2010.11.20 23:29:07 | 000,473,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (AudioEndpointBuilder)
SRV - [2010.11.20 23:29:49 | 000,125,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sdrsvc.dll -- (SDRSVC)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010.11.20 23:29:11 | 001,086,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wevtsvc.dll -- (eventlog)
SRV - [2010.11.20 23:29:06 | 000,566,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\MPSSVC.dll -- (MpsSvc)
SRV - [2010.11.20 23:29:41 | 000,463,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wiaservc.dll -- (StiSvc)
SRV - [2010.11.20 23:29:20 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\msiexec.exe -- (msiserver)
SRV - [2009.07.14 03:16:19 | 000,168,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wbem\WMIsvc.dll -- (Winmgmt)
SRV - [2012.06.03 00:19:17 | 001,933,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wuaueng.dll -- (wuauserv)
SRV - [2010.11.20 23:29:20 | 000,214,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dot3svc.dll -- (dot3svc)
SRV - [2009.07.14 03:16:19 | 000,829,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wlansvc.dll -- (Wlansvc)
SRV - [2010.11.20 23:29:07 | 000,084,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wkssvc.dll -- (LanmanWorkstation)
 
[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
 
[color=#A23BEC]< MD5 for: EXPLORER.EXE  >[/color]
[2012.11.14 16:13:23 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2010.11.20 23:29:20 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2012.11.14 16:13:23 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2012.11.14 16:13:23 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
 
[color=#A23BEC]< MD5 for: SERVICES  >[/color]
[2009.06.10 23:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\System32\drivers\etc\services
[2009.06.10 23:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_045b589158ae90da\services
 
[color=#A23BEC]< MD5 for: SERVICES.CFG  >[/color]
[2012.09.23 19:43:36 | 000,603,848 | R--- | M] () MD5=81B120EAEE296F0E54F66C16C5A21367 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744BA0000000010\11.0.0\services.cfg
[2013.12.21 08:04:16 | 000,559,392 | ---- | M] () MD5=F9FBA73F44366AB3514BD1985707F178 -- C:\Program Files\Adobe\Reader 11.0\Reader\Services\Services.cfg
 
[color=#A23BEC]< MD5 for: SERVICES.EXE  >[/color]
[2009.07.14 03:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009.07.14 03:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
 
[color=#A23BEC]< MD5 for: SERVICES.EXE.MUI  >[/color]
[2010.11.21 02:38:26 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=0DA5F221169DEB5AC3A22465CD6F0281 -- C:\Windows\System32\en-US\services.exe.mui
[2010.11.21 02:38:26 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=0DA5F221169DEB5AC3A22465CD6F0281 -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_69d39d3a8748c332\services.exe.mui
 
[color=#A23BEC]< MD5 for: SERVICES.EXE-511D36F4.PF  >[/color]
[2014.02.26 12:55:45 | 000,046,658 | ---- | M] () MD5=9BB59508306B28A60FFF9E74634E71F8 -- C:\Windows\Prefetch\SERVICES.EXE-511D36F4.pf
 
[color=#A23BEC]< MD5 for: SERVICES.LNK  >[/color]
[2009.07.14 06:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 06:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
 
[color=#A23BEC]< MD5 for: SERVICES.MOF  >[/color]
[2009.06.10 23:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof
[2009.06.10 23:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.mof
 
[color=#A23BEC]< MD5 for: SERVICES.MSC  >[/color]
[2010.11.21 02:38:25 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\en-US\services.msc
[2009.06.10 23:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc
[2010.11.21 02:38:25 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009.06.10 23:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc
 
[color=#A23BEC]< MD5 for: SERVICES.PTXML  >[/color]
[2009.07.13 22:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\System32\wdi\perftrack\Services.ptxml
[2009.07.13 22:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\Services.ptxml
 
[color=#A23BEC]< MD5 for: SERVICES.SBS  >[/color]
[2013.07.16 13:21:30 | 000,034,818 | ---- | M] () MD5=E2ACBC77020C8D5CE97CA61D0D859A44 -- C:\Program Files\Spybot - Search & Destroy\Includes\Services.sbs
 
[color=#A23BEC]< MD5 for: SVCHOST.EXE  >[/color]
[2010.11.20 23:29:11 | 001,169,224 | ---- | M] (Microsoft Corporation) MD5=34AA912DEFA18C2C129F1E09D75C1D7E -- C:\Users\toni\AppData\Roaming\svchost.exe
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
 
[color=#A23BEC]< MD5 for: USERINIT.EXE  >[/color]
[2010.11.20 23:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 23:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
 
[color=#A23BEC]< MD5 for: WINLOGON.EXE  >[/color]
[2010.11.20 23:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 23:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
 
[color=#A23BEC]< MD5 for: WINSOCK.DLL  >[/color]
[2009.07.13 23:41:34 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\Windows\System32\WINSOCK.DLL
[2009.07.13 23:41:34 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.1.7601.17514_none_0014e305d0cff0a7\WINSOCK.DLL
 
[color=#A23BEC]< MD5 for: WINSOCK.H  >[/color]
[2013.08.21 16:36:04 | 000,038,515 | ---- | M] () MD5=4C9A38861B425AC47623BA6187FB124E -- C:\Program Files\Windows Kits\8.1\Include\um\winsock.h
[2012.10.01 09:14:04 | 000,038,471 | ---- | M] () MD5=B2A415C3F1450F80F57AF83212F3C7AA -- C:\Program Files\Microsoft SDKs\Windows\v7.1A\Include\WinSock.h

< End of report >


I will return with the aswMBR.exe[0.9.9.1771] log.
P.S. My Firefox is glitching with graphic bugs... hope to see you soon (= .

Edited by macman90, 27 February 2014 - 06:27 AM.

  • 0

Advertisements


#2
macman90

macman90

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
UPDATE: Sorry, the program is stil scanning and found infected objects. I will return as soon as I see the program has fully finished scanning.

Downloaded the latest Avast engine definitions [14022700]
Log:

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2014-02-27 14:22:39
-----------------------------
14:22:39.571    OS Version: Windows 6.1.7600 Service Pack 1
14:22:39.571    Number of processors: 2 586 0x170A
14:22:39.572    ComputerName: TONI-CP  UserName: toni
14:22:40.201    Initialize success
14:23:35.244    AVAST engine defs: 14022700
14:26:16.593    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
14:26:16.593    Disk 0 Vendor: Hitachi_HDP725025GLA380 GM2OA5FA Size: 238475MB BusType: 3
14:26:16.593    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T1L0-4
14:26:16.593    Disk 1 Vendor: ST3250824AS 3.AAH Size: 238475MB BusType: 3
14:26:16.609    Disk 2  \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP3T1L0-5
14:26:16.609    Disk 2 Vendor: ST3250824AS 3.AAH Size: 238475MB BusType: 3
14:26:16.702    Disk 0 MBR read successfully
14:26:16.718    Disk 0 MBR scan
14:26:16.718    Disk 0 Windows 7 default MBR code
14:26:16.733    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
14:26:16.733    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        39899 MB offset 206848
14:26:16.765    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       198473 MB offset 81920000
14:26:16.765    Disk 0 scanning sectors +488392704
14:26:16.936    Disk 0 scanning C:\Windows\system32\drivers
14:26:24.097    Service scanning
14:26:50.273    Modules scanning
14:26:55.687    Disk 0 trace - called modules:
14:26:55.718    ntkrlStaforce.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys 
14:26:55.718    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86c308f0]
14:26:55.718    3 CLASSPNP.SYS[8ddbd59e] -> nt!IofCallDriver -> [0x86748918]
14:26:55.718    5 ACPI.sys[8d8c53d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0x86756030]
14:26:56.092    AVAST engine scan C:\Windows
14:26:57.434    AVAST engine scan C:\Windows\system32
14:30:54.024    AVAST engine scan C:\Windows\system32\drivers
14:31:03.992    AVAST engine scan C:\Users\toni
14:31:31.901    Disk 0 MBR has been saved successfully to "E:\FF-Downloads\MBR.dat"
14:31:31.916    The log file has been saved successfully to "E:\FF-Downloads\aswMBR.txt"

Edited by macman90, 27 February 2014 - 06:37 AM.

  • 0

#3
macman90

macman90

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
This is the full scan:

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2014-02-27 14:22:39
-----------------------------
14:22:39.571    OS Version: Windows 6.1.7600 Service Pack 1
14:22:39.571    Number of processors: 2 586 0x170A
14:22:39.572    ComputerName: TONI-CP  UserName: toni
14:22:40.201    Initialize success
14:23:35.244    AVAST engine defs: 14022700
14:26:16.593    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
14:26:16.593    Disk 0 Vendor: Hitachi_HDP725025GLA380 GM2OA5FA Size: 238475MB BusType: 3
14:26:16.593    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T1L0-4
14:26:16.593    Disk 1 Vendor: ST3250824AS 3.AAH Size: 238475MB BusType: 3
14:26:16.609    Disk 2  \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP3T1L0-5
14:26:16.609    Disk 2 Vendor: ST3250824AS 3.AAH Size: 238475MB BusType: 3
14:26:16.702    Disk 0 MBR read successfully
14:26:16.718    Disk 0 MBR scan
14:26:16.718    Disk 0 Windows 7 default MBR code
14:26:16.733    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
14:26:16.733    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        39899 MB offset 206848
14:26:16.765    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       198473 MB offset 81920000
14:26:16.765    Disk 0 scanning sectors +488392704
14:26:16.936    Disk 0 scanning C:\Windows\system32\drivers
14:26:24.097    Service scanning
14:26:50.273    Modules scanning
14:26:55.687    Disk 0 trace - called modules:
14:26:55.718    ntkrlStaforce.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys 
14:26:55.718    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86c308f0]
14:26:55.718    3 CLASSPNP.SYS[8ddbd59e] -> nt!IofCallDriver -> [0x86748918]
14:26:55.718    5 ACPI.sys[8d8c53d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0x86756030]
14:26:56.092    AVAST engine scan C:\Windows
14:26:57.434    AVAST engine scan C:\Windows\system32
14:30:54.024    AVAST engine scan C:\Windows\system32\drivers
14:31:03.992    AVAST engine scan C:\Users\toni
14:31:31.901    Disk 0 MBR has been saved successfully to "E:\FF-Downloads\MBR.dat"
14:31:31.916    The log file has been saved successfully to "E:\FF-Downloads\aswMBR.txt"
14:35:52.392    File: C:\Users\toni\AppData\Roaming\Tepfel\dat\Dora.dat  **INFECTED** Win32:Webcake-A [Adw]
14:35:52.423    File: C:\Users\toni\AppData\Roaming\Tepfel\dat\Maintain.dat  **INFECTED** Win32:Webcake-A [Adw]
14:35:52.438    File: C:\Users\toni\AppData\Roaming\Tepfel\dat\Paladin.dat  **INFECTED** Win32:Webcake-A [Adw]
14:35:52.501    File: C:\Users\toni\AppData\Roaming\Tepfel\dat\Phoenix.dat  **INFECTED** Win32:Webcake-A [Adw]
14:37:36.101    AVAST engine scan C:\ProgramData
14:39:24.183    Scan finished successfully
14:40:23.192    Disk 0 MBR has been saved successfully to "E:\FF-Downloads\MBR.dat"
14:40:23.195    The log file has been saved successfully to "E:\FF-Downloads\aswMBR2.txt"

  • 0

#4
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,698 posts
Welcome to GeeksToGo, macman90

My name is Machiavelli and I'll try to fix your PC problems. If you are in SafeMode then print my instructions! Removing Malware on a computer can be very complicated. Malware (malicious software) is able to hide and so I may not be able to find it so easily. In order to remove Malware from you Computer, you need to follow my instructions carefully. Don't be worried if you don't know what to do, just ask me! Please stay in contact with me until the problem is fixed.

Posted Image

Posted Image

!NOTE! Please respect my volunteered time and stay with me until I declare your computer clean. If you are going to be delayed for a while, please let me know.

I am currently in training and my posts will need to be reviewed by an expert, so expect a slight delay between posts. :)

 

I will come back with further instructions later.
  • 0

#5
macman90

macman90

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Thank you! I will try to help you further with some info. Ask more if needed after this.
I ran SpyBot before posting these logs. It cought 7-8 entries and I clicked on fix the problems.
The problem manifested hard today. A week ago I noticed 3 svchost.exe console windows poping up after OS boot. Today I decided to see the directory that this .exe was booting from - \appdata\roaming\svchost.exe. I opened it with Notepad++ [yes, stupid] and now I have something looking like bad graphic driver glitches almost everywhere. I tried to close these console windows everytime they appear, but today I missed closing them and I saw some operations starting for some miliseconds and then the windows closed automatically. Unfortunately I got 3-4 blue screens to this moment and some restarting had to be done.
This is with what information I can help you.

Edited by macman90, 27 February 2014 - 07:41 AM.

  • 0

#6
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,698 posts
===== > Step 1: OTL Fix < =====

  • Run OTL(If you have Windows Vista / Windows 7 / Windows 8 please do a Right click on the OTL icon and select Run as Administrator).
  • Copy (Ctrl+C) and Paste (Ctrl+V) all of the following text into the Custom Scans/Fixes box:


    :Commands
    [CREATERESTOREPOINT]
    
    :OTL
    FF - prefs.js..browser.search.selectedEngine: "Delta Search"
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll File not found
    O4 - HKLM..\Run: [TiltBreaker] C:\Program Files\Tilt Breaker\rundll32.exe File not found
    O4 - HKLM..\Run: [Windows Services for Processes] C:\Users\toni\AppData\Roaming\svchost.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-3986450965-706548418-1934913071-1000..\Run: [rundll32] C:\Users\toni\AppData\Roaming\rundll32 .exe File not found
    O4 - HKU\S-1-5-21-3986450965-706548418-1934913071-1000..\Run: [TiltBreaker] C:\Program Files\Tilt Breaker\rundll32.exe File not found
    O4 - HKU\S-1-5-21-3986450965-706548418-1934913071-1000..\Run: [Windows Services for Processes] C:\Users\toni\AppData\Roaming\svchost.exe (Microsoft Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Windows Services for Processes = C:\Users\toni\AppData\Roaming\svchost.exe (Microsoft Corporation)
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O32 - AutoRun File - [2010.03.28 19:37:55 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2011.11.23 18:38:29 | 000,147,034 | R--- | M] () - H:\autorun.ico -- [ CDFS ]
    O32 - AutoRun File - [2009.10.10 02:05:02 | 000,000,045 | R--- | M] () - H:\autorun.inf -- [ CDFS ]
    O33 - MountPoints2\{88b2c9c7-9df3-11e2-b9e9-002354f5e8d4}\Shell - "" = AutoRun
    O33 - MountPoints2\{88b2c9c7-9df3-11e2-b9e9-002354f5e8d4}\Shell\AutoRun\command - "" = H:\setup.exe -- [2011.11.24 04:41:59 | 001,021,452 | R--- | M] (                                                            )
    O33 - MountPoints2\{cfec4efd-9de8-11e2-9f90-002354f5e8d4}\Shell - "" = AutoRun
    O33 - MountPoints2\{cfec4efd-9de8-11e2-9f90-002354f5e8d4}\Shell\AutoRun\command - "" = I:\SETUP.EXE
    O33 - MountPoints2\{cfec4efd-9de8-11e2-9f90-002354f5e8d4}\Shell\configure\command - "" = I:\SETUP.EXE
    O33 - MountPoints2\{cfec4efd-9de8-11e2-9f90-002354f5e8d4}\Shell\install\command - "" = I:\SETUP.EXE
    O33 - MountPoints2\{d3499297-0ca8-11e3-af0e-002354f5e8d4}\Shell - "" = AutoRun
    O33 - MountPoints2\{d3499297-0ca8-11e3-af0e-002354f5e8d4}\Shell\AutoRun\command - "" = I:\HTC_Sync_Manager_PC.exe
    [2014.02.23 22:08:42 | 000,000,000 | ---D | C] -- C:\Users\toni\AppData\Roaming\HoldemManager
    [2014.02.23 22:08:41 | 001,169,224 | ---- | C] (Microsoft Corporation) -- C:\Users\toni\AppData\Roaming\svchost.exe
    [2014.02.23 22:37:20 | 000,000,000 | ---D | C] -- C:\Users\toni\AppData\Local\Hold'em_Manager
    [2014.02.23 22:24:16 | 000,000,000 | ---D | C] -- C:\Users\toni\AppData\Roaming\HEM Data
    [2014.02.23 22:22:17 | 000,000,000 | ---D | C] -- C:\ProgramData\TiltBreaker
    [2014.02.23 22:17:53 | 000,000,000 | ---D | C] -- C:\ProgramData\XHEO INC
    [2014.02.23 22:17:53 | 000,000,000 | ---D | C] -- C:\Users\toni\AppData\Local\IsolatedStorage
    [2014.02.27 11:16:00 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\update-sys.job
    [2014.02.23 22:09:41 | 000,000,246 | ---- | M] () -- C:\Users\toni\AppData\Roaming\IDK
    [2014.02.23 22:08:39 | 000,000,107 | -HS- | M] () -- C:\Users\toni\AppData\Roaming\per.bat
    [2014.02.23 23:35:08 | 016,122,362 | ---- | C] () -- C:\Users\toni\Desktop\Hold_em_Manager_Tutorial_Part_1.flv
    [2013.11.30 21:34:11 | 000,000,037 | -HS- | C] () -- C:\Users\toni\AppData\Local\70149b02515b3bb20dd492.47983420
    [2013.06.26 08:06:12 | 000,000,000 | ---D | M] -- C:\Users\toni\AppData\Roaming\OpenCandy
    [2014.02.23 22:24:16 | 000,000,000 | ---D | M] -- C:\Users\toni\AppData\Roaming\HEM Data
    [2014.02.23 23:25:11 | 000,000,000 | ---D | M] -- C:\Users\toni\AppData\Roaming\HoldemManager
    
    :Files
    C:\Users\toni\AppData\Roaming\Tepfel
    
    :Commands
    [RESETHOSTS] 
    [EMPTYTEMP]
    
  • Click the Run Fix button.
  • After your computer has rebooted, post the Fixlog into your next reply.

===== > Step 2: Adwarecleaner < =====

Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1


  • Right-click on AdwCleaner.exe and select Run as administrator. (If you have Windows XP the just run it)
  • Click Scan and let the scan run.
  • When it finishes, click Clean, following the on screen prompts
  • After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.

Note: The log can also be found in here: C:\AdwCleaner\

===== > Step 3: JRT < =====

Posted Image  Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

===== > Step 4: OTL QuickScan < =====

  • Run OTL by double-clicking on it. (If you have Windows Vista / Windows 7 / Windows 8 please do a Right click on OTL.exe and select Run as Administrator)
  • Click Quick Scan to start OTL.
  • When OTL finishes scanning, a logs, OTL.txt will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

 

Please don't forget to post these logs into your next reply:

  • OTL FixLog
  • Adwarecleaner Log
  • JRT.txt
  • OTL.txt
  • How is your PC running? Any issues?

  • 0

#7
macman90

macman90

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
===== > Step 1: OTL Fix < =====

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Prefs.js: "Delta Search" removed from browser.search.selectedEngine
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\ubisoft.com/uplaypc\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\TiltBreaker deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Windows Services for Processes deleted successfully.
C:\Users\toni\AppData\Roaming\svchost.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-3986450965-706548418-1934913071-1000\Software\Microsoft\Windows\CurrentVersion\Run\\rundll32 deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3986450965-706548418-1934913071-1000\Software\Microsoft\Windows\CurrentVersion\Run\\TiltBreaker deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3986450965-706548418-1934913071-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Windows Services for Processes deleted successfully.
File C:\Users\toni\AppData\Roaming\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\Windows Services for Processes deleted successfully.
File C:\Users\toni\AppData\Roaming\svchost.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
C:\autoexec.bat moved successfully.
D:\AUTOEXEC.BAT moved successfully.
File move failed. H:\autorun.ico scheduled to be moved on reboot.
File move failed. H:\autorun.inf scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{88b2c9c7-9df3-11e2-b9e9-002354f5e8d4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88b2c9c7-9df3-11e2-b9e9-002354f5e8d4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{88b2c9c7-9df3-11e2-b9e9-002354f5e8d4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88b2c9c7-9df3-11e2-b9e9-002354f5e8d4}\ not found.
File move failed. H:\setup.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cfec4efd-9de8-11e2-9f90-002354f5e8d4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cfec4efd-9de8-11e2-9f90-002354f5e8d4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cfec4efd-9de8-11e2-9f90-002354f5e8d4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cfec4efd-9de8-11e2-9f90-002354f5e8d4}\ not found.
File I:\SETUP.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cfec4efd-9de8-11e2-9f90-002354f5e8d4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cfec4efd-9de8-11e2-9f90-002354f5e8d4}\ not found.
File I:\SETUP.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cfec4efd-9de8-11e2-9f90-002354f5e8d4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cfec4efd-9de8-11e2-9f90-002354f5e8d4}\ not found.
File I:\SETUP.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d3499297-0ca8-11e3-af0e-002354f5e8d4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d3499297-0ca8-11e3-af0e-002354f5e8d4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d3499297-0ca8-11e3-af0e-002354f5e8d4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d3499297-0ca8-11e3-af0e-002354f5e8d4}\ not found.
File I:\HTC_Sync_Manager_PC.exe not found.
C:\Users\toni\AppData\Roaming\HoldemManager\SavedHoleCards folder moved successfully.
C:\Users\toni\AppData\Roaming\HoldemManager\NoteCaddyNotes\HoldemManager2 folder moved successfully.
C:\Users\toni\AppData\Roaming\HoldemManager\NoteCaddyNotes folder moved successfully.
C:\Users\toni\AppData\Roaming\HoldemManager\NoteCaddyDefinitions folder moved successfully.
C:\Users\toni\AppData\Roaming\HoldemManager\Database\HoldemManager2\Importing folder moved successfully.
C:\Users\toni\AppData\Roaming\HoldemManager\Database\HoldemManager2 folder moved successfully.
C:\Users\toni\AppData\Roaming\HoldemManager\Database folder moved successfully.
C:\Users\toni\AppData\Roaming\HoldemManager folder moved successfully.
File C:\Users\toni\AppData\Roaming\svchost.exe not found.
C:\Users\toni\AppData\Local\Hold'em_Manager\HoldemManager.exe_Url_hso5rcncfvopwghccuvgzvh1iwmrn11j\2.0.0.7932 folder moved successfully.
C:\Users\toni\AppData\Local\Hold'em_Manager\HoldemManager.exe_Url_hso5rcncfvopwghccuvgzvh1iwmrn11j folder moved successfully.
C:\Users\toni\AppData\Local\Hold'em_Manager folder moved successfully.
C:\Users\toni\AppData\Roaming\HEM Data\Hands folder moved successfully.
C:\Users\toni\AppData\Roaming\HEM Data folder moved successfully.
C:\ProgramData\TiltBreaker folder moved successfully.
C:\ProgramData\XHEO INC\SharedLicenses folder moved successfully.
C:\ProgramData\XHEO INC folder moved successfully.
C:\Users\toni\AppData\Local\IsolatedStorage\livsgzvl.doy\y1dggwma.ize\StrongName.apwea015gk5sbdb4ehayx0vpjfbbacqa\AssemFiles folder moved successfully.
C:\Users\toni\AppData\Local\IsolatedStorage\livsgzvl.doy\y1dggwma.ize\StrongName.apwea015gk5sbdb4ehayx0vpjfbbacqa folder moved successfully.
C:\Users\toni\AppData\Local\IsolatedStorage\livsgzvl.doy\y1dggwma.ize\Publisher.a5hbt501saexoiqn31epw5xxvwaryovm\AssemFiles folder moved successfully.
C:\Users\toni\AppData\Local\IsolatedStorage\livsgzvl.doy\y1dggwma.ize\Publisher.a5hbt501saexoiqn31epw5xxvwaryovm folder moved successfully.
C:\Users\toni\AppData\Local\IsolatedStorage\livsgzvl.doy\y1dggwma.ize folder moved successfully.
C:\Users\toni\AppData\Local\IsolatedStorage\livsgzvl.doy folder moved successfully.
C:\Users\toni\AppData\Local\IsolatedStorage folder moved successfully.
C:\Windows\Tasks\update-sys.job moved successfully.
C:\Users\toni\AppData\Roaming\IDK moved successfully.
C:\Users\toni\AppData\Roaming\per.bat moved successfully.
C:\Users\toni\Desktop\Hold_em_Manager_Tutorial_Part_1.flv moved successfully.
C:\Users\toni\AppData\Local\70149b02515b3bb20dd492.47983420 moved successfully.
C:\Users\toni\AppData\Roaming\OpenCandy\OpenCandy_757156DC72A74F8CA1652B03BC6443B3 folder moved successfully.
C:\Users\toni\AppData\Roaming\OpenCandy\757156DC72A74F8CA1652B03BC6443B3 folder moved successfully.
C:\Users\toni\AppData\Roaming\OpenCandy folder moved successfully.
Folder C:\Users\toni\AppData\Roaming\HEM Data\ not found.
Folder C:\Users\toni\AppData\Roaming\HoldemManager\ not found.
========== FILES ==========
C:\Users\toni\AppData\Roaming\Tepfel\dat\update folder moved successfully.
C:\Users\toni\AppData\Roaming\Tepfel\dat folder moved successfully.
C:\Users\toni\AppData\Roaming\Tepfel folder moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: postgres
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: postgres.toni-CP
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: toni
->Temp folder emptied: 276563532 bytes
->Temporary Internet Files folder emptied: 241937455 bytes
->Java cache emptied: 374903 bytes
->FireFox cache emptied: 54449305 bytes
->Google Chrome cache emptied: 241302271 bytes
->Flash cache emptied: 58731 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1434 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 777,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 02272014_154833

Files\Folders moved on Reboot...
File\Folder H:\autorun.ico not found!
File\Folder H:\autorun.inf not found!
File\Folder H:\setup.exe not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...




===== > Step 2: Adwarecleaner < =====

# AdwCleaner v3.019 - Report created 27/02/2014 at 15:56:37
# Updated 17/02/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)
# Username : toni - TONI-CP
# Running from : E:\FF-Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Program Files\Tepfel
Folder Deleted : C:\Users\toni\AppData\Roaming\Mozilla\Firefox\Profiles\k23rglzt.default\Extensions\[email protected]
File Deleted : C:\Users\toni\AppData\Roaming\Mozilla\Firefox\Profiles\k23rglzt.default\invalidprefs.js
File Deleted : C:\Users\toni\AppData\Roaming\Mozilla\Firefox\Profiles\k23rglzt.default\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKCU\Software\AVG Nation toolbar
Key Deleted : HKLM\Software\AVG Nation toolbar
Key Deleted : HKLM\Software\AVG Security Toolbar

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16720


-\\ Mozilla Firefox v28.0 (en-GB)

[ File : C:\Users\toni\AppData\Roaming\Mozilla\Firefox\Profiles\k23rglzt.default\prefs.js ]

Line Deleted : user_pref("extensions.delta.admin", false);
Line Deleted : user_pref("extensions.delta.aflt", "babsst");
Line Deleted : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Line Deleted : user_pref("extensions.delta.autoRvrt", "false");
Line Deleted : user_pref("extensions.delta.dfltLng", "en");
Line Deleted : user_pref("extensions.delta.excTlbr", false);
Line Deleted : user_pref("extensions.delta.id", "8edfef78000000000000001f293474c9");
Line Deleted : user_pref("extensions.delta.instlDay", "15781");
Line Deleted : user_pref("extensions.delta.instlRef", "sst");
Line Deleted : user_pref("extensions.delta.newTab", false);
Line Deleted : user_pref("extensions.delta.prdct", "delta");
Line Deleted : user_pref("extensions.delta.prtnrId", "delta");
Line Deleted : user_pref("extensions.delta.rvrt", "false");
Line Deleted : user_pref("extensions.delta.smplGrp", "none");
Line Deleted : user_pref("extensions.delta.tlbrId", "base");
Line Deleted : user_pref("extensions.delta.tlbrSrchUrl", "");
Line Deleted : user_pref("extensions.delta.vrsn", "1.8.10.0");
Line Deleted : user_pref("extensions.delta.vrsnTs", "1.8.10.09:24:41");
Line Deleted : user_pref("extensions.delta.vrsni", "1.8.10.0");

-\\ Google Chrome v33.0.1750.117

[ File : C:\Users\toni\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [3400 octets] - [27/02/2014 15:54:30]
AdwCleaner[S0].txt - [3399 octets] - [27/02/2014 15:56:37]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3459 octets] ##########


===== > Step 3: JRT < =====

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 7 Ultimate x86
Ran by toni on зҐвў 27.02.2014 at 16:08:21,91
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\toni\AppData\Roaming\mozilla\firefox\profiles\k23rglzt.default\minidumps [1554 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on зҐвў 27.02.2014 at 16:09:58,52
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


===== > Step 4: OTL QuickScan < =====

OTL logfile created on: 27.2.2014 16:15:02 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = E:\FF-Downloads
 Ultimate Edition Service Pack 1 (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16721)
Locale: 00000402 | Country: Bulgaria | Language: BGR | Date Format: d.M.yyyy
 
4,00 Gb Total Physical Memory | 2,70 Gb Available Physical Memory | 67,51% Memory free
7,00 Gb Paging File | 5,59 Gb Available in Paging File | 79,92% Paging File free
Paging file location(s): e:\pagefile.sys 3072 6144 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 38,96 Gb Total Space | 9,79 Gb Free Space | 25,12% Space Free | Partition Type: NTFS
Drive D: | 232,82 Gb Total Space | 8,10 Gb Free Space | 3,48% Space Free | Partition Type: NTFS
Drive E: | 232,81 Gb Total Space | 16,18 Gb Free Space | 6,95% Space Free | Partition Type: NTFS
Drive F: | 193,82 Gb Total Space | 17,07 Gb Free Space | 8,81% Space Free | Partition Type: NTFS
Drive H: | 4,29 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: TONI-CP | User Name: toni | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2014.02.27 14:07:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- E:\FF-Downloads\OTL(1).exe
PRC - [2014.02.26 16:26:48 | 000,277,616 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2014.02.08 19:11:48 | 000,941,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2013.12.21 08:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.11.20 01:54:20 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe
PRC - [2013.11.20 01:54:00 | 004,411,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe
PRC - [2013.11.02 03:29:09 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2013.09.27 12:39:50 | 000,313,120 | ---- | M] (Skillbrains) -- C:\Users\toni\AppData\Local\Skillbrains\lightshot\4.4.2.10\Lightshot.exe
PRC - [2013.07.15 12:21:26 | 000,844,656 | ---- | M] (Samsung) -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2013.07.15 12:21:22 | 000,311,152 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
PRC - [2013.07.15 12:21:20 | 001,564,016 | ---- | M] (Samsung) -- C:\Program Files\Samsung\Kies\Kies.exe
PRC - [2013.07.04 14:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe
PRC - [2013.06.11 10:51:46 | 000,614,416 | ---- | M] () -- C:\Program Files\EslWire\service\WireHelperSvc.exe
PRC - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.11.14 16:13:23 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2012.11.08 21:29:12 | 000,012,656 | ---- | M] () -- C:\Program Files\Prio\prio_svc.exe
PRC - [2012.10.25 16:26:18 | 004,045,432 | R--- | M] (VIA) -- C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
PRC - [2012.10.22 15:43:44 | 000,027,768 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\System32\ViakaraokeSrv.exe
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
MOD - [2014.02.26 16:26:47 | 003,622,512 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013.11.05 11:12:47 | 017,280,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Theme\a71cb77685efcceb29fbbb2adc9ad3c5\Kies.Theme.ni.dll
MOD - [2013.11.05 11:12:35 | 000,236,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\1f0027391b7dd5a510bbe91b94f9836d\ASF_cSharpAPI.ni.dll
MOD - [2013.11.05 11:12:35 | 000,064,512 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.AllShare\6bea61d803ee18e2fbfb979499e5f7c1\Kies.Common.AllShare.ni.dll
MOD - [2013.11.05 11:12:12 | 002,196,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common23b84511#\3b4f0e3fb4f6c619a51a60b483942e04\Kies.Common.Multimedia.ni.dll
MOD - [2013.11.05 11:12:10 | 000,184,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Commonc65c5a95#\bf42dab8b38494947d4a3086916e0dd0\Kies.Common.DeviceServiceLib.Interface.ni.dll
MOD - [2013.11.05 11:12:02 | 000,306,176 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Util\e6738007af6dec0f68f7abcc824a79da\Kies.Common.Util.ni.dll
MOD - [2013.11.05 11:12:01 | 001,795,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.UI\ed7108bd2d9dbc3a331f0cf0d6d09a11\Kies.UI.ni.dll
MOD - [2013.11.05 11:12:01 | 001,639,424 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Locale\54bf34319fd5fd1e4e6894c3e382681d\Kies.Locale.ni.dll
MOD - [2013.11.05 11:12:01 | 000,081,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\d7ac977334ddb07e8c8cd933d1344171\Kies.MVVM.ni.dll
MOD - [2013.11.05 11:11:58 | 001,244,160 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Interface\44ae28dad78716f8407aca682bbc84cd\Kies.Interface.ni.dll
MOD - [2013.11.05 11:11:53 | 002,137,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies\8dbf940dd16e53e34599c8813ee1a1ad\Kies.ni.exe
MOD - [2013.11.05 10:21:42 | 000,223,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\3bc7ec22c021d74dce4f8230f3631fca\System.ServiceProcess.ni.dll
MOD - [2013.11.05 10:21:35 | 001,889,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\639f444db9491d25b5d158531e1f7d9b\System.Xaml.ni.dll
MOD - [2013.11.05 10:21:33 | 000,802,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\034c34ee777c7a2efc9c631b1179211c\System.Runtime.Remoting.ni.dll
MOD - [2013.11.05 10:21:27 | 018,813,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\a2eb039301af47660eebc7566ce02b9c\PresentationFramework.ni.dll
MOD - [2013.11.05 10:21:16 | 011,025,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b9fe579783a35b57dd7e69375f35e239\PresentationCore.ni.dll
MOD - [2013.11.05 10:21:15 | 000,976,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\1f56d5786274992934de0c900431c447\System.Configuration.ni.dll
MOD - [2013.11.05 10:21:09 | 003,950,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\ef90aeb894485d14b249d102309b6df3\WindowsBase.ni.dll
MOD - [2013.11.05 10:21:07 | 006,990,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\4e69f1e7d86d79012db2d7e0dadc8880\System.Core.ni.dll
MOD - [2013.11.05 10:21:06 | 007,662,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d91f3556f8011a5d48e1448e3fa8df9e\System.Xml.ni.dll
MOD - [2013.11.05 10:21:02 | 010,060,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\79f6324a598a7c4446a4a1168be7c4b1\System.ni.dll
MOD - [2013.11.05 10:20:57 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\045c9588954c3662d542b53f4462268b\mscorlib.ni.dll
MOD - [2012.10.25 16:25:48 | 000,113,272 | R--- | M] () -- C:\Program Files\VIA\VIAudioi\VDeck\Dts2ApoApi.dll
MOD - [2012.10.25 16:25:48 | 000,080,504 | R--- | M] () -- C:\Program Files\VIA\VIAudioi\VDeck\QsApoApi.dll
MOD - [2012.06.18 17:24:30 | 000,260,096 | ---- | M] () -- C:\Program Files\Notepad++\NppShell_05.dll
MOD - [2011.03.16 23:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010.10.20 14:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010.07.04 23:32:38 | 000,010,752 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerCOM.dll
MOD - [2010.03.15 10:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
 
 
[color=#E56717]========== Services (SafeList) ==========[/color]
 
SRV - [2014.02.26 16:26:48 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.12.21 08:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.11.20 01:54:20 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2013.10.05 02:38:22 | 000,071,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe -- (VsEtwService120)
SRV - [2013.08.21 20:55:10 | 000,091,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe -- (Te.Service)
SRV - [2013.08.21 20:33:20 | 000,140,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Kits\8.1\App Certification Kit\fussvc.exe -- (fussvc)
SRV - [2013.07.04 14:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stop_Pending] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013.06.11 10:51:46 | 000,614,416 | ---- | M] () [Auto | Running] -- C:\Program Files\EslWire\service\WireHelperSvc.exe -- (EslWireHelper)
SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.11.14 16:07:38 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2012.11.08 21:29:12 | 000,012,656 | ---- | M] () [Auto | Running] -- C:\Program Files\Prio\prio_svc.exe -- (prio_svc)
SRV - [2012.10.22 15:43:44 | 000,027,768 | ---- | M] (VIA Technologies, Inc.) [Auto | Running] -- C:\Windows\System32\ViakaraokeSrv.exe -- (VIAKaraokeService)
SRV - [2010.12.27 22:50:30 | 031,124,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010.02.03 01:03:04 | 000,015,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe -- (c2wts)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\toni\AppData\Local\Temp\SPDTool.sys -- (SPDTool)
DRV - [2014.02.08 20:27:20 | 010,180,896 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2013.11.25 01:48:36 | 000,208,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2013.10.23 01:05:20 | 000,022,328 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2013.10.23 01:05:10 | 000,039,224 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2013.07.20 00:51:00 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avglogx.sys -- (Avglogx)
DRV - [2013.07.20 00:50:56 | 000,060,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2013.07.20 00:50:50 | 000,171,320 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2013.07.01 00:45:28 | 000,096,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2013.06.21 02:07:52 | 000,181,912 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2013.06.21 02:07:52 | 000,084,248 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2013.04.05 17:39:02 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2013.04.05 13:32:40 | 000,101,168 | ---- | M] (Tonec Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\idmwfp.sys -- (IDMWFP)
DRV - [2013.04.04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013.03.21 02:08:24 | 000,182,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012.11.14 16:19:42 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2012.11.14 16:19:42 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012.11.14 16:19:41 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2012.11.14 16:19:41 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\terminpt.sys -- (terminpt)
DRV - [2012.11.08 21:29:32 | 000,054,128 | ---- | M] (Xeno) [Kernel | System | Running] -- C:\Windows\System32\drivers\prio.sys -- (prio)
DRV - [2012.10.22 15:43:36 | 001,841,272 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2010.11.20 23:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 23:29:03 | 000,112,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - [2010.11.20 23:29:03 | 000,077,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV - [2010.11.20 23:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010.11.20 23:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 23:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 23:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 23:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 23:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.07.04 21:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2010.03.23 01:17:06 | 001,812,512 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL85n86.sys -- (RTL85n86)
DRV - [2009.10.26 14:54:24 | 000,025,088 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2009.07.14 00:02:52 | 000,043,008 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2009.07.14 00:02:47 | 000,047,104 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1E62x86.sys -- (L1E)
DRV - [2006.11.01 17:45:14 | 000,219,264 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BTCamDrv.sys -- (BTCAMDRV)
DRV - [2004.08.13 08:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.bg/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A0 DB C1 BF F4 31 CE 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "http://www.google.bg/"
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.21
FF - prefs.js..extensions.enabledAddons: %7B5384767E-00D9-40E9-B72F-9CC39D655D6F%7D:1.4.2.4
FF - prefs.js..extensions.enabledAddons: %7BE6C93316-271E-4b3d-8D7E-FE11B4350AEB%7D:2.1.25
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.0
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\toni\AppData\Roaming\IDM\idmmzcc5 [2013.04.05 15:38:39 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Users\toni\AppData\Roaming\IDM\idmmzcc5 [2013.04.05 15:38:39 | 000,000,000 | ---D | M]
 
[2013.04.05 16:40:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\toni\AppData\Roaming\Mozilla\Extensions
[2014.02.27 15:56:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\toni\AppData\Roaming\Mozilla\Firefox\Profiles\k23rglzt.default\extensions
[2013.12.01 19:18:21 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Users\toni\AppData\Roaming\Mozilla\Firefox\Profiles\k23rglzt.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2013.10.23 20:52:29 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\toni\AppData\Roaming\Mozilla\Firefox\Profiles\k23rglzt.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013.11.20 17:57:01 | 000,619,291 | ---- | M] () (No name found) -- C:\Users\toni\AppData\Roaming\Mozilla\Firefox\Profiles\k23rglzt.default\extensions\[email protected]
[2014.01.05 03:50:20 | 000,534,563 | ---- | M] () (No name found) -- C:\Users\toni\AppData\Roaming\Mozilla\Firefox\Profiles\k23rglzt.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi
[2011.07.15 19:27:22 | 000,089,442 | ---- | M] () (No name found) -- C:\Users\toni\AppData\Roaming\Mozilla\Firefox\Profiles\k23rglzt.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.xpi
[2014.02.26 16:20:38 | 000,957,290 | ---- | M] () (No name found) -- C:\Users\toni\AppData\Roaming\Mozilla\Firefox\Profiles\k23rglzt.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014.01.23 13:50:25 | 000,009,489 | ---- | M] () (No name found) -- C:\Users\toni\AppData\Roaming\Mozilla\Firefox\Profiles\k23rglzt.default\extensions\{E6C93316-271E-4b3d-8D7E-FE11B4350AEB}.xpi
[2014.02.26 16:26:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014.02.26 16:26:41 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
[color=#E56717]========== Chrome  ==========[/color]
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: https://play.google.com/store/apps
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.57\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U25 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw_1202122.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll
CHR - plugin: Java Deployment Toolkit 7.0.250.17 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - Extension: Google Docs = C:\Users\toni\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\toni\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\toni\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\toni\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: APK Downloader = C:\Users\toni\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdpglblnnaocjhfenhockgamhoogihfi\1.5.1_0\
CHR - Extension: APK Downloader = C:\Users\toni\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdpglblnnaocjhfenhockgamhoogihfi\2.0.0_0\
CHR - Extension: IDM Integration = C:\Users\toni\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmolcgpienlcieaajfkkdamlngancncm\6.15.10_0\
CHR - Extension: Google Wallet = C:\Users\toni\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: Google Wallet = C:\Users\toni\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Gmail = C:\Users\toni\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2014.02.27 15:49:05 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (Disc Soft Ltd)
O4 - HKCU..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung)
O4 - HKCU..\Run: [LightShot] C:\Users\toni\AppData\Local\Skillbrains\lightshot\LightShot.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 95.111.35.129 89.190.192.248
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7C05BF13-B336-4FBD-9CB1-FD0B9CA8B01E}: DhcpNameServer = 95.111.35.129 89.190.192.248
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (prio.dll) - C:\Program Files\Prio\prio.dll (O&K Software)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.11.23 18:38:29 | 000,147,034 | R--- | M] () - H:\autorun.ico -- [ CDFS ]
O32 - AutoRun File - [2009.10.10 02:05:02 | 000,000,045 | R--- | M] () - H:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{88b2c9c7-9df3-11e2-b9e9-002354f5e8d4}\Shell - "" = AutoRun
O33 - MountPoints2\{88b2c9c7-9df3-11e2-b9e9-002354f5e8d4}\Shell\AutoRun\command - "" = H:\setup.exe -- [2011.11.24 04:41:59 | 001,021,452 | R--- | M] (                                                            )
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2014.02.27 16:08:12 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014.02.27 15:54:06 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014.02.27 15:20:00 | 000,000,000 | ---D | C] -- C:\Users\toni\AppData\Roaming\Malwarebytes
[2014.02.27 15:19:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014.02.27 15:19:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014.02.27 15:19:51 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2014.02.27 15:19:51 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2014.02.27 14:00:04 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2014.02.27 13:57:05 | 000,000,000 | ---D | C] -- C:\Program Files\AGEIA Technologies
[2014.02.27 13:56:25 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2014.02.26 18:03:33 | 000,000,000 | ---D | C] -- C:\Users\toni\Documents\ESL Match Media
[2014.02.26 17:53:00 | 000,000,000 | ---D | C] -- C:\Users\toni\AppData\Local\ESL_Wire_Plugin_Container
[2014.02.26 17:49:22 | 000,000,000 | ---D | C] -- C:\Users\toni\AppData\Local\ESL Wire Game Client
[2014.02.26 17:49:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESL Wire
[2014.02.26 17:49:20 | 000,000,000 | ---D | C] -- C:\Program Files\EslWire
[2014.02.26 17:49:20 | 000,000,000 | ---D | C] -- C:\ProgramData\ESL Wire
[2014.02.26 16:26:41 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2014.02.25 01:00:48 | 000,000,000 | ---D | C] -- C:\Users\toni\Desktop\ESL_logo
[2014.02.24 01:49:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2014.02.24 01:49:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2014.02.24 01:49:51 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2014.02.23 22:05:33 | 000,000,000 | ---D | C] -- C:\Program Files\PSQLINSTALL
[2014.02.21 18:01:06 | 000,000,000 | ---D | C] -- C:\Users\toni\AppData\Local\Ubisoft Game Launcher
[2014.02.21 18:01:05 | 000,000,000 | ---D | C] -- C:\Users\toni\Documents\Assassin's Creed Revelations
[2014.02.21 18:00:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Assassin's Creed Revelations
[2014.02.21 15:05:09 | 000,000,000 | ---D | C] -- C:\Users\toni\AppData\Roaming\PunkBuster
[2014.02.21 13:29:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Orbit
[2014.02.21 13:29:27 | 000,000,000 | ---D | C] -- C:\Users\toni\Documents\Assassin's Creed III
[2014.02.18 22:22:52 | 000,000,000 | ---D | C] -- C:\Users\toni\Desktop\dsadsa2
[2014.02.18 21:30:01 | 000,000,000 | ---D | C] -- C:\Users\toni\Desktop\asddddas
[2014.02.14 17:03:42 | 000,000,000 | ---D | C] -- C:\Users\toni\Documents\Aiseesoft Studio
[2014.02.11 17:00:51 | 000,000,000 | ---D | C] -- C:\Users\toni\AppData\Roaming\Ubisoft
[2014.02.11 15:55:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Ubisoft
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2014.02.27 16:12:37 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014.02.27 16:12:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014.02.27 16:10:04 | 002,382,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014.02.27 16:10:04 | 001,773,290 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014.02.27 15:58:06 | 000,021,280 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014.02.27 15:58:06 | 000,021,280 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014.02.27 15:49:05 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2014.02.27 15:38:18 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014.02.27 15:19:52 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014.02.27 13:52:05 | 000,006,608 | ---- | M] () -- C:\bootsqm.dat
[2014.02.27 13:43:00 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\update-S-1-5-21-3986450965-706548418-1934913071-1000.job
[2014.02.27 13:40:55 | 000,000,344 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20140227-134055.backup
[2014.02.27 13:40:55 | 000,000,239 | ---- | M] () -- C:\Windows\wininit.ini
[2014.02.26 17:49:22 | 000,000,932 | ---- | M] () -- C:\Users\Public\Desktop\ESL Wire.lnk
[2014.02.26 12:55:13 | 000,344,664 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014.02.14 17:12:01 | 000,000,368 | ---- | M] () -- C:\Windows\pdf2word.INI
[2014.02.13 02:35:31 | 005,013,269 | ---- | M] () -- C:\Users\toni\Desktop\1912683_531129373651859_1383019678_n.mp4
[2014.02.08 20:27:20 | 000,053,024 | ---- | M] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2014.02.08 20:27:20 | 000,019,204 | ---- | M] () -- C:\Windows\System32\nvinfo.pb
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2014.02.27 15:19:52 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014.02.27 13:55:29 | 000,019,204 | ---- | C] () -- C:\Windows\System32\nvinfo.pb
[2014.02.27 13:52:05 | 000,006,608 | ---- | C] () -- C:\bootsqm.dat
[2014.02.27 13:40:55 | 000,000,239 | ---- | C] () -- C:\Windows\wininit.ini
[2014.02.26 17:49:22 | 000,000,932 | ---- | C] () -- C:\Users\Public\Desktop\ESL Wire.lnk
[2014.02.21 12:46:39 | 000,189,248 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2014.02.21 12:46:38 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2014.02.14 17:11:20 | 000,000,368 | ---- | C] () -- C:\Windows\pdf2word.INI
[2014.02.13 02:35:25 | 005,013,269 | ---- | C] () -- C:\Users\toni\Desktop\1912683_531129373651859_1383019678_n.mp4
[2014.02.07 12:44:03 | 003,197,355 | ---- | C] () -- C:\Users\toni\Desktop\20140101_002156.jpg
[2014.02.07 12:44:02 | 003,561,219 | ---- | C] () -- C:\Users\toni\Desktop\20140101_002135.jpg
[2014.02.07 12:43:59 | 090,112,349 | ---- | C] () -- C:\Users\toni\Desktop\20131212_232611.mp4
[2013.10.14 13:49:34 | 000,008,096 | ---- | C] () -- C:\Windows\GROUPS.EXE
[2013.10.14 13:49:34 | 000,000,144 | ---- | C] () -- C:\Windows\TDW.INI
[2013.09.23 00:08:01 | 000,007,602 | ---- | C] () -- C:\Users\toni\AppData\Local\Resmon.ResmonCfg
[2013.06.26 08:17:33 | 000,000,439 | ---- | C] () -- C:\Users\toni\AppData\Local\UserProducts.xml
[2013.06.26 08:06:11 | 000,180,624 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll
[2013.05.22 19:43:52 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2013.05.22 19:43:48 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2013.05.22 19:43:48 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2013.05.22 19:43:48 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2013.05.22 19:43:48 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2013.05.05 06:42:15 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2013.04.05 15:35:24 | 000,003,153 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp mp3 (Fraunhofer IIS) Codec.dat
[2013.04.05 15:35:02 | 000,002,878 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp [Calculate Audio CRC] Codec.dat
[2013.04.05 15:34:48 | 004,047,024 | ---- | C] () -- C:\Windows\System32\SpoonUninstall.exe
[2013.04.05 15:34:48 | 000,017,993 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp Music Converter.dat
[2012.11.21 00:32:40 | 003,123,272 | R--- | C] () -- C:\Windows\System32\pbsvc.exe
 
[color=#E56717]========== ZeroAccess Check ==========[/color]
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.11.14 16:30:11 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 23:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2013.04.05 22:06:56 | 000,000,000 | ---D | M] -- C:\Users\toni\AppData\Roaming\AVG2013
[2013.05.05 00:48:33 | 000,000,000 | ---D | M] -- C:\Users\toni\AppData\Roaming\DAEMON Tools Lite
[2013.09.20 20:38:12 | 000,000,000 | ---D | M] -- C:\Users\toni\AppData\Roaming\dBpoweramp
[2013.06.17 10:56:29 | 000,000,000 | ---D | M] -- C:\Users\toni\AppData\Roaming\DMCache
[2013.06.26 08:06:54 | 000,000,000 | ---D | M] -- C:\Users\toni\AppData\Roaming\FileOpen
[2013.04.05 15:11:34 | 000,000,000 | ---D | M] -- C:\Users\toni\AppData\Roaming\GlobalSCAPE
[2013.05.17 10:23:22 | 000,000,000 | ---D | M] -- C:\Users\toni\AppData\Roaming\IDM
[2013.09.16 13:51:54 | 000,000,000 | ---D | M] -- C:\Users\toni\AppData\Roaming\IrfanView
[2013.06.26 08:06:54 | 000,000,000 | ---D | M] -- C:\Users\toni\AppData\Roaming\Nitro
[2013.05.05 00:25:08 | 000,000,000 | ---D | M] -- C:\Users\toni\AppData\Roaming\Notepad++
[2013.11.05 11:20:37 | 000,000,000 | ---D | M] -- C:\Users\toni\AppData\Roaming\NuGet
[2013.06.25 15:06:33 | 000,000,000 | ---D | M] -- C:\Users\toni\AppData\Roaming\Oracle
[2014.02.21 15:05:09 | 000,000,000 | ---D | M] -- C:\Users\toni\AppData\Roaming\PunkBuster
[2013.04.05 15:11:39 | 000,000,000 | ---D | M] -- C:\Users\toni\AppData\Roaming\Rovio
[2013.07.26 11:12:38 | 000,000,000 | ---D | M] -- C:\Users\toni\AppData\Roaming\Samsung
[2013.06.20 05:34:41 | 000,000,000 | ---D | M] -- C:\Users\toni\AppData\Roaming\SWI-Prolog
[2014.02.23 21:25:31 | 000,000,000 | ---D | M] -- C:\Users\toni\AppData\Roaming\TeamViewer
[2014.02.26 20:28:58 | 000,000,000 | ---D | M] -- C:\Users\toni\AppData\Roaming\TS3Client
[2013.10.05 15:30:32 | 000,000,000 | ---D | M] -- C:\Users\toni\AppData\Roaming\TuneUp Software
[2014.02.13 15:41:19 | 000,000,000 | ---D | M] -- C:\Users\toni\AppData\Roaming\Ubisoft
[2014.02.26 02:27:12 | 000,000,000 | ---D | M] -- C:\Users\toni\AppData\Roaming\uTorrent
[2013.04.05 15:11:52 | 000,000,000 | ---D | M] -- C:\Users\toni\AppData\Roaming\Wargaming.net
[2013.06.24 18:49:08 | 000,000,000 | ---D | M] -- C:\Users\toni\AppData\Roaming\XMedia Recode
 
[color=#E56717]========== Purity Check ==========[/color]
 
 

< End of report >


Feedback:
After Step 1 the console windows no longer appear.

After Step 2 (going for step 3) I had one blue screen.

After Step 3 (going for 4) I had two more blue screens.

As I said the console windows do not appear anymore, but I still have those graphic glitches(not so bad as before) and I'm sure I will get another blue screen if I continue using the system more. As for now I'm sticking only to my web browser and did only these steps.
-
Just now the OS froze up with no blue screen. I had to power it off from the button after waiting for 1 minute. I was tring to run Paint to make you a screenshot to see the glitches, but I won't try that again. I installed new graphic drivers before I created this topic... maybe the graphic drivers were infected. Should I try uninstalling them and run some time without them or should I try Safe Mode to see if it is stable there. I won't do any of that unless you tell me to.

UPDATE: I made the mistake of not running AdwCleaner from the Desktop. I'm in panic, sorry =( .

Edited by macman90, 27 February 2014 - 08:42 AM.

  • 0

#8
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,698 posts

Should I try uninstalling them and run some time without

Yes, please do so. It seems that the Bluescreens aren't related to Malware actually. But let's see what the Scans below show.

===== > Step 1: OTL Fix < =====

  • Run OTL(If you have Windows Vista / Windows 7 / Windows 8 please do a Right click on the OTL icon and select Run as Administrator).
  • Copy (Ctrl+C) and Paste (Ctrl+V) all of the following text into the Custom Scans/Fixes box:


    :Commands
    [CREATERESTOREPOINT]
    
    :OTL
    FF - user.js - File not found
    O13 - gopher Prefix: missing
    O32 - AutoRun File - [2011.11.23 18:38:29 | 000,147,034 | R--- | M] () - H:\autorun.ico -- [ CDFS ]
    O32 - AutoRun File - [2009.10.10 02:05:02 | 000,000,045 | R--- | M] () - H:\autorun.inf -- [ CDFS ]
    O33 - MountPoints2\{88b2c9c7-9df3-11e2-b9e9-002354f5e8d4}\Shell - "" = AutoRun
    O33 - MountPoints2\{88b2c9c7-9df3-11e2-b9e9-002354f5e8d4}\Shell\AutoRun\command - "" = H:\setup.exe -- [2011.11.24 04:41:59 | 001,021,452 | R--- | M] (  
    
    :Commands
    [EMPTYTEMP]
    
  • Click the Run Fix button.
  • After your computer has rebooted, run OTL and click Quick Scan.
  • Copy and paste the contents of the log that it produces into your next post.

===== > Step 2: MBAM < =====

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy & Paste the entire report in your next reply.
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

===== > Step 3: ESET < =====

Please run a free online scan with the ESET Online Scanner

Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator.

Note: This scan works with Internet Explorer or Mozilla FireFox.

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

  • Click the green ESET Online Scanner box
  • Tick the box next to YES, I accept the Terms of Use
    Â then click on: Start
  • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, make sure you copy the logfile first!
  • Then click on: Finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

  • 0

#9
macman90

macman90

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
First I must apologize, because I won't send you the ESET log(step 3) today, because I won't be home. I will post it tomorrow or later as I get back.
I just didn't want to leave you in the dark.

I uninstalled the display driver and now I'm running with the ones that Windows installed. I have no issues like before and no blue screens, just one freeze on the Eset scanner on which I restarted. I will start it again before I leave home. I will disable the current installed anti-virus program and run it again.

Now:
===== > Step 1: OTL Fix < =====
OTL logfile created on: 27.2.2014 18:09:13 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = E:\FF-Downloads
 Ultimate Edition Service Pack 1 (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16721)
Locale: 00000402 | Country: Bulgaria | Language: BGR | Date Format: d.M.yyyy
 
4,00 Gb Total Physical Memory | 2,72 Gb Available Physical Memory | 68,09% Memory free
7,00 Gb Paging File | 5,63 Gb Available in Paging File | 80,51% Paging File free
Paging file location(s): e:\pagefile.sys 3072 6144 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 38,96 Gb Total Space | 10,80 Gb Free Space | 27,71% Space Free | Partition Type: NTFS
Drive D: | 232,82 Gb Total Space | 8,10 Gb Free Space | 3,48% Space Free | Partition Type: NTFS
Drive E: | 232,81 Gb Total Space | 16,19 Gb Free Space | 6,95% Space Free | Partition Type: NTFS
Drive F: | 193,82 Gb Total Space | 17,07 Gb Free Space | 8,81% Space Free | Partition Type: NTFS
Drive H: | 4,29 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: TONI-CP | User Name: toni | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2014.02.27 14:07:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- E:\FF-Downloads\OTL(1).exe
PRC - [2014.02.26 16:26:48 | 000,277,616 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013.12.21 08:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.11.20 01:54:20 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe
PRC - [2013.11.20 01:54:00 | 004,411,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe
PRC - [2013.11.02 03:29:09 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2013.09.12 08:28:40 | 000,916,768 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2013.07.15 12:21:26 | 000,844,656 | ---- | M] (Samsung) -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2013.07.15 12:21:22 | 000,311,152 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
PRC - [2013.07.15 12:21:20 | 001,564,016 | ---- | M] (Samsung) -- C:\Program Files\Samsung\Kies\Kies.exe
PRC - [2013.07.04 14:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe
PRC - [2013.06.11 10:51:46 | 000,614,416 | ---- | M] () -- C:\Program Files\EslWire\service\WireHelperSvc.exe
PRC - [2012.11.14 16:13:23 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2012.11.08 21:29:12 | 000,012,656 | ---- | M] () -- C:\Program Files\Prio\prio_svc.exe
PRC - [2012.10.22 15:43:44 | 000,027,768 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\System32\ViakaraokeSrv.exe
PRC - [2009.07.14 03:14:46 | 000,115,200 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
MOD - [2014.02.26 16:26:47 | 003,622,512 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013.11.05 11:12:47 | 017,280,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Theme\a71cb77685efcceb29fbbb2adc9ad3c5\Kies.Theme.ni.dll
MOD - [2013.11.05 11:12:35 | 000,236,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\1f0027391b7dd5a510bbe91b94f9836d\ASF_cSharpAPI.ni.dll
MOD - [2013.11.05 11:12:35 | 000,064,512 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.AllShare\6bea61d803ee18e2fbfb979499e5f7c1\Kies.Common.AllShare.ni.dll
MOD - [2013.11.05 11:12:12 | 002,196,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common23b84511#\3b4f0e3fb4f6c619a51a60b483942e04\Kies.Common.Multimedia.ni.dll
MOD - [2013.11.05 11:12:10 | 000,184,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Commonc65c5a95#\bf42dab8b38494947d4a3086916e0dd0\Kies.Common.DeviceServiceLib.Interface.ni.dll
MOD - [2013.11.05 11:12:02 | 000,306,176 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Util\e6738007af6dec0f68f7abcc824a79da\Kies.Common.Util.ni.dll
MOD - [2013.11.05 11:12:01 | 001,795,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.UI\ed7108bd2d9dbc3a331f0cf0d6d09a11\Kies.UI.ni.dll
MOD - [2013.11.05 11:12:01 | 001,639,424 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Locale\54bf34319fd5fd1e4e6894c3e382681d\Kies.Locale.ni.dll
MOD - [2013.11.05 11:12:01 | 000,081,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\d7ac977334ddb07e8c8cd933d1344171\Kies.MVVM.ni.dll
MOD - [2013.11.05 11:11:58 | 001,244,160 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Interface\44ae28dad78716f8407aca682bbc84cd\Kies.Interface.ni.dll
MOD - [2013.11.05 11:11:53 | 002,137,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies\8dbf940dd16e53e34599c8813ee1a1ad\Kies.ni.exe
MOD - [2013.11.05 10:21:42 | 000,223,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\3bc7ec22c021d74dce4f8230f3631fca\System.ServiceProcess.ni.dll
MOD - [2013.11.05 10:21:35 | 001,889,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\639f444db9491d25b5d158531e1f7d9b\System.Xaml.ni.dll
MOD - [2013.11.05 10:21:33 | 000,802,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\034c34ee777c7a2efc9c631b1179211c\System.Runtime.Remoting.ni.dll
MOD - [2013.11.05 10:21:27 | 018,813,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\a2eb039301af47660eebc7566ce02b9c\PresentationFramework.ni.dll
MOD - [2013.11.05 10:21:16 | 011,025,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b9fe579783a35b57dd7e69375f35e239\PresentationCore.ni.dll
MOD - [2013.11.05 10:21:15 | 000,976,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\1f56d5786274992934de0c900431c447\System.Configuration.ni.dll
MOD - [2013.11.05 10:21:09 | 003,950,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\ef90aeb894485d14b249d102309b6df3\WindowsBase.ni.dll
MOD - [2013.11.05 10:21:07 | 006,990,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\4e69f1e7d86d79012db2d7e0dadc8880\System.Core.ni.dll
MOD - [2013.11.05 10:21:06 | 007,662,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d91f3556f8011a5d48e1448e3fa8df9e\System.Xml.ni.dll
MOD - [2013.11.05 10:21:02 | 010,060,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\79f6324a598a7c4446a4a1168be7c4b1\System.ni.dll
MOD - [2013.11.05 10:20:57 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\045c9588954c3662d542b53f4462268b\mscorlib.ni.dll
MOD - [2011.03.16 23:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010.10.20 14:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
 
 
[color=#E56717]========== Services (SafeList) ==========[/color]
 
SRV - [2014.02.26 16:26:48 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.12.21 08:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.11.20 01:54:20 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2013.10.05 02:38:22 | 000,071,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe -- (VsEtwService120)
SRV - [2013.08.21 20:55:10 | 000,091,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe -- (Te.Service)
SRV - [2013.08.21 20:33:20 | 000,140,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Kits\8.1\App Certification Kit\fussvc.exe -- (fussvc)
SRV - [2013.07.04 14:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stop_Pending] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013.06.11 10:51:46 | 000,614,416 | ---- | M] () [Auto | Running] -- C:\Program Files\EslWire\service\WireHelperSvc.exe -- (EslWireHelper)
SRV - [2012.11.14 16:07:38 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2012.11.08 21:29:12 | 000,012,656 | ---- | M] () [Auto | Running] -- C:\Program Files\Prio\prio_svc.exe -- (prio_svc)
SRV - [2012.10.22 15:43:44 | 000,027,768 | ---- | M] (VIA Technologies, Inc.) [Auto | Running] -- C:\Windows\System32\ViakaraokeSrv.exe -- (VIAKaraokeService)
SRV - [2010.12.27 22:50:30 | 031,124,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010.02.03 01:03:04 | 000,015,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe -- (c2wts)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\toni\AppData\Local\Temp\SPDTool.sys -- (SPDTool)
DRV - [2013.11.25 01:48:36 | 000,208,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2013.10.23 01:05:20 | 000,022,328 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2013.10.23 01:05:10 | 000,039,224 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2013.09.12 10:51:57 | 009,253,664 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2013.07.20 00:51:00 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avglogx.sys -- (Avglogx)
DRV - [2013.07.20 00:50:56 | 000,060,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2013.07.20 00:50:50 | 000,171,320 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2013.07.01 00:45:28 | 000,096,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2013.06.21 02:07:52 | 000,181,912 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2013.06.21 02:07:52 | 000,084,248 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2013.04.05 17:39:02 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2013.04.05 13:32:40 | 000,101,168 | ---- | M] (Tonec Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\idmwfp.sys -- (IDMWFP)
DRV - [2013.03.21 02:08:24 | 000,182,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012.11.14 16:19:42 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2012.11.14 16:19:42 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012.11.14 16:19:41 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2012.11.14 16:19:41 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\terminpt.sys -- (terminpt)
DRV - [2012.11.08 21:29:32 | 000,054,128 | ---- | M] (Xeno) [Kernel | System | Running] -- C:\Windows\System32\drivers\prio.sys -- (prio)
DRV - [2012.10.22 15:43:36 | 001,841,272 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2010.11.20 23:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 23:29:03 | 000,112,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - [2010.11.20 23:29:03 | 000,077,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV - [2010.11.20 23:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010.11.20 23:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 23:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 23:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 23:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 23:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.07.04 21:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2010.03.23 01:17:06 | 001,812,512 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL85n86.sys -- (RTL85n86)
DRV - [2009.10.26 14:54:24 | 000,025,088 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2009.07.14 00:02:52 | 000,043,008 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2009.07.14 00:02:47 | 000,047,104 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1E62x86.sys -- (L1E)
DRV - [2006.11.01 17:45:14 | 000,219,264 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BTCamDrv.sys -- (BTCAMDRV)
DRV - [2004.08.13 08:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.bg/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A0 DB C1 BF F4 31 CE 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "http://www.google.bg/"
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.21
FF - prefs.js..extensions.enabledAddons: %7B5384767E-00D9-40E9-B72F-9CC39D655D6F%7D:1.4.2.4
FF - prefs.js..extensions.enabledAddons: %7BE6C93316-271E-4b3d-8D7E-FE11B4350AEB%7D:2.1.25
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.0
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\toni\AppData\Roaming\IDM\idmmzcc5 [2013.04.05 15:38:39 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Users\toni\AppData\Roaming\IDM\idmmzcc5 [2013.04.05 15:38:39 | 000,000,000 | ---D | M]
 
[2013.04.05 16:40:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\toni\AppData\Roaming\Mozilla\Extensions
[2014.02.27 15:56:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\toni\AppData\Roaming\Mozilla\Firefox\Profiles\k23rglzt.default\extensions
[2013.12.01 19:18:21 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Users\toni\AppData\Roaming\Mozilla\Firefox\Profiles\k23rglzt.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2013.10.23 20:52:29 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\toni\AppData\Roaming\Mozilla\Firefox\Profiles\k23rglzt.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013.11.20 17:57:01 | 000,619,291 | ---- | M] () (No name found) -- C:\Users\toni\AppData\Roaming\Mozilla\Firefox\Profiles\k23rglzt.default\extensions\[email protected]
[2014.01.05 03:50:20 | 000,534,563 | ---- | M] () (No name found) -- C:\Users\toni\AppData\Roaming\Mozilla\Firefox\Profiles\k23rglzt.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi
[2011.07.15 19:27:22 | 000,089,442 | ---- | M] () (No name found) -- C:\Users\toni\AppData\Roaming\Mozilla\Firefox\Profiles\k23rglzt.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.xpi
[2014.02.26 16:20:38 | 000,957,290 | ---- | M] () (No name found) -- C:\Users\toni\AppData\Roaming\Mozilla\Firefox\Profiles\k23rglzt.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014.01.23 13:50:25 | 000,009,489 | ---- | M] () (No name found) -- C:\Users\toni\AppData\Roaming\Mozilla\Firefox\Profiles\k23rglzt.default\extensions\{E6C93316-271E-4b3d-8D7E-FE11B4350AEB}.xpi
[2014.02.26 16:26:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014.02.26 16:26:41 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
[color=#E56717]========== Chrome  ==========[/color]
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: https://play.google.com/store/apps
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.57\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U25 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw_1202122.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll
CHR - plugin: Java Deployment Toolkit 7.0.250.17 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - Extension: Google Docs = C:\Users\toni\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\toni\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\toni\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\toni\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: APK Downloader = C:\Users\toni\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdpglblnnaocjhfenhockgamhoogihfi\1.5.1_0\
CHR - Extension: APK Downloader = C:\Users\toni\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdpglblnnaocjhfenhockgamhoogihfi\2.0.0_0\
CHR - Extension: IDM Integration = C:\Users\toni\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmolcgpienlcieaajfkkdamlngancncm\6.15.10_0\
CHR - Extension: Google Wallet = C:\Users\toni\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: Google Wallet = C:\Users\toni\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Gmail = C:\Users\toni\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2014.02.27 15:49:05 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (Disc Soft Ltd)
O4 - HKCU..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung)
O4 - HKCU..\Run: [LightShot] C:\Users\toni\AppData\Local\Skillbrains\lightshot\LightShot.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 95.111.35.129 89.190.192.248
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7C05BF13-B336-4FBD-9CB1-FD0B9CA8B01E}: DhcpNameServer = 95.111.35.129 89.190.192.248
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (prio.dll) - C:\Program Files\Prio\prio.dll (O&K Software)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.11.23 18:38:29 | 000,147,034 | R--- | M] () - H:\autorun.ico -- [ CDFS ]
O32 - AutoRun File - [2009.10.10 02:05:02 | 000,000,045 | R--- | M] () - H:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{88b2c9c7-9df3-11e2-b9e9-002354f5e8d4}\Shell - "" = AutoRun
O33 - MountPoints2\{88b2c9c7-9df3-11e2-b9e9-002354f5e8d4}\Shell\AutoRun\command - "" = H:\setup.exe -- [2011.11.24 04:41:59 | 001,021,452 | R--- | M] (                                                            )
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2014.02.27 18:01:09 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2014.02.27 16:08:12 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014.02.27 15:54:06 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014.02.27 15:20:00 | 000,000,000 | ---D | C] -- C:\Users\toni\AppData\Roaming\Malwarebytes
[2014.02.27 15:19:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014.02.27 14:00:04 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2014.02.27 13:57:05 | 000,000,000 | ---D | C] -- C:\Program Files\AGEIA Technologies
[2014.02.26 18:03:33 | 000,000,000 | ---D | C] -- C:\Users\toni\Documents\ESL Match Media
[2014.02.26 17:53:00 | 000,000,000 | ---D | C] -- C:\Users\toni\AppData\Local\ESL_Wire_Plugin_Container
[2014.02.26 17:49:22 | 000,000,000 | ---D | C] -- C:\Users\toni\AppData\Local\ESL Wire Game Client
[2014.02.26 17:49:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESL Wire
[2014.02.26 17:49:20 | 000,000,000 | ---D | C] -- C:\Program Files\EslWire
[2014.02.26 17:49:20 | 000,000,000 | ---D | C] -- C:\ProgramData\ESL Wire
[2014.02.26 16:26:41 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2014.02.25 01:00:48 | 000,000,000 | ---D | C] -- C:\Users\toni\Desktop\ESL_logo
[2014.02.24 01:49:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2014.02.24 01:49:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2014.02.24 01:49:51 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2014.02.23 22:05:33 | 000,000,000 | ---D | C] -- C:\Program Files\PSQLINSTALL
[2014.02.21 18:01:06 | 000,000,000 | ---D | C] -- C:\Users\toni\AppData\Local\Ubisoft Game Launcher
[2014.02.21 18:01:05 | 000,000,000 | ---D | C] -- C:\Users\toni\Documents\Assassin's Creed Revelations
[2014.02.21 18:00:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Assassin's Creed Revelations
[2014.02.21 15:05:09 | 000,000,000 | ---D | C] -- C:\Users\toni\AppData\Roaming\PunkBuster
[2014.02.21 13:29:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Orbit
[2014.02.21 13:29:27 | 000,000,000 | ---D | C] -- C:\Users\toni\Documents\Assassin's Creed III
[2014.02.18 22:22:52 | 000,000,000 | ---D | C] -- C:\Users\toni\Desktop\dsadsa2
[2014.02.18 21:30:01 | 000,000,000 | ---D | C] -- C:\Users\toni\Desktop\asddddas
[2014.02.14 17:03:42 | 000,000,000 | ---D | C] -- C:\Users\toni\Documents\Aiseesoft Studio
[2014.02.11 17:00:51 | 000,000,000 | ---D | C] -- C:\Users\toni\AppData\Roaming\Ubisoft
[2014.02.11 15:55:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Ubisoft
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2014.02.27 18:10:15 | 002,403,762 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014.02.27 18:10:15 | 001,793,590 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014.02.27 18:06:00 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014.02.27 18:05:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014.02.27 18:04:35 | 000,021,280 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014.02.27 18:04:35 | 000,021,280 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014.02.27 17:43:00 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\update-S-1-5-21-3986450965-706548418-1934913071-1000.job
[2014.02.27 17:38:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014.02.27 15:49:05 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2014.02.27 13:52:05 | 000,006,608 | ---- | M] () -- C:\bootsqm.dat
[2014.02.27 13:40:55 | 000,000,344 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20140227-134055.backup
[2014.02.27 13:40:55 | 000,000,239 | ---- | M] () -- C:\Windows\wininit.ini
[2014.02.26 17:49:22 | 000,000,932 | ---- | M] () -- C:\Users\Public\Desktop\ESL Wire.lnk
[2014.02.26 12:55:13 | 000,344,664 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014.02.14 17:12:01 | 000,000,368 | ---- | M] () -- C:\Windows\pdf2word.INI
[2014.02.13 02:35:31 | 005,013,269 | ---- | M] () -- C:\Users\toni\Desktop\1912683_531129373651859_1383019678_n.mp4
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2014.02.27 13:52:05 | 000,006,608 | ---- | C] () -- C:\bootsqm.dat
[2014.02.27 13:40:55 | 000,000,239 | ---- | C] () -- C:\Windows\wininit.ini
[2014.02.26 17:49:22 | 000,000,932 | ---- | C] () -- C:\Users\Public\Desktop\ESL Wire.lnk
[2014.02.21 12:46:39 | 000,189,248 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2014.02.21 12:46:38 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2014.02.14 17:11:20 | 000,000,368 | ---- | C] () -- C:\Windows\pdf2word.INI
[2014.02.13 02:35:25 | 005,013,269 | ---- | C] () -- C:\Users\toni\Desktop\1912683_531129373651859_1383019678_n.mp4
[2014.02.07 12:44:03 | 003,197,355 | ---- | C] () -- C:\Users\toni\Desktop\20140101_002156.jpg
[2014.02.07 12:44:02 | 003,561,219 | ---- | C] () -- C:\Users\toni\Desktop\20140101_002135.jpg
[2014.02.07 12:43:59 | 090,112,349 | ---- | C] () -- C:\Users\toni\Desktop\20131212_232611.mp4
[2013.10.14 13:49:34 | 000,008,096 | ---- | C] () -- C:\Windows\GROUPS.EXE
[2013.10.14 13:49:34 | 000,000,144 | ---- | C] () -- C:\Windows\TDW.INI
[2013.09.23 00:08:01 | 000,007,602 | ---- | C] () -- C:\Users\toni\AppData\Local\Resmon.ResmonCfg
[2013.06.26 08:17:33 | 000,000,439 | ---- | C] () -- C:\Users\toni\AppData\Local\UserProducts.xml
[2013.06.26 08:06:11 | 000,180,624 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll
[2013.05.22 19:43:52 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2013.05.22 19:43:48 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2013.05.22 19:43:48 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2013.05.22 19:43:48 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2013.05.22 19:43:48 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2013.05.05 06:42:15 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2013.04.05 15:35:24 | 000,003,153 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp mp3 (Fraunhofer IIS) Codec.dat
[2013.04.05 15:35:02 | 000,002,878 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp [Calculate Audio CRC] Codec.dat
[2013.04.05 15:34:48 | 004,047,024 | ---- | C] () -- C:\Windows\System32\SpoonUninstall.exe
[2013.04.05 15:34:48 | 000,017,993 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp Music Converter.dat
[2012.11.21 00:32:40 | 003,123,272 | R--- | C] () -- C:\Windows\System32\pbsvc.exe
 
[color=#E56717]========== ZeroAccess Check ==========[/color]
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.11.14 16:30:11 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 23:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2013.04.05 22:06:56 | 000,000,000 | ---D | M] -- C:\Users\toni\AppData\Roaming\AVG2013
[2013.05.05 00:48:33 | 000,000,000 | ---D | M] -- C:\Users\toni\AppData\Roaming\DAEMON Tools Lite
[2013.09.20 20:38:12 | 000,000,000 | ---D | M] -- C:\Users\toni\AppData\Roaming\dBpoweramp
[2013.06.17 10:56:29 | 000,000,000 | ---D | M] -- C:\Users\toni\AppData\Roaming\DMCache
[2013.06.26 08:06:54 | 000,000,000 | ---D | M] -- C:\Users\toni\AppData\Roaming\FileOpen
[2013.04.05 15:11:34 | 000,000,000 | ---D | M] -- C:\Users\toni\AppData\Roaming\GlobalSCAPE
[2013.05.17 10:23:22 | 000,000,000 | ---D | M] -- C:\Users\toni\AppData\Roaming\IDM
[2013.09.16 13:51:54 | 000,000,000 | ---D | M] -- C:\Users\toni\AppData\Roaming\IrfanView
[2013.06.26 08:06:54 | 000,000,000 | ---D | M] -- C:\Users\toni\AppData\Roaming\Nitro
[2013.05.05 00:25:08 | 000,000,000 | ---D | M] -- C:\Users\toni\AppData\Roaming\Notepad++
[2013.11.05 11:20:37 | 000,000,000 | ---D | M] -- C:\Users\toni\AppData\Roaming\NuGet
[2013.06.25 15:06:33 | 000,000,000 | ---D | M] -- C:\Users\toni\AppData\Roaming\Oracle
[2014.02.21 15:05:09 | 000,000,000 | ---D | M] -- C:\Users\toni\AppData\Roaming\PunkBuster
[2013.04.05 15:11:39 | 000,000,000 | ---D | M] -- C:\Users\toni\AppData\Roaming\Rovio
[2013.07.26 11:12:38 | 000,000,000 | ---D | M] -- C:\Users\toni\AppData\Roaming\Samsung
[2013.06.20 05:34:41 | 000,000,000 | ---D | M] -- C:\Users\toni\AppData\Roaming\SWI-Prolog
[2014.02.23 21:25:31 | 000,000,000 | ---D | M] -- C:\Users\toni\AppData\Roaming\TeamViewer
[2014.02.26 20:28:58 | 000,000,000 | ---D | M] -- C:\Users\toni\AppData\Roaming\TS3Client
[2013.10.05 15:30:32 | 000,000,000 | ---D | M] -- C:\Users\toni\AppData\Roaming\TuneUp Software
[2014.02.13 15:41:19 | 000,000,000 | ---D | M] -- C:\Users\toni\AppData\Roaming\Ubisoft
[2014.02.27 16:45:39 | 000,000,000 | ---D | M] -- C:\Users\toni\AppData\Roaming\uTorrent
[2013.04.05 15:11:52 | 000,000,000 | ---D | M] -- C:\Users\toni\AppData\Roaming\Wargaming.net
[2013.06.24 18:49:08 | 000,000,000 | ---D | M] -- C:\Users\toni\AppData\Roaming\XMedia Recode
 
[color=#E56717]========== Purity Check ==========[/color]
 
 

< End of report >


===== > Step 2: MBAM < =====

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.27.05

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16721
toni :: TONI-CP [administrator]

Protection: Disabled

27.2.2014 18:15:13 ч.
mbam-log-2014-02-27 (18-15-13).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 288633
Time elapsed: 4 minute(s), 53 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 3
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{E45C7ECB-AF0B-B6DD-B6D2-CECDBFAD2ACE} (Backdoor.Agent) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Active Setup\Installed Components\{E45C7ECB-AF0B-B6DD-B6D2-CECDBFAD2ACE} (Backdoor.Agent) -> Quarantined and deleted successfully.
HKCU\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\ProgramData\RFB\RFB.01 (Trojan.Monder) -> Quarantined and deleted successfully.

(end)

Step 3: To be continued...
  • 0

#10
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,698 posts

First I must apologize, because I won't send you the ESET log(step 3) today, because I won't be home

OK, so well done. Looks really good so far. I will wait for the ESET logs. :thumbsup:

Additionally, could you tell me your Garphic card model?

Machiavelli
  • 0

#11
macman90

macman90

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Thanks for the Help! I will now install my display drivers and carry on safely thanks to you.

Update: My graphic card is Point of View Nvidia 9500GT / DDR3 version / GPU: G96GT .
Update 2: So it appears that these blue screens and glitches were actually coming from the new nvidia display driver [334.89]. I have no problem installing the previous ones 332.21. Right after the driver begins installing, I get those glitches and I had another blue screen. It is display driver issue, Nvidia's fault, not mine =) .

===== > Step 3: ESET < =====
There was no log displayed after the scan, so I clicked on "List of found threads" and here it is:

[Infected files: 41 | Cleaned files: 41]


C:\Users\toni\Downloads\bizo.old.face.apk	a variant of Android/Leadbolt.E potentially unwanted application	deleted - quarantined
C:\Windows\System32\Adobe\Shockwave 12\gt.exe	Win32/Bundled.Toolbar.Google.D potentially unsafe application	deleted - quarantined
D:\GSM\N95_Old-ONES\LAST_BACKUP\Others\PC\DAEMON Tools Lite 4.12.3.exe	Win32/Adware.Toolbar.Shopper application	cleaned by deleting - quarantined
D:\Program-Downloads\CuteFTP Pro v7.1+crack.rar	a variant of Win32/HackTool.Patcher.X potentially unsafe application	deleted - quarantined
D:\Program-Downloads\ip-patch-lfs.rar	Win32/HackTool.Patcher.A potentially unsafe application	deleted - quarantined
D:\Program-Downloads\Unlocker 1.9.0 - Final\unlocker1.9.0-x64.rar	Win32/Adware.ADON potentially unwanted application	deleted - quarantined
D:\Program-Downloads\Unlocker 1.9.0 - Final\unlocker1.9.0.rar	Win32/Adware.ADON potentially unwanted application	deleted - quarantined
D:\Program-Downloads\WinRAR 3.93 Final\Keygen\Keygen.exe	a variant of Win32/Keygen.AI potentially unsafe application	deleted - quarantined
E:\FF-Downloads\appdroid.apk	a variant of Android/Adware.AirPush.J application	deleted - quarantined
E:\FF-Downloads\bulletspassview.zip	a variant of Win32/PSWTool.BulletsPassView.C potentially unsafe application	deleted - quarantined
E:\FF-Downloads\cgminer-3.7.2-windows.zip	a variant of Win32/BitCoinMiner.AF potentially unsafe application	deleted - quarantined
E:\FF-Downloads\cgminer-3.8.4-windows.zip	a variant of Win32/BitCoinMiner.BF potentially unsafe application	deleted - quarantined
E:\FF-Downloads\cudaminer-2013-12-10.zip	probably a variant of Win64/BitCoinMiner.U potentially unsafe application	deleted - quarantined
E:\mining\cgminer-2.11.4-windows\cgminer-2.11.4-windows.7z	a variant of Win32/BitCoinMiner.AF potentially unsafe application	deleted - quarantined
E:\mining\cgminer-2.11.4-windows\cgminer-2.11.4-windows\cgminer-fpgaonly.exe	a variant of Win32/BitCoinMiner.AF potentially unsafe application	deleted - quarantined
E:\mining\cgminer-3.7.2-windows\cgminer-nogpu.exe	a variant of Win32/BitCoinMiner.AF potentially unsafe application	deleted - quarantined
E:\mining\cgminer-3.7.2-windows\cgminer.exe	a variant of Win32/BitCoinMiner.AF potentially unsafe application	deleted - quarantined
E:\mining\cgminer-3.8.4-windows\cgminer.exe	a variant of Win32/BitCoinMiner.BF potentially unsafe application	deleted - quarantined
E:\mining\CUDAminer-2013-04-10\cudaminer-2013-04-10\cudaminer-2013-04-10.zip	a variant of Win32/BitCoinMiner.W potentially unsafe application	deleted - quarantined
E:\mining\CUDAminer-2013-04-10\cudaminer-2013-04-10\cudaminer.exe	a variant of Win32/BitCoinMiner.W potentially unsafe application	deleted - quarantined
E:\mining\cudaminer-2013-04-12\cudaminer-2013-04-12.zip	a variant of Win32/BitCoinMiner.W potentially unsafe application	deleted - quarantined
E:\mining\cudaminer-2013-04-12\cudaminer.exe	a variant of Win32/BitCoinMiner.W potentially unsafe application	deleted - quarantined
E:\mining\cudaminer-2013-12-10\x64\cudaminer.exe	probably a variant of Win64/BitCoinMiner.U potentially unsafe application	deleted - quarantined
E:\mining\cudaminer-2013-12-10\x86\cudaminer.exe	a variant of Win32/BitCoinMiner.W potentially unsafe application	deleted - quarantined
E:\Movies\Holdem Manager 2\Holdem Manager 2\HoldemManager.exe	Win32/Injector.AOCQ trojan	cleaned by deleting - quarantined
E:\Telerik_Academy\Pyrwi_Kurs\Telerik-Academy-AntiCheat.zip	a variant of MSIL/Packed.Confuser.G potentially unwanted application	deleted - quarantined
E:\_OTL\MovedFiles\02272014_154833\C_Users\toni\AppData\Roaming\Tepfel\dat\Dora.dat	a variant of MSIL/WebCake.A potentially unwanted application	deleted - quarantined
E:\_OTL\MovedFiles\02272014_154833\C_Users\toni\AppData\Roaming\Tepfel\dat\Maintain.dat	a variant of MSIL/WebCake.A potentially unwanted application	deleted - quarantined
E:\_OTL\MovedFiles\02272014_154833\C_Users\toni\AppData\Roaming\Tepfel\dat\Paladin.dat	a variant of MSIL/WebCake.A potentially unwanted application	deleted - quarantined
E:\_OTL\MovedFiles\02272014_154833\C_Users\toni\AppData\Roaming\Tepfel\dat\Phoenix.dat	a variant of MSIL/WebCake.A potentially unwanted application	deleted - quarantined
F:\Games\LFS\LFS 6B\ip-patch.exe	Win32/HackTool.Patcher.A potentially unsafe application	deleted - quarantined
F:\Games\LFS\LFS 6B - Copy\ip-patch.exe	Win32/HackTool.Patcher.A potentially unsafe application	deleted - quarantined
F:\Games\LFS\LFS 6B - Copy - Copy\ip-patch.exe	Win32/HackTool.Patcher.A potentially unsafe application	deleted - quarantined
F:\Litecoin\scryptminer-gui-x86-64-2.zip	a variant of Win64/BitCoinMiner.E potentially unsafe application	deleted - quarantined
F:\Litecoin\cgminer-2.11.0-win32\cgminer-fpgaonly.exe	a variant of Win32/BitCoinMiner.AF potentially unsafe application	deleted - quarantined
F:\Litecoin\cgminer-2.11.0-win32\cgminer.exe	a variant of Win32/BitCoinMiner.AF potentially unsafe application	deleted - quarantined
F:\Litecoin\cgminer-2.6.6-win32\cgminer.exe	a variant of Win32/BitCoinMiner.D potentially unsafe application	deleted - quarantined
F:\Litecoin\scryptminer-gui-x86-64\minerd.exe	a variant of Win64/BitCoinMiner.E potentially unsafe application	deleted - quarantined
F:\remothebroard\XRG Rims Manager 0.6B v5.0.rar	Win32/HackTool.CheatEngine.AB potentially unsafe application	deleted - quarantined
F:\remothebroard\INSTALL\DTLite4471-0333.exe	Win32/DownWare.L potentially unwanted application	deleted - quarantined
F:\remothebroard\INSTALL\unlocker1.9.0.exe	Win32/Adware.ADON potentially unwanted application	deleted - quarantined

Edited by macman90, 27 February 2014 - 07:06 PM.

  • 0

#12
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,698 posts
Hello,
in my opinion your PC is clean. If you still have BlueScreen Errors etc. please open a thread here.

 

First,

  • Run OTL(If you have Windows Vista / Windows 7 / Windows 8 please do a Right click on the OTL icon and select Run as Administrator).
  • Copy (Ctrl+C) and Paste (Ctrl+V) all of the following text into the Custom Scans/Fixes box:


    :Commands
    [CREATERESTOREPOINT]
    
    :OTL
    FF - user.js - File not found
    O32 - AutoRun File - [2011.11.23 18:38:29 | 000,147,034 | R--- | M] () - H:\autorun.ico -- [ CDFS ]
    O32 - AutoRun File - [2009.10.10 02:05:02 | 000,000,045 | R--- | M] () - H:\autorun.inf -- [ CDFS ]
    O33 - MountPoints2\{88b2c9c7-9df3-11e2-b9e9-002354f5e8d4}\Shell - "" = AutoRun
    O33 - MountPoints2\{88b2c9c7-9df3-11e2-b9e9-002354f5e8d4}\Shell\AutoRun\command - "" = H:\setup.exe -- [2011.11.24 04:41:59 | 001,021,452 | R--- | M] (                                                            )
    
    :Files
    C:\ProgramData\RFB
    
    :Commands
    [EMPTYTEMP]
    
  • Click the Run Fix button.

We need to remove the tools we've used during cleaning your machine

  • Download Delfix from here
  • Ensure Remove disinfection tools is ticked
    Also tick:
    • Create registry backup
    • Purge system restore
    Posted Image
  • Click Run
The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply

 

Exercise common sense

Having security programs installed is very helpful to you, but none of them have the gift of human thought. The best way to make sure you don't get infected is to look before you leap. Be careful of what websites you visit - if a site looks suspicious, trust your instincts and get out of there. Be careful of what attachments you open in emails and files you download from websites - check them over carefully and look at the file extensions to make sure that you know what you're getting. Using peer-to-peer file sharing programs or downloading cracks and keygens is something else to avoid - the files you will be downloading are infected in the vast majority of cases, and the benefits simply aren't worth the risk to your computer.

Keep up on Windows updates

Along with keeping all of the security programs that you choose to use updated, it is also important to keep up on system updates from Microsoft, as these patch critical security vulnerabilities and help to keep you safe. Typically the windows update icon will appear in your taskbar when new updates are available, whenever you see it you should open the menu up and install the updates that are available. Although it may be an annoyance, that little bit of extra time it takes to stay updated is very well worth it instead of getting infected from an exploit and having to clean your PC again.

Slow computer?

If your computer begins to slow down again in the future for no particular reason, your first step should not be to come back to the malware forum. As your computer ages and is used, its parts wear, files and programs accumulate, and its performance speed can decrease. To restore your computer's performance to its best possible level, follow the steps in this guide written by tech expert Artellos.

Keep Safe! :thumbsup:
  • 0

#13
macman90

macman90

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Thank you for the Help and tips. Much obliged!

Here is the DefFix Log:

# DelFix v10.6 - Logfile created 28/02/2014 at 18:44:42
# Updated 11/11/2013 by Xplode
# Username : toni - TONI-CP
# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)

~ Removing disinfection tools ...

Deleted : C:\AdwCleaner
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWMBR

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #205 [Scheduled Checkpoint | 02/27/2014 20:36:39]
Deleted : RP #206 [OTL Restore Point - 28.2.2014 18:40:01 | 02/28/2014 16:40:02]

New restore point created !

########## - EOF - ##########

  • 0

#14
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,698 posts
Hey macman90,
you are most welcome. :thumbsup:
  • 0

#15
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP