Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Popup ad virus won't go away [Closed]


  • This topic is locked This topic is locked

#1
Samyaza

Samyaza

    Member

  • Member
  • PipPip
  • 34 posts

Hello,

 

I'm usually able to deal with any viruses by myself but now I don't know what to do anymore and this is making me very very frustrated.

 

Around two months ago, out of nowhere I started getting odd porn popups when browsing with Chrome. I don't watch porn (so any virus-infested porn sites are very unlikely to be the cause), and I consider myself, let's say, experienced enough to stay away from any suspicious links and websites.

 

I installed several virus scanners and ran them, including Microsoft Security Essentials, Avast!, Malwarebytes and Panda.

All of them said my computer was clean, and I didn't know what to do then, so I just installed a popup blocker extension on Chrome. It didn't block all of the ads, but it did a good enough job, so I decided to just disregard the virus and tackle it later.

 

It turned out to be a bad decision, because it seems the virus spread somehow: I also use Chrome (and the same account, too) on my android tablet, and it seems the tablet is infected too. For instance, opening Google search results on my tablet is nearly impossible because I always get redirected to porn sites and other odd websites saying my tablet is infected and I should install this and that and bla bla bla.

 

And it's not only my computer and the tablet: my mother's laptop (she uses Chrome too, but a different account though) gets the exact same popups. I don't know when exactly my mom started getting popups too, but it was around the same time I got them on my computer for the first time - so my mother's laptop might be the source too.

 

So, I scanned my mom's computer for viruses too - Malwarebytes, Panda, Avast! - they all came out clean, until I tried Hitman Pro. It detected around 60 suspicious files and viruses on my mom's laptop, so I thought removing them would be the end of it.

 

Wrong: everything was fine for a short while, but now the popups are back, all of them.

Running Hitman Pro isn't an option anymore as the free trial's over already, and I've cleared Chrome's cache and cookies several times on my computer, on my mom's computer, on my tablet, and on my phone (it never seemed to be infected, but I use the same Chrome account on it too, so I cleared it too just in case), and none of the virus scanners I've tried seem to be of help (except Hitman, but that was only temporary apparently).

 

Please help?


  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi, it appears that you may have an infected chrome which has also affected you online backup

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Select additions at the bottom
  • Press Scan button.
    frst.JPG
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please attach both logs generated.

  • 0

#3
Samyaza

Samyaza

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts

Hey,

 

thank you so much for the fast response!

 

Here are the logs:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Isukka (administrator) on ISUKKA-PC on 18-03-2015 19:53:25
Running from C:\Users\Natu-ti-ti\Downloads
Loaded Profiles: Isukka & Natu-ti-ti (Available profiles: Isukka & Natu-ti-ti & Äittä)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(ASUSTeK COMPUTER INC.) C:\Windows\System32\ATKFUSService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
() C:\Windows\SysWOW64\ASDR.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Hi-Rez Studios) E:\Natun pelit\Hi-Rez Studios\HiPatchService.exe
() C:\Program Files\ASUS\GamerOSD\ATKFastUserSwitching.exe
(ASUSTeK Inc.) C:\Program Files (x86)\ASUS\SmartDoctor\SmartDoctor.exe
() C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe
(Lavasoft Limited) C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.1.4\LavasoftTcpService.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Spotify Ltd) C:\Users\Natu-ti-ti\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files (x86)\puush\puush.exe
(Valve Corporation) E:\Natun pelit\Steam\Steam\Steam.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
() C:\Program Files\Rainmeter\Rainmeter.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(OsdMaestro) C:\Program Files (x86)\Hewlett-Packard\KBD\OSD\OSD.exe
() C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\GamerOSD\GamerOSD.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
(Valve Corporation) E:\Natun pelit\Steam\Steam\bin\steamwebhelper.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Curse) C:\Users\Natu-ti-ti\AppData\Local\Apps\2.0\ZQ35EQPM.0EH\TBTO7TLB.1Z7\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b62a0ea0a2ec\CurseClient.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Blizzard Entertainment) C:\Program Files (x86)\Battle.net\Battle.net.5566\Battle.net.exe
(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.3838\Agent.exe
() C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Razer, Inc.) C:\Users\Natu-ti-ti\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Valve Corporation) E:\Natun pelit\Steam\Steam\bin\steamwebhelper.exe
(Blizzard Entertainment) E:\Natun pelit\World of Warcraft\Wow-64.exe
(Valve Corporation) E:\Natun pelit\Steam\Steam\GameOverlayUI.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Savard Software) C:\Program Files (x86)\TurboTop\TurboTop.exe
(Blizzard Entertainment) E:\Natun pelit\World of Warcraft\Utils\WowBrowserProxy.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Spotify Ltd) C:\Users\Natu-ti-ti\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Natu-ti-ti\AppData\Roaming\Spotify\SpotifyCrashService.exe
(Spotify Ltd) C:\Users\Natu-ti-ti\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Natu-ti-ti\AppData\Roaming\Spotify\Spotify.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [610360 2009-07-08] ()
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-13] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [KBD] => C:\Program Files (x86)\Hewlett-Packard\KBD\LaunchApp.exe [364032 2009-03-30] (Hewlett-Packard)
HKLM-x32\...\Run: [OSD] => C:\Program Files (x86)\Hewlett-Packard\KBD\OSD\OSD.exe [282624 2009-03-30] (OsdMaestro)
HKLM-x32\...\Run: [HP Remote Solution] => C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe [656896 2009-05-26] ()
HKLM-x32\...\Run: [Easybits Recovery] => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [60464 2009-06-22] (EasyBits Software AS)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [ASUSGamerOSD] => C:\Program Files (x86)\ASUS\GamerOSD\GamerOSD.exe [380928 2009-07-30] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585536 2015-01-06] (Razer Inc.)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [40184 2015-02-27] (Panda Security, S.L.)
HKLM\...\RunOnce: [*WerKernelReporting] => C:\Windows\SYSTEM32\WerFault.exe [415232 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-3754106926-3601097053-1584288023-1001\...\Run: [HPADVISOR] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1668664 2009-07-15] (Hewlett-Packard)
HKU\S-1-5-21-3754106926-3601097053-1584288023-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
HKU\S-1-5-21-3754106926-3601097053-1584288023-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [1380672 2015-01-23] (Lavasoft)
HKU\S-1-5-21-3754106926-3601097053-1584288023-1001\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [466144 2014-11-27] (Sony)
HKU\S-1-5-21-3754106926-3601097053-1584288023-1004\...\Run: [GoogleChromeAutoLaunch_472E157AE31CC1F6E6CC995C5C42B336] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [809288 2015-03-07] (Google Inc.)
HKU\S-1-5-21-3754106926-3601097053-1584288023-1004\...\Run: [Spotify Web Helper] => C:\Users\Natu-ti-ti\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1959992 2015-03-12] (Spotify Ltd)
HKU\S-1-5-21-3754106926-3601097053-1584288023-1004\...\Run: [Battle.net] => C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe [2861104 2015-02-27] (Blizzard Entertainment)
HKU\S-1-5-21-3754106926-3601097053-1584288023-1004\...\Run: [puush] => C:\Program Files (x86)\puush\puush.exe [567880 2014-10-06] ()
HKU\S-1-5-21-3754106926-3601097053-1584288023-1004\...\Run: [Steam] => E:\Natun pelit\Steam\Steam\steam.exe [2874048 2015-02-19] (Valve Corporation)
HKU\S-1-5-21-3754106926-3601097053-1584288023-1004\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
HKU\S-1-5-21-3754106926-3601097053-1584288023-1004\...\MountPoints2: {899a046d-6d79-11e4-a2b5-90e6ba3273ac} - K:\Autorun.exe
HKU\S-1-5-21-3754106926-3601097053-1584288023-1004\...\MountPoints2: {a8787046-aa23-11e4-bce2-90e6ba3273ac} - M:\Startme.exe
HKU\S-1-5-21-3754106926-3601097053-1584288023-1004\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [241664 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-10-11] (Microsoft Corporation)
Startup: C:\Users\Natu-ti-ti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
Startup: C:\Users\Natu-ti-ti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-3754106926-3601097053-1584288023-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cndt
HKU\S-1-5-21-3754106926-3601097053-1584288023-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cndt
HKU\S-1-5-21-3754106926-3601097053-1584288023-1004\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cndt
HKU\S-1-5-21-3754106926-3601097053-1584288023-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cndt
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-10-09] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-10-09] (Oracle Corporation)
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52272 2009-09-25] (EasyBits Software Corp.)
Winsock: Catalog9 01 C:\Windows\SysWOW64\LavasoftTcpService.dll [332216] (Lavasoft Limited)
Winsock: Catalog9 02 C:\Windows\SysWOW64\LavasoftTcpService.dll [332216] (Lavasoft Limited)
Winsock: Catalog9 03 C:\Windows\SysWOW64\LavasoftTcpService.dll [332216] (Lavasoft Limited)
Winsock: Catalog9 04 C:\Windows\SysWOW64\LavasoftTcpService.dll [332216] (Lavasoft Limited)
Winsock: Catalog9 15 C:\Windows\SysWOW64\LavasoftTcpService.dll [332216] (Lavasoft Limited)
Winsock: Catalog9-x64 01 C:\Windows\system32\LavasoftTcpService64.dll [378832] (Lavasoft Limited)
Winsock: Catalog9-x64 02 C:\Windows\system32\LavasoftTcpService64.dll [378832] (Lavasoft Limited)
Winsock: Catalog9-x64 03 C:\Windows\system32\LavasoftTcpService64.dll [378832] (Lavasoft Limited)
Winsock: Catalog9-x64 04 C:\Windows\system32\LavasoftTcpService64.dll [378832] (Lavasoft Limited)
Winsock: Catalog9-x64 15 C:\Windows\system32\LavasoftTcpService64.dll [378832] (Lavasoft Limited)
Tcpip\Parameters: [DhcpNameServer] 91.194.254.105 8.8.8.8
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-10] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-10] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-10-09] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-10-09] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-09-13] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-09-13] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\Isukka\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Isukka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-30]
CHR Extension: (Google Drive) - C:\Users\Isukka\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-30]
CHR Extension: (YouTube) - C:\Users\Isukka\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-30]
CHR Extension: (Google Search) - C:\Users\Isukka\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-30]
CHR Extension: (Google Wallet) - C:\Users\Isukka\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-31]
CHR Extension: (Gmail) - C:\Users\Isukka\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-30]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 ASDR; C:\Windows\SysWOW64\ASDR.exe [61440 2009-07-27] () [File not signed]
R2 ATKFUSService; C:\Windows\system32\ATKFUSService.exe [63488 2009-12-01] (ASUSTeK COMPUTER INC.) [File not signed]
R2 ezSharedSvc; C:\Windows\SysWOW64\ezsvc7.dll [129584 2009-02-22] (EasyBits Sofware AS) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2015-01-03] (Macrovision Europe Ltd.) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-13] (NVIDIA Corporation)
U2 HiPatchService; E:\Natun pelit\Hi-Rez Studios\HiPatchService.exe [9216 2015-01-12] (Hi-Rez Studios) [File not signed]
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-02-22] (SurfRight B.V.)
R2 HPBtnSrv; C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe [192512 2008-09-30] () [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.1.4\LavasoftTcpService.exe [1364392 2015-01-23] (Lavasoft Limited)
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-05-18] (Hewlett-Packard Company) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [142584 2015-02-27] (Panda Security, S.L.)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-13] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-13] (NVIDIA Corporation)
S3 Origin Client Service; E:\Natun pelit\Origin\OriginClientService.exe [1903472 2015-01-23] (Electronic Arts)
R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [66808 2014-10-09] (Panda Security, S.L.)
R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [38136 2015-02-27] (Panda Security, S.L.)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [186048 2014-12-10] ()
R2 SearchProtectionService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [15208 2015-01-23] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 asusgsb; C:\Windows\System32\drivers\asusgsb.sys [17792 2009-02-17] (ASUSTeK Computer Inc.)
R3 atkdisplf; C:\Windows\System32\drivers\ATKDispLowFilter.sys [39424 2009-02-17] (ASUSTeK Computer Inc.)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [88480 2014-11-22] ()
R3 AVER_H193; C:\Windows\System32\drivers\AVer888RC_64.sys [543616 2009-11-13] (AVerMedia TECHNOLOGIES, Inc.)
R3 CXCIR; C:\Windows\System32\DRIVERS\AVer888RCIR_64.sys [39936 2009-11-13] (AVerMedia TECHNOLOGIES, Inc.)
R1 EIO64; C:\Windows\System32\DRIVERS\EIO64.sys [16384 2014-10-05] (ASUSTeK Computer Inc.)
S3 ggsomc; C:\Windows\System32\DRIVERS\ggsomc.sys [30424 2015-02-01] (Sony Mobile Communications)
R3 IOMap; C:\Windows\system32\drivers\IOMap64.sys [23680 2010-02-22] (ASUSTeK Computer Inc.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [46400 2014-11-22] ()
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [93968 2015-02-09] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [202000 2015-02-09] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [110864 2015-02-09] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [116496 2015-02-09] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [48400 2014-12-31] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [99600 2015-02-09] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [69904 2015-02-09] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [124176 2015-02-09] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [299792 2015-02-09] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [166160 2015-02-09] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [113424 2015-02-09] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [257296 2015-02-09] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [106256 2015-02-09] (Panda Security, S.L.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-13] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [163088 2015-02-25] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [121616 2015-02-25] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [197392 2015-02-25] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [124176 2015-02-25] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [133904 2015-02-25] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [107792 2015-02-25] (Panda Security, S.L.)
R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [61712 2015-01-29] (Panda Security, S.L.)
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39592 2014-12-30] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2014-12-10] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2014-10-23] (Razer, Inc.)
R2 {55662437-DA8C-40c0-AADA-2C816A897A49}; c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [146928 2009-07-23] (CyberLink Corp.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-18 19:53 - 2015-03-18 19:53 - 00024740 _____ () C:\Users\Natu-ti-ti\Downloads\FRST.txt
2015-03-18 19:50 - 2015-03-18 19:53 - 00000000 ____D () C:\FRST
2015-03-18 19:49 - 2015-03-18 19:49 - 02095616 _____ (Farbar) C:\Users\Natu-ti-ti\Downloads\FRST64.exe
2015-03-15 15:36 - 2015-03-15 15:36 - 00000649 _____ () C:\Users\Natu-ti-ti\Desktop\ASD.txt
2015-03-15 15:35 - 2015-03-15 15:35 - 00003199 _____ () C:\Users\Natu-ti-ti\Desktop\wow.txt
2015-03-15 12:48 - 2014-09-13 22:13 - 00613696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-03-11 18:53 - 2015-02-24 05:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-11 18:53 - 2015-02-24 04:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-03-11 18:53 - 2015-02-21 02:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-11 18:53 - 2015-02-21 02:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-03-11 18:53 - 2015-02-21 02:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-11 18:53 - 2015-02-21 02:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-11 18:53 - 2015-02-21 01:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-11 18:53 - 2015-02-21 01:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-11 18:53 - 2015-02-20 05:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-11 18:53 - 2015-02-20 05:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-11 18:53 - 2015-02-20 04:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-11 18:53 - 2015-02-20 04:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-11 18:53 - 2015-02-20 04:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-11 18:53 - 2015-02-20 04:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-11 18:53 - 2015-02-20 04:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-11 18:53 - 2015-02-20 04:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-11 18:53 - 2015-02-20 04:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-11 18:53 - 2015-02-20 04:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-11 18:53 - 2015-02-20 04:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-11 18:53 - 2015-02-20 04:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-11 18:53 - 2015-02-20 04:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-11 18:53 - 2015-02-20 04:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-11 18:53 - 2015-02-20 04:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-11 18:53 - 2015-02-20 04:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-03-11 18:53 - 2015-02-20 04:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-11 18:53 - 2015-02-20 04:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-11 18:53 - 2015-02-20 04:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-11 18:53 - 2015-02-20 04:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-11 18:53 - 2015-02-20 04:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-03-11 18:53 - 2015-02-20 04:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-03-11 18:53 - 2015-02-20 04:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-03-11 18:53 - 2015-02-20 04:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-11 18:53 - 2015-02-20 04:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-11 18:53 - 2015-02-20 04:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-03-11 18:53 - 2015-02-20 04:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-03-11 18:53 - 2015-02-20 03:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-03-11 18:53 - 2015-02-20 03:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-03-11 18:53 - 2015-02-20 03:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-03-11 18:53 - 2015-02-20 03:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-11 18:53 - 2015-02-20 03:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-11 18:53 - 2015-02-20 03:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-11 18:53 - 2015-02-20 03:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-11 18:53 - 2015-02-20 03:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-11 18:53 - 2015-02-20 03:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-03-11 18:53 - 2015-02-20 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-03-11 18:53 - 2015-02-20 03:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-11 18:53 - 2015-02-20 03:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-11 18:53 - 2015-02-20 03:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-11 18:53 - 2015-02-20 03:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-11 18:53 - 2015-02-20 03:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-03-11 18:53 - 2015-02-20 03:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-11 18:53 - 2015-02-20 03:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-11 18:53 - 2015-02-20 03:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-11 18:53 - 2015-02-20 02:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-11 18:53 - 2015-02-20 02:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-03-11 18:52 - 2015-02-21 03:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-11 16:35 - 2015-02-03 05:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-11 16:35 - 2015-02-03 05:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-03-11 16:35 - 2015-02-03 05:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-11 16:35 - 2015-02-03 05:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-03-11 16:35 - 2015-02-03 05:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-11 16:35 - 2015-02-03 05:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-11 16:35 - 2015-02-03 05:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-11 16:35 - 2015-02-03 05:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-11 16:35 - 2015-02-03 05:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-11 16:35 - 2015-02-03 05:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-11 16:35 - 2015-02-03 05:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-11 16:35 - 2015-02-03 05:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-11 16:35 - 2015-02-03 05:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-11 16:35 - 2015-02-03 05:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-11 16:35 - 2015-02-03 05:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-11 16:35 - 2015-02-03 05:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-11 16:35 - 2015-02-03 05:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-11 16:35 - 2015-02-03 05:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-11 16:35 - 2015-02-03 05:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-11 16:35 - 2015-02-03 05:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-11 16:35 - 2015-02-03 05:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-11 16:35 - 2015-02-03 05:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-11 16:35 - 2015-02-03 05:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-11 16:35 - 2015-02-03 05:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-11 16:35 - 2015-02-03 05:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-11 16:35 - 2015-02-03 05:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-11 16:35 - 2015-02-03 05:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-11 16:35 - 2015-02-03 05:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-11 16:35 - 2015-02-03 05:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-11 16:35 - 2015-02-03 05:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-11 16:35 - 2015-02-03 05:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-11 16:35 - 2015-02-03 05:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-11 16:35 - 2015-02-03 05:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-11 16:35 - 2015-02-03 05:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-11 16:35 - 2015-02-03 05:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-11 16:35 - 2015-02-03 05:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-11 16:35 - 2015-02-03 05:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-11 16:35 - 2015-02-03 05:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-11 16:35 - 2015-02-03 05:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-11 16:35 - 2015-02-03 05:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-11 16:35 - 2015-02-03 05:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-11 16:35 - 2015-02-03 05:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-11 16:35 - 2015-02-03 05:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-11 16:35 - 2015-02-03 05:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-11 16:35 - 2015-02-03 05:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-11 16:35 - 2015-02-03 05:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-11 16:35 - 2015-02-03 05:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-11 16:35 - 2015-02-03 05:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-11 16:35 - 2015-02-03 05:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-11 16:35 - 2015-02-03 05:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-11 16:35 - 2015-02-03 05:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-11 16:35 - 2015-02-03 05:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-11 16:35 - 2015-02-03 05:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-11 16:35 - 2015-02-03 05:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-11 16:35 - 2015-02-03 05:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-03-11 16:35 - 2015-02-03 05:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-03-11 16:35 - 2015-02-03 05:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-03-11 16:35 - 2015-02-03 05:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-03-11 16:35 - 2015-02-03 05:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-03-11 16:35 - 2015-02-03 05:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-03-11 16:35 - 2015-02-03 05:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-03-11 16:35 - 2015-02-03 05:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-03-11 16:35 - 2015-02-03 05:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-03-11 16:35 - 2015-02-03 05:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-03-11 16:35 - 2015-02-03 05:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-03-11 16:35 - 2015-02-03 05:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-03-11 16:35 - 2015-02-03 05:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-03-11 16:35 - 2015-02-03 05:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-03-11 16:35 - 2015-02-03 05:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-03-11 16:35 - 2015-02-03 05:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-03-11 16:35 - 2015-02-03 05:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-03-11 16:35 - 2015-02-03 05:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-03-11 16:35 - 2015-02-03 05:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-03-11 16:35 - 2015-02-03 05:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-03-11 16:35 - 2015-02-03 05:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-03-11 16:35 - 2015-02-03 05:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-03-11 16:35 - 2015-02-03 05:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-03-11 16:35 - 2015-02-03 05:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-03-11 16:35 - 2015-02-03 05:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-03-11 16:35 - 2015-02-03 05:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-03-11 16:35 - 2015-02-03 05:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-03-11 16:35 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-03-11 16:35 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-03-11 16:35 - 2015-02-03 05:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-03-11 16:35 - 2015-02-03 05:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-03-11 16:35 - 2015-02-03 05:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-03-11 16:35 - 2015-02-03 05:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-03-11 16:35 - 2015-02-03 05:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-03-11 16:35 - 2015-02-03 04:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-11 16:35 - 2014-11-01 00:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-11 16:22 - 2015-03-06 07:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-11 16:22 - 2015-03-06 07:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-11 16:22 - 2015-03-06 07:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-11 16:22 - 2015-03-06 07:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-11 16:22 - 2015-03-06 07:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-11 16:22 - 2015-03-06 07:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-11 16:22 - 2015-03-06 07:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-11 16:22 - 2015-03-06 07:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-11 16:22 - 2015-03-06 07:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-11 16:22 - 2015-03-06 07:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-11 16:22 - 2015-03-06 07:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-11 16:22 - 2015-03-06 07:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-11 16:22 - 2015-03-06 07:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-11 16:22 - 2015-03-06 07:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-11 16:22 - 2015-03-06 07:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-11 16:22 - 2015-03-06 07:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-11 16:22 - 2015-03-06 07:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-11 16:22 - 2015-03-06 07:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-11 16:22 - 2015-03-06 07:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-03-11 16:22 - 2015-03-06 07:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-03-11 16:22 - 2015-03-06 07:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-11 16:22 - 2015-03-06 07:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-03-11 16:22 - 2015-03-06 07:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-03-11 16:22 - 2015-03-06 07:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-03-11 16:22 - 2015-03-06 07:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-03-11 16:22 - 2015-03-06 07:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-03-11 16:22 - 2015-03-06 07:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-03-11 16:22 - 2015-03-06 07:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-03-11 16:22 - 2015-03-06 07:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-03-11 16:22 - 2015-03-06 07:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-03-11 16:22 - 2015-03-06 07:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-03-11 16:22 - 2015-01-31 01:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-11 16:18 - 2015-02-26 05:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-11 16:18 - 2015-02-03 05:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-11 16:18 - 2015-02-03 05:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-11 16:16 - 2015-02-20 06:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-11 16:16 - 2015-02-20 06:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-11 16:16 - 2015-02-20 06:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-11 16:16 - 2015-02-20 06:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-11 16:16 - 2015-02-20 06:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-03-11 16:16 - 2015-02-20 06:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-11 16:16 - 2015-02-20 06:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-03-11 16:16 - 2015-02-20 06:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-03-11 16:16 - 2015-02-20 05:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-11 16:16 - 2015-02-20 05:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-11 16:13 - 2015-02-13 07:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-11 16:13 - 2015-02-13 07:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-11 16:13 - 2015-02-03 05:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-11 16:13 - 2015-02-03 05:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-03-11 16:12 - 2015-01-17 04:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-11 16:12 - 2015-01-17 04:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-11 15:52 - 2015-02-04 05:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-11 15:52 - 2015-02-04 04:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-10 11:42 - 2015-01-29 19:21 - 00061712 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2015-03-10 11:41 - 2015-03-10 11:41 - 00000000 ____D () C:\Users\Natu-ti-ti\AppData\Roaming\Panda Security
2015-03-10 11:41 - 2015-03-10 11:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Internet Security 2015
2015-03-10 11:40 - 2015-03-10 11:41 - 00000000 ____D () C:\Program Files (x86)\Panda Security
2015-03-10 11:33 - 2015-03-10 11:41 - 00000000 ____D () C:\ProgramData\Panda Security
2015-03-09 17:46 - 2015-03-09 17:46 - 00000000 ____D () C:\NVIDIA
2015-03-08 14:09 - 2015-03-08 14:10 - 00293392 _____ () C:\Windows\Minidump\030815-24460-01.dmp
2015-03-08 14:09 - 2015-03-08 14:09 - 638796565 _____ () C:\Windows\MEMORY.DMP
2015-03-08 14:09 - 2015-03-08 14:09 - 00000000 ____D () C:\Windows\Minidump
2015-03-08 12:10 - 2015-03-08 12:10 - 00001996 _____ () C:\Users\Isukka\Desktop\DVD Decrypter.lnk
2015-03-06 19:50 - 2015-03-06 19:50 - 00001027 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TurboTop.lnk
2015-03-06 19:50 - 2015-03-06 19:50 - 00000000 ____D () C:\Program Files (x86)\TurboTop
2015-02-25 21:13 - 2015-01-09 01:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-25 21:13 - 2015-01-09 01:43 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-02-25 21:03 - 2015-02-25 21:03 - 00197392 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSINKNC.sys
2015-02-25 21:03 - 2015-02-25 21:03 - 00163088 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSINAflt.sys
2015-02-25 21:03 - 2015-02-25 21:03 - 00133904 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSINProt.sys
2015-02-25 21:03 - 2015-02-25 21:03 - 00124176 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSINProc.sys
2015-02-25 21:03 - 2015-02-25 21:03 - 00121616 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSINFile.sys
2015-02-25 21:03 - 2015-02-25 21:03 - 00107792 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSINReg.sys
2015-02-25 21:03 - 2015-01-09 05:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-02-25 21:03 - 2015-01-09 05:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-02-25 21:03 - 2015-01-09 05:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-02-25 21:03 - 2015-01-09 04:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-02-20 15:35 - 2015-02-20 15:35 - 00000000 ____D () C:\Windows\46ED2B6485C74E1F920CA555B21F2E4C.TMP
2015-02-20 15:17 - 2015-02-20 15:17 - 00020303 _____ () C:\Users\Natu-ti-ti\Downloads\Feenix_2.4.3_client.rar.torrent
2015-02-20 15:14 - 2015-02-20 15:14 - 01743960 _____ (BitTorrent Inc.) C:\Users\Natu-ti-ti\Downloads\BitTorrent.exe
2015-02-19 18:22 - 2015-02-19 18:22 - 00000000 ____D () C:\Users\Natu-ti-ti\AppData\Local\Steam
2015-02-17 19:54 - 2014-09-17 06:51 - 00197408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2015-02-17 19:54 - 2014-09-17 06:51 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2015-02-17 19:54 - 2014-09-14 01:48 - 31887680 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-02-17 19:54 - 2014-09-14 01:48 - 24552592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-02-17 19:54 - 2014-09-14 01:48 - 20922512 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-02-17 19:54 - 2014-09-14 01:48 - 17259664 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-02-17 19:54 - 2014-09-14 01:48 - 14026304 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-02-17 19:54 - 2014-09-14 01:48 - 13939272 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-02-17 19:54 - 2014-09-14 01:48 - 13157696 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-02-17 19:54 - 2014-09-14 01:48 - 11392576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-02-17 19:54 - 2014-09-14 01:48 - 11330776 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-02-17 19:54 - 2014-09-14 01:48 - 04287296 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-02-17 19:54 - 2014-09-14 01:48 - 04008592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-02-17 19:54 - 2014-09-14 01:48 - 01876296 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434411.dll
2015-02-17 19:54 - 2014-09-14 01:48 - 01539272 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434411.dll
2015-02-17 19:54 - 2014-09-14 01:48 - 00957584 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-02-17 19:54 - 2014-09-14 01:48 - 00925896 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-02-17 19:54 - 2014-09-14 01:48 - 00919240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-02-17 19:54 - 2014-09-14 01:48 - 00894096 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-02-17 19:54 - 2014-09-14 01:48 - 00867528 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-02-17 19:54 - 2014-09-14 01:48 - 00352016 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-02-17 19:54 - 2014-09-14 01:48 - 00303600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-02-17 19:54 - 2014-09-14 01:48 - 00174856 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-02-17 19:54 - 2014-09-14 01:48 - 00156840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-18 19:53 - 2014-10-05 10:26 - 00000000 ____D () C:\Users\Isukka
2015-03-18 19:50 - 2014-10-05 18:52 - 00000000 ____D () C:\Users\Natu-ti-ti\AppData\Local\Battle.net
2015-03-18 19:48 - 2014-10-05 15:53 - 00000000 ____D () C:\Users\Natu-ti-ti\AppData\Local\Spotify
2015-03-18 19:27 - 2015-01-30 10:54 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-18 19:18 - 2015-01-30 10:07 - 00001008 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-18 19:18 - 2014-10-18 14:50 - 00000000 ____D () C:\Users\Natu-ti-ti\AppData\Local\Deployment
2015-03-18 18:48 - 2014-10-05 10:26 - 02050717 _____ () C:\Windows\WindowsUpdate.log
2015-03-18 18:32 - 2014-10-05 15:52 - 00000000 ____D () C:\Users\Natu-ti-ti\AppData\Roaming\Spotify
2015-03-18 18:18 - 2015-01-30 10:07 - 00001004 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-17 16:20 - 2009-07-14 06:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-17 16:20 - 2009-07-14 06:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-17 16:12 - 2015-01-31 13:49 - 00020946 _____ () C:\Windows\setupact.log
2015-03-17 16:11 - 2015-02-11 15:27 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-03-17 16:11 - 2014-10-05 14:30 - 00000000 ____D () C:\Users\Natu-ti-ti
2015-03-17 16:11 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-15 12:48 - 2014-10-05 12:40 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2015-03-13 19:17 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-03-12 09:00 - 2009-07-14 07:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-03-12 08:57 - 2009-07-14 06:45 - 00479272 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-12 08:55 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-12 08:55 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-03-11 21:27 - 2014-10-07 07:09 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-11 21:22 - 2014-10-07 07:09 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-11 15:41 - 2014-10-12 16:13 - 00000000 ____D () C:\temp
2015-03-10 14:56 - 2015-01-17 15:15 - 00000000 ____D () C:\Users\Natu-ti-ti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-03-10 11:43 - 2014-10-05 10:27 - 00118432 _____ () C:\Users\Isukka\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-10 11:41 - 2014-10-05 14:31 - 00118432 _____ () C:\Users\Natu-ti-ti\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-09 18:53 - 2014-10-06 14:06 - 00000000 ____D () C:\Users\Natu-ti-ti\AppData\Roaming\Skype
2015-03-08 12:11 - 2015-02-01 18:43 - 00215028 _____ () C:\Windows\DPINST.LOG
2015-03-08 12:11 - 2015-02-01 18:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2015-03-08 12:10 - 2009-09-25 04:54 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-03-06 16:54 - 2014-11-16 12:42 - 00000000 ____D () C:\Users\Natu-ti-ti\AppData\Roaming\BitTorrent
2015-03-03 15:17 - 2014-10-05 10:49 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-03-01 19:30 - 2014-10-05 10:30 - 00003964 _____ () C:\Windows\System32\Tasks\Registration
2015-02-28 20:06 - 2014-11-29 20:36 - 00000000 ____D () C:\Users\Natu-ti-ti\AppData\Roaming\vlc
2015-02-28 13:35 - 2014-11-15 15:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2015-02-28 13:25 - 2014-10-05 18:51 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2015-02-26 16:59 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\tracing
2015-02-21 12:25 - 2015-01-31 13:49 - 00023858 _____ () C:\Windows\PFRO.log
2015-02-20 16:35 - 2009-07-14 07:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-20 15:35 - 2014-10-05 14:36 - 00000000 ____D () C:\Users\Natu-ti-ti\Documents\my games
2015-02-20 15:34 - 2015-02-02 18:14 - 00035466 _____ () C:\Windows\DirectX.log
2015-02-20 15:15 - 2014-11-16 12:43 - 00000000 ____D () C:\Users\Isukka\AppData\Roaming\BitTorrent
 
==================== Files in the root of some directories =======
 
2014-10-05 10:31 - 2014-10-05 10:31 - 0000019 _____ () C:\Users\Isukka\AppData\Local\Run.ini
 
Files to move or delete:
====================
C:\Users\Natu-ti-ti\jagex_cl_oldschool_LIVE.dat
C:\Users\Natu-ti-ti\jagex_cl_runescape_LIVE.dat
C:\Users\Natu-ti-ti\jagex_cl_speccollect_LIVE.dat
C:\Users\Natu-ti-ti\random.dat
 
 
Some content of TEMP:
====================
C:\Users\Isukka\AppData\Local\Temp\cd4fc5bf-f964-44fe-acf6-b1f3e640f932.exe
C:\Users\Isukka\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Isukka\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Isukka\AppData\Local\Temp\nvStInst.exe
C:\Users\Isukka\AppData\Local\Temp\SpOrder.dll
C:\Users\Isukka\AppData\Local\Temp\{52542FA2-3CD4-4587-A4B4-27F4E5457A0A}.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-03-17 19:15
 
==================== End Of Log ============================
 
 
 
 
 
 
And the Addition file:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Isukka at 2015-03-18 19:54:06
Running from C:\Users\Natu-ti-ti\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Panda Internet Security 2015 (Enabled - Up to date) {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Panda Internet Security 2015 (Enabled - Up to date) {8F3797EF-DB90-F073-3C72-40C753554CD1}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Panda Firewall (Enabled) {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
2007 Office Systemin yhteensopivuuspaketti (HKLM-x32\...\{90120000-0020-040B-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Ad-Aware Web Companion (x32 Version: 1.1.862.1653 - Lavasoft) Hidden
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Photoshop Elements 7.0 (HKLM-x32\...\Adobe Photoshop Elements 7) (Version: 7.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 7.0 (HKLM-x32\...\PremElem70) (Version: 7.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 7.0 Templates (HKLM-x32\...\PremElem70Templates) (Version: 7.0.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Suomi (HKLM-x32\...\{AC76BA86-7AD7-1035-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AOL Verktygsfält 5.0 (HKLM-x32\...\AOL Toolbar) (Version: 5.9.19.1 - AOL LLC)
ArcSoft WebCam Companion 3 (HKLM-x32\...\{55FB8585-9F5F-482E-BDE3-57F338C1DE97}) (Version: 3.0.15.182 - ArcSoft)
Artweaver Free 4 (HKLM-x32\...\{6567E404-A019-4D0C-BD18-10564126A579}_is1) (Version: 4.0 - Boris Eyrich Software)
ASUS Gamer OSD (HKLM-x32\...\{7F88C9E5-12BD-404F-AC6A-108BAAC9B708}) (Version: 3.07.0419 - ASUSTeK COMPUTER INC.)
ASUS nVidia Driver (x32 Version: 1.00.0000 - ASUSTek) Hidden
ASUS Smart Doctor (HKLM-x32\...\InstallShield_{809D7E6D-915D-4EAD-821F-E13D93F37161}) (Version: 5.80 - ASUSTek COMPUTER INC.)
ASUS Smart Doctor (x32 Version: 5.80 - ASUSTek COMPUTER INC.) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BitTorrent (HKU\S-1-5-21-3754106926-3601097053-1584288023-1001\...\BitTorrent) (Version: 7.9.2.38759 - BitTorrent Inc.)
BitTorrent (HKU\S-1-5-21-3754106926-3601097053-1584288023-1004\...\BitTorrent) (Version: 7.9.2.38759 - BitTorrent Inc.)
Blu-ray Copy 1.0.52 (HKLM-x32\...\{EE56B531-B655-4afa-9664-0C0970E5798B}_is1) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)
Curse Client (HKU\S-1-5-21-3754106926-3601097053-1584288023-1004\...\101a9f93b8f0bb6f) (Version: 5.1.1.820 - Curse)
CyberLink DVD Suite Premium (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.3101 - CyberLink Corp.)
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
Download Updater (AOL LLC) (HKLM-x32\...\SoftwareUpdUtility) (Version:  - ) <==== ATTENTION
DVD Decrypter (Remove Only) (HKLM-x32\...\DVD Decrypter) (Version:  - )
Enhanced Multimedia Keyboard Solution(USB) (HKLM-x32\...\{4C9B0900-90C6-45E5-8D3E-86129974A53D}) (Version: 1.2.0.1 - Hewlett-Packard)
Fallout 3 - Game of the Year Edition (HKLM-x32\...\Steam App 22370) (Version:  - Bethesda Game Studios)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.89 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Grim Fandango Remastered (HKLM-x32\...\Steam App 316790) (Version:  - Double Fine Productions)
Heroes of Might and Magic V - Tribes of the East (HKLM-x32\...\{66FF4C48-0083-4E60-8556-B883AB200092}) (Version:  - )
Heroes of Might and Magic V (HKLM-x32\...\{20071984-5EB1-4881-8EDB-082532ACEC6D}) (Version:  - )
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.238 - SurfRight B.V.)
HP Advisor (HKLM-x32\...\{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}) (Version: 3.2.8946.3086 - Hewlett-Packard)
HP Customer Experience Enhancements (HKLM-x32\...\{5B295588-59C1-4386-9F85-BB4BEDCB0D22}) (Version: 5.7.0.3036 - Hewlett-Packard)
HP Easy Backup (HKLM-x32\...\{67431FA8-4B89-42DD-A68E-30D77F6C8D99}_is1) (Version: 1.0.8.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 3.0.3123 - Hewlett-Packard)
HP MediaSmart Movie Themes (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 3.0.3102 - Hewlett-Packard)
HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 3.0.3205 - Hewlett-Packard)
HP MediaSmart SmartMenu (HKLM\...\{26280024-DFB7-4967-90DB-7F9C6660D01E}) (Version: 3.0.28.2 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Remote Solution (HKLM-x32\...\HP Remote Solution) (Version: 1.1.9.0 - TopSeed)
HP Setup (HKLM-x32\...\{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}) (Version: 1.2.3220.3079 - Hewlett-Packard)
HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard)
Hårdvarudiagnostikverktyg (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5205.31 - PC-Doctor, Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1901 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.1901 - CyberLink Corp.) Hidden
LavasoftTcpService (x32 Version: 2.3.1.4 - Lavasoft) Hidden
LightScribe System Software (HKLM-x32\...\{DD6C316A-FE75-4FBB-9D22-4C1920232B72}) (Version: 1.18.5.1 - LightScribe)
Magic Desktop (HKLM-x32\...\EasyBits Magic Desktop) (Version:  - EasyBits Software AS)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (Finnish) (HKLM-x32\...\{95120000-00AF-040B-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{7D9EF8C1-1B76-44AF-A918-86CBA6FD24C8}) (Version: 9.7.0621 - Microsoft Corporation)
Morrowind (HKLM-x32\...\{055A1919-3BBA-4BD5-8B3C-3851879AC185}) (Version:  - )
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA 3D Vision Controller Driver 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 344.11 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 344.11 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.5 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.5 - NVIDIA Corporation)
NVIDIA Graphics Driver 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.11 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.5.3.636 - Electronic Arts, Inc.)
Panda Devices Agent (HKLM-x32\...\Panda Devices Agent) (Version: 1.03.04 - Panda Security)
Panda Devices Agent (x32 Version: 1.05.00 - Panda Security) Hidden
Panda Internet Security 2015 (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 15.01.00.0002 - Panda Security)
Panda Internet Security 2015 (Version: 7.82.00.0000 - Panda Security) Hidden
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3101 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.3101 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3101 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.3101 - CyberLink Corp.) Hidden
PowerRecover (x32 Version: 5.5.1923 - CyberLink Corp.) Hidden
puush (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284B}) (Version: 1.0.0.0 - Dean Herbert)
Rainmeter (HKLM-x32\...\Rainmeter) (Version: 3.2 beta r2326 - )
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.19.23944 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6196 - Realtek Semiconductor Corp.)
RocketDock 1.3.5 (HKLM-x32\...\RocketDock_is1) (Version:  - Punk Software)
SHIELD Streaming (Version: 3.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.18.9 - NVIDIA Corporation) Hidden
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SmartSound Quicktracks for Premiere Elements (HKLM-x32\...\InstallShield_{F6234880-85BE-4DCB-8A45-1FF85A1A8552}) (Version: 3.11.3090 - SmartSound Software Inc)
SmartSound Quicktracks for Premiere Elements (x32 Version: 3.11.3090 - SmartSound Software Inc) Hidden
Smite (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}) (Version: 1.0.2533.0 - Hi-Rez Studios)
Sony Mobile Update Engine (HKLM-x32\...\Update Engine) (Version: 2.15.1.201412301303 - Sony Mobile Communications Inc.)
Sony PC Companion 2.10.251 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.251 - Sony)
Spotify (HKU\S-1-5-21-3754106926-3601097053-1584288023-1004\...\Spotify) (Version: 1.0.1.1060.gc75ebdfd - Spotify AB)
TES Construction Set (HKLM-x32\...\{605333A6-963F-480C-A358-1301CAA6CFF6}) (Version:  - )
The Witcher Enhanced Edition (HKLM-x32\...\{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}) (Version: 1.00.0000 - CD Projekt Red)
Theme Hospital (HKLM-x32\...\{5118A4C2-C8A4-4CE5-AC37-F3E51C25402F}) (Version: 3.0.0.2 - Electronic Arts)
TurboTop 2.7 (HKLM-x32\...\TurboTop_is1) (Version: 2.7.0.1 - Savard Software)
Utility (x32 Version: 1.00.0002 - Yrityksen nimi) Hidden
Web Companion (HKLM-x32\...\{8BC95771-8634-499F-9EA5-1498A2701C7A}_WebCompanion) (Version: 1.1.862.1653 - Lavasoft)
WinRAR 5.11 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.7.0 - Elaborate Bytes)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Worms Revolution (HKLM-x32\...\Steam App 200170) (Version:  - Team17 Digital Ltd.)
Wrye Mash (HKLM-x32\...\Wrye Mash) (Version:  - Wrye)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-3754106926-3601097053-1584288023-1004_Classes\CLSID\{08d60575-0707-464f-bf84-15b0eb9e929c}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
 
==================== Restore Points  =========================
 
01-03-2015 14:40:56 Windows Update
05-03-2015 15:20:09 Windows Update
09-03-2015 16:11:07 Windows Update
11-03-2015 21:20:33 Windows Update
15-03-2015 20:25:27 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {006BA945-1CF5-4C46-911C-97A6C8A0C01C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-10] (Adobe Systems Incorporated)
Task: {04147F57-8D46-4BF8-B923-81A08ECA868F} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP TCS\RemEngine.exe [2009-07-08] ()
Task: {19C15414-B530-401B-9AEA-AB5E8C1BB2EB} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP TCS\RemEngine.exe [2009-07-08] ()
Task: {2897A7C8-3B40-4722-930D-98BA3CC63C43} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-01-20] (Piriform Ltd)
Task: {37C1D9AE-CAA2-4C0C-BAD0-67DC628FB580} - System32\Tasks\elbyExecuteWithUAC => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ExecuteWithUAC.exe [2013-03-22] ()
Task: {644E4009-C17D-4EB8-8371-185D7636472B} - System32\Tasks\DVDAgent => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe [2009-07-23] (CyberLink Corp.)
Task: {A577BECC-ADAC-4EE4-BE04-9C63D4B1BDD3} - System32\Tasks\PCDRScheduledMaintenance => C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-07-02] (PC-Doctor, Inc.)
Task: {D1A314BA-B46E-4DCE-B1EE-65EC5B229481} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-30] (Google Inc.)
Task: {E8ABF4D2-C75C-4E40-AC42-03C3AE613BCB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-30] (Google Inc.)
Task: {EFB1A7AB-129F-4ACE-9586-89150F49B760} - System32\Tasks\CLMLSvc => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [2009-08-05] (CyberLink)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PCDRScheduledMaintenance.job => C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe5-fh scripts\monthly.xml
 
==================== Loaded Modules (whitelisted) ==============
 
2015-02-11 15:27 - 2014-09-13 23:53 - 00116880 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-10-27 20:25 - 2012-08-31 15:03 - 00288768 _____ () C:\Windows\System32\HP1100LM.DLL
2014-10-27 20:25 - 2012-08-31 15:02 - 00074240 _____ () C:\Windows\system32\spool\PRTPROCS\x64\HP1100PP.DLL
2009-07-27 10:13 - 2009-07-27 10:13 - 00061440 _____ () C:\Windows\SysWOW64\ASDR.exe
2014-10-05 12:47 - 2010-04-06 14:33 - 00477184 _____ () C:\Program Files\ASUS\GamerOSD\ATKFastUserSwitching.exe
2009-09-25 05:08 - 2008-09-30 18:59 - 00192512 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe
2009-07-08 14:35 - 2009-07-08 14:35 - 00610360 _____ () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
2012-01-10 13:41 - 2014-10-06 14:51 - 00567880 _____ () C:\Program Files (x86)\puush\puush.exe
2014-09-17 15:13 - 2014-09-17 15:13 - 00036536 _____ () C:\Program Files\Rainmeter\Rainmeter.exe
2014-09-17 15:13 - 2014-09-17 15:13 - 00752312 _____ () C:\Program Files\Rainmeter\Rainmeter.dll
2014-09-17 15:12 - 2014-09-17 15:12 - 00011776 _____ () C:\Program Files\Rainmeter\Plugins\RecycleManager.dll
2009-05-26 10:36 - 2009-05-26 10:36 - 00656896 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
2014-12-10 00:22 - 2014-12-10 00:22 - 00186048 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2014-10-18 14:52 - 2014-10-18 14:51 - 00016384 _____ () C:\Users\Natu-ti-ti\AppData\Local\Apps\2.0\ZQ35EQPM.0EH\TBTO7TLB.1Z7\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b62a0ea0a2ec\Curse.CurseClient.WowDb.dll
2014-10-18 14:52 - 2014-10-18 14:51 - 00035840 _____ () C:\Users\Natu-ti-ti\AppData\Local\Apps\2.0\ZQ35EQPM.0EH\TBTO7TLB.1Z7\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b62a0ea0a2ec\Curse.Advertising.dll
2014-10-18 14:52 - 2014-10-18 14:51 - 00099840 _____ () C:\Users\Natu-ti-ti\AppData\Local\Apps\2.0\ZQ35EQPM.0EH\TBTO7TLB.1Z7\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b62a0ea0a2ec\Curse.CurseClient.CMOD2.dll
2015-01-23 06:38 - 2015-01-23 06:38 - 00015208 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe
2015-01-23 06:38 - 2015-01-23 06:38 - 00012144 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Service.Logger.dll
2015-01-23 06:38 - 2015-01-23 06:38 - 00032616 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WcfService.dll
2014-12-19 05:22 - 2014-12-19 05:22 - 00290816 _____ () C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
2007-02-28 17:34 - 2007-02-28 17:34 - 00643142 _____ () C:\Program Files (x86)\ASUS\SmartDoctor\aticlocklib.dll
2007-03-13 15:46 - 2007-03-13 15:46 - 00007168 _____ () C:\Program Files (x86)\ASUS\SmartDoctor\VOV32.dll
2013-04-12 19:23 - 2013-04-12 19:23 - 00612664 _____ () C:\Program Files (x86)\Panda Security\Panda Security Protection\SQLite3.dll
2013-07-01 07:20 - 2014-11-11 20:47 - 00774656 _____ () E:\Natun pelit\Steam\Steam\SDL2.dll
2015-01-20 07:48 - 2014-12-02 02:29 - 05002752 _____ () E:\Natun pelit\Steam\Steam\v8.dll
2015-01-20 07:48 - 2014-12-02 02:29 - 01612800 _____ () E:\Natun pelit\Steam\Steam\icui18n.dll
2015-01-20 07:48 - 2014-12-02 02:29 - 01210368 _____ () E:\Natun pelit\Steam\Steam\icuuc.dll
2014-05-23 16:43 - 2015-02-19 01:51 - 02360000 _____ () E:\Natun pelit\Steam\Steam\video.dll
2014-08-29 14:58 - 2014-12-01 23:31 - 02396672 _____ () E:\Natun pelit\Steam\Steam\libavcodec-56.dll
2014-08-29 14:58 - 2014-12-01 23:31 - 00442880 _____ () E:\Natun pelit\Steam\Steam\libavutil-54.dll
2014-08-29 14:58 - 2014-12-01 23:31 - 00479744 _____ () E:\Natun pelit\Steam\Steam\libavformat-56.dll
2014-08-29 14:58 - 2014-12-01 23:31 - 00332800 _____ () E:\Natun pelit\Steam\Steam\libavresample-2.dll
2014-08-29 14:58 - 2014-12-01 23:31 - 00485888 _____ () E:\Natun pelit\Steam\Steam\libswscale-3.dll
2013-07-09 16:56 - 2015-02-19 01:51 - 00702656 _____ () E:\Natun pelit\Steam\Steam\bin\chromehtml.DLL
2013-07-09 16:56 - 2015-02-19 01:51 - 00138432 _____ () E:\Natun pelit\Steam\Steam\bin\audio.dll
2013-06-14 14:49 - 2014-11-11 20:48 - 00071680 _____ () E:\Natun pelit\Steam\Steam\bin\mssmp3.asi
2013-06-14 14:49 - 2014-11-11 20:48 - 00153088 _____ () E:\Natun pelit\Steam\Steam\bin\mssvoice.asi
2014-10-05 12:47 - 2009-04-29 19:46 - 01077248 _____ () C:\Program Files (x86)\ASUS\GamerOSD\ImageTransform.dll
2014-10-05 12:47 - 2009-02-17 17:22 - 00184320 _____ () C:\Program Files (x86)\ASUS\GamerOSD\AudioOnVistaDLL.dll
2013-07-09 12:45 - 2015-01-28 03:30 - 34641288 _____ () E:\Natun pelit\Steam\Steam\bin\libcef.dll
2009-08-05 13:45 - 2009-08-05 13:45 - 00931112 _____ () c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
2015-03-13 15:21 - 2015-03-07 08:12 - 01174856 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\libglesv2.dll
2015-03-13 15:21 - 2015-03-07 08:12 - 00080200 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\libegl.dll
2015-03-13 15:21 - 2015-03-07 08:13 - 09279304 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\pdf.dll
2015-02-27 19:39 - 2015-02-27 19:39 - 26065408 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5566\libcef.dll
2015-02-27 19:39 - 2015-02-27 19:39 - 00739840 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5566\libGLESv2.dll
2015-02-27 19:39 - 2015-02-27 19:39 - 00908288 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5566\platforms\qwindows.dll
2015-02-27 19:39 - 2015-02-27 19:39 - 00130048 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5566\libEGL.dll
2015-02-27 19:39 - 2015-02-27 19:39 - 00020992 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5566\imageformats\qgif.dll
2015-02-27 19:39 - 2015-02-27 19:39 - 00021504 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5566\imageformats\qico.dll
2015-02-27 19:39 - 2015-02-27 19:39 - 00205312 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5566\imageformats\qjpeg.dll
2015-02-27 19:39 - 2015-02-27 19:39 - 00225792 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5566\imageformats\qmng.dll
2015-02-27 19:39 - 2015-02-27 19:39 - 00015872 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5566\imageformats\qsvg.dll
2015-02-27 19:39 - 2015-02-27 19:39 - 00312832 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5566\imageformats\qtiff.dll
2015-02-27 19:39 - 2015-02-27 19:39 - 00038400 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5566\audio\qtaudio_windows.dll
2015-02-27 19:39 - 2015-02-27 19:39 - 00010240 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5566\qml\QtQuick.2\qtquick2plugin.dll
2015-02-27 19:39 - 2015-02-27 19:39 - 00054272 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5566\qml\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-02-27 19:39 - 2015-02-27 19:39 - 00010240 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5566\qml\QtQml\Models.2\modelsplugin.dll
2015-02-10 16:27 - 2015-02-10 16:27 - 16852144 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll
2014-11-15 15:41 - 2014-11-26 04:12 - 40622592 _____ () C:\Users\Natu-ti-ti\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libcef.dll
2014-12-19 05:22 - 2014-12-19 05:22 - 00192512 _____ () C:\ProgramData\Razer\Synapse\RzStats\RigWrapper.dll
2014-11-15 15:41 - 2014-11-26 04:12 - 00911360 _____ () C:\Users\Natu-ti-ti\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libglesv2.dll
2014-11-15 15:41 - 2014-11-26 04:12 - 00134144 _____ () C:\Users\Natu-ti-ti\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libegl.dll
2014-08-16 09:48 - 2015-01-28 03:30 - 01709960 _____ () E:\Natun pelit\Steam\Steam\bin\ffmpegsumo.dll
2015-03-13 15:21 - 2015-03-07 08:13 - 14974280 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\PepperFlash\pepflashplayer.dll
2013-05-23 16:27 - 2014-12-19 17:56 - 23950848 _____ () E:\Natun pelit\World of Warcraft\Utils\libcef.dll
2015-03-12 09:05 - 2015-03-12 09:05 - 40506936 _____ () C:\Users\Natu-ti-ti\AppData\Roaming\Spotify\libcef.dll
2015-03-12 09:05 - 2015-03-12 09:05 - 01365560 _____ () C:\Users\Natu-ti-ti\AppData\Roaming\Spotify\libglesv2.dll
2015-03-12 09:05 - 2015-03-12 09:05 - 00219192 _____ () C:\Users\Natu-ti-ti\AppData\Roaming\Spotify\libegl.dll
2015-03-12 09:05 - 2015-03-12 09:05 - 09305656 _____ () C:\Users\Natu-ti-ti\AppData\Roaming\Spotify\pdf.dll
2015-03-12 09:05 - 2015-03-12 09:05 - 00990776 _____ () C:\Users\Natu-ti-ti\AppData\Roaming\Spotify\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3754106926-3601097053-1584288023-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Isukka\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-3754106926-3601097053-1584288023-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\Natu-ti-ti\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 91.194.254.105 - 8.8.8.8
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3754106926-3601097053-1584288023-500 - Administrator - Disabled)
Guest (S-1-5-21-3754106926-3601097053-1584288023-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3754106926-3601097053-1584288023-1002 - Limited - Enabled)
Isukka (S-1-5-21-3754106926-3601097053-1584288023-1001 - Administrator - Enabled) => C:\Users\Isukka
Natu-ti-ti (S-1-5-21-3754106926-3601097053-1584288023-1004 - Limited - Enabled) => C:\Users\Natu-ti-ti
Äittä (S-1-5-21-3754106926-3601097053-1584288023-1005 - Limited - Enabled) => C:\Users\Äittä
 
==================== Faulty Device Manager Devices =============
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/17/2015 07:21:37 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "typelib1".Error in manifest or policy file "typelib2" on line typelib3.
The value "" of attribute "tlbid" in element "typelib" is invalid.
 
Error: (03/13/2015 07:13:56 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "typelib1".Error in manifest or policy file "typelib2" on line typelib3.
The value "" of attribute "tlbid" in element "typelib" is invalid.
 
Error: (03/11/2015 08:50:04 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "typelib1".Error in manifest or policy file "typelib2" on line typelib3.
The value "" of attribute "tlbid" in element "typelib" is invalid.
 
Error: (03/10/2015 02:07:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: payday2_win32_release.exe, version: 0.0.0.0, time stamp: 0x54f98c32
Faulting module name: payday2_win32_release.exe, version: 0.0.0.0, time stamp: 0x54f98c32
Exception code: 0xc0000005
Fault offset: 0x004a71f0
Faulting process id: 0x1cf8
Faulting application start time: 0xpayday2_win32_release.exe0
Faulting application path: payday2_win32_release.exe1
Faulting module path: payday2_win32_release.exe2
Report Id: payday2_win32_release.exe3
 
Error: (03/10/2015 02:07:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: payday2_win32_release.exe, version: 0.0.0.0, time stamp: 0x54f98c32
Faulting module name: payday2_win32_release.exe, version: 0.0.0.0, time stamp: 0x54f98c32
Exception code: 0xc0000005
Fault offset: 0x004a71f0
Faulting process id: 0x263c
Faulting application start time: 0xpayday2_win32_release.exe0
Faulting application path: payday2_win32_release.exe1
Faulting module path: payday2_win32_release.exe2
Report Id: payday2_win32_release.exe3
 
Error: (03/09/2015 07:26:56 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "typelib1".Error in manifest or policy file "typelib2" on line typelib3.
The value "" of attribute "tlbid" in element "typelib" is invalid.
 
Error: (03/08/2015 01:42:15 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "typelib1".Error in manifest or policy file "typelib2" on line typelib3.
The value "" of attribute "tlbid" in element "typelib" is invalid.
 
Error: (03/06/2015 05:58:17 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "typelib1".Error in manifest or policy file "typelib2" on line typelib3.
The value "" of attribute "tlbid" in element "typelib" is invalid.
 
Error: (03/05/2015 07:29:47 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Fallout3.exe version 1.7.0.3 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 4b0
 
Start Time: 01d057665bd809b0
 
Termination Time: 117
 
Application Path: E:\Natun pelit\Steam\Steam\steamapps\common\Fallout 3 goty\Fallout3.exe
 
Report Id:
 
Error: (03/05/2015 06:58:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Fallout3.exe, version: 1.7.0.3, time stamp: 0x4a40f18b
Faulting module name: Fallout3.exe, version: 1.7.0.3, time stamp: 0x4a40f18b
Exception code: 0xc0000005
Fault offset: 0x006ddf7b
Faulting process id: 0x15ac
Faulting application start time: 0xFallout3.exe0
Faulting application path: Fallout3.exe1
Faulting module path: Fallout3.exe2
Report Id: Fallout3.exe3
 
 
System errors:
=============
Error: (03/18/2015 06:52:02 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer USER-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{F626E5B7-DA19-4230-BECD-D80469B43AE2}.
The master browser is stopping or an election is being forced.
 
Error: (03/17/2015 04:19:38 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer USER-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{F626E5B7-DA19-4230-BECD-D80469B43AE2}.
The master browser is stopping or an election is being forced.
 
Error: (03/17/2015 04:14:44 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error: 
%%5
 
Error: (03/16/2015 06:41:51 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer USER-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{F626E5B7-DA19-4230-BECD-D80469B43AE2}.
The master browser is stopping or an election is being forced.
 
Error: (03/16/2015 04:57:12 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer USER-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{F626E5B7-DA19-4230-BECD-D80469B43AE2}.
The master browser is stopping or an election is being forced.
 
Error: (03/16/2015 04:56:12 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureCommand with the following error: 
%%5
 
Error: (03/16/2015 04:56:07 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error: 
%%5
 
Error: (03/16/2015 04:49:29 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error: 
%%5
 
Error: (03/16/2015 04:46:04 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Hi-Rez Studios Authenticate and Update Service service to connect.
 
Error: (03/15/2015 06:29:55 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer USER-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{F626E5B7-DA19-4230-BECD-D80469B43AE2}.
The master browser is stopping or an election is being forced.
 
 
Microsoft Office Sessions:
=========================
Error: (03/17/2015 07:21:37 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: typelibtlbidc:\program files (x86)\hewlett-packard\KBD\OSD\HidKeybd.dll.Manifestc:\program files (x86)\hewlett-packard\KBD\OSD\HidKeybd.dll.Manifest13
 
Error: (03/13/2015 07:13:56 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: typelibtlbidc:\program files (x86)\hewlett-packard\KBD\OSD\HidKeybd.dll.Manifestc:\program files (x86)\hewlett-packard\KBD\OSD\HidKeybd.dll.Manifest13
 
Error: (03/11/2015 08:50:04 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: typelibtlbidc:\program files (x86)\hewlett-packard\KBD\OSD\HidKeybd.dll.Manifestc:\program files (x86)\hewlett-packard\KBD\OSD\HidKeybd.dll.Manifest13
 
Error: (03/10/2015 02:07:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: payday2_win32_release.exe0.0.0.054f98c32payday2_win32_release.exe0.0.0.054f98c32c0000005004a71f01cf801d05b2ac9e31180E:\Natun pelit\Steam\Steam\SteamApps\downloading\218620\payday2_win32_release.exeE:\Natun pelit\Steam\Steam\SteamApps\downloading\218620\payday2_win32_release.exe080e78f0-c71e-11e4-82e0-90e6ba3273ac
 
Error: (03/10/2015 02:07:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: payday2_win32_release.exe0.0.0.054f98c32payday2_win32_release.exe0.0.0.054f98c32c0000005004a71f0263c01d05b2abb182460E:\Natun pelit\Steam\Steam\SteamApps\downloading\218620\payday2_win32_release.exeE:\Natun pelit\Steam\Steam\SteamApps\downloading\218620\payday2_win32_release.exefc6b31a0-c71d-11e4-82e0-90e6ba3273ac
 
Error: (03/09/2015 07:26:56 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: typelibtlbidc:\program files (x86)\hewlett-packard\KBD\OSD\HidKeybd.dll.Manifestc:\program files (x86)\hewlett-packard\KBD\OSD\HidKeybd.dll.Manifest13
 
Error: (03/08/2015 01:42:15 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: typelibtlbidc:\program files (x86)\hewlett-packard\KBD\OSD\HidKeybd.dll.Manifestc:\program files (x86)\hewlett-packard\KBD\OSD\HidKeybd.dll.Manifest13
 
Error: (03/06/2015 05:58:17 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: typelibtlbidc:\program files (x86)\hewlett-packard\KBD\OSD\HidKeybd.dll.Manifestc:\program files (x86)\hewlett-packard\KBD\OSD\HidKeybd.dll.Manifest13
 
Error: (03/05/2015 07:29:47 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Fallout3.exe1.7.0.34b001d057665bd809b0117E:\Natun pelit\Steam\Steam\steamapps\common\Fallout 3 goty\Fallout3.exe
 
Error: (03/05/2015 06:58:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fallout3.exe1.7.0.34a40f18bFallout3.exe1.7.0.34a40f18bc0000005006ddf7b15ac01d057656d7a9d50E:\Natun pelit\Steam\Steam\steamapps\common\Fallout 3 goty\Fallout3.exeE:\Natun pelit\Steam\Steam\steamapps\common\Fallout 3 goty\Fallout3.exec7d1c7b0-c358-11e4-bce0-90e6ba3273ac
 
 
==================== Memory info =========================== 
 
Processor: AMD Athlon™ II X4 620 Processor
Percentage of memory in use: 53%
Total physical RAM: 8191.24 MB
Available physical RAM: 3778.98 MB
Total Pagefile: 16380.66 MB
Available Pagefile: 9786.04 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
 
==================== Drives ================================
 
Drive c: (HP) (Fixed) (Total:581.14 GB) (Free:484.87 GB) NTFS
Drive d: (FACTORY_IMAGE) (Fixed) (Total:14.93 GB) (Free:2.6 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (Natun pelit) (Fixed) (Total:596.17 GB) (Free:144.77 GB) NTFS
Drive l: (LaCie) (Fixed) (Total:465.76 GB) (Free:278.08 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 596.2 GB) (Disk ID: 9BD15BAD)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=581.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=14.9 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 596.2 GB) (Disk ID: 51035BE1)
Partition 1: (Not Active) - (Size=596.2 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 2B0B6D89)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK it does look as though Chrome is infected so we will need to remove that, tidy up and then reinstall. You will probably need to do the same for your mother

Uninstall Chrome

1. If you have bookmarks, let's save them by exporting them - Export Bookmarks
2. Then I need you to go Google Sync and sign into your account
3. Scroll down until you see the "Stop and Clear" button and click on the button. At the prompt click on "Ok"
4. Now we need to uninstall chrome.

Note: When asked about user data or settings you must remove this also so please check the box.

THEN

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
HKU\S-1-5-21-3754106926-3601097053-1584288023-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [1380672 2015-01-23] (Lavasoft)
HKU\S-1-5-21-3754106926-3601097053-1584288023-1004\...\Run: [GoogleChromeAutoLaunch_472E157AE31CC1F6E6CC995C5C42B336] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [809288 2015-03-07] (Google Inc.)
Winsock: Catalog9 01 C:\Windows\SysWOW64\LavasoftTcpService.dll [332216] (Lavasoft Limited)
Winsock: Catalog9 02 C:\Windows\SysWOW64\LavasoftTcpService.dll [332216] (Lavasoft Limited)
Winsock: Catalog9 03 C:\Windows\SysWOW64\LavasoftTcpService.dll [332216] (Lavasoft Limited)
Winsock: Catalog9 04 C:\Windows\SysWOW64\LavasoftTcpService.dll [332216] (Lavasoft Limited)
Winsock: Catalog9 15 C:\Windows\SysWOW64\LavasoftTcpService.dll [332216] (Lavasoft Limited)
Winsock: Catalog9-x64 01 C:\Windows\system32\LavasoftTcpService64.dll [378832] (Lavasoft Limited)
Winsock: Catalog9-x64 02 C:\Windows\system32\LavasoftTcpService64.dll [378832] (Lavasoft Limited)
Winsock: Catalog9-x64 03 C:\Windows\system32\LavasoftTcpService64.dll [378832] (Lavasoft Limited)
Winsock: Catalog9-x64 04 C:\Windows\system32\LavasoftTcpService64.dll [378832] (Lavasoft Limited)
Winsock: Catalog9-x64 15 C:\Windows\system32\LavasoftTcpService64.dll [378832] (Lavasoft Limited)
R2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.1.4\LavasoftTcpService.exe [1364392 2015-01-23] (Lavasoft Limited)
R2 SearchProtectionService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [15208 2015-01-23] ()
2014-10-05 10:31 - 2014-10-05 10:31 - 0000019 _____ () C:\Users\Isukka\AppData\Local\Run.ini
Task: {D1A314BA-B46E-4DCE-B1EE-65EC5B229481} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-30] (Google Inc.)
Task: {E8ABF4D2-C75C-4E40-AC42-03C3AE613BCB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-30] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Users\Natu-ti-ti\jagex_cl_oldschool_LIVE.dat
C:\Users\Natu-ti-ti\jagex_cl_runescape_LIVE.dat
C:\Users\Natu-ti-ti\jagex_cl_speccollect_LIVE.dat
C:\Users\Natu-ti-ti\random.dat
C:\Users\Isukka\AppData\Local\Google\Chrome
C:\Program Files (x86)\Google\Chrome
C:\Program Files (x86)\Lavasoft
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that

FINALLY

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S0].txt as well.

  • 0

#5
Samyaza

Samyaza

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts

Hello, thank you for your help!

After I had done everything you told me to, at first Chrome seemed to be fine, no popups appeared or anything.

But later the same day, the popups were all back, and now it's just as bad as it was.

I didn't try cleaning my mother's laptop yet, I will try that too. Can I use the same notepad fix file on her computer?

 

 

Here is the Fixlog:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by Natu-ti-ti at 2015-03-20 10:19:31 Run:1
Running from C:\Users\Natu-ti-ti\Downloads
Loaded Profiles: Natu-ti-ti (Available profiles: Isukka & Natu-ti-ti & Äittä)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
CreateRestorePoint:
HKU\S-1-5-21-3754106926-3601097053-1584288023-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [1380672 2015-01-23] (Lavasoft)
HKU\S-1-5-21-3754106926-3601097053-1584288023-1004\...\Run: [GoogleChromeAutoLaunch_472E157AE31CC1F6E6CC995C5C42B336] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [809288 2015-03-07] (Google Inc.)
Winsock: Catalog9 01 C:\Windows\SysWOW64\LavasoftTcpService.dll [332216] (Lavasoft Limited)
Winsock: Catalog9 02 C:\Windows\SysWOW64\LavasoftTcpService.dll [332216] (Lavasoft Limited)
Winsock: Catalog9 03 C:\Windows\SysWOW64\LavasoftTcpService.dll [332216] (Lavasoft Limited)
Winsock: Catalog9 04 C:\Windows\SysWOW64\LavasoftTcpService.dll [332216] (Lavasoft Limited)
Winsock: Catalog9 15 C:\Windows\SysWOW64\LavasoftTcpService.dll [332216] (Lavasoft Limited)
Winsock: Catalog9-x64 01 C:\Windows\system32\LavasoftTcpService64.dll [378832] (Lavasoft Limited)
Winsock: Catalog9-x64 02 C:\Windows\system32\LavasoftTcpService64.dll [378832] (Lavasoft Limited)
Winsock: Catalog9-x64 03 C:\Windows\system32\LavasoftTcpService64.dll [378832] (Lavasoft Limited)
Winsock: Catalog9-x64 04 C:\Windows\system32\LavasoftTcpService64.dll [378832] (Lavasoft Limited)
Winsock: Catalog9-x64 15 C:\Windows\system32\LavasoftTcpService64.dll [378832] (Lavasoft Limited)
R2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.1.4\LavasoftTcpService.exe [1364392 2015-01-23] (Lavasoft Limited)
R2 SearchProtectionService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [15208 2015-01-23] ()
2014-10-05 10:31 - 2014-10-05 10:31 - 0000019 _____ () C:\Users\Isukka\AppData\Local\Run.ini
Task: {D1A314BA-B46E-4DCE-B1EE-65EC5B229481} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-30] (Google Inc.)
Task: {E8ABF4D2-C75C-4E40-AC42-03C3AE613BCB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-30] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Users\Natu-ti-ti\jagex_cl_oldschool_LIVE.dat
C:\Users\Natu-ti-ti\jagex_cl_runescape_LIVE.dat
C:\Users\Natu-ti-ti\jagex_cl_speccollect_LIVE.dat
C:\Users\Natu-ti-ti\random.dat
C:\Users\Isukka\AppData\Local\Google\Chrome
C:\Program Files (x86)\Google\Chrome
C:\Program Files (x86)\Lavasoft
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
CMD: bitsadmin /reset /allusers
 
*****************
 
Error: (0) Failed to create a restore point.
HKU\S-1-5-21-3754106926-3601097053-1584288023-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Web Companion => Value not found.
HKU\S-1-5-21-3754106926-3601097053-1584288023-1004\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_472E157AE31CC1F6E6CC995C5C42B336 => Value not found.
Winsock: Catalog entry 000000000001 => Not found.
Winsock: Catalog entry 000000000002 => Not found.
Winsock: Catalog entry 000000000003 => Not found.
Winsock: Catalog entry 000000000004 => Not found.
Winsock: Catalog entry 000000000015 => Not found.
Winsock: Catalog entry 000000000001 => Not found.
Winsock: Catalog entry 000000000002 => Not found.
Winsock: Catalog entry 000000000003 => Not found.
Winsock: Catalog entry 000000000004 => Not found.
Winsock: Catalog entry 000000000015 => Not found.
LavasoftTcpService => Unable to stop service
LavasoftTcpService => Error deleting Service
SearchProtectionService => Unable to stop service
SearchProtectionService => Error deleting Service
"C:\Users\Isukka\AppData\Local\Run.ini" => File/Directory not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D1A314BA-B46E-4DCE-B1EE-65EC5B229481} => Key could not be deleted. Access denied.
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA => Key could not be deleted. Access denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E8ABF4D2-C75C-4E40-AC42-03C3AE613BCB} => Key could not be deleted. Access denied.
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore => Key could not be deleted. Access denied.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job not found.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job not found.
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" => File/Directory not found.
C:\Users\Natu-ti-ti\jagex_cl_oldschool_LIVE.dat => Moved successfully.
C:\Users\Natu-ti-ti\jagex_cl_runescape_LIVE.dat => Moved successfully.
C:\Users\Natu-ti-ti\jagex_cl_speccollect_LIVE.dat => Moved successfully.
C:\Users\Natu-ti-ti\random.dat => Moved successfully.
"C:\Users\Isukka\AppData\Local\Google\Chrome" => File/Directory not found.
"C:\Program Files (x86)\Google\Chrome" => File/Directory not found.
 
"C:\Program Files (x86)\Lavasoft" directory move:
 
Could not move "C:\Program Files (x86)\Lavasoft" directory. => Scheduled to move on reboot.
 
 
========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
 
ERROR: Access is denied.
 
 
 
========= End of Reg: =========
 
 
========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
 
ERROR: Access is denied.
 
 
 
========= End of Reg: =========
 
 
========= RemoveProxy: =========
 
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Value could not be deleted.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Value could not be deleted.
HKU\S-1-5-21-3754106926-3601097053-1584288023-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
HKU\S-1-5-21-3754106926-3601097053-1584288023-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.
 
 
========= End of RemoveProxy: =========
 
 
=========  netsh advfirewall reset =========
 
The requested operation requires elevation (Run as administrator).
 
 
========= End of CMD: =========
 
 
=========  netsh advfirewall set allprofiles state ON =========
 
The requested operation requires elevation (Run as administrator).
 
 
========= End of CMD: =========
 
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
=========  netsh winsock reset catalog =========
 
The requested operation requires elevation (Run as administrator).
 
 
========= End of CMD: =========
 
 
=========  netsh int ip reset c:\resetlog.txt =========
 
Reseting Global, failed.
The requested operation requires elevation (Run as administrator).
Reseting Interface, failed.
The requested operation requires elevation (Run as administrator).
There's no user specified settings to be reset.
 
 
========= End of CMD: =========
 
 
=========  ipconfig /release =========
 
 
Windows IP Configuration
 
 
Ethernet adapter Local Area Connection:
 
   Connection-specific DNS Suffix  . : 
   Link-local IPv6 Address . . . . . : fe80::11b0:ac1f:b427:19f5%10
   Default Gateway . . . . . . . . . : 
 
========= End of CMD: =========
 
 
=========  ipconfig /renew =========
 
 
Windows IP Configuration
 
 
Ethernet adapter Local Area Connection:
 
   Connection-specific DNS Suffix  . : 
   Link-local IPv6 Address . . . . . : fe80::11b0:ac1f:b427:19f5%10
   IPv4 Address. . . . . . . . . . . : 192.168.11.6
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.11.1
 
========= End of CMD: =========
 
 
=========  netsh int ipv4 reset =========
 
Reseting Global, failed.
The requested operation requires elevation (Run as administrator).
Reseting Interface, failed.
The requested operation requires elevation (Run as administrator).
There's no user specified settings to be reset.
 
 
========= End of CMD: =========
 
 
=========  netsh int ipv6 reset =========
 
Reseting Interface, failed.
The requested operation requires elevation (Run as administrator).
There's no user specified settings to be reset.
 
 
========= End of CMD: =========
 
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
Unable to enum jobs - 0x80070005
 
========= End of CMD: =========
 
EmptyTemp: => Removed 504.4 MB temporary data.
 
 
 
 
 
 
 
 
And here's the AdwCleaner logfile:
 
# AdwCleaner v4.112 - Logfile created 20/03/2015 at 12:03:33
# Updated 09/03/2015 by Xplode
# Database : 2015-03-15.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Isukka - ISUKKA-PC
# Running from : C:\Users\Natu-ti-ti\Downloads\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Program Files (x86)\Common Files\Software Update Utility
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17689
 
 
*************************
 
AdwCleaner[R0].txt - [4516 bytes] - [20/03/2015 12:01:06]
AdwCleaner[S0].txt - [4434 bytes] - [20/03/2015 12:03:33]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4493  bytes] ##########
 

  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you confirm that you did the following :

2. Then I need you to go Google Sync and sign into your account
3. Scroll down until you see the "Stop and Clear" button and click on the button. At the prompt click on "Ok"

As my estimation is that when you ran the clean copy of chrome you were re-infected from the synch

Your mother will require a computer specific fix, we can do that when you are clean

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here NSIS_extraction.png
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.
  • Notes:
    1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

    3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


    Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

  • 0

#7
Samyaza

Samyaza

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts

Yes, I did clear Google Sync, but apparently it didn't do any good.

 

I had some trouble with ComboFix, it ran fine, but after the reboot I had the window flashing continuously on my screen, and I couldn't do anything, so I rebooted my computer again. Same thing happened, so I pressed ctrl+alt+del and switched to another user, and waited for ComboFix to create a fixlog file. I didn't realise it would be in Finnish though (my OS is in Finnish, so that's why), is this a problem?

 

Nothing's been fixed so far, I still get the same popups.

I forgot to point out that my sister was visiting around two weeks ago, and she brought her laptop with her. As soon as she connected to our home wifi on her computer, she got the exact same viruses. My father's computer, which he rarely uses, also seems to be infected.

 

 

Here's the fixlog:

 

 

ComboFix 15-03-14.03 - Isukka 22.03.2015  16:01:30.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.358.1033.18.8191.5063 [GMT 2:00]
Sijainti: c:\users\Natu-ti-ti\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AV: Panda Internet Security 2015 *Disabled/Updated* {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
FW: Panda Firewall *Enabled* {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}
SP: Microsoft Security Essentials *Disabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Panda Internet Security 2015 *Disabled/Updated* {8F3797EF-DB90-F073-3C72-40C753554CD1}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((   Muut poistot   ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
E:\install.exe
.
.
(((((   Tiedostot, jotka on luotu seuraavalla aikavälillä: 2015-02-22 to 2015-03-22  )))))))))))))))))
.
.
2015-03-22 14:58 . 2015-01-29 17:21 61712 ----a-w- c:\windows\system32\drivers\PSKMAD.sys
2015-03-22 14:54 . 2015-03-22 15:01 -------- d-----w- c:\users\Isukka\AppData\Local\temp
2015-03-22 10:08 . 2015-01-29 09:07 11910896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F7CA850C-2ECC-4EC6-AC2C-E2D4800AB18B}\mpengine.dll
2015-03-21 13:54 . 2015-03-21 13:53 447752 ----a-w- c:\windows\SysWow64\vp6vfw.dll
2015-03-21 10:36 . 2015-03-21 10:37 -------- d-----w- c:\users\Natu-ti-ti\AppData\Local\PAYDAY 2
2015-03-21 10:36 . 2015-03-21 10:36 -------- d-----w- c:\program files (x86)\AGEIA Technologies
2015-03-21 09:34 . 2014-09-13 20:13 613696 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2015-03-21 09:17 . 2015-01-29 09:07 11910896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-03-20 10:00 . 2015-03-20 10:03 -------- d-----w- C:\AdwCleaner
2015-03-18 17:50 . 2015-03-20 08:20 -------- d-----w- C:\FRST
2015-03-11 16:52 . 2015-02-21 01:16 25021440 ----a-w- c:\windows\system32\mshtml.dll
2015-03-11 14:22 . 2015-03-06 05:56 95680 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2015-03-11 14:18 . 2015-02-03 03:31 1424896 ----a-w- c:\windows\system32\WindowsCodecs.dll
2015-03-11 14:18 . 2015-02-03 03:12 1230848 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2015-03-11 14:18 . 2015-02-26 03:25 3204096 ----a-w- c:\windows\system32\win32k.sys
2015-03-11 14:16 . 2015-02-20 04:41 41984 ----a-w- c:\windows\system32\lpk.dll
2015-03-11 14:16 . 2015-02-20 03:29 372224 ----a-w- c:\windows\system32\atmfd.dll
2015-03-11 14:16 . 2015-02-20 03:09 299008 ----a-w- c:\windows\SysWow64\atmfd.dll
2015-03-11 14:16 . 2015-02-20 04:40 100864 ----a-w- c:\windows\system32\fontsub.dll
2015-03-11 14:16 . 2015-02-20 04:40 14336 ----a-w- c:\windows\system32\dciman32.dll
2015-03-11 14:16 . 2015-02-20 04:40 46080 ----a-w- c:\windows\system32\atmlib.dll
2015-03-11 14:16 . 2015-02-20 04:13 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2015-03-11 14:16 . 2015-02-20 04:13 10240 ----a-w- c:\windows\SysWow64\dciman32.dll
2015-03-11 14:16 . 2015-02-20 04:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2015-03-11 14:16 . 2015-02-20 04:12 25600 ----a-w- c:\windows\SysWow64\lpk.dll
2015-03-11 14:13 . 2015-02-03 03:31 215552 ----a-w- c:\windows\system32\ubpm.dll
2015-03-11 14:13 . 2015-02-03 03:12 171520 ----a-w- c:\windows\SysWow64\ubpm.dll
2015-03-11 14:13 . 2015-02-13 05:22 14177280 ----a-w- c:\windows\system32\shell32.dll
2015-03-11 14:12 . 2015-01-17 02:48 1067520 ----a-w- c:\windows\system32\msctf.dll
2015-03-11 14:12 . 2015-01-17 02:30 828928 ----a-w- c:\windows\SysWow64\msctf.dll
2015-03-11 13:52 . 2015-02-04 03:16 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2015-03-11 13:52 . 2015-02-04 02:54 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2015-03-10 09:41 . 2015-03-10 09:41 -------- d-----w- c:\users\Natu-ti-ti\AppData\Roaming\Panda Security
2015-03-10 09:40 . 2015-03-10 09:41 -------- d-----w- c:\program files (x86)\Panda Security
2015-03-10 09:33 . 2015-03-10 09:41 -------- d-----w- c:\programdata\Panda Security
2015-03-09 15:46 . 2015-03-09 15:46 -------- d-----w- C:\NVIDIA
2015-03-06 17:50 . 2015-03-06 17:50 -------- d-----w- c:\program files (x86)\TurboTop
2015-02-25 19:03 . 2015-02-25 19:03 107792 ----a-w- c:\windows\system32\drivers\PSINReg.sys
2015-02-25 19:03 . 2015-02-25 19:03 197392 ----a-w- c:\windows\system32\drivers\PSINKNC.sys
2015-02-25 19:03 . 2015-02-25 19:03 133904 ----a-w- c:\windows\system32\drivers\PSINProt.sys
2015-02-25 19:03 . 2015-02-25 19:03 124176 ----a-w- c:\windows\system32\drivers\PSINProc.sys
2015-02-25 19:03 . 2015-02-25 19:03 163088 ----a-w- c:\windows\system32\drivers\PSINAflt.sys
2015-02-25 19:03 . 2015-02-25 19:03 121616 ----a-w- c:\windows\system32\drivers\PSINFile.sys
2015-02-25 19:03 . 2015-01-09 03:14 29696 ----a-w- c:\windows\system32\powertracker.dll
2015-02-25 19:03 . 2015-01-09 03:14 91136 ----a-w- c:\windows\system32\wdi.dll
2015-02-25 19:03 . 2015-01-09 03:14 950272 ----a-w- c:\windows\system32\perftrack.dll
2015-02-25 19:03 . 2015-01-09 02:48 76800 ----a-w- c:\windows\SysWow64\wdi.dll
2015-02-21 10:32 . 2014-10-05 08:49 1188440 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E4154F94-15AE-4FF0-AC9F-0EF805B49032}\gapaengine.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M-raportti   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-03-11 19:22 . 2014-10-07 05:09 122905848 ----a-w- c:\windows\system32\MRT.exe
2015-03-03 13:17 . 2014-10-05 08:49 295552 ------w- c:\windows\system32\MpSigStub.exe
2015-02-15 00:40 . 2015-02-15 00:40 381440 ----a-w- c:\windows\mod_frst.exe
2015-02-10 14:27 . 2015-01-30 08:54 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-02-10 14:27 . 2015-01-30 08:54 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-02-10 14:27 . 2015-02-05 15:27 18129584 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2015-02-09 21:13 . 2015-02-09 21:13 106256 ----a-w- c:\windows\system32\drivers\NNStlsc.sys
2015-02-09 21:13 . 2015-02-09 21:13 257296 ----a-w- c:\windows\system32\drivers\NNSStrm.sys
2015-02-09 21:13 . 2015-02-09 21:13 113424 ----a-w- c:\windows\system32\drivers\NNSSmtp.sys
2015-02-09 21:13 . 2015-02-09 21:13 299792 ----a-w- c:\windows\system32\drivers\NNSProt.sys
2015-02-09 21:13 . 2015-02-09 21:13 166160 ----a-w- c:\windows\system32\drivers\NNSPrv.sys
2015-02-09 21:13 . 2015-02-09 21:13 69904 ----a-w- c:\windows\system32\drivers\NNSPihsw.sys
2015-02-09 21:13 . 2015-02-09 21:13 124176 ----a-w- c:\windows\system32\drivers\NNSPop3.sys
2015-02-09 21:13 . 2015-02-09 21:13 99600 ----a-w- c:\windows\system32\drivers\NNSpicc.sys
2015-02-09 21:13 . 2015-02-09 21:13 202000 ----a-w- c:\windows\system32\drivers\NNSHttp.sys
2015-02-09 21:13 . 2015-02-09 21:13 116496 ----a-w- c:\windows\system32\drivers\NNSIds.sys
2015-02-09 21:13 . 2015-02-09 21:13 110864 ----a-w- c:\windows\system32\drivers\NNSHttps.sys
2015-02-09 21:13 . 2015-02-09 21:13 93968 ----a-w- c:\windows\system32\drivers\NNSAlpc.sys
2015-02-05 21:01 . 2015-02-11 13:24 1895240 ----a-w- c:\windows\system32\nvdispco6434752.dll
2015-02-05 21:01 . 2015-02-11 13:24 1557648 ----a-w- c:\windows\system32\nvdispgenco6434752.dll
2015-02-05 19:07 . 2015-02-11 13:27 2558792 ----a-w- c:\windows\system32\nvsvcr.dll
2015-02-04 03:16 . 2015-02-11 13:30 609280 ----a-w- c:\windows\system32\generaltel.dll
2015-02-04 03:16 . 2015-02-11 13:30 762368 ----a-w- c:\windows\system32\invagent.dll
2015-02-04 03:16 . 2015-02-11 13:30 414720 ----a-w- c:\windows\system32\devinv.dll
2015-02-04 03:16 . 2015-02-11 13:30 894976 ----a-w- c:\windows\system32\appraiser.dll
2015-02-04 03:16 . 2015-02-11 13:30 227328 ----a-w- c:\windows\system32\aepdu.dll
2015-02-04 03:16 . 2015-02-11 13:30 192000 ----a-w- c:\windows\system32\aepic.dll
2015-02-04 03:13 . 2015-02-11 13:30 1098752 ----a-w- c:\windows\system32\aeinv.dll
2015-02-01 17:07 . 2015-02-01 17:07 30424 ----a-w- c:\windows\system32\drivers\ggsomc.sys
2015-02-01 17:07 . 2015-02-01 17:07 16088 ----a-w- c:\windows\system32\drivers\ggflt.sys
2015-01-30 08:32 . 2015-01-30 08:32 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-01-27 23:36 . 2015-02-11 13:30 1239720 ----a-w- c:\windows\system32\aitstatic.exe
2015-01-23 04:39 . 2015-01-31 14:31 378832 ----a-w- c:\windows\system32\LavasoftTcpService64.dll
2015-01-23 04:39 . 2015-01-31 14:31 332216 ----a-w- c:\windows\SysWow64\LavasoftTcpService.dll
2015-01-03 08:11 . 2015-01-03 08:14 52856 ------w- c:\windows\system32\drivers\PxHlpa64.sys
2015-01-03 08:11 . 2015-01-03 08:14 129784 ------w- c:\windows\SysWow64\pxafs.dll
2015-01-03 08:11 . 2015-01-03 08:14 118520 ------w- c:\windows\SysWow64\pxinsi64.exe
2015-01-03 08:11 . 2015-01-03 08:14 116472 ------w- c:\windows\SysWow64\pxcpyi64.exe
2015-01-03 08:11 . 2015-01-03 08:14 10488 ------w- c:\windows\system32\drivers\cdralw2k.sys
2015-01-03 08:11 . 2015-01-03 08:14 10488 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2014-12-31 11:39 . 2014-12-31 11:39 48400 ----a-w- c:\windows\system32\drivers\NNSNAHSL.sys
2014-12-30 09:35 . 2014-12-30 09:35 39592 ----a-w- c:\windows\system32\drivers\rzendpt.sys
2014-12-30 09:35 . 2014-12-30 09:35 177832 ----a-w- c:\windows\system32\drivers\rzudd.sys
2014-12-30 09:28 . 2014-12-30 09:28 990720 ----a-w- c:\windows\SysWow64\rzdevicedll.dll
2014-12-30 09:28 . 2014-12-30 09:28 78848 ----a-w- c:\windows\SysWow64\rzvirtualdev.dll
2014-12-30 09:28 . 2014-12-30 09:28 89088 ----a-w- c:\windows\SysWow64\rzdevinfo.dll
2014-12-30 09:28 . 2014-12-30 09:28 155136 ----a-w- c:\windows\SysWow64\rztouchdll.dll
2014-12-30 09:28 . 2014-12-30 09:28 117248 ----a-w- c:\windows\SysWow64\rzdisplaydll.dll
2014-12-30 09:28 . 2014-12-30 09:28 419840 ----a-w- c:\windows\SysWow64\rzaudiodll.dll
.
.
((((((((((((((((((((((((((((((   Rekisterin käynnistyskohteet   )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-07-15 1668664]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2015-01-20 7404312]
"Web Companion"="c:\program files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe" [2015-01-23 1380672]
"Sony PC Companion"="c:\program files (x86)\Sony\Sony PC Companion\PCCompanion.exe" [2014-11-27 466144]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"KBD"="c:\program files (x86)\Hewlett-Packard\KBD\LaunchApp.exe" [2009-03-30 364032]
"OSD"="c:\program files (x86)\Hewlett-Packard\KBD\OSD\OSD.exe" [2009-03-30 282624]
"HP Remote Solution"="c:\program files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe" [2009-05-26 656896]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2009-06-22 60464]
"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"ASUSGamerOSD"="c:\program files (x86)\ASUS\GamerOSD\GamerOSD.exe" [2009-07-30 380928]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-12-19 1022152]
"Razer Synapse"="c:\program files (x86)\Razer\Synapse\RzSynapse.exe" [2015-01-06 585536]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2013-03-10 88984]
"PSUAMain"="c:\program files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe" [2015-02-26 40184]
.
c:\users\Natu-ti-ti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2014-10-18 0]
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2014-9-17 36536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [x]
R3 ggflt;SOMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys;c:\windows\SYSNATIVE\DRIVERS\ggflt.sys [x]
R3 ggsomc;SOMC USB Flash Driver;c:\windows\system32\DRIVERS\ggsomc.sys;c:\windows\SYSNATIVE\DRIVERS\ggsomc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 Origin Client Service;Origin Client Service;c:\program files (x86)\Origin\OriginClientService.exe;c:\program files (x86)\Origin\OriginClientService.exe [x]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 EIO64;EIO Driver;c:\windows\system32\DRIVERS\EIO64.sys;c:\windows\SYSNATIVE\DRIVERS\EIO64.sys [x]
S1 NNSALPC;NNSALPC;c:\windows\system32\DRIVERS\NNSAlpc.sys;c:\windows\SYSNATIVE\DRIVERS\NNSAlpc.sys [x]
S1 NNSHTTP;NNSHTTP;c:\windows\system32\DRIVERS\NNSHttp.sys;c:\windows\SYSNATIVE\DRIVERS\NNSHttp.sys [x]
S1 NNSHTTPS;NNSHTTPS;c:\windows\system32\DRIVERS\NNSHttps.sys;c:\windows\SYSNATIVE\DRIVERS\NNSHttps.sys [x]
S1 NNSIDS;NNSIDS;c:\windows\system32\DRIVERS\NNSIds.sys;c:\windows\SYSNATIVE\DRIVERS\NNSIds.sys [x]
S1 NNSNAHSL;Network Activity Hook Server LightWeight Filter Driver;c:\windows\system32\DRIVERS\NNSNAHSL.sys;c:\windows\SYSNATIVE\DRIVERS\NNSNAHSL.sys [x]
S1 NNSPICC;NNSPICC;c:\windows\system32\DRIVERS\NNSPicc.sys;c:\windows\SYSNATIVE\DRIVERS\NNSPicc.sys [x]
S1 NNSPIHSW;NNSPIHSW;c:\windows\system32\DRIVERS\NNSPihsw.sys;c:\windows\SYSNATIVE\DRIVERS\NNSPihsw.sys [x]
S1 NNSPOP3;NNSPOP3;c:\windows\system32\DRIVERS\NNSPop3.sys;c:\windows\SYSNATIVE\DRIVERS\NNSPop3.sys [x]
S1 NNSPROT;NNSPROT;c:\windows\system32\DRIVERS\NNSProt.sys;c:\windows\SYSNATIVE\DRIVERS\NNSProt.sys [x]
S1 NNSPRV;NNSPRV;c:\windows\system32\DRIVERS\NNSPrv.sys;c:\windows\SYSNATIVE\DRIVERS\NNSPrv.sys [x]
S1 NNSSMTP;NNSSMTP;c:\windows\system32\DRIVERS\NNSSmtp.sys;c:\windows\SYSNATIVE\DRIVERS\NNSSmtp.sys [x]
S1 NNSSTRM;NNSSTRM;c:\windows\system32\DRIVERS\NNSStrm.sys;c:\windows\SYSNATIVE\DRIVERS\NNSStrm.sys [x]
S1 NNSTLSC;NNSTLSC;c:\windows\system32\DRIVERS\NNSTlsc.sys;c:\windows\SYSNATIVE\DRIVERS\NNSTlsc.sys [x]
S1 PSINKNC;PSINKNC;c:\windows\system32\DRIVERS\psinknc.sys;c:\windows\SYSNATIVE\DRIVERS\psinknc.sys [x]
S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/09/25 05:04];c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl;c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl [x]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe;c:\program files\HitmanPro\hmpsched.exe [x]
S2 HPBtnSrv;HP Easy Backup Button Service;c:\program files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe;c:\program files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe [x]
S2 LavasoftTcpService;LavasoftTcpService;c:\program files (x86)\Lavasoft\Web Companion\TcpService\2.3.1.4\LavasoftTcpService.exe;c:\program files (x86)\Lavasoft\Web Companion\TcpService\2.3.1.4\LavasoftTcpService.exe [x]
S2 NanoServiceMain;Panda Protection Service;c:\program files (x86)\Panda Security\Panda Security Protection\PSANHost.exe;c:\program files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 PandaAgent;Panda Devices Agent;c:\program files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe;c:\program files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [x]
S2 PSINAflt;PSINAflt;c:\windows\system32\DRIVERS\PSINAflt.sys;c:\windows\SYSNATIVE\DRIVERS\PSINAflt.sys [x]
S2 PSINFile;PSINFile;c:\windows\system32\DRIVERS\PSINFile.sys;c:\windows\SYSNATIVE\DRIVERS\PSINFile.sys [x]
S2 PSINProc;PSINProc;c:\windows\system32\DRIVERS\PSINProc.sys;c:\windows\SYSNATIVE\DRIVERS\PSINProc.sys [x]
S2 PSINProt;PSINProt;c:\windows\system32\DRIVERS\PSINProt.sys;c:\windows\SYSNATIVE\DRIVERS\PSINProt.sys [x]
S2 PSINReg;PSINReg;c:\windows\system32\DRIVERS\PSINReg.sys;c:\windows\SYSNATIVE\DRIVERS\PSINReg.sys [x]
S2 PSUAService;Panda Product Service;c:\program files (x86)\Panda Security\Panda Security Protection\PSUAService.exe;c:\program files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [x]
S2 Razer Game Scanner Service;Razer Game Scanner;c:\program files (x86)\Razer\Razer Services\GSS\GameScannerService.exe;c:\program files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [x]
S2 rzpmgrk;rzpmgrk;c:\windows\system32\drivers\rzpmgrk.sys;c:\windows\SYSNATIVE\drivers\rzpmgrk.sys [x]
S2 rzpnk;rzpnk;c:\windows\system32\drivers\rzpnk.sys;c:\windows\SYSNATIVE\drivers\rzpnk.sys [x]
S2 SearchProtectionService;IE Search Set;c:\program files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe;c:\program files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 AVER_H193;AVerMedia H193 Video Capture;c:\windows\system32\drivers\AVer888RC_64.sys;c:\windows\SYSNATIVE\drivers\AVer888RC_64.sys [x]
S3 CXCIR;AVerMedia Consumer Infrared Receiver;c:\windows\system32\DRIVERS\AVer888RCIR_64.sys;c:\windows\SYSNATIVE\DRIVERS\AVer888RCIR_64.sys [x]
S3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys;c:\windows\SYSNATIVE\drivers\hitmanpro37.sys [x]
S3 IOMap;IOMap;c:\windows\system32\drivers\IOMap64.sys;c:\windows\SYSNATIVE\drivers\IOMap64.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 rzendpt;rzendpt;c:\windows\system32\DRIVERS\rzendpt.sys;c:\windows\SYSNATIVE\DRIVERS\rzendpt.sys [x]
S3 rzudd;Razer Mouse Driver;c:\windows\system32\DRIVERS\rzudd.sys;c:\windows\SYSNATIVE\DRIVERS\rzudd.sys [x]
.
.
--- Muut muistissa olevat ajurit/palvelut ---
.
*NewlyCreated* - HITMANPRO37
*Deregistered* - PSKMAD
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-03-20 09:14 1061704 ----a-w- c:\program files (x86)\Google\Chrome\Application\41.0.2272.101\Installer\chrmstp.exe
.
'Ajoitetut tehtävät'-kansion sisältö
.
2015-03-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-30 14:27]
.
2015-03-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-03-20 09:13]
.
2015-03-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-03-20 09:13]
.
2014-10-05 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-06-10 11:04]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-07-08 610360]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-01-30 1332296]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-12-13 2531472]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-12-13 2824504]
.
------- Täydentävä tarkistus -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_FI&c=94&bd=Pavilion&pf=cndt
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 91.194.254.105 8.8.8.8
.
- - - - POISTETUT JÄMÄRIVIT - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- LUKITUT REKISTERIAVAIMET ---------------------
.
[HKEY_USERS\S-1-5-21-3754106926-3601097053-1584288023-1004\Software\Microsoft\Windows\CurrentVersion\Run]
@DACL=(02 0000)
"Spotify Web Helper"="\"c:\\Users\\Natu-ti-ti\\AppData\\Roaming\\Spotify\\SpotifyWebHelper.exe\""
"Battle.net"="\"c:\\Program Files (x86)\\Battle.net\\Battle.net Launcher.exe\" --autostarted"
"puush"="c:\\Program Files (x86)\\puush\\puush.exe"
"Steam"="\"e:\\Natun pelit\\Steam\\Steam\\steam.exe\" -silent"
"CCleaner Monitoring"="\"c:\\Program Files\\CCleaner\\CCleaner64.exe\" /MONITOR"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.16"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Muut prosessit ------------------------
.
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\SysWOW64\ASDR.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files (x86)\ASUS\SmartDoctor\SmartDoctor.exe
c:\program files (x86)\Hewlett-Packard\KBD\kbd.exe
c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
c:\program files (x86)\ASUS\SmartDoctor\SmartDoctor.exe
.
**************************************************************************
.
Valmistumisajankohta: 2015-03-22  17:08:16 - kone käynnistettiin uudelleen
ComboFix-quarantined-files.txt  2015-03-22 15:08
.
Ennen ajoa: 513 559 859 200 bytes free
Ajon jälkeen: 512 805 621 760 bytes free
.
- - End Of File - - 0D126BDE32D03DC4F5E3FF43D10CA3A3
A3CD09F153BD26D01C00B8E7F06BCF43

  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK that is a good clue. Do you know how to reset your router ?

Somewhere on the router should be a small pinhole labelled reset
Using a pin or biro press and hold the small button inside until the lights flash

Then run this reset fix again

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that
  • 0

#9
Samyaza

Samyaza

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts

I reset my router, nothing's changed. Annoying popup and redirect viruses are still there.

 

Here's the fixlog:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by Natu-ti-ti at 2015-03-23 11:21:36 Run:2
Running from C:\Users\Natu-ti-ti\Downloads
Loaded Profiles: Natu-ti-ti (Available profiles: Isukka & Natu-ti-ti & Äittä)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
CreateRestorePoint:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers
*****************
 
Error: (0) Failed to create a restore point.
 
=========  netsh advfirewall reset =========
 
The requested operation requires elevation (Run as administrator).
 
 
========= End of CMD: =========
 
 
=========  netsh advfirewall set allprofiles state ON =========
 
The requested operation requires elevation (Run as administrator).
 
 
========= End of CMD: =========
 
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
=========  netsh winsock reset catalog =========
 
The requested operation requires elevation (Run as administrator).
 
 
========= End of CMD: =========
 
 
=========  netsh int ip reset c:\resetlog.txt =========
 
Reseting Global, failed.
The requested operation requires elevation (Run as administrator).
Reseting Interface, failed.
The requested operation requires elevation (Run as administrator).
There's no user specified settings to be reset.
 
 
========= End of CMD: =========
 
 
=========  ipconfig /release =========
 
 
Windows IP Configuration
 
 
Ethernet adapter Local Area Connection:
 
   Connection-specific DNS Suffix  . : 
   Link-local IPv6 Address . . . . . : fe80::11b0:ac1f:b427:19f5%10
   Default Gateway . . . . . . . . . : 
 
========= End of CMD: =========
 
 
=========  ipconfig /renew =========
 
 
Windows IP Configuration
 
An error occurred while renewing interface Local Area Connection : The name specified in the network control block (NCB) is in use on a remote adapter.
The NCB is the data.
 
 
========= End of CMD: =========
 
 
=========  netsh int ipv4 reset =========
 
Reseting Global, failed.
The requested operation requires elevation (Run as administrator).
Reseting Interface, failed.
The requested operation requires elevation (Run as administrator).
There's no user specified settings to be reset.
 
 
========= End of CMD: =========
 
 
=========  netsh int ipv6 reset =========
 
Reseting Interface, failed.
The requested operation requires elevation (Run as administrator).
There's no user specified settings to be reset.
 
 
========= End of CMD: =========
 
 
========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
 
ERROR: Access is denied.
 
 
 
========= End of Reg: =========
 
 
========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
 
ERROR: Access is denied.
 
 
 
========= End of Reg: =========
 
 
========= RemoveProxy: =========
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => Key could not be deleted. Access denied.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Value could not be deleted.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Value could not be deleted.
HKU\S-1-5-21-3754106926-3601097053-1584288023-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
HKU\S-1-5-21-3754106926-3601097053-1584288023-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.
 
 
========= End of RemoveProxy: =========
 
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
Unable to enum jobs - 0x80070005
 
========= End of CMD: =========
 
EmptyTemp: => Removed 380.7 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 11:21:47 ====

  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hmm something new.. But, where is it hiding

Download AVZ tool from here to your desktop
Unzip all files to a folder on your desktop
Open the folder and double click the AVZ icon avz.JPG
When the tool opens select "File" > "Standards scripts"
avz1.jpg

Place a tick in :


5. Update signature database

Then press "Execute selected scripts"
avz2.JPG

Once that has execute then
select "File" > "Standards scripts"
Place a tick in :

3. Advanced System Analysis with malware removal mode enabled


When finished look in the folder AVZ4 on your desktop
Open the LOG folder
Attach virusinfo_syscure to your next post
vz3.JPG
  • 0

Advertisements


#11
Samyaza

Samyaza

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts

I'm not quite sure which file I'm supposed to attach, so I'll just copypaste everything in the .htm file:

 

Results of system analysis

AVZ 4.43 http://z-oleg.com/secur/avz/

Process List File name PID Description Copyright MD5 Information ACService.exe
Script: QuarantineDeleteDelete via BCTerminate 1564       error getting file info
Command line: armsvc.exe
Script: QuarantineDeleteDelete via BCTerminate 2016       error getting file info
Command line: c:\program files (x86)\google\chrome\application\chrome.exe
Script: QuarantineDeleteDelete via BCTerminate 3488 Google Chrome Copyright 2012 Google Inc. All rights reserved. F217EF2EA31D8F73504B1CD2F9787D9D 790.32 kb, rsAh,
created: 20.03.2015 11:14:46,
modified: 14.03.2015 12:12:39
Command line: 
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="8172.0.887567255\6849679" --supports-dual-gpus=false --gpu-driver-bug-workarounds=1,18,40,48 --gpu-vendor-id=0x10de --gpu-device-id=0x1200 --gpu-driver-vendor=NVIDIA --gpu-driver-version=9.18.13.4411 --ignored=" --type=renderer " /prefetch:822062411 c:\program files (x86)\google\chrome\application\chrome.exe
Script: QuarantineDeleteDelete via BCTerminate 8172 Google Chrome Copyright 2012 Google Inc. All rights reserved. F217EF2EA31D8F73504B1CD2F9787D9D 790.32 kb, rsAh,
created: 20.03.2015 11:14:46,
modified: 14.03.2015 12:12:39
Command line: 
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
Script: QuarantineDeleteDelete via BCTerminate 6208 CyberLink MediaLibray Service Copyright © 2005 EF06E2DEDA4BEBF1848FE395D078FFC1 201.29 kb, rsAh,
created: 05.08.2009 13:45:22,
modified: 05.08.2009 13:45:22
Command line: C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
Script: QuarantineDeleteDelete via BCTerminate 6736 CyberLink MediaLibray Service Copyright © 2005 EF06E2DEDA4BEBF1848FE395D078FFC1 201.29 kb, rsAh,
created: 05.08.2009 13:45:22,
modified: 05.08.2009 13:45:22
Command line: C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
Script: QuarantineDeleteDelete via BCTerminate 7128 CyberLink MediaLibray Service Copyright © 2005 EF06E2DEDA4BEBF1848FE395D078FFC1 201.29 kb, rsAh,
created: 05.08.2009 13:45:22,
modified: 05.08.2009 13:45:22
Command line: C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
Script: QuarantineDeleteDelete via BCTerminate 6556 CyberLink MediaLibray Service Copyright © 2005 EF06E2DEDA4BEBF1848FE395D078FFC1 201.29 kb, rsAh,
created: 05.08.2009 13:45:22,
modified: 05.08.2009 13:45:22
Command line: c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe
Script: QuarantineDeleteDelete via BCTerminate 5052 CyberLink MediaLibray Service Copyright © 2005 EF06E2DEDA4BEBF1848FE395D078FFC1 201.29 kb, rsAh,
created: 05.08.2009 13:45:22,
modified: 05.08.2009 13:45:22
Command line: 
"c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
Script: QuarantineDeleteDelete via BCTerminate 4460 CyberLink MediaLibray Service Copyright © 2005 EF06E2DEDA4BEBF1848FE395D078FFC1 201.29 kb, rsAh,
created: 05.08.2009 13:45:22,
modified: 05.08.2009 13:45:22
Command line: C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
Script: QuarantineDeleteDelete via BCTerminate 5152 CyberLink MediaLibray Service Copyright © 2005 EF06E2DEDA4BEBF1848FE395D078FFC1 201.29 kb, rsAh,
created: 05.08.2009 13:45:22,
modified: 05.08.2009 13:45:22
Command line: C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
Script: QuarantineDeleteDelete via BCTerminate 5240 CyberLink MediaLibray Service Copyright © 2005 EF06E2DEDA4BEBF1848FE395D078FFC1 201.29 kb, rsAh,
created: 05.08.2009 13:45:22,
modified: 05.08.2009 13:45:22
Command line: C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
Script: QuarantineDeleteDelete via BCTerminate 5708 CyberLink MediaLibray Service Copyright © 2005 EF06E2DEDA4BEBF1848FE395D078FFC1 201.29 kb, rsAh,
created: 05.08.2009 13:45:22,
modified: 05.08.2009 13:45:22
Command line: c:\progra~2\origin\legacypm\eacoreserver.exe
Script: QuarantineDeleteDelete via BCTerminate 3536 EA Core Server Application Copyright © 2010 F920621A848115ADE15E7F0922130401 94.37 kb, rsAh,
created: 21.01.2015 16:14:39,
modified: 20.03.2015 18:29:49
Command line: 
"C:\PROGRA~2\Origin\LegacyPM\EACoreServer.exe" -CoreServerId="Natu-ti-ti::DMLEGACY" GfExperienceService.exe
Script: QuarantineDeleteDelete via BCTerminate 2156       error getting file info
Command line: HiPatchService.exe
Script: QuarantineDeleteDelete via BCTerminate 2284       error getting file info
Command line: hmpsched.exe
Script: QuarantineDeleteDelete via BCTerminate 1616       error getting file info
Command line: c:\program files (x86)\hewlett-packard\hp remote solution\hp_remote_solution.exe
Script: QuarantineDeleteDelete via BCTerminate 2752 HP Remote Solution   013F05784A4BD193C9CD1817ACC31B6B 641.50 kb, rsAh,
created: 26.05.2009 10:36:13,
modified: 26.05.2009 10:36:13
Command line: 
"C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe" c:\program files (x86)\hewlett-packard\kbd\kbd.exe
Script: QuarantineDeleteDelete via BCTerminate 1248 KBD EXE Copyright © Hewlett-Packard Company 2000 DDB1C559E36063532ED1CBC101C17DA3 92.00 kb, rsAh,
created: 25.09.2009 04:54:52,
modified: 16.07.2008 10:25:20
Command line: 
"C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe" MsMpEng.exe
Script: QuarantineDeleteDelete via BCTerminate 1256       error getting file info
Command line: c:\program files (x86)\nvidia corporation\update core\nvbackend.exe
Script: QuarantineDeleteDelete via BCTerminate 2836 NVIDIA GeForce Experience Backend © 2014 NVIDIA Corporation. All rights reserved. 7304E21B92E538E2CC793EDF478AC034 2472.14 kb, rsAh,
created: 18.10.2014 11:53:27,
modified: 13.12.2014 02:13:07
Command line: 
"C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" nvSCPAPISvr.exe
Script: QuarantineDeleteDelete via BCTerminate 1112       error getting file info
Command line: nvxdsync.exe
Script: QuarantineDeleteDelete via BCTerminate 1612       error getting file info
Command line: c:\program files (x86)\hewlett-packard\kbd\osd\osd.exe
Script: QuarantineDeleteDelete via BCTerminate 2676 On-Screen Caps/Num/Scroll Lock Indicator Copyright @ Hewlett Packard 2008 CA008B32422FFDE9A79DE1C863ED9248 276.00 kb, rsAh,
created: 25.09.2009 04:54:52,
modified: 30.03.2009 16:56:06
Command line: 
"C:\Program Files (x86)\Hewlett-Packard\KBD\OSD\OSD.exe" c:\progra~2\origin\legacypm\patchprogress.exe
Script: QuarantineDeleteDelete via BCTerminate 13108 PatchProgress Copyright © 2011 736DFBE85CE56FF569E9B2B626FE4B76 460.37 kb, rsAh,
created: 21.01.2015 16:15:02,
modified: 20.03.2015 18:30:15
Command line: 
"C:\PROGRA~2\ORIGIN\LEGACYPM\PatchProgress.exe" /locale=ENG_US /patchLocale=ENG_US /guid=609872120 c:\program files (x86)\panda security\panda security protection\psuamain.exe
Script: QuarantineDeleteDelete via BCTerminate 1740 PSUAMain © Panda 2015 99A8E89C5D93E067DDFEBE6F0CB837CE 39.24 kb, rsAh,
created: 27.02.2015 01:35:55,
modified: 27.02.2015 01:35:55
Command line: 
"C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe" /LaunchSysTray C:\Program Files\Rainmeter\Rainmeter.exe
Script: QuarantineDeleteDelete via BCTerminate 2936   © 2011 - All authors 546B3F4875EAE2D0680965E687833475 35.68 kb, rsAh,
created: 17.09.2014 15:13:18,
modified: 17.09.2014 15:13:18
Command line: c:\users\natu-ti-ti\appdata\local\razer\ingameengine\cache\rzstats.manager\rzcefrenderprocess.exe
Script: QuarantineDeleteDelete via BCTerminate 6376 Razer Chromium Render Process Copyright © 2014. Razer, Inc. 995B607EA524AE24A41DE46AC9C6C0BE 212.21 kb, rsAh,
created: 15.11.2014 15:41:08,
modified: 10.12.2014 22:51:22
Command line: 
"C:\Users\Natu-ti-ti\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\RzCefRenderProcess.exe" --type=gpu-process --channel="5856.0.1632861372\338549507" --no-sandbox --lang=en-US --disable-image-transport-surface --supports-dual-gpus=false --gpu-driver-bug-workarounds=0,1,14,27,33 --gpu-vendor-id=0x10de --gpu-device-id=0x1200 --gpu-driver-vendor=NVIDIA --gpu-driver-version=9.18.13.4411 --lang=en-US /prefetch:822062411 c:\programdata\razer\synapse\rzstats\rzstats.manager.exe
Script: QuarantineDeleteDelete via BCTerminate 5856 RzStats.Manager © 2014 Razer Inc. All rights reserved. 25800BFC6B347B1E29ED2456C25B2062 284.00 kb, rsAh,
created: 19.12.2014 05:22:14,
modified: 19.12.2014 05:22:14
Command line: 
"C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe" -sync_complete c:\program files (x86)\razer\synapse\rzsynapse.exe
Script: QuarantineDeleteDelete via BCTerminate 2412 Razer Synapse Copyright ?2013 Razer Inc. All rights reserved. F770097A41C026A39D0D928111B25DD3 571.81 kb, rsAh,
created: 06.01.2015 13:01:30,
modified: 06.01.2015 13:01:30
Command line: 
"C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe" C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
Script: QuarantineDeleteDelete via BCTerminate 2796 SmartMenu Copyright © 2009 Hewlett-Packard Development Company, L.P. All Rights Reserved. 50B6C8EA3315966B46FCB4F90EA9DB1B 596.05 kb, rsAh,
created: 08.07.2009 14:35:22,
modified: 08.07.2009 14:35:22
Command line: c:\users\natu-ti-ti\appdata\roaming\spotify\spotify.exe
Script: QuarantineDeleteDelete via BCTerminate 9280 Spotify Copyright © 2015, Spotify Ltd 60428B7F66FE3A08DE7FCB12A5EA58F6 6544.55 kb, rsAh,
created: 05.10.2014 15:53:14,
modified: 20.03.2015 11:10:49
Command line: 
"C:\Users\Natu-ti-ti\AppData\Roaming\Spotify\spotify.exe" c:\users\natu-ti-ti\appdata\roaming\spotify\spotify.exe
Script: QuarantineDeleteDelete via BCTerminate 9988 Spotify Copyright © 2015, Spotify Ltd 60428B7F66FE3A08DE7FCB12A5EA58F6 6544.55 kb, rsAh,
created: 05.10.2014 15:53:14,
modified: 20.03.2015 11:10:49
Command line: 
"C:\Users\Natu-ti-ti\AppData\Roaming\Spotify\spotify.exe" --type=gpu-process --channel="9280.0.1100100129\755983596" --no-sandbox --disable-d3d11 --enable-crash-reporter --lang=en-US --log-severity=disable --product-version=Spotify/1.0.2.6 --supports-dual-gpus=false --gpu-driver-bug-workarounds=1,17,38,46 --gpu-vendor-id=0x10de --gpu-device-id=0x1200 --gpu-driver-vendor=NVIDIA --gpu-driver-version=9.18.13.4411 --enable-crash-reporter --lang=en-US --log-severity=disable --product-version=Spotify/1.0.2.6 /prefetch:822062411 c:\users\natu-ti-ti\appdata\roaming\spotify\spotify.exe
Script: QuarantineDeleteDelete via BCTerminate 2124 Spotify Copyright © 2015, Spotify Ltd 60428B7F66FE3A08DE7FCB12A5EA58F6 6544.55 kb, rsAh,
created: 05.10.2014 15:53:14,
modified: 20.03.2015 11:10:49
Command line: 
"C:\Users\Natu-ti-ti\AppData\Roaming\Spotify\spotify.exe" --type=renderer --force-device-scale-factor=1 --no-sandbox --enable-deferred-image-decoding --lang=en-US --enable-crash-reporter --lang=en-US --log-severity=disable --product-version=Spotify/1.0.2.6 --disable-spell-checking --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --channel="9280.1.1405873581\1805201072" /prefetch:673131151 c:\users\natu-ti-ti\appdata\roaming\spotify\spotifycrashservice.exe
Script: QuarantineDeleteDelete via BCTerminate 5384 SpotifyCrashService Copyright © 2015, Spotify Ltd D5DA6286EF0635B1E1B2FBA493755AB2 744.55 kb, rsAh,
created: 12.03.2015 09:05:14,
modified: 20.03.2015 11:10:50
Command line: 
"C:\Users\Natu-ti-ti\AppData\Roaming\Spotify\SpotifyCrashService.exe" c:\users\natu-ti-ti\appdata\roaming\spotify\spotifywebhelper.exe
Script: QuarantineDeleteDelete via BCTerminate 10180 SpotifyWebHelper Copyright © 2015, Spotify Ltd 32E8A4FCE03B255E7C7448F3B4910BC0 1918.05 kb, rsAh,
created: 12.03.2015 09:05:15,
modified: 20.03.2015 11:10:51
Command line: 
"C:\Users\Natu-ti-ti\AppData\Roaming\Spotify\SpotifyWebHelper.exe" e:\natun pelit\steam\steam\steam.exe
Script: QuarantineDeleteDelete via BCTerminate 6176 Steam Client Bootstrapper Copyright © 2010 Valve Corporation 3255867AE34EDD5346C750677EE63354 2806.69 kb, rsAh,
created: 19.11.2012 16:03:24,
modified: 19.02.2015 01:51:18
Command line: 
"E:\Natun pelit\Steam\Steam\Steam.exe" c:\program files (x86)\elaborate bytes\virtualclonedrive\vcddaemon.exe
Script: QuarantineDeleteDelete via BCTerminate 1772 Virtual CloneDrive Daemon Copyright © 2001 - 2013 Elaborate Bytes AG 3BD79A1F6D2EA0FDDEA3F8914B2A6A0C 86.90 kb, rsAh,
created: 10.03.2013 19:08:47,
modified: 10.03.2013 19:08:47
Command line: 
"C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s Detected:110, recognized as trusted 81 Module name Handle Description Copyright MD5 Used by processes c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
Script: QuarantineDeleteDelete via BC 268435456 CLMediaLibrary Dynamic Link Library Copyright © 2006 ED2F7EB7E90CEC72E8DBDDD743525314 5052 C:\Program Files (x86)\Panda Security\Panda Security Protection\PSAUI.dll
Script: QuarantineDeleteDelete via BC 92930048 PSAUI © Panda 2014 F8BBA84F32DF965751602E754C88F0E6 1740 C:\Program Files (x86)\Panda Security\Panda Security Protection\PSINOAV.dll
Script: QuarantineDeleteDelete via BC 1369899008 PSINOAV © Panda 2015 FBC654B185EA2161254791D95E00A081 8172 C:\Program Files (x86)\Razer\Synapse\RzEmilySettings.dll
Script: QuarantineDeleteDelete via BC 1934622720 Emily settings module Copyright © 2013 Razer Inc. All rights reserved. 4AE3148127F329BB75365809CF231548 2412 C:\ProgramData\Razer\Synapse\Devices\RazerConfigNative.dll
Script: QuarantineDeleteDelete via BC 1830617088 Razer Configurator Copyright © 2013 Razer Inc. All rights reserved. B644B5FD5E06457EB23108D117846603 2412 C:\PROGRA~2\HEWLET~1\KBD\cfg.dll
Script: QuarantineDeleteDelete via BC 1661206528 CFG DLL Copyright © Hewlett-Packard Company 2000 51EC72B7578859C972B9A970DF749DD1 1248 C:\PROGRA~2\HEWLET~1\KBD\msg.dll
Script: QuarantineDeleteDelete via BC 268435456 MSG DLL Copyright © Hewlett-Packard Company 2000 0ABFBCE75866EE010FD1B6813DF1EC3E 1248 C:\PROGRA~2\HEWLET~1\KBD\ps2.dll
Script: QuarantineDeleteDelete via BC 1662189568 PS2 DLL Copyright © Hewlett-Packard Company 2000 57B9C15D42FBDEA27A081AB7F182D041 1248 C:\PROGRA~2\Origin\LegacyPM\EACore.dll
Script: QuarantineDeleteDelete via BC 253296640 EA Access Server © Electronic Arts 2009. All rights reserved. BACBED70DD1AD98B9195E58AF94D65AE 3536,13108 C:\PROGRA~2\ORIGIN\LEGACYPM\QtCore4.dll
Script: QuarantineDeleteDelete via BC 1464074240     85B2F8FDA44B2964EA3FDD0914A94E59 13108 C:\PROGRA~2\ORIGIN\LEGACYPM\QtGui4.dll
Script: QuarantineDeleteDelete via BC 1454571520     16D3DA31B1C39E42D3D47A73BD06D322 13108 C:\Users\Natu-ti-ti\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\Ontology.dll
Script: QuarantineDeleteDelete via BC 1949564928 Application Ontology library © 2014 NVIDIA Corporation. All rights reserved. 92BC3C3CBBBEE7B08B5A447E502B3B39 2836 C:\Users\Natu-ti-ti\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libcef.dll
Script: QuarantineDeleteDelete via BC 1600585728 Chromium Embedded Framework (CEF) Dynamic Link Library Copyright © 2014 The Chromium Embedded Framework Authors E78CDED7A7769987C52D18340F7028B4 6376,5856 C:\Users\Natu-ti-ti\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libegl.dll
Script: QuarantineDeleteDelete via BC 1583480832 ANGLE libEGL Dynamic Link Library Copyright © 2011 Google Inc. 2D6715E95541B2CE4C5230D00E93EBF9 6376 C:\Users\Natu-ti-ti\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libglesv2.dll
Script: QuarantineDeleteDelete via BC 1577713664 ANGLE libGLESv2 Dynamic Link Library Copyright © 2011 Google Inc. 06C9A78BE50AD2D9CA19880C52E0EABF 6376 C:\Users\Natu-ti-ti\AppData\Roaming\Spotify\D3DCompiler_47.dll
Script: QuarantineDeleteDelete via BC 1407647744 Direct3D HLSL Compiler for Redistribution © Microsoft Corporation. All rights reserved. 768E5198FBE5995ECBEA8D6B2C3316DE 9988 C:\Users\Natu-ti-ti\AppData\Roaming\Spotify\ffmpegsumo.dll
Script: QuarantineDeleteDelete via BC 1395064832     5602B5C866A2E3068008CB00A4CDC6A9 2124 C:\Users\Natu-ti-ti\AppData\Roaming\Spotify\libcef.dll
Script: QuarantineDeleteDelete via BC 1411186688 Chromium Embedded Framework (CEF) Dynamic Link Library Copyright © 2014 The Chromium Embedded Framework Authors 6C6EA62D3F8B4D1B65AF877AB0708712 9280,9988,2124 C:\Users\Natu-ti-ti\AppData\Roaming\Spotify\libegl.dll
Script: QuarantineDeleteDelete via BC 1452802048 ANGLE libEGL Dynamic Link Library Copyright © 2011 Google Inc. E37E24609163DDDCA64EA9E999DC21A0 9988 C:\Users\Natu-ti-ti\AppData\Roaming\Spotify\libglesv2.dll
Script: QuarantineDeleteDelete via BC 1406205952 ANGLE libGLESv2 Dynamic Link Library Copyright © 2011 Google Inc. 008283DFAA0A2189AA96EC1EF7329C30 9988 C:\Users\Natu-ti-ti\AppData\Roaming\Spotify\pdf.dll
Script: QuarantineDeleteDelete via BC 1396834304 Chrome PDF Viewer Copyright © 2010 6B781BF9C30D9DB066A2D92441C24B34 2124 C:\Windows\system32\atkdx11disp.dll
Script: QuarantineDeleteDelete via BC 1905524736 ASUSTeK Compatible D3D10 Driver Copyright © ASUSTeK Computer Inc. All rights reserved. AE3B0C0D2FCA84CD903EA015387B0577 3488 C:\Windows\system32\ElbyCDIO.dll
Script: QuarantineDeleteDelete via BC 131072 ElbyCDIO DLL Copyright © 2000 - 2013 Elaborate Bytes AG 551BCD5B1CB1C66EEC2A98F6C3DCCFCD 1772 C:\Windows\system32\ElbyVCD.dll
Script: QuarantineDeleteDelete via BC 268435456 VirtualCloneDrive Copyright © 2002 - 2013 Elaborate Bytes AG 3A855A1AEF29B289F070950D39E8D648 1772 C:\Windows\SysWOW64\rzdevinfo.dll
Script: QuarantineDeleteDelete via BC 1576271872 Razer RzDeviceDLL Manager Copyright © 2014 Razer Inc. All rights reserved 224AEAA3962923FD1F74AF4642B26910 2412 E:\Natun pelit\Steam\Steam\icui18n.dll
Script: QuarantineDeleteDelete via BC 2005729280     995D366CF8A387FE8DF4022E8C0A1F84 6176 E:\Natun pelit\Steam\Steam\icuuc.dll
Script: QuarantineDeleteDelete via BC 2004484096     3FB5F2E0BD46DDA16DBED3DFF20CBD47 6176 Modules found:368, recognized as trusted 341
  • 0

#12
Samyaza

Samyaza

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
Kernel Space Modules Viewer Module Base address Size in memory Description Manufacturer C:\Windows\System32\Drivers\dump_diskdump.sys
Script: QuarantineDeleteDelete via BC 560E000 00A000 (40960)     C:\Windows\System32\Drivers\dump_dumpfve.sys
Script: QuarantineDeleteDelete via BC 5656000 013000 (77824)     C:\Windows\System32\Drivers\dump_nvstor64.sys
Script: QuarantineDeleteDelete via BC 5618000 03E000 (253952)     C:\Windows\system32\DRIVERS\NNSAlpc.sys
Script: QuarantineDeleteDelete via BC 3FDD000 01B000 (110592) Application Layer Protocol Colorizer © Panda 2015 C:\Windows\system32\DRIVERS\NNSHttp.sys
Script: QuarantineDeleteDelete via BC 3E00000 037000 (225280) Http Parser © Panda 2015 C:\Windows\system32\DRIVERS\NNSHttps.sys
Script: QuarantineDeleteDelete via BC 3FBC000 021000 (135168) Https Parser © Panda 2015 C:\Windows\system32\DRIVERS\NNSIds.sys
Script: QuarantineDeleteDelete via BC 3F94000 028000 (163840) Intrusion Detection System © Panda 2015 C:\Windows\system32\DRIVERS\NNSPicc.sys
Script: QuarantineDeleteDelete via BC 3F75000 01F000 (126976) Process Info Colorizer Client © Panda 2015 C:\Windows\system32\DRIVERS\NNSPihsw.sys
Script: QuarantineDeleteDelete via BC 3F5E000 017000 (94208) Process Info Hook Server WFP © Panda 2015 C:\Windows\system32\DRIVERS\NNSPop3.sys
Script: QuarantineDeleteDelete via BC 3F39000 025000 (151552) Pop3 Parser © Panda 2015 C:\Windows\system32\DRIVERS\NNSProt.sys
Script: QuarantineDeleteDelete via BC 3EE9000 050000 (327680) Network Protector © Panda 2015 C:\Windows\system32\DRIVERS\NNSPrv.sys
Script: QuarantineDeleteDelete via BC 3EA2000 047000 (290816) Network Provider © Panda 2015 C:\Windows\system32\DRIVERS\NNSSmtp.sys
Script: QuarantineDeleteDelete via BC 3E82000 020000 (131072) Smtp Parser © Panda 2015 C:\Windows\system32\DRIVERS\NNSStrm.sys
Script: QuarantineDeleteDelete via BC 3E3D000 045000 (282624) Streamer © Panda 2015 C:\Windows\system32\DRIVERS\NNSTlsc.sys
Script: QuarantineDeleteDelete via BC E6D000 01E000 (122880) Transport Layer Session Colorizer © Panda 2015 C:\Windows\system32\DRIVERS\PSINAflt.sys
Script: QuarantineDeleteDelete via BC 4BCD000 02B000 (176128) PSINAflt Filter Driver for Vista64 © Panda 2015 C:\Windows\system32\DRIVERS\PSINFile.sys
Script: QuarantineDeleteDelete via BC 4A24000 020000 (131072) PSINFile Filter Driver for Vista64 © Panda 2015 C:\Windows\system32\DRIVERS\psinknc.sys
Script: QuarantineDeleteDelete via BC 2C80000 035000 (217088) PSINKNC Kernel Controller for Vista64 © Panda 2015 C:\Windows\system32\DRIVERS\PSINProc.sys
Script: QuarantineDeleteDelete via BC 4A44000 021000 (135168) PSINProc Filter Driver for Vista64 © Panda 2015 C:\Windows\system32\DRIVERS\PSINProt.sys
Script: QuarantineDeleteDelete via BC 4A00000 024000 (147456) PSINProt for Vista64 © Panda 2015 C:\Windows\system32\DRIVERS\PSINReg.sys
Script: QuarantineDeleteDelete via BC 42ED000 01E000 (122880) PSINReg Filter Driver for Vista64 © Panda 2015 C:\Windows\System32\DRIVERS\PSKMAD.sys
Script: QuarantineDeleteDelete via BC C916000 011000 (69632) Panda Kernel Memory Access Driver (x64) © Panda 2014 Modules found - 231, recognized as trusted - 209 Services Service Description Status File Group Dependencies HiPatchService
Service: StopDeleteDisableDelete via BC Hi-Rez Studios Authenticate and Update Service Paused E:\Natun pelit\Hi-Rez Studios\HiPatchService.exe
Script: QuarantineDeleteDelete via BC     HPBtnSrv
Service: StopDeleteDisableDelete via BC HP Easy Backup Button Service Running C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe
Script: QuarantineDeleteDelete via BC     LavasoftTcpService
Service: StopDeleteDisableDelete via BC LavasoftTcpService Running C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.1.4\LavasoftTcpService.exe
Script: QuarantineDeleteDelete via BC   RPCSS SearchProtectionService
Service: StopDeleteDisableDelete via BC IE Search Set Running C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe
Script: QuarantineDeleteDelete via BC     GameConsoleService
Service: StopDeleteDisableDelete via BC GameConsoleService Not started C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
Script: QuarantineDeleteDelete via BC   RPCSS Origin Client Service
Service: StopDeleteDisableDelete via BC Origin Client Service Not started C:\Program Files (x86)\Origin\OriginClientService.exe
Script: QuarantineDeleteDelete via BC     SkypeUpdate
Service: StopDeleteDisableDelete via BC Skype Updater Not started C:\Program Files (x86)\Skype\Updater\Updater.exe
Script: QuarantineDeleteDelete via BC   RpcSs Detected - 184, recognized as trusted - 177 Drivers Service Description Status File Group Dependencies NNSALPC
Driver: UnloadDeleteDisableDelete via BC NNSALPC Running C:\Windows\system32\DRIVERS\NNSAlpc.sys
Script: QuarantineDeleteDelete via BC     NNSHTTP
Driver: UnloadDeleteDisableDelete via BC NNSHTTP Running C:\Windows\system32\DRIVERS\NNSHttp.sys
Script: QuarantineDeleteDelete via BC     NNSHTTPS
Driver: UnloadDeleteDisableDelete via BC NNSHTTPS Running C:\Windows\system32\DRIVERS\NNSHttps.sys
Script: QuarantineDeleteDelete via BC     NNSIDS
Driver: UnloadDeleteDisableDelete via BC NNSIDS Running C:\Windows\system32\DRIVERS\NNSIds.sys
Script: QuarantineDeleteDelete via BC     NNSPICC
Driver: UnloadDeleteDisableDelete via BC NNSPICC Running C:\Windows\system32\DRIVERS\NNSPicc.sys
Script: QuarantineDeleteDelete via BC     NNSPIHSW
Driver: UnloadDeleteDisableDelete via BC NNSPIHSW Running C:\Windows\system32\DRIVERS\NNSPihsw.sys
Script: QuarantineDeleteDelete via BC     NNSPOP3
Driver: UnloadDeleteDisableDelete via BC NNSPOP3 Running C:\Windows\system32\DRIVERS\NNSPop3.sys
Script: QuarantineDeleteDelete via BC     NNSPROT
Driver: UnloadDeleteDisableDelete via BC NNSPROT Running C:\Windows\system32\DRIVERS\NNSProt.sys
Script: QuarantineDeleteDelete via BC     NNSPRV
Driver: UnloadDeleteDisableDelete via BC NNSPRV Running C:\Windows\system32\DRIVERS\NNSPrv.sys
Script: QuarantineDeleteDelete via BC     NNSSMTP
Driver: UnloadDeleteDisableDelete via BC NNSSMTP Running C:\Windows\system32\DRIVERS\NNSSmtp.sys
Script: QuarantineDeleteDelete via BC     NNSSTRM
Driver: UnloadDeleteDisableDelete via BC NNSSTRM Running C:\Windows\system32\DRIVERS\NNSStrm.sys
Script: QuarantineDeleteDelete via BC     NNSTLSC
Driver: UnloadDeleteDisableDelete via BC NNSTLSC Running C:\Windows\system32\DRIVERS\NNSTlsc.sys
Script: QuarantineDeleteDelete via BC     PSINAflt
Driver: UnloadDeleteDisableDelete via BC PSINAflt Running C:\Windows\system32\DRIVERS\PSINAflt.sys
Script: QuarantineDeleteDelete via BC FSFilter Replication   PSINFile
Driver: UnloadDeleteDisableDelete via BC PSINFile Running C:\Windows\system32\DRIVERS\PSINFile.sys
Script: QuarantineDeleteDelete via BC FSFilter Anti-Virus FltMgr PSINKNC
Driver: UnloadDeleteDisableDelete via BC PSINKNC Running C:\Windows\system32\DRIVERS\psinknc.sys
Script: QuarantineDeleteDelete via BC     PSINProc
Driver: UnloadDeleteDisableDelete via BC PSINProc Running C:\Windows\system32\DRIVERS\PSINProc.sys
Script: QuarantineDeleteDelete via BC FSFilter Anti-Virus FltMgr PSINProt
Driver: UnloadDeleteDisableDelete via BC PSINProt Running C:\Windows\system32\DRIVERS\PSINProt.sys
Script: QuarantineDeleteDelete via BC FSFilter Replication   PSINReg
Driver: UnloadDeleteDisableDelete via BC PSINReg Running C:\Windows\system32\DRIVERS\PSINReg.sys
Script: QuarantineDeleteDelete via BC FSFilter Anti-Virus   PSKMAD
Driver: UnloadDeleteDisableDelete via BC PSKMAD Running C:\Windows\system32\DRIVERS\PSKMAD.sys
Script: QuarantineDeleteDelete via BC     catchme
Driver: UnloadDeleteDisableDelete via BC catchme Not started C:\ComboFix\catchme.sys
Script: QuarantineDeleteDelete via BC Base   Detected - 279, recognized as trusted - 259
  • 0

#13
Samyaza

Samyaza

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
Autoruns File name Status Startup method Description C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\IPSEventLogMsg.dll
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Handwriting Recognition, EventMessageFile C:\Program Files (x86)\DVD
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Dvd Maker, EventMessageFile C:\Program Files (x86)\Hewlett-Packard\KBD\LaunchApp.exe
Script: QuarantineDeleteDelete via BC Active Registry key HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, KBD
Delete C:\Program Files (x86)\Hewlett-Packard\KBD\OSD\OSD.exe
Script: QuarantineDeleteDelete via BC Active Registry key HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, OSD
Delete C:\Program Files (x86)\Hewlett-Packard\Recovery
Script: QuarantineDeleteDelete via BC Active Registry key HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, UpdatePRCShortCut
Delete C:\Program Files (x86)\Hewlett-Packard\Recovery\Protect.dll
Script: QuarantineDeleteDelete via BC Active Registry key HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {5FCD4425-CA3A-48F4-A57C-B8A75C32ACB1}
Delete C:\Program Files (x86)\Skype\Updater\Updater.exe
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\SkypeUpdate, EventMessageFile C:\Program Files (x86)\Windows Defender\MpEvMsg.dll
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\WinDefend, EventMessageFile C:\Program Files\Hewlett-Packard\HP
Script: QuarantineDeleteDelete via BC Active Registry key HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, HP Remote Solution
Delete C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
Script: QuarantineDeleteDelete via BC Active Registry key HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, SmartMenu
Delete C:\Program Files\Rainmeter\Rainmeter.exe
Script: QuarantineDeleteDelete via BC Active Shortcut in Startup folder C:\Users\Natu-ti-ti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\, C:\Users\Natu-ti-ti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk, C:\Windows\System32\Audiosrv.dll
Script: QuarantineDeleteDelete via BC Active Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\AudioEndpointBuilder\Parameters, ServiceDll
Delete C:\Windows\System32\Audiosrv.dll
Script: QuarantineDeleteDelete via BC Active Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\AudioSrv\Parameters, ServiceDll
Delete C:\Windows\System32\AxInstSV.dll
Script: QuarantineDeleteDelete via BC Active Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\AxInstSV\Parameters, ServiceDll
Delete C:\Windows\System32\AxInstSv.dll
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-AxInstallService, EventMessageFile C:\Windows\System32\DFDTS.dll
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Windows Disk Diagnostic, EventMessageFile C:\Windows\System32\DispCI.dll
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Display, EventMessageFile C:\Windows\System32\Drivers\Pcmcia.sys
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\pcmcia, EventMessageFile C:\Windows\System32\Drivers\VolSnap.sys
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Volsnap, EventMessageFile C:\Windows\System32\Drivers\acpi.sys
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\ACPI, EventMessageFile C:\Windows\System32\Drivers\hidbth.sys
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\HidBth, EventMessageFile C:\Windows\System32\MsSpellCheckingFacility.dll
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-Spell-Checking, EventMessageFile C:\Windows\System32\MsSpellCheckingFacility.dll
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-SpellChecker, EventMessageFile C:\Windows\System32\MsSpellCheckingFacility.dll
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Spell-Checking, EventMessageFile C:\Windows\System32\MsSpellCheckingFacility.dll
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-SpellChecker, EventMessageFile C:\Windows\System32\RpcEpMap.dll
Script: QuarantineDeleteDelete via BC Active Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\RpcEptMapper\Parameters, ServiceDll
Delete C:\Windows\System32\SCardSvr.dll
Script: QuarantineDeleteDelete via BC Active Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\SCardSvr\Parameters, ServiceDll
Delete C:\Windows\System32\SDRSVC.dll
Script: QuarantineDeleteDelete via BC Active Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\SDRSVC\Parameters, ServiceDll
Delete C:\Windows\System32\TabSvc.dll
Script: QuarantineDeleteDelete via BC Active Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\TabletInputService\Parameters, ServiceDll
Delete C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
Script: QuarantineDeleteDelete via BC Active Registry key HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4bcd6cde-777b-48b6-9804-43568e23545d}, DLLName
Delete C:\Windows\System32\UI0Detect.exe
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Interactive Services detection, EventMessageFile C:\Windows\System32\VSSVC.EXE
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\VSS, EventMessageFile C:\Windows\System32\WUDFHost.exe
Script: QuarantineDeleteDelete via BC Active Registry key HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\WUDF\Services\{193a1820-d9ac-4997-8c55-be817523f6aa}, HostProcessImagePath
Delete C:\Windows\System32\WUDFSvc.dll
Script: QuarantineDeleteDelete via BC Active Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\wudfsvc\Parameters, ServiceDll
Delete C:\Windows\System32\WerSvc.dll
Script: QuarantineDeleteDelete via BC Active Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\WerSvc\Parameters, ServiceDll
Delete C:\Windows\System32\aelupsvc.dll
Script: QuarantineDeleteDelete via BC Active Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\AeLookupSvc\Parameters, ServiceDll
Delete C:\Windows\System32\aelupsvc.dll
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\AeLookupSvc, EventMessageFile C:\Windows\System32\appidsvc.dll
Script: QuarantineDeleteDelete via BC Active Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\AppIDSvc\Parameters, ServiceDll
Delete C:\Windows\System32\appinfo.dll
Script: QuarantineDeleteDelete via BC Active Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Appinfo\Parameters, ServiceDll
Delete C:\Windows\System32\appmgmts.dll
Script: QuarantineDeleteDelete via BC Active Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\AppMgmt\Parameters, ServiceDll
Delete C:\Windows\System32\bdesvc.dll
Script: QuarantineDeleteDelete via BC Active Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\BDESVC\Parameters, ServiceDll
Delete C:\Windows\System32\bfe.dll
Script: QuarantineDeleteDelete via BC Active Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\BFE\Parameters, ServiceDll
Delete C:\Windows\System32\browser.dll
Script: QuarantineDeleteDelete via BC Active Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Browser\Parameters, ServiceDll
Delete C:\Windows\System32\certprop.dll
Script: QuarantineDeleteDelete via BC Active Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\CertPropSvc\Parameters, ServiceDll
Delete C:\Windows\System32\certprop.dll
Script: QuarantineDeleteDelete via BC Active Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\SCPolicySvc\Parameters, ServiceDll
Delete C:\Windows\System32\defragsvc.dll
Script: QuarantineDeleteDelete via BC Active Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\defragsvc\Parameters, ServiceDll
Delete C:\Windows\System32\dnsrslvr.dll
Script: QuarantineDeleteDelete via BC Active Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Dnscache\Parameters, ServiceDll
Delete C:\Windows\System32\dot3svc.dll
Script: QuarantineDeleteDelete via BC Active Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\dot3svc\Parameters, ServiceDll
Delete C:\Windows\System32\drivers\MTConfig.sys
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\MTConfig, EventMessageFile C:\Windows\System32\drivers\Wdf01000.sys
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\wdf01000, EventMessageFile C:\Windows\System32\drivers\amdk8.sys
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\AmdK8, EventMessageFile C:\Windows\System32\drivers\amdppm.sys
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\AmdPPM, EventMessageFile C:\Windows\System32\drivers\b57nd60a.sys
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\b57nd60a, EventMessageFile C:\Windows\System32\drivers\bxvbda.sys
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\b06bdrv, EventMessageFile C:\Windows\System32\drivers\evbda.sys
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\ebdrv, EventMessageFile C:\Windows\System32\drivers\fltmgr.sys
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\FltMgr, EventMessageFile C:\Windows\System32\drivers\i8042prt.sys
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\i8042prt, EventMessageFile C:\Windows\System32\drivers\iaStorV.sys
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\iaStorV, EventMessageFile C:\Windows\System32\drivers\intelppm.sys
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\intelppm, EventMessageFile C:\Windows\System32\drivers\ipmidrv.sys
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\IPMIDRV, EventMessageFile C:\Windows\System32\drivers\isapnp.sys
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\isapnp, EventMessageFile C:\Windows\System32\drivers\kbdclass.sys
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\kbdclass, EventMessageFile C:\Windows\System32\drivers\kbdhid.sys
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\kbdhid, EventMessageFile C:\Windows\System32\drivers\mouclass.sys
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\mouclass, EventMessageFile C:\Windows\System32\drivers\mouhid.sys
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\mouhid, EventMessageFile C:\Windows\System32\drivers\mpio.sys
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\mpio, EventMessageFile C:\Windows\System32\drivers\nvstor.sys
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\nvstor, EventMessageFile C:\Windows\System32\drivers\nvstor64.sys
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\nvstor64, EventMessageFile C:\Windows\System32\drivers\parport.sys
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Parport, EventMessageFile C:\Windows\System32\drivers\processr.sys
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Processor, EventMessageFile C:\Windows\System32\drivers\sbp2port.sys
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\sbp2port, EventMessageFile C:\Windows\System32\drivers\serial.sys
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Serial, EventMessageFile C:\Windows\System32\drivers\sermouse.sys
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\sermouse, EventMessageFile C:\Windows\System32\drivers\tsusbflt.sys
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\TsUsbFlt, EventMessageFile C:\Windows\System32\drivers\vgapnp.sys
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\vga, EventMessageFile C:\Windows\System32\drivers\wacompen.sys
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\WacomPen, EventMessageFile C:\Windows\System32\drivers\wd.sys
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Wd, EventMessageFile C:\Windows\System32\eapsvc.dll
Script: QuarantineDeleteDelete via BC Active Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\EapHost\Parameters, ServiceDll
Delete C:\Windows\System32\gpsvc.dll
Script: QuarantineDeleteDelete via BC Active Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\gpsvc\Parameters, ServiceDll
Delete C:\Windows\System32\ikeext.dll
Script: QuarantineDeleteDelete via BC Active Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\IKEEXT\Parameters, ServiceDll
Delete C:\Windows\System32\iphlpsvc.dll
Script: QuarantineDeleteDelete via BC Active Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters, ServiceDll
Delete C:\Windows\System32\ipnathlp.dll
Script: QuarantineDeleteDelete via BC Active Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters, ServiceDll
Delete C:\Windows\System32\ipsecsvc.dll
Script: QuarantineDeleteDelete via BC Active Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\PolicyAgent\Parameters, ServiceDll
Delete C:\Windows\System32\iscsiexe.dll
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\MSiSCSI, EventMessageFile C:\Windows\System32\iscsilog.dll
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\iScsiPrt, EventMessageFile C:\Windows\System32\lltdsvc.dll
Script: QuarantineDeleteDelete via BC Active Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\lltdsvc\Parameters, ServiceDll
Delete C:\Windows\System32\lsasrv.dll
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\LsaSrv, EventMessageFile C:\Windows\System32\lsasrv.dll
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Schannel, EventMessageFile C:\Windows\System32\mdsched.exe
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-MemoryDiagnostics-Schedule, EventMessageFile C:\Windows\System32\netman.dll
Script: QuarantineDeleteDelete via BC Active Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Netman\Parameters, ServiceDll
Delete C:\Windows\System32\nlasvc.dll
Script: QuarantineDeleteDelete via BC Active Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\NlaSvc\Parameters, ServiceDll
Delete C:\Windows\System32\nvoglv64.dll
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\NVIDIA OpenGL Driver, EventMessageFile C:\Windows\System32\pcasvc.dll
Script: QuarantineDeleteDelete via BC Active Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\PcaSvc\Parameters, ServiceDll
Delete C:\Windows\System32\profsvc.dll
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-User Profiles Service, EventMessageFile C:\Windows\System32\profsvc.dll
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Profsvc, EventMessageFile C:\Windows\System32\rasauto.dll
Script: QuarantineDeleteDelete via BC Active Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\RasAuto\Parameters, ServiceDll
Delete C:\Windows\System32\rasmans.dll
Script: QuarantineDeleteDelete via BC Active Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\RasMan\Parameters, ServiceDll
Delete C:\Windows\System32\relpost.exe
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-MemoryDiagnostics-Results, EventMessageFile C:\Windows\System32\samsrv.dll
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Directory-Services-SAM, EventMessageFile C:\Windows\System32\samsrv.dll
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\SAM, EventMessageFile C:\Windows\System32\snmptrap.exe
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\SNMPTRAP, EventMessageFile C:\Windows\System32\srvsvc.dll
Script: QuarantineDeleteDelete via BC Active Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters, ServiceDll
Delete C:\Windows\System32\ssdpsrv.dll
Script: QuarantineDeleteDelete via BC Active Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\SSDPSRV\Parameters, ServiceDll
Delete C:\Windows\System32\sstpsvc.dll
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-RasSstp, EventMessageFile C:\Windows\System32\swprv.dll
Script: QuarantineDeleteDelete via BC Active Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\swprv\Parameters, ServiceDll
Delete C:\Windows\System32\tbssvc.dll
Script: QuarantineDeleteDelete via BC Active Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\TBS\Parameters, ServiceDll
Delete C:\Windows\System32\tcpmon.dll
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\TCPMon, EventMessageFile C:\Windows\System32\termsrv.dll
Script: QuarantineDeleteDelete via BC Active Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\TermService\Parameters, ServiceDll
Delete C:\Windows\System32\trkwks.dll
Script: QuarantineDeleteDelete via BC Active Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\TrkWks\Parameters, ServiceDll
Delete C:\Windows\System32\umpnpmgr.dll
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\PlugPlayManager, EventMessageFile C:\Windows\System32\umpo.dll
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Power, EventMessageFile C:\Windows\System32\uxsms.dll
Script: QuarantineDeleteDelete via BC Active Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\UxSms\Parameters, ServiceDll
Delete C:\Windows\System32\vds.exe
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Virtual Disk Service, EventMessageFile C:\Windows\System32\wbiosrvc.dll
Script: QuarantineDeleteDelete via BC Active Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\WbioSrvc\Parameters, ServiceDll
Delete C:\Windows\System32\wecsvc.dll
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\wecsvc, EventMessageFile C:\Windows\System32\wercplsupport.dll
Script: QuarantineDeleteDelete via BC Active Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\wercplsupport\Parameters, ServiceDll
Delete C:\Windows\System32\wersvc.dll
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Application Hang, EventMessageFile C:\Windows\System32\wersvc.dll
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\WerSvc, EventMessageFile C:\Windows\System32\wevtsvc.dll
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Eventlog, EventMessageFile C:\Windows\System32\wiaservc.dll
Script: QuarantineDeleteDelete via BC Active Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\stisvc\Parameters, ServiceDll
Delete C:\Windows\System32\wiaservc.dll
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\StillImage, EventMessageFile C:\Windows\System32\win32k.sys
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, System\CurrentControlSet\Control\Session Manager\SubSystems, Kmode C:\Windows\System32\win32k.sys
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Win32k, EventMessageFile C:\Windows\System32\winlogon.exe
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Winlogon, EventMessageFile C:\Windows\System32\winlogon.exe
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Wlclntfy, EventMessageFile C:\Windows\System32\wkssvc.dll
Script: QuarantineDeleteDelete via BC Active Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters, ServiceDll
Delete C:\Windows\System32\wlansvc.dll
Script: QuarantineDeleteDelete via BC Active Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Wlansvc\Parameters, ServiceDll
Delete C:\Windows\System32\wscsvc.dll
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\SecurityCenter, EventMessageFile C:\Windows\System32\wwansvc.dll
Script: QuarantineDeleteDelete via BC Active Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\WwanSvc\Parameters, ServiceDll
Delete C:\Windows\system32\BlbEvents.dll
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-Backup, EventMessageFile C:\Windows\system32\EventProviders\spcmsg.dll
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Service Pack Installer, EventMessageFile C:\Windows\system32\FntCache.dll
Script: QuarantineDeleteDelete via BC Active Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\FontCache\Parameters, ServiceDll
Delete C:\Windows\system32\ListSvc.dll
Script: QuarantineDeleteDelete via BC Active Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\HomeGroupListener\Parameters, ServiceDll
Delete C:\Windows\system32\Mcx2Svc.dll
Script: QuarantineDeleteDelete via BC Active Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Mcx2Svc\Parameters, ServiceDll
Delete C:\Windows\system32\WINSAT.EXE
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-WindowsSystemAssessmentTool, EventMessageFile C:\Windows\system32\WUDFPlatform.dll
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-DriverFrameworks-UserMode, EventMessageFile C:\Windows\system32\Wat\WatUX.exe
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Windows Activation Technologies, EventMessageFile C:\Windows\system32\bthserv.dll
Script: QuarantineDeleteDelete via BC Active Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\bthserv\Parameters, ServiceDll
Delete C:\Windows\system32\certprop.dll
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-SCPNP, EventMessageFile C:\Windows\system32\cofiredm.dll
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-CorruptedFileRecovery-Client, EventMessageFile C:\Windows\system32\cofiredm.dll
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-CorruptedFileRecovery-Server, EventMessageFile C:\Windows\system32\csrsrv.dll
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Subsys-SMSS, EventMessageFile C:\Windows\system32\defragsvc.dll
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-Defrag, EventMessageFile C:\Windows\system32\dfdts.dll
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-DiskDiagnostic, EventMessageFile C:\Windows\system32\dps.dll
Script: QuarantineDeleteDelete via BC Active Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\DPS\Parameters, ServiceDll
Delete C:\Windows\system32\drivers\HTTP.SYS
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-HttpEvent, EventMessageFile C:\Windows\system32\drivers\fltmgr.sys
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-FilterManager, EventMessageFile C:\Windows\system32\drivers\fvevol.sys
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-BitLocker-Driver, EventMessageFile C:\Windows\system32\drivers\ntfs.sys
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Ntfs, EventMessageFile C:\Windows\system32\dwm.exe
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Desktop Window Manager, EventMessageFile C:\Windows\system32\eapsvc.dll
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-EapHost, EventMessageFile C:\Windows\system32\fdPHost.dll
Script: QuarantineDeleteDelete via BC Active Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\fdPHost\Parameters, ServiceDll
Delete C:\Windows\system32\fdphost.dll
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-FunctionDiscoveryHost, EventMessageFile C:\Windows\system32\fdrespub.dll
Script: QuarantineDeleteDelete via BC Active Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\FDResPub\Parameters, ServiceDll
Delete C:\Windows\system32\fdrespub.dll
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-ResourcePublication, EventMessageFile C:\Windows\system32\fveapi.dll
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-BitLocker-API, EventMessageFile C:\Windows\system32\fxsevent.dll
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft Fax, EventMessageFile C:\Windows\system32\gpsvc.dll
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-GroupPolicy, EventMessageFile C:\Windows\system32\ipbusenum.dll
Script: QuarantineDeleteDelete via BC Active Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\IPBusEnum\Parameters, ServiceDll
Delete C:\Windows\system32\ipbusenum.dll
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-IPBusEnum, EventMessageFile C:\Windows\system32\iphlpsvc.dll
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Iphlpsvc, EventMessageFile C:\Windows\system32\iscsiexe.dll
Script: QuarantineDeleteDelete via BC Active Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\MSiSCSI\Parameters, ServiceDll
Delete C:\Windows\system32\kmsvc.dll
Script: QuarantineDeleteDelete via BC Active Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\hkmsvc\Parameters, ServiceDll
Delete C:\Windows\system32\lpksetup.exe
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-LanguagePackSetup, EventMessageFile C:\Windows\system32\lsm.exe
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\LSM, EventMessageFile C:\Windows\system32\lsm.exe
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-TerminalServices-LocalSessionManager, EventMessageFile C:\Windows\system32\microsoft-windows-hal-events.dll
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-HAL, EventMessageFile C:\Windows\system32\microsoft-windows-kernel-power-events.dll
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Kernel-Power, EventMessageFile C:\Windows\system32\microsoft-windows-kernel-processor-power-events.dll
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Kernel-Processor-Power, EventMessageFile C:\Windows\system32\mmcss.dll
Script: QuarantineDeleteDelete via BC Active Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\MMCSS\Parameters, ServiceDll
Delete C:\Windows\system32\mmcss.dll
Script: QuarantineDeleteDelete via BC Active Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\THREADORDER\Parameters, ServiceDll
Delete C:\Windows\system32\mpssvc.dll
Script: QuarantineDeleteDelete via BC Active Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\MpsSvc\Parameters, ServiceDll
Delete C:\Windows\system32\mpssvc.dll
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Firewall, EventMessageFile C:\Windows\system32\msdtckrm.dll
Script: QuarantineDeleteDelete via BC Active Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\KtmRm\Parameters, ServiceDll
Delete C:\Windows\system32\nvshext.dll
Script: QuarantineDeleteDelete via BC Active Registry key HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9}
Delete C:\Windows\system32\nvspcap64.dll
Script: QuarantineDeleteDelete via BC Active Registry key HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, ShadowPlay
Delete C:\Windows\system32\oobe\winsetup.dll
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Setup, EventMessageFile C:\Windows\system32\p2psvc.dll
Script: QuarantineDeleteDelete via BC Active Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\p2psvc\Parameters, ServiceDll
Delete C:\Windows\system32\pnrpauto.dll
Script: QuarantineDeleteDelete via BC Active Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\PNRPAutoReg\Parameters, ServiceDll
Delete C:\Windows\system32\pnrpsvc.dll
Script: QuarantineDeleteDelete via BC Active Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\p2pimsvc\Parameters, ServiceDll
Delete C:\Windows\system32\pnrpsvc.dll
Script: QuarantineDeleteDelete via BC Active Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\PNRPsvc\Parameters, ServiceDll
Delete C:\Windows\system32\profsvc.dll
Script: QuarantineDeleteDelete via BC Active Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\ProfSvc\Parameters, ServiceDll
Delete C:\Windows\system32\psxss.exe
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, System\CurrentControlSet\Control\Session Manager\SubSystems, Posix C:\Windows\system32\qagentRT.dll
Script: QuarantineDeleteDelete via BC Active Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\napagent\Parameters, ServiceDll
Delete C:\Windows\system32\qmgr.dll
Script: QuarantineDeleteDelete via BC Active Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\BITS\Parameters, ServiceDll
Delete C:\Windows\system32\qmgr.dll
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Bits-Client, EventMessageFile C:\Windows\system32\recovery.dll
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Recovery, EventMessageFile C:\Windows\system32\regsvc.dll
Script: QuarantineDeleteDelete via BC Active Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters, ServiceDll
Delete C:\Windows\system32\rpcss.dll
Script: QuarantineDeleteDelete via BC Active Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\DcomLaunch\Parameters, ServiceDll
Delete C:\Windows\system32\rpcss.dll
Script: QuarantineDeleteDelete via BC Active Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\RpcSs\Parameters, ServiceDll
Delete C:\Windows\system32\schedsvc.dll
Script: QuarantineDeleteDelete via BC Active Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Schedule\Parameters, ServiceDll
Delete C:\Windows\system32\schedsvc.dll
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-TaskScheduler, EventMessageFile C:\Windows\system32\sdclt.exe
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\BackupPath, C:\Windows\system32\sdengin2.dll
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Windows Backup, EventMessageFile C:\Windows\system32\seclogon.dll
Script: QuarantineDeleteDelete via BC Active Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\seclogon\Parameters, ServiceDll
Delete C:\Windows\system32\sensrsvc.dll
Script: QuarantineDeleteDelete via BC Active Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\SensrSvc\Parameters, ServiceDll
Delete C:\Windows\system32\services.exe
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Service Control Manager, EventMessageFile C:\Windows\system32\sppsvc.exe
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Software Protection Platform Service, EventMessageFile C:\Windows\system32\sppsvc.exe
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Key Management Service\KmsRequests, EventMessageFile C:\Windows\system32\sppuinotify.dll
Script: QuarantineDeleteDelete via BC Active Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\sppuinotify\Parameters, ServiceDll
Delete C:\Windows\system32\srcore.dll
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\System Restore, EventMessageFile C:\Windows\system32\sstpsvc.dll
Script: QuarantineDeleteDelete via BC Active Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\SstpSvc\Parameters, ServiceDll
Delete C:\Windows\system32\sstpsvc.dll
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\RasSstp, EventMessageFile C:\Windows\system32\sysmain.dll
Script: QuarantineDeleteDelete via BC Active Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\SysMain\Parameters, ServiceDll
Delete C:\Windows\system32\sysmain.dll
Script: QuarantineDeleteDelete via BC Active Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\rdyboost\Performance, Library
Delete C:\Windows\system32\tbssvc.dll
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-TBS, EventMessageFile C:\Windows\system32\termsrv.dll
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-TerminalServices-RemoteConnectionManager, EventMessageFile C:\Windows\system32\termsrv.dll
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\TermService, EventMessageFile C:\Windows\system32\themeservice.dll
Script: QuarantineDeleteDelete via BC Active Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Themes\Parameters, ServiceDll
Delete C:\Windows\system32\umpnpmgr.dll
Script: QuarantineDeleteDelete via BC Active Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\PlugPlay\Parameters, ServiceDll
Delete C:\Windows\system32\umpnpmgr.dll
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-UserPnp, EventMessageFile C:\Windows\system32\umpo.dll
Script: QuarantineDeleteDelete via BC Active Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Power\Parameters, ServiceDll
Delete C:\Windows\system32\w32time.dll
Script: QuarantineDeleteDelete via BC Active Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\W32Time\Parameters, ServiceDll
Delete C:\Windows\system32\w32time.dll
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Time-Service, EventMessageFile C:\Windows\system32\w32time.dll
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\W32Time, EventMessageFile C:\Windows\system32\w32time.dll
Script: QuarantineDeleteDelete via BC Active Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient, DllName
Delete C:\Windows\system32\w32time.dll
Script: QuarantineDeleteDelete via BC Active Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpServer, DllName
Delete C:\Windows\system32\wbem\WMIsvc.dll
Script: QuarantineDeleteDelete via BC Active Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Winmgmt\Parameters, ServiceDll
Delete C:\Windows\system32\wecsvc.dll
Script: QuarantineDeleteDelete via BC Active Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Wecsvc\Parameters, ServiceDll
Delete C:\Windows\system32\wecsvc.dll
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-EventCollector, EventMessageFile C:\Windows\system32\wecsvc.dll
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\HardwareEvents, DisplayNameFile C:\Windows\system32\wecsvc.dll
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-EventCollector, EventMessageFile C:\Windows\system32\winlogon.exe
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Winlogon, EventMessageFile C:\Windows\system32\winsrv.dll
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-Winsrv, EventMessageFile C:\Windows\system32\wlansvc.dll
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-WLAN-AutoConfig, EventMessageFile C:\Windows\system32\wpdbusenum.dll
Script: QuarantineDeleteDelete via BC Active Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\WPDBusEnum\Parameters, ServiceDll
Delete C:\Windows\system32\wscsvc.dll
Script: QuarantineDeleteDelete via BC Active Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\wscsvc\Parameters, ServiceDll
Delete C:\Windows\system32\wsepno.dll
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Windows Search Service Profile Notification, EventMessageFile C:\Windows\system32\wuaueng.dll
Script: QuarantineDeleteDelete via BC Active Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\wuauserv\Parameters, ServiceDll
Delete C:\Windows\system32\wuaueng.dll
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-WindowsUpdateClient, EventMessageFile Maker\DVDMaker.exe
Script: QuarantineDeleteDelete via BC -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Dvd Maker, EventMessageFile Solution\HP_Remote_Solution.exe
Script: QuarantineDeleteDelete via BC Active Registry key HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, HP Remote Solution
Delete auditcse.dll
Script: QuarantineDeleteDelete via BC Active Registry key HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{f3ccc681-b74c-4060-9f26-cd84525dca2a}, DLLName
Delete nvoglv64.dll
Script: QuarantineDeleteDelete via BC Active Registry key HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\OpenGLDrivers\MSOGL, DLL
Delete Autoruns items found - 719, recognized as trusted - 485
  • 0

#14
Samyaza

Samyaza

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
Internet Explorer extension modules (BHOs, Toolbars ...) File name Type Description Manufacturer CLSID Items found - 1, recognized as trusted - 1 Windows Explorer extension modules File name Destination Description Manufacturer CLSID Items found - 0, recognized as trusted - 0 Printing system extensions (print monitors, providers) File name Type Name Description Manufacturer Items found - 0, recognized as trusted - 0 Task Scheduler jobs File name Job name Job state Description Manufacturer Path Command line Items found - 0, recognized as trusted - 0 SPI/LSP settings

Namespace providers (NSP)

Manufacturer Status EXE file Description GUID Detected - 0, recognized as trusted - 0

Transport protocol providers (TSP, LSP)

Manufacturer EXE file Description Detected - 0, recognized as trusted - 0

Results of automatic SPI settings check

LSP settings checked. No errors detected
TCP/UDP ports Port Status Remote Host Remote Port Application Notes TCP ports 139 LISTENING 0.0.0.0 0 [4] System.exe
Script: QuarantineDeleteDelete via BCTerminate
  445 LISTENING 0.0.0.0 0 [4] System.exe
Script: QuarantineDeleteDelete via BCTerminate
  554 LISTENING 0.0.0.0 0 [6736] wmpnetwk.exe
Script: QuarantineDeleteDelete via BCTerminate
  2869 LISTENING 0.0.0.0 0 [4] System.exe
Script: QuarantineDeleteDelete via BCTerminate
  4370 LISTENING 0.0.0.0 0 [10180] c:\users\natu-ti-ti\appdata\roaming\spotify\spotifywebhelper.exe
Script: QuarantineDeleteDelete via BCTerminate
  4371 LISTENING 0.0.0.0 0 [9280] c:\users\natu-ti-ti\appdata\roaming\spotify\spotify.exe
Script: QuarantineDeleteDelete via BCTerminate
  4380 LISTENING 0.0.0.0 0 [10180] c:\users\natu-ti-ti\appdata\roaming\spotify\spotifywebhelper.exe
Script: QuarantineDeleteDelete via BCTerminate
  4381 LISTENING 0.0.0.0 0 [9280] c:\users\natu-ti-ti\appdata\roaming\spotify\spotify.exe
Script: QuarantineDeleteDelete via BCTerminate
  5357 LISTENING 0.0.0.0 0 [4] System.exe
Script: QuarantineDeleteDelete via BCTerminate
  6877 LISTENING 0.0.0.0 0 [3536] c:\progra~2\origin\legacypm\eacoreserver.exe
Script: QuarantineDeleteDelete via BCTerminate
  7878 LISTENING 0.0.0.0 0 [3536] c:\progra~2\origin\legacypm\eacoreserver.exe
Script: QuarantineDeleteDelete via BCTerminate
  8733 LISTENING 0.0.0.0 0 [4] System.exe
Script: QuarantineDeleteDelete via BCTerminate
  9990 LISTENING 0.0.0.0 0 [3456] NvNetworkService.exe
Script: QuarantineDeleteDelete via BCTerminate
  10243 LISTENING 0.0.0.0 0 [4] System.exe
Script: QuarantineDeleteDelete via BCTerminate
  12344 LISTENING 0.0.0.0 0 [3124] LavasoftTcpService.exe
Script: QuarantineDeleteDelete via BCTerminate
  12350 LISTENING 0.0.0.0 0 [3124] LavasoftTcpService.exe
Script: QuarantineDeleteDelete via BCTerminate
  17729 LISTENING 0.0.0.0 0 [2284] HiPatchService.exe
Script: QuarantineDeleteDelete via BCTerminate
  49154 LISTENING 0.0.0.0 0 [892] lsass.exe
Script: QuarantineDeleteDelete via BCTerminate
  49156 LISTENING 0.0.0.0 0 [848] services.exe
Script: QuarantineDeleteDelete via BCTerminate
  49255 ESTABLISHED 194.14.177.34 4070 [9280] c:\users\natu-ti-ti\appdata\roaming\spotify\spotify.exe
Script: QuarantineDeleteDelete via BCTerminate
  49968 ESTABLISHED 62.115.255.208 80 [3536] c:\progra~2\origin\legacypm\eacoreserver.exe
Script: QuarantineDeleteDelete via BCTerminate
  49990 ESTABLISHED 62.115.255.208 80 [3536] c:\progra~2\origin\legacypm\eacoreserver.exe
Script: QuarantineDeleteDelete via BCTerminate
  49992 ESTABLISHED 62.115.255.208 80 [3536] c:\progra~2\origin\legacypm\eacoreserver.exe
Script: QuarantineDeleteDelete via BCTerminate
  50081 ESTABLISHED 62.115.255.201 80 [3536] c:\progra~2\origin\legacypm\eacoreserver.exe
Script: QuarantineDeleteDelete via BCTerminate
  50324 TIME_WAIT 217.212.252.78 80 [0]     50332 TIME_WAIT 74.125.136.95 80 [0]     50336 TIME_WAIT 173.194.71.97 80 [0]     50338 TIME_WAIT 158.127.30.167 80 [0]     50339 TIME_WAIT 80.239.229.213 80 [0]     50346 TIME_WAIT 185.75.56.52 80 [0]     50347 TIME_WAIT 185.75.56.52 80 [0]     50354 TIME_WAIT 87.248.217.253 80 [0]     50355 TIME_WAIT 87.248.217.253 80 [0]     50359 TIME_WAIT 85.17.80.157 80 [0]     50360 TIME_WAIT 85.17.80.157 80 [0]     50364 TIME_WAIT 217.107.214.99 80 [0]     50365 TIME_WAIT 217.107.214.99 80 [0]     50384 TIME_WAIT 190.93.242.90 80 [0]     50386 TIME_WAIT 87.242.88.126 80 [0]     50390 TIME_WAIT 87.248.217.253 80 [0]     50392 TIME_WAIT 158.127.30.165 80 [0]     50398 TIME_WAIT 104.28.17.59 80 [0]     50399 TIME_WAIT 198.41.215.158 80 [0]     50400 TIME_WAIT 198.41.215.158 80 [0]     50401 TIME_WAIT 198.41.215.158 80 [0]     50410 TIME_WAIT 54.163.95.140 80 [0]     50417 TIME_WAIT 84.39.152.33 80 [0]     50418 ESTABLISHED 84.39.152.33 80 [3264] PSANHost.exe
Script: QuarantineDeleteDelete via BCTerminate
  57621 LISTENING 0.0.0.0 0 [9280] c:\users\natu-ti-ti\appdata\roaming\spotify\spotify.exe
Script: QuarantineDeleteDelete via BCTerminate
  UDP ports 137 LISTENING -- -- [4] System.exe
Script: QuarantineDeleteDelete via BCTerminate
  138 LISTENING -- -- [4] System.exe
Script: QuarantineDeleteDelete via BCTerminate
  5004 LISTENING -- -- [6736] wmpnetwk.exe
Script: QuarantineDeleteDelete via BCTerminate
  5005 LISTENING -- -- [6736] wmpnetwk.exe
Script: QuarantineDeleteDelete via BCTerminate
  48201 LISTENING -- -- [2504] nvtray.exe
Script: QuarantineDeleteDelete via BCTerminate
  57621 LISTENING -- -- [9280] c:\users\natu-ti-ti\appdata\roaming\spotify\spotify.exe
Script: QuarantineDeleteDelete via BCTerminate
  58537 LISTENING -- -- [4020] AgentSvc.exe
Script: QuarantineDeleteDelete via BCTerminate
  60372 LISTENING -- -- [3940] nvstreamsvc.exe
Script: QuarantineDeleteDelete via BCTerminate
  60373 LISTENING -- -- [4300] nvstreamsvc.exe
Script: QuarantineDeleteDelete via BCTerminate
  60374 LISTENING -- -- [4308] nvstreamsvc.exe
Script: QuarantineDeleteDelete via BCTerminate
  60375 LISTENING -- -- [4308] nvstreamsvc.exe
Script: QuarantineDeleteDelete via BCTerminate
  60376 LISTENING -- -- [4300] nvstreamsvc.exe
Script: QuarantineDeleteDelete via BCTerminate
  60377 LISTENING -- -- [4308] nvstreamsvc.exe
Script: QuarantineDeleteDelete via BCTerminate
  65000 LISTENING -- -- [3940] nvstreamsvc.exe
Script: QuarantineDeleteDelete via BCTerminate
  Downloaded Program Files (DPF) File name Description Manufacturer CLSID Source URL Items found - 0, recognized as trusted - 0 Control Panel Applets (CPL) File name Description Manufacturer Items found - 19, recognized as trusted - 19 Active Setup File name Description Manufacturer CLSID Items found - 0, recognized as trusted - 0 HOSTS file Hosts file record
127.0.0.1       localhost
Clear Hosts file Protocols and handlers File name Type Description Manufacturer CLSID Items found - 0, recognized as trusted - 0 Shared resources Network name Path Notes ADMIN$ C:\Windows Remote Admin C$ C:\ Default share D$ D:\ Default share E$ E:\ Default share IPC$   Remote IPC L$ L:\ Default share Users C:\Users   Suspicious objects File Description Type

 

AVZ Antiviral Toolkit log; AVZ version is 4.43
Scanning started at 24.03.2015 12:43:22
Database loaded: signatures - 297605, NN profile(s) - 2, malware removal microprograms - 56, signature database released 24.03.2015 12:21
Heuristic microprograms loaded: 410
PVS microprograms loaded: 9
Digital signatures of system files loaded: 729510
Heuristic analyzer mode: Medium heuristics mode
Malware removal mode: enabled
Windows version is: 6.1.7601, Service Pack 1 "Windows 7 Home Premium"
System Restore: enabled
1. Searching for Rootkits and other software intercepting API functions
1.1 Searching for user-mode API hooks
Analysis: kernel32.dll, export table found in section .text
Analysis: ntdll.dll, export table found in section .text
Analysis: user32.dll, export table found in section .text
Analysis: advapi32.dll, export table found in section .text
Analysis: ws2_32.dll, export table found in section .text
Analysis: wininet.dll, export table found in section .text
Analysis: rasapi32.dll, export table found in section .text
Analysis: urlmon.dll, export table found in section .text
Analysis: netapi32.dll, export table found in section .text
1.2 Searching for kernel-mode API hooks
Error loading driver - operation interrupted [C0000061]
1.4 Searching for masking processes and drivers
Checking not performed: extended monitoring driver (AVZPM) is not installed
1.5 Checking IRP handlers
Error loading driver - operation interrupted [C0000061]
2. Scanning RAM
Number of processes found: 28
Number of modules loaded: 335
Scanning RAM - complete
3. Scanning disks
4. Checking Winsock Layered Service Provider (SPI/LSP)
LSP settings checked. No errors detected
5. Searching for keyboard/mouse/windows events hooks (Keyloggers, Trojan DLLs)
Checking - disabled by user
6. Searching for opened TCP/UDP ports used by malicious software
Checking - disabled by user
7. Heuristic system check
Checking - complete
8. Searching for vulnerabilities
>> Security: disk drives' autorun is enabled
>> Security: administrative shares (C$, D$ ...) are enabled
>> Security: anonymous user access is enabled
>> Security: sending Remote Assistant queries is enabled
Checking - complete
9. Troubleshooting wizard
>> HDD autorun is allowed
>> Network drives autorun is allowed
>> Removable media autorun is allowed
Checking - complete
Files scanned: 143525, extracted from archives: 87507, malicious software found 0, suspicions - 0
Scanning finished at 24.03.2015 13:21:44
Time of scanning: 00:38:22
If you have a suspicion on presence of viruses or questions on the suspected objects,
you can address http://forum.kaspers...hp?showforum=19
For automatic scanning of files from the AVZ quarantine you can use the service http://virusdetector.ru/
Creating archive of files from Quarantine
Creating archive of files from Quarantine - complete
System Analysis in progress
Network diagnostics
DNS and Ping test
Host="yandex.ru", IP="213.180.193.11,93.158.134.11,87.250.250.11,213.180.204.11", Ping=OK (0,66,213.180.193.11)
Host="google.ru", IP="80.239.229.245,80.239.229.249,80.239.229.246,80.239.229.248,80.239.229.247,80.239.229.250,80.239.229.251,80.239.229.244", Ping=OK (0,37,80.239.229.245)
Host="google.com", IP="80.239.229.246,80.239.229.245,80.239.229.250,80.239.229.247,80.239.229.248,80.239.229.251,80.239.229.244,80.239.229.249", Ping=OK (0,45,80.239.229.246)
Host="www.kaspersky.com", IP="195.27.252.18", Ping=OK (0,84,195.27.252.18)
Host="www.kaspersky.ru", IP="93.159.228.17", Ping=OK (0,76,93.159.228.17)
Host="dnl-03.geo.kaspersky.com", IP="85.12.58.13", Ping=OK (0,71,85.12.58.13)
Host="dnl-11.geo.kaspersky.com", IP="193.45.6.10", Ping=OK (0,86,193.45.6.10)
Host="activation-v2.kaspersky.com", IP="195.27.252.50", Ping=Error (11010,0,0.0.0.0)
Host="odnoklassniki.ru", IP="217.20.147.94", Ping=OK (0,82,217.20.147.94)
Host="vk.com", IP="87.240.131.120,87.240.131.97,87.240.131.99", Ping=OK (0,59,87.240.131.120)
Host="vkontakte.ru", IP="95.213.4.242,95.213.4.243,95.213.4.244", Ping=OK (0,64,95.213.4.242)
Host="twitter.com", IP="199.16.156.102,199.16.156.230,199.16.156.6,199.16.156.70", Ping=OK (0,165,199.16.156.102)
Host="facebook.com", IP="173.252.120.6", Ping=OK (0,184,173.252.120.6)
Host="ru-ru.facebook.com", IP="31.13.93.3", Ping=OK (0,78,31.13.93.3)
Network IE settings
IE setting AutoConfigURL=
IE setting AutoConfigProxy=wininet.dll
IE setting ProxyOverride=
IE setting ProxyServer=
IE setting Internet\ManualProxies=
Network TCP/IP settings
Network Persistent Routes

System Analysis - complete


  • 0

#15
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you attach the zip file please
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP