Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

How to remove http://websearch.mocaflix.com/ [Solved]

Started by CrazyShadowDami , Dec 07 2012 02:00 PM

  • This topic is locked This topic is locked

#1
CrazyShadowDami
Posted 07 December 2012 - 02:00 PM

CrazyShadowDami

    Member

  • Member
  • PipPip
  • 23 posts
this topic was started before, but it was not continued. basically, the answerer said it to ran i a scan with a program, and write down the log files. here are mine:


extras.txt:

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0CE89846-2FD6-4853-AA06-E67EFFBA9435}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{152F1625-2926-4AEC-BA6C-86414FBC1BAF}" = rport=138 | protocol=17 | dir=out | app=system |
"{2BEB06B0-0A9E-46C0-A79A-ED81359A7C39}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{326FD6A7-E208-41E7-A7DF-A095CACFE7EA}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{32DD01DA-B4B6-4DC6-BC46-E665668A7178}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{36404FAB-87B5-4BC0-B018-ABB57EA38D67}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{38B80DB4-C866-4EEE-BE00-67E607CD878E}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{3D9BFBCA-4637-4BB5-BF2B-D42AE40452DA}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{3EE24BD5-A7D5-4406-BDAC-9DF627B720DA}" = lport=139 | protocol=6 | dir=in | app=system |
"{3F382305-C8F1-4F7F-83D3-BF0F87B18349}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{41ED6387-995C-4A4D-8398-E8ED918D4406}" = rport=445 | protocol=6 | dir=out | app=system |
"{46911AE0-63F2-4E8B-BEA5-F59227F0F944}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{4CF2AE89-A2EF-41FE-8252-1C76FB511080}" = rport=10243 | protocol=6 | dir=out | app=system |
"{57EBFECF-8F2C-44EB-8E07-A8BBF647FEB5}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{640EF74A-C68D-4529-B250-BF583F3D3F27}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{6C99D178-B2DD-46AB-9AA0-4BE20D45C2FC}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{6DD703B7-E078-40B6-BC2E-7847866F58A7}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{74AFDC44-8D8D-44BC-9B55-DECCFC1B63BC}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{752B6415-55EE-48B4-AE68-B94E64C756DA}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{7F6EE04F-65A1-4561-9B2C-28616347CAC7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{80D0778B-9BE4-4854-B7A4-A2E46374259D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{82934952-613E-4D43-8CBE-7BC50E18E107}" = lport=445 | protocol=6 | dir=in | app=system |
"{8FA0817D-22D6-404F-A94C-74EE38532165}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{92EDF522-399D-4CDC-AC4E-D4CF5951F601}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{954F618D-B17B-44FF-9E1A-0210DBCC7297}" = rport=139 | protocol=6 | dir=out | app=system |
"{97534E36-BBC2-48C0-AA5F-956A90209BA4}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{9A7E55EF-B200-4E5D-BAA6-51377D249887}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{9E0FD8BE-6E96-4700-B2AA-F43B6696F081}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{A71147FF-F16B-4F13-9A65-D7EC0F03701A}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{A7B90773-2905-4A77-BC1E-9818A3A29756}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{A8E7F647-B7E5-4F05-9D74-A0C002772E27}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{AC95AD81-C8AE-435B-B42D-C0AEE08E0E61}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{AD4DA5EA-46A6-420D-B2D0-E37BB1E13780}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AD5F1022-BDB9-40F1-9E56-268DD10303C2}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{BA3A4118-B0C0-44E6-951D-AB08A5734EFD}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{BBC8CEAD-D7F0-4FB1-8394-3BF65C7D344E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BEA011FE-0E4A-4043-B200-7333310ED230}" = lport=137 | protocol=17 | dir=in | app=system |
"{C0A0C4D1-3788-443D-A88B-9E1AF49518ED}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{C7BB293D-6588-4E81-9312-20386F07CC46}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{CC19EF88-A624-4049-9A27-F69AEE0CA3E3}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{CCFFDE19-AC87-466C-901C-9641F08AC8EF}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{D04BA3A2-9618-48A6-969A-5609094A3152}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{D1DED7C5-7F5E-44F9-BF68-273FAEBE29D3}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{D1F635C5-E8E2-4C37-AA6A-E62A531353B1}" = rport=137 | protocol=17 | dir=out | app=system |
"{D570E9D6-D60C-4298-80DF-7CDCD8FFAB35}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DA376CA8-42D8-4335-910F-573E0521E6B8}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{DC684A25-23C1-41B1-80E5-5A7982F689B1}" = lport=10243 | protocol=6 | dir=in | app=system |
"{E317915A-AB38-4496-BC05-714E1F7E1EDE}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{E62FD93E-414E-44F7-A874-88C9E8764E0A}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{E7427FF2-255C-44CB-BC23-7D49DE3ED984}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E7A8A2BA-8C2F-4548-A212-70F88911CBA7}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{E9163592-DDB1-4EBF-9EFD-1B551F21EC3E}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{EA29FB54-E3AB-41EC-B025-FBB0F868D737}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{EE5857FE-D754-4932-BB91-842F07819093}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{F36285E2-AA5C-4C46-816D-03A98128A5EC}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{F545ED7C-AAA5-41DB-8688-06FBFA896BE5}" = lport=138 | protocol=17 | dir=in | app=system |
"{F8AC911E-D770-48E2-A0EB-72F7B4A39BB3}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{F8E3F66A-6BFB-467F-8D29-11D57217C1D5}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{F90BC836-B1CB-4569-8270-CBA92659012F}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{FAECE740-5C53-4E0E-9DA6-FB4CA96C7C98}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0252F0AF-E8BF-4DC6-8259-9BD1B42BCFE2}" = protocol=1 | dir=in | [email protected],-28543 |
"{037EB065-F608-46FD-8CD9-B5A1E75A2935}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{18DEBC9C-7A06-43ED-AB63-B66DAB216D85}" = protocol=17 | dir=in | app=c:\program files\opera x64\pluginwrapper\opera_plugin_wrapper_32.exe |
"{19CD4B8D-2BCD-4FEB-8CD0-4A39680F6C70}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1B91DCA3-4BED-4C8B-9399-DE311CD135C6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{29B0E080-7E1C-4197-B50C-87EBF40E855F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2B50CEB8-76B3-4ADB-AD77-17102E168A34}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2C82A370-6E06-4A77-89A4-118982482B39}" = protocol=6 | dir=in | app=c:\program files\opera x64\opera.exe |
"{3A0C710C-1ED9-451B-9227-189C838233EA}" = protocol=17 | dir=in | app=c:\program files (x86)\goforfiles\goforfilesdl.exe |
"{3B301B4B-FA4A-4989-9FD4-DFA73C3547CF}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3CC90C0D-E1FA-4454-9A4E-DD866C4665C9}" = protocol=17 | dir=in | app=c:\program files (x86)\goforfiles\goforfiles.exe |
"{3F515510-AB9B-4B48-9844-3C71F7E42FF7}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{4042E073-ACED-465D-A94C-C88857298380}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4BC1CDA0-1A1D-40BA-8BF5-7F1B888BF6BF}" = protocol=6 | dir=in | app=c:\program files\opera x64\pluginwrapper\opera_plugin_wrapper.exe |
"{4D92565C-6081-47F4-BD17-4C46BB8D1244}" = protocol=6 | dir=in | app=c:\program files (x86)\goforfiles\goforfiles.exe |
"{5948C977-E77C-46F4-992A-D08C0541E986}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{6283EC81-E6E9-40EE-9B22-848EE3904D71}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{65A77D1D-F06D-4D14-85FB-A02E60EA033D}" = protocol=6 | dir=out | app=system |
"{6690ABE2-EBFE-41B4-80EF-C5B3E4043739}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{68E5F5CC-8A1E-4054-B06D-9D97C7911967}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{69C2824F-9EB2-4367-8C00-7584AC72DBBB}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 1942\bf1942.exe |
"{70BF7EEB-C772-43CB-B557-E1DCA11FF4F2}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{78CE11BF-068C-4C29-9516-1BD6914D9D74}" = protocol=6 | dir=in | app=c:\program files (x86)\goforfiles\goforfilesdl.exe |
"{7E418835-A8DE-4870-985B-2F72978E6F72}" = protocol=6 | dir=in | app=c:\program files\opera x64\pluginwrapper\opera_plugin_wrapper_32.exe |
"{802DEB2A-E4D8-4A55-99A9-E68F51948AD0}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{A47360C2-AFD0-4017-8074-A1B0CAA44BEB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A4C9AD46-81EE-4FDD-A02E-B2CEAE716133}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B4ADB5D6-65E5-4682-B9F2-FEF9CD5A8390}" = protocol=1 | dir=out | [email protected],-28544 |
"{BEE5AA91-042D-427A-B579-BCDF7CA9CE66}" = protocol=17 | dir=in | app=c:\program files\opera x64\pluginwrapper\opera_plugin_wrapper.exe |
"{C1D554AB-4DCA-4C3C-861C-7E6052196BF5}" = protocol=58 | dir=out | [email protected],-28546 |
"{C354D414-9242-46D9-826C-C1EBCA107E69}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C467579C-B767-432D-ABDC-8211A7333EEE}" = protocol=58 | dir=in | [email protected],-28545 |
"{C9D1D3CD-A888-46FC-973F-482C68D563A6}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{CF995917-8A3E-4445-9A1B-BCF23075981F}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{D4122F53-D7D5-4D71-9525-1940A9C5773D}" = protocol=17 | dir=in | app=c:\program files\opera x64\opera.exe |
"{D54F3F49-569D-4C45-8EEF-EEF55D0CCEC8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{DF24B8F5-4D24-4B7D-BBC0-E5A0483B1B03}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E3EF0A87-4A4F-47AB-8623-2958EFDE013D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E6D75C65-3556-4064-9348-364FEBFA2202}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 1942\bf1942.exe |
"{EE5E60BE-9FA6-4AF9-A54A-0DDABC2B010E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F2AAD619-8632-4ABA-B557-B4C0015B82A2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F56ADE14-05D8-43FE-9CAB-E4AB9CC2A6D4}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"TCP Query User{7FD414E9-0A40-4AAD-88E5-08B0B49B5FA2}C:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"TCP Query User{D75F2537-E127-4D44-90A5-C5B8F1D9281B}C:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
"TCP Query User{DEE90CB2-B07E-4C9E-90EA-94A781E5D053}C:\program files (x86)\ea games\kingdoms of amalur reckoning\reckoning.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\kingdoms of amalur reckoning\reckoning.exe |
"UDP Query User{2AB30998-B218-44A4-9C6C-0D1CEE9A77EC}C:\program files (x86)\ea games\kingdoms of amalur reckoning\reckoning.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\kingdoms of amalur reckoning\reckoning.exe |
"UDP Query User{5B750938-609E-4641-877D-DDDDD1D3C8EC}C:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
"UDP Query User{D40756AE-71BC-4771-9FC2-16C47AAB634C}C:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86417009FF}" = Java 7 Update 9 (64-bit)
"{41253317-0BF1-8A3C-2CED-0C7D8037E97E}" = AMD Fuel
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{852B1308-4E5A-B54D-637D-F710D92C6930}" = AMD Accelerated Video Transcoding
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{ABFC0970-7FDF-9E49-C049-5D24CB1F150E}" = AMD Catalyst Install Manager
"{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client
"{DE7BAEF8-C639-381A-D835-95BD517ED602}" = AMD Media Foundation Decoders
"{E88AD18B-D467-F11F-C431-99DE36FCACC7}" = ccc-utility64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F972FD73-47FC-55F7-5EF1-8CA5311FF96E}" = AMD Drag and Drop Transcoding
"Broadcom 802.11 Network Adapter" = Broadcom 802.11 Network Adapter
"EPSON SX125 Series" = EPSON SX125 Series Printer Uninstall
"GIMP-2_is1" = GIMP 2.8.2
"HP Color LaserJet 1600" = HP Color LaserJet 1600
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"OptimizerPro" = OptimizerPro
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.20 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{11210BD7-A8EF-79EE-D18F-021D1E04A689}" = CCC Help Dutch
"{118AD615-8BCF-11D6-1700-B6763A0EA713}" = CCC Help Polish
"{145238D6-1ADD-15DD-4499-744215DCCD18}" = Catalyst Control Center InstallProxy
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = Browser Manager
"{15DEA4E9-E4AD-2A1A-4B59-89CA65D5075B}" = CCC Help Finnish
"{16726771-C380-4280-BAF9-1223B3838786}" = SaveAs
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1AFD9DDB-FB24-F8C4-E792-03901C50490D}" = CCC Help Swedish
"{1B0FF612-0E07-4AB2-DD95-EB7651AEB3A1}" = CCC Help Italian
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1" = World of Tanks
"{25D080C2-19A4-427D-A12A-979D674B57F8}}_is1" = Hearts of Iron III - Their Finest Hour version 4.02
"{263050F0-65B8-4288-9B70-90FAA1B8A1E7}" = DayZ Commander
"{291E2930-2240-11E2-BC84-B8AC6F98CCE3}" = Google Earth Plug-in
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{376A622B-F0FA-DDAB-9635-05D9F3F634D6}" = CCC Help Norwegian
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Acer Crystal Eye Webcam Video Class Camera
"{3CBF3EBB-235D-4c29-A68B-2BB1F428586E}" = ParetoLogic PC Health Advisor
"{48BA11B4-3E38-FA74-2D5A-003475844AA3}" = CCC Help Spanish
"{4DD75A56-D9DA-DD49-3507-470C7CA7B43F}" = CCC Help Chinese Standard
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{59C80C5E-8C92-40FF-B910-2BB5C7281F61}" = Europa Universalis III
"{5BE7BD06-512B-43bf-AD78-3BD2A5F5F7B3}" = Battlefield 1942™
"{5C84078D-CB3B-47B1-AB51-A333D137F9DB}" = HOI3Editor
"{5DB24244-5ABE-A87B-5FB1-95CF09F801A8}" = CCC Help German
"{61D73C02-EF3F-45D2-7F01-DCC4B1B39CC3}" = CCC Help Korean
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{6DDC515D-1FE6-C5FC-E872-24D1B8B4C1A1}" = CCC Help Russian
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7427941A-51A3-E2EB-BCD2-A1981DBCA4AD}" = Catalyst Control Center Graphics Previews Common
"{7760D94E-B1B5-40A0-9AA0-ABF942108755}" = Acer Crystal Eye Webcam
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79A16F82-9F79-E47E-C6D4-206E7CC1D593}" = CCC Help Czech
"{8153BA0E-719E-3829-3B06-DC1412933BD6}" = CCC Help Japanese
"{8B7D9B66-1B53-D729-FD0C-ED38629FA407}" = CCC Help Greek
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C3B7F54-C6E2-4A74-9937-9C6EBA10C4A2}" = Victoria 2
"{A4A550A8-4EEF-8577-1C15-E3C914FF4AD9}" = CCC Help Portuguese
"{A866F37D-0E46-1812-3E3C-9778D4A458B2}" = AMD VISION Engine Control Center
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAF7FFC8-20C4-CB57-4982-68EB410EBBC7}" = CCC Help Danish
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI
"{AD4B6B20-11CE-2C81-9615-2DCAABF15966}" = CCC Help French
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{D0106CC2-E34B-4FA3-B6B6-91F0ACEA2CC3}" = Hearts of Iron III
"{D1931310-EEF5-3B7A-0C57-01127888E4E4}" = CCC Help Turkish
"{E5EABF66-F9C4-430C-B97D-3CF28A58D50B}" = Alcor Micro USB Card Reader
"{E72F1051-B87E-4EF4-AE9F-8FDD229CC438}" = Catalyst Control Center - Branding
"{E7A94CD8-526B-FDD3-E16F-CB40A0747C70}" = CCC Help Chinese Traditional
"{E91BD0CF-EFA8-477C-8207-A026E70BBED9}" = CCC Help English
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{ECD4DCC1-C03F-8CC2-432B-317ECB9D6A09}" = Catalyst Control Center Localization All
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F9F07F00-FF55-7752-7FF8-F512AF641BA9}" = CCC Help Thai
"{FB03A941-815E-42F2-B604-FCE5636DB90B}" = AVG PC TuneUp Language Pack (en-US)
"{FFE0A7EE-0627-307D-F102-519B5B367703}" = CCC Help Hungarian
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ArnA 2: Combined Operations" = ArnA 2: Combined Operations
"BattlEye for OA" = BattlEye for OA Uninstall
"BinMake" = BinMake Uninstall
"BinPBO Personal Edition" = BinPBO Personal Edition Uninstall
"BI's Tools drive" = BI's Tools drive Uninstall
"Browser Defender_is1" = Browser Guard 4.0
"DAEMON Tools Lite" = DAEMON Tools Lite
"Dll-Files.com Fixer_is1" = Dll-Files.com Fixer
"Easy Driver Pro_is1" = Easy Driver Pro v8.03
"EPSON Scanner" = EPSON Scan
"ffdshow_is1" = ffdshow [rev 3154] [2009-12-09]
"For the Motherland_is1" = For the Motherland version 3.05
"FSM Editor Personal Edition" = FSM Editor Personal Edition Uninstall
"Game Booster_is1" = Game Booster 3
"Google Chrome" = Google Chrome
"InstallShield_{E5EABF66-F9C4-430C-B97D-3CF28A58D50B}" = Alcor Micro USB Card Reader
"KeyFinder_is1" = Magical Jelly Bean KeyFinder
"Kingdoms of Amalur Reckoning_is1" = Kingdoms of Amalur Reckoning
"MDT" = Battlefield Mod Development Toolkit
"Notepad++" = Notepad++
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"Optimizer Pro_is1" = Optimizer Pro v3.0
"Origin" = Origin
"Oxygen 2 Personal Edition" = Oxygen 2 Personal Edition Uninstall
"Semper Fi_is1" = Semper Fi 1.0
"Sound Tools" = Sound Tools Uninstall
"SP_8e4eb48d" = Search Assistant MocaFlix 1.66
"Spyware Doctor" = PC Tools Spyware Doctor 9.1
"TexView 2" = TexView 2 Uninstall
"uTorrent" = µTorrent
"Visitor 3" = Visitor 3 Uninstall
"VLC media player" = VLC media player 2.0.4

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1244192888-2074367317-640824109-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"SOE-C:/Program Files (x86)/PlanetSide" = gamelauncher-ps2-psg (x86)-PlanetSide
"SOE-C:/Users/Damjan/AppData/Local/Sony Online Entertainment/ApplicationUpdater" = applicationupdater
"soe-PlanetSide 2 PSG" = PlanetSide 2

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 3.12.2012. 9:20:43 | Computer Name = Damjan-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8003

Error - 3.12.2012. 11:52:37 | Computer Name = Damjan-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 3.12.2012. 11:52:37 | Computer Name = Damjan-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9122003

Error - 3.12.2012. 11:52:37 | Computer Name = Damjan-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9122003

Error - 5.12.2012. 19:56:19 | Computer Name = Damjan-PC | Source = Application Error | ID = 1000
Description = Faulting application name: BF1942.exe, version: 0.0.0.0, time stamp:
0x50731041 Faulting module name: BF1942.exe, version: 0.0.0.0, time stamp: 0x50731041
Exception
code: 0xc0000005 Fault offset: 0x002009cb Faulting process id: 0xb2c Faulting application
start time: 0x01cdd3440ee350a6 Faulting application path: C:\Program Files (x86)\Origin
Games\Battlefield 1942\BF1942.exe Faulting module path: C:\Program Files (x86)\Origin
Games\Battlefield 1942\BF1942.exe Report Id: 5cc08054-3f37-11e2-9151-60eb69c1029c

Error - 5.12.2012. 20:02:05 | Computer Name = Damjan-PC | Source = Application Hang | ID = 1002
Description = The program BlackScreen.exe version 0.0.0.0 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: bf8 Start
Time: 01cdd344e1eda2f7 Termination Time: 0 Application Path: C:\Program Files (x86)\Origin
Games\Battlefield 1942\BlackScreen.exe Report Id: 23ce1bd3-3f38-11e2-9151-60eb69c1029c


Error - 6.12.2012. 17:19:47 | Computer Name = Damjan-PC | Source = Application Hang | ID = 1002
Description = The program Explorer.EXE version 6.1.7601.17567 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 6ec Start
Time: 01cdd314fb827ea1 Termination Time: 3108 Application Path: C:\Windows\Explorer.EXE

Report
Id: a31cfc74-3fea-11e2-9151-60eb69c1029c

Error - 7.12.2012. 11:34:58 | Computer Name = Damjan-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 7.12.2012. 11:34:58 | Computer Name = Damjan-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 19508845

Error - 7.12.2012. 11:34:58 | Computer Name = Damjan-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 19508845

[ System Events ]
Error - 6.12.2012. 13:25:25 | Computer Name = Damjan-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 7.12.2012. 4:01:44 | Computer Name = Damjan-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 7.12.2012. 4:49:57 | Computer Name = Damjan-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 7.12.2012. 5:09:19 | Computer Name = Damjan-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 7.12.2012. 6:06:22 | Computer Name = Damjan-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 7.12.2012. 11:35:01 | Computer Name = Damjan-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 7.12.2012. 12:41:41 | Computer Name = Damjan-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 7.12.2012. 15:53:46 | Computer Name = Damjan-PC | Source = PCTCore | ID = 327960
Description = The item store is corrupted: @5644.

Error - 7.12.2012. 15:53:46 | Computer Name = Damjan-PC | Source = PCTCore | ID = 327960
Description = The item store is corrupted: @5644.

Error - 7.12.2012. 15:53:46 | Computer Name = Damjan-PC | Source = PCTCore | ID = 327960
Description = The item store is corrupted: @5644.


< End of report >


OTL.txt:



OTL logfile created on: 7.12.2012. 20:38:10 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Damjan\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000041a | Country: Hrvatska | Language: HRV | Date Format: d.M.yyyy.

3,75 Gb Total Physical Memory | 1,99 Gb Available Physical Memory | 53,16% Memory free
7,49 Gb Paging File | 5,20 Gb Available in Paging File | 69,32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 443,13 Gb Total Space | 301,58 Gb Free Space | 68,06% Space Free | Partition Type: NTFS
Drive D: | 488,28 Gb Total Space | 488,18 Gb Free Space | 99,98% Space Free | Partition Type: NTFS
Drive E: | 5,63 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive F: | 880,46 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive G: | 100,00 Mb Total Space | 71,66 Mb Free Space | 71,67% Space Free | Partition Type: NTFS

Computer Name: DAMJAN-PC | User Name: Damjan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.12.07 20:37:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Damjan\Downloads\OTL.exe
PRC - [2012.12.05 18:10:34 | 002,403,352 | ---- | M] () -- C:\ProgramData\Browser Manager\2.5.976.107\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe
PRC - [2012.12.01 18:49:21 | 000,511,152 | ---- | M] (Electronic Arts) -- C:\Program Files (x86)\Origin\OriginClientService.exe
PRC - [2012.12.01 18:49:20 | 003,492,504 | ---- | M] (Electronic Arts) -- C:\Program Files (x86)\Origin\Origin.exe
PRC - [2012.11.28 04:43:18 | 001,242,728 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2012.11.22 10:29:16 | 003,290,304 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012.10.25 11:06:16 | 015,211,376 | ---- | M] (Wargaming.net) -- C:\Games\World_of_Tanks\WorldOfTanks.exe
PRC - [2012.09.23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.09.19 15:50:47 | 000,233,472 | ---- | M] () -- C:\ProgramData\Premium\OptimizerPro\OptimizerPro.exe
PRC - [2012.04.27 19:05:40 | 000,613,208 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Game Booster 3\gbtray.exe
PRC - [2012.04.26 21:14:46 | 000,521,560 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Game Booster 3\FPSClient.exe
PRC - [2012.04.05 15:48:02 | 000,255,376 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2010.11.20 13:17:36 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\schtasks.exe
PRC - [2008.07.29 19:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe


========== Modules (No Company Name) ==========

MOD - [2012.12.05 18:10:34 | 002,403,352 | ---- | M] () -- C:\ProgramData\Browser Manager\2.5.976.107\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe
MOD - [2012.12.05 18:09:41 | 002,148,376 | ---- | M] () -- C:\ProgramData\Browser Manager\2.5.976.107\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.dll
MOD - [2012.12.01 18:49:22 | 000,062,976 | ---- | M] () -- C:\Program Files (x86)\Origin\tufao.dll
MOD - [2012.11.28 04:43:17 | 000,460,904 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\ppgooglenaclpluginchrome.dll
MOD - [2012.11.28 04:43:16 | 012,456,040 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\PepperFlash\pepflashplayer.dll
MOD - [2012.11.28 04:43:15 | 004,008,040 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\pdf.dll
MOD - [2012.11.28 04:42:30 | 000,587,880 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\libglesv2.dll
MOD - [2012.11.28 04:42:29 | 000,124,520 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\libegl.dll
MOD - [2012.11.28 04:42:22 | 000,157,304 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\avutil-51.dll
MOD - [2012.11.28 04:42:21 | 002,168,952 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\avcodec-54.dll
MOD - [2012.11.28 04:42:21 | 000,275,576 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\avformat-54.dll
MOD - [2012.11.12 11:03:58 | 002,147,352 | ---- | M] () -- c:\ProgramData\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.dll
MOD - [2012.10.25 11:06:16 | 000,327,680 | ---- | M] () -- C:\Games\World_of_Tanks\voip.dll
MOD - [2012.10.25 11:06:16 | 000,280,552 | ---- | M] () -- C:\Games\World_of_Tanks\ortp.dll
MOD - [2012.10.25 11:06:16 | 000,270,336 | ---- | M] () -- C:\Games\World_of_Tanks\libcurl.dll
MOD - [2012.10.11 11:54:00 | 000,427,520 | ---- | M] () -- c:\Program Files (x86)\MocaFlix\sprotector.dll
MOD - [2012.08.27 21:33:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012.08.27 21:33:08 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012.04.26 21:14:56 | 000,218,968 | ---- | M] () -- C:\Program Files (x86)\IObit\Game Booster 3\FPS.dll
MOD - [2012.04.26 21:14:54 | 000,269,656 | ---- | M] () -- C:\Program Files (x86)\IObit\Game Booster 3\D3DX8Wrapper.dll
MOD - [2008.07.29 19:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe


========== Services (SafeList) ==========

SRV:64bit: - [2012.09.28 15:43:40 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2012.09.12 21:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012.09.12 21:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2012.04.05 15:48:02 | 000,255,376 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service)
SRV:64bit: - [2010.03.26 11:46:48 | 000,920,352 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.12.05 18:10:34 | 002,403,352 | ---- | M] () [Auto | Running] -- C:\ProgramData\Browser Manager\2.5.976.107\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe -- (Browser Manager)
SRV - [2012.11.22 10:29:16 | 003,290,304 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012.11.04 20:22:20 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.10.19 16:33:26 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.09.23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012.11.04 18:49:27 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012.11.02 18:49:47 | 003,060,800 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2012.09.28 02:12:52 | 000,460,288 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.08.30 22:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.05.14 07:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012.04.09 10:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.2)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.03.11 20:17:42 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010.03.05 18:04:08 | 000,335,400 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2010.03.01 23:37:40 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2010.02.15 04:05:12 | 000,102,440 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010.01.18 15:38:00 | 000,075,304 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010.01.13 23:41:12 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010.01.13 23:41:06 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009.08.18 03:48:48 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.08.18 03:48:48 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2010.11.01 06:08:46 | 000,014,544 | ---- | M] (OpenLibSys.org) [File_System | On_Demand | Stopped] -- C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys -- (WinRing0_1_2_0)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://websearch.mocaflix.com/
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.moc...q={searchTerms}






IE - HKU\S-1-5-21-1244192888-2074367317-640824109-1000\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://isearch.babyl...000ec55f90849df
IE - HKU\S-1-5-21-1244192888-2074367317-640824109-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://websearch.mocaflix.com/
IE - HKU\S-1-5-21-1244192888-2074367317-640824109-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1244192888-2074367317-640824109-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = hr-HR
IE - HKU\S-1-5-21-1244192888-2074367317-640824109-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DE 67 A6 42 23 B9 CD 01 [binary data]
IE - HKU\S-1-5-21-1244192888-2074367317-640824109-1000\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-1244192888-2074367317-640824109-1000\..\SearchScopes,DefaultScope = {BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
IE - HKU\S-1-5-21-1244192888-2074367317-640824109-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-1244192888-2074367317-640824109-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://isearch.babyl...000ec55f90849df
IE - HKU\S-1-5-21-1244192888-2074367317-640824109-1000\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.moc...q={searchTerms}
IE - HKU\S-1-5-21-1244192888-2074367317-640824109-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1244192888-2074367317-640824109-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-1244192888-2074367317-640824109-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://proxypac.morh/proxy.pac


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{58bd07eb-0ee0-4df0-8121-dc9b693373df}: C:\ProgramData\Browser Manager\2.5.976.107\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension [2012.12.06 18:26:00 | 000,000,000 | ---D | M]

[2012.11.22 13:08:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

========== Chrome ==========

CHR - homepage: http://websearch.mocaflix.com/
CHR - Extension: No name found = C:\Users\Damjan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\Damjan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Users\Damjan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Users\Damjan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.4.0.11328_0\
CHR - Extension: No name found = C:\Users\Damjan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhafjfkjcapkhhloimicdnpcmoabmakj\2\
CHR - Extension: No name found = C:\Users\Damjan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhafjfkjcapkhhloimicdnpcmoabmakj\2_0\
CHR - Extension: No name found = C:\Users\Damjan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SaveAs Class) - {419C3039-26F5-7982-FDD1-1BE030478752} - C:\ProgramData\SaveAs\50c24129056ad.ocx ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [PLFSetL] C:\Windows\\PLFSetL.exe ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1244192888-2074367317-640824109-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1244192888-2074367317-640824109-1000..\Run: [EADM] C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
O4 - HKU\S-1-5-21-1244192888-2074367317-640824109-1000..\Run: [Easy Driver Pro] C:\Program Files (x86)\Probit Software\Easy Driver Pro\DPLauncher.exe (Probit Software)
O4 - HKU\S-1-5-21-1244192888-2074367317-640824109-1000..\Run: [mapdisk] C:\Users\Damjan\Documents\ArmAWork\mapdisk.bat ()
O4 - HKU\S-1-5-21-1244192888-2074367317-640824109-1000..\Run: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe (PC Utilities Pro)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-21-1244192888-2074367317-640824109-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1244192888-2074367317-640824109-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1244192888-2074367317-640824109-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1244192888-2074367317-640824109-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9846893D-56D2-4C86-BD86-9E07206BEA4F}: NameServer = 172.24.2.9,192.168.1.20
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A7FEB547-ECC0-4937-9B7E-14E24CE0CBE0}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (c:\progra~3\browse~1\25976~1.107\{c16c1~1\mngr.dll) - c:\ProgramData\Browser Manager\2.5.976.107\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.dll ()
O20 - AppInit_DLLs: (c:\progra~2\mocaflix\sprote~1.dll) - c:\Program Files (x86)\MocaFlix\sprotector.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.09.09 20:35:07 | 000,206,657 | R--- | M] () - E:\Autorun.ico -- [ CDFS ]
O32 - AutoRun File - [2011.10.07 23:43:22 | 000,000,106 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2012.03.21 15:40:40 | 000,000,214 | R--- | M] () - F:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{696ae26f-2699-11e2-9c45-60eb69c1029c}\Shell - "" = AutoRun
O33 - MountPoints2\{696ae26f-2699-11e2-9c45-60eb69c1029c}\Shell\AutoRun\command - "" = F:\Setup.exe -- [2012.03.21 15:40:40 | 913,704,445 | R--- | M] ( )
O33 - MountPoints2\{7e6903a6-2d6e-11e2-a9b1-60eb69c1029c}\Shell - "" = AutoRun
O33 - MountPoints2\{7e6903a6-2d6e-11e2-a9b1-60eb69c1029c}\Shell\AutoRun\command - "" = H:\iLinker.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

CREATERESTOREPOINT
System Restore Service not available.

========== Files/Folders - Created Within 30 Days ==========

[2012.12.07 20:41:56 | 000,413,448 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTCore64.sys
[2012.12.07 20:41:41 | 000,253,256 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTSD64.sys
[2012.12.07 20:41:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2012.12.07 20:41:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools
[2012.12.07 20:40:25 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012.12.07 20:40:22 | 000,000,000 | ---D | C] -- C:\Users\Damjan\AppData\Roaming\TestApp
[2012.12.07 20:33:27 | 000,000,000 | ---D | C] -- C:\Users\Damjan\AppData\Roaming\Optimizer Pro
[2012.12.07 20:33:26 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012.12.07 20:18:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MocaFlix
[2012.12.07 20:18:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro
[2012.12.07 20:18:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Premium
[2012.12.07 20:17:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Optimizer Pro
[2012.12.07 20:17:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SaveAs
[2012.12.07 20:17:33 | 000,000,000 | ---D | C] -- C:\ProgramData\SaveAs
[2012.12.07 20:17:00 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2012.12.04 22:33:45 | 000,000,000 | ---D | C] -- C:\Windows\Battlefield Mod Development Toolkit
[2012.12.04 20:44:52 | 000,000,000 | ---D | C] -- C:\Users\Damjan\.thumbnails
[2012.12.04 20:42:19 | 000,000,000 | ---D | C] -- C:\Users\Damjan\AppData\Local\fontconfig
[2012.12.04 20:42:17 | 000,000,000 | ---D | C] -- C:\Users\Damjan\AppData\Local\gegl-0.2
[2012.12.04 20:42:17 | 000,000,000 | ---D | C] -- C:\Users\Damjan\.gimp-2.8
[2012.12.04 20:40:18 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2
[2012.12.03 18:33:39 | 000,000,000 | ---D | C] -- C:\Users\Damjan\AppData\Roaming\Wargaming.net
[2012.12.02 18:47:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Tanks
[2012.12.02 18:47:19 | 000,000,000 | ---D | C] -- C:\Games
[2012.12.01 19:19:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 1942
[2012.12.01 19:19:51 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\EAInstaller
[2012.12.01 18:45:34 | 000,000,000 | ---D | C] -- C:\Users\Damjan\AppData\Roaming\Origin
[2012.12.01 18:45:29 | 000,000,000 | ---D | C] -- C:\Users\Damjan\AppData\Local\Origin
[2012.12.01 18:44:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
[2012.12.01 18:44:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin
[2012.12.01 18:44:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin Games
[2012.12.01 18:44:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2012.12.01 18:43:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin
[2012.11.29 16:15:58 | 000,000,000 | ---D | C] -- C:\Users\Damjan\Documents\FLiNGTrainer
[2012.11.28 16:57:53 | 000,000,000 | ---D | C] -- C:\Users\Damjan\AppData\Local\SKIDROW
[2012.11.28 16:57:53 | 000,000,000 | ---D | C] -- C:\Users\Damjan\Documents\My Games
[2012.11.28 16:57:53 | 000,000,000 | ---D | C] -- C:\Users\Damjan\AppData\Local\BigHugeEngine
[2012.11.28 16:50:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Games
[2012.11.28 16:43:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EA Games
[2012.11.28 16:22:55 | 000,000,000 | ---D | C] -- C:\Users\Damjan\AppData\Local\ArmA 2
[2012.11.26 23:53:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Probit Software
[2012.11.26 23:53:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Probit Software
[2012.11.26 16:57:49 | 000,000,000 | ---D | C] -- C:\Users\Damjan\AppData\Local\SCE
[2012.11.26 16:57:31 | 000,000,000 | ---D | C] -- C:\Crash
[2012.11.26 16:57:29 | 000,000,000 | ---D | C] -- C:\Users\Damjan\AppData\Local\Sony Online Entertainment
[2012.11.26 16:56:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PlanetSide
[2012.11.25 14:03:21 | 000,000,000 | ---D | C] -- C:\Users\Damjan\AppData\Local\DayZCommander
[2012.11.25 14:02:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dotjosh Studios
[2012.11.24 21:12:11 | 000,000,000 | ---D | C] -- C:\Users\Damjan\Documents\ArmAWork
[2012.11.24 21:10:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bohemia Interactive
[2012.11.24 17:58:51 | 000,000,000 | ---D | C] -- C:\Users\Damjan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive
[2012.11.24 17:58:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive
[2012.11.24 15:00:14 | 000,000,000 | ---D | C] -- C:\Users\Damjan\AppData\Local\ArmA 2 OA
[2012.11.24 15:00:14 | 000,000,000 | ---D | C] -- C:\Users\Damjan\Documents\ArmA 2
[2012.11.24 14:20:27 | 000,000,000 | ---D | C] -- C:\Users\Damjan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ArmA 2
[2012.11.24 13:50:18 | 000,000,000 | ---D | C] -- C:\ArmA 2
[2012.11.22 22:00:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012.11.22 21:58:55 | 000,000,000 | ---D | C] -- C:\Users\Damjan\AppData\Local\Deployment
[2012.11.22 21:58:55 | 000,000,000 | ---D | C] -- C:\Users\Damjan\AppData\Local\Apps
[2012.11.22 21:46:11 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2012.11.22 13:08:52 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins
[2012.11.22 13:08:52 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions
[2012.11.22 13:08:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser Manager
[2012.11.22 13:08:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.11.22 13:07:49 | 000,000,000 | ---D | C] -- C:\Users\Damjan\AppData\Roaming\Babylon
[2012.11.22 13:07:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012.11.21 20:02:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2012.11.21 14:24:54 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2012.11.21 14:24:47 | 000,000,000 | ---D | C] -- C:\Users\Damjan\AppData\Roaming\HP
[2012.11.21 14:24:24 | 000,000,000 | ---D | C] -- C:\hp_CLJ_1600_Full_Solution
[2012.11.21 03:32:31 | 000,000,000 | ---D | C] -- C:\Users\Damjan\AppData\Roaming\GoforFiles
[2012.11.21 03:32:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GoforFiles
[2012.11.21 02:30:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Trymedia
[2012.11.19 12:56:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2012.11.18 20:33:46 | 000,000,000 | ---D | C] -- C:\Users\Damjan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2012.11.14 20:50:03 | 002,605,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_40.dll
[2012.11.14 20:50:03 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll
[2012.11.14 20:50:03 | 000,519,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_40.dll
[2012.11.14 20:50:03 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll
[2012.11.14 20:50:00 | 005,631,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_40.dll
[2012.11.14 20:50:00 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll
[2012.11.14 20:43:31 | 000,000,000 | ---D | C] -- C:\Users\Damjan\AppData\Roaming\NBSoftSolutions
[2012.11.14 20:43:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NBSoftSolutions
[2012.11.14 20:43:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NBSoftSolutions
[2012.11.14 14:11:34 | 000,000,000 | ---D | C] -- C:\hoi3 modded files2
[2012.11.14 11:21:55 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys
[2012.11.14 11:21:55 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll
[2012.11.14 11:15:43 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.11.14 11:15:42 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.11.14 11:15:41 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.11.14 11:15:41 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.11.14 11:15:40 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.11.14 11:15:40 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.11.14 11:15:40 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.11.14 11:15:40 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.11.14 11:15:39 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.11.14 11:15:39 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.11.14 11:15:38 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.11.14 11:15:38 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.11.14 11:15:36 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.11.14 11:15:36 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.11.14 11:15:36 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012.11.14 11:11:59 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll
[2012.11.14 11:11:58 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll
[2012.11.14 11:11:57 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll
[2012.11.14 11:11:57 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe
[2012.11.13 23:26:53 | 000,000,000 | ---D | C] -- C:\Users\Damjan\Desktop\Poly Film, TV i novi mediji_files
[2012.11.13 21:12:06 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll
[2012.11.13 21:12:06 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll
[2012.11.13 21:12:06 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll
[2012.11.13 21:11:58 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll
[2012.11.13 21:11:58 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll
[2012.11.13 21:11:58 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll
[2012.11.13 21:11:58 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll
[2012.11.13 21:11:57 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll
[2012.11.13 21:11:57 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll
[2012.11.13 21:11:41 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll
[2012.11.13 21:11:41 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll
[2012.11.13 13:28:06 | 000,000,000 | ---D | C] -- C:\Users\Damjan\AppData\Roaming\Skype
[2012.11.13 13:27:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.11.13 13:27:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012.11.13 13:27:53 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012.11.13 13:27:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2012.11.13 13:23:07 | 000,000,000 | ---D | C] -- C:\Users\Damjan\Desktop\tajana
[2012.11.09 14:51:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearts of Iron III - Their Finest Hour
[2012.11.09 14:42:22 | 000,000,000 | ---D | C] -- C:\Hoi3
[2012.11.09 12:32:35 | 000,464,384 | ---- | C] (Seiko Epson Corporation) -- C:\Windows\SysNative\esxw2ud.dll
[2012.11.09 12:32:35 | 000,128,392 | ---- | C] (Seiko Epson Corporation) -- C:\Windows\SysNative\esdevapp.exe
[2012.11.09 12:32:35 | 000,017,408 | ---- | C] (SEIKO EPSON CORP.) -- C:\Windows\SysNative\esxcdev.dll
[2012.11.09 12:32:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\epson
[2012.11.09 11:57:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\EPSON
[2012.11.09 11:57:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
[2012.11.09 11:57:02 | 000,010,752 | ---- | C] (SEIKO EPSON CORP.) -- C:\Windows\SysNative\E_GCINST.DLL
[2012.11.09 11:57:00 | 000,118,784 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\E_ILMGGE.DLL
[2012.11.09 11:56:58 | 000,088,064 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\E_IBCBGGE.DLL

========== Files - Modified Within 30 Days ==========

[2012.12.07 20:43:40 | 000,000,323 | ---- | M] () -- C:\Users\Damjan\Desktop\exefix.reg
[2012.12.07 20:42:35 | 001,914,557 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012.12.07 20:18:11 | 000,001,062 | ---- | M] () -- C:\Users\Damjan\Desktop\Optimizer Pro.lnk
[2012.12.07 20:18:11 | 000,000,408 | -H-- | M] () -- C:\Windows\tasks\OptimizerProUpdaterTask{2D515F86-C985-4F21-8B2D-CCA75803FB32}.job
[2012.12.07 20:15:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.12.07 20:00:10 | 000,000,948 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.12.07 18:00:10 | 000,000,470 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration3.job
[2012.12.07 17:41:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.05 19:26:31 | 000,017,360 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.05 19:26:31 | 000,017,360 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.05 19:23:56 | 000,778,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.12.05 19:23:56 | 000,652,148 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.12.05 19:23:56 | 000,121,080 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.12.05 19:19:07 | 000,000,944 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.12.05 19:19:00 | 000,000,496 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version3 Startup Task.job
[2012.12.05 19:18:36 | 3018,510,336 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.05 12:02:19 | 000,000,278 | ---- | M] () -- C:\Windows\tasks\DLL-files.com Fixer_MONTHLY.job
[2012.12.04 22:34:01 | 000,002,277 | ---- | M] () -- C:\Users\Public\Desktop\Launch Battlefield MDT.lnk
[2012.12.04 20:49:32 | 000,000,862 | ---- | M] () -- C:\Users\Damjan\AppData\Local\recently-used.xbel
[2012.12.04 19:43:24 | 000,001,406 | ---- | M] () -- C:\Users\Public\Desktop\DayZ Commander.lnk
[2012.12.04 18:16:52 | 000,000,444 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version3.job
[2012.12.02 11:02:24 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\PC Health Advisor.job
[2012.12.01 19:19:55 | 000,001,210 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 1942.lnk
[2012.12.01 18:44:58 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk
[2012.12.01 12:48:25 | 000,000,294 | ---- | M] () -- C:\Windows\tasks\DLL-files.com Fixer_UPDATES.job
[2012.11.28 16:50:04 | 000,002,221 | ---- | M] () -- C:\Users\Public\Desktop\Kingdoms of Amalur Reckoning.lnk
[2012.11.27 21:16:53 | 000,318,383 | ---- | M] () -- C:\config.bin
[2012.11.26 23:53:31 | 000,001,032 | ---- | M] () -- C:\Users\Damjan\Desktop\Easy Driver Pro.lnk
[2012.11.26 16:56:21 | 000,001,910 | ---- | M] () -- C:\Users\Damjan\Desktop\PlanetSide 2 PSG.lnk
[2012.11.25 20:55:39 | 000,764,378 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.11.22 22:00:53 | 000,002,285 | ---- | M] () -- C:\Users\Damjan\Desktop\Google Chrome.lnk
[2012.11.22 21:52:56 | 000,001,437 | ---- | M] () -- C:\Users\Damjan\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012.11.21 00:15:51 | 003,461,365 | ---- | M] () -- C:\Users\Damjan\Desktop\Clifford_James_on_authority.pdf
[2012.11.16 09:06:05 | 000,000,402 | ---- | M] () -- C:\Windows\tasks\PC Health Advisor Defrag.job
[2012.11.14 20:46:19 | 000,000,133 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2012.11.14 11:48:20 | 000,342,664 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.11.13 23:28:45 | 000,577,445 | ---- | M] () -- C:\Users\Damjan\Desktop\film tv novi mediji.png
[2012.11.13 23:26:55 | 000,049,152 | ---- | M] () -- C:\Users\Damjan\Desktop\Poly Film, TV i novi mediji.htm
[2012.11.13 13:27:58 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.11.09 14:51:42 | 000,000,574 | ---- | M] () -- C:\Users\Public\Desktop\Hearts of Iron III - Their Finest Hour.lnk
[2012.11.09 12:32:37 | 000,000,930 | ---- | M] () -- C:\Users\Public\Desktop\EPSON Scan.lnk

========== Files Created - No Company Name ==========

[2012.12.07 20:18:11 | 000,001,062 | ---- | C] () -- C:\Users\Damjan\Desktop\Optimizer Pro.lnk
[2012.12.07 20:18:09 | 000,000,408 | -H-- | C] () -- C:\Windows\tasks\OptimizerProUpdaterTask{2D515F86-C985-4F21-8B2D-CCA75803FB32}.job
[2012.12.04 22:34:01 | 000,002,277 | ---- | C] () -- C:\Users\Public\Desktop\Launch Battlefield MDT.lnk
[2012.12.04 20:49:32 | 000,000,862 | ---- | C] () -- C:\Users\Damjan\AppData\Local\recently-used.xbel
[2012.12.04 20:41:31 | 000,000,892 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
[2012.12.01 19:19:55 | 000,001,210 | ---- | C] () -- C:\Users\Public\Desktop\Battlefield 1942.lnk
[2012.12.01 18:44:58 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\Origin.lnk
[2012.11.28 16:50:04 | 000,002,221 | ---- | C] () -- C:\Users\Public\Desktop\Kingdoms of Amalur Reckoning.lnk
[2012.11.26 23:53:31 | 000,001,032 | ---- | C] () -- C:\Users\Damjan\Desktop\Easy Driver Pro.lnk
[2012.11.26 23:46:06 | 000,000,834 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
[2012.11.26 16:56:21 | 000,001,940 | ---- | C] () -- C:\Users\Damjan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PlanetSide 2 PSG.lnk
[2012.11.26 16:56:21 | 000,001,910 | ---- | C] () -- C:\Users\Damjan\Desktop\PlanetSide 2 PSG.lnk
[2012.11.25 14:02:34 | 000,001,406 | ---- | C] () -- C:\Users\Public\Desktop\DayZ Commander.lnk
[2012.11.24 14:38:49 | 000,764,378 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.11.22 22:00:53 | 000,002,285 | ---- | C] () -- C:\Users\Damjan\Desktop\Google Chrome.lnk
[2012.11.21 14:25:19 | 000,136,704 | ---- | C] () -- C:\Windows\SysNative\ZLhp1600.DLL
[2012.11.21 14:25:16 | 000,803,216 | ---- | C] () -- C:\Windows\SysNative\hp1600.img
[2012.11.21 14:25:16 | 000,424,960 | ---- | C] () -- C:\Windows\SysNative\ZSHP1600.EXE
[2012.11.21 00:15:48 | 003,461,365 | ---- | C] () -- C:\Users\Damjan\Desktop\Clifford_James_on_authority.pdf
[2012.11.14 20:46:19 | 000,000,133 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2012.11.14 11:21:59 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012.11.14 11:11:57 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012.11.13 23:28:45 | 000,577,445 | ---- | C] () -- C:\Users\Damjan\Desktop\film tv novi mediji.png
[2012.11.13 23:26:52 | 000,049,152 | ---- | C] () -- C:\Users\Damjan\Desktop\Poly Film, TV i novi mediji.htm
[2012.11.13 13:27:58 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.11.09 14:51:42 | 000,000,574 | ---- | C] () -- C:\Users\Public\Desktop\Hearts of Iron III - Their Finest Hour.lnk
[2012.11.09 12:32:37 | 000,000,930 | ---- | C] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2012.11.06 14:11:38 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2012.11.06 14:11:38 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2012.11.06 14:11:38 | 000,020,480 | ---- | C] () -- C:\Windows\USB_VIDEO_REG.exe
[2012.11.06 14:11:38 | 000,000,323 | ---- | C] () -- C:\Windows\PidList.ini
[2012.11.06 00:39:34 | 001,749,376 | ---- | C] () -- C:\Windows\SysWow64\drivers\snp2uvc.sys
[2012.11.06 00:39:34 | 000,028,032 | ---- | C] () -- C:\Windows\SysWow64\drivers\sncduvc.sys
[2012.11.06 00:39:31 | 001,749,376 | ---- | C] () -- C:\Windows\SysWow64\snp2uvc.sys
[2012.11.06 00:39:31 | 000,028,032 | ---- | C] () -- C:\Windows\SysWow64\sncduvc.sys
[2012.11.06 00:39:30 | 000,172,032 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnp2uvc.dll
[2012.11.06 00:39:30 | 000,000,131 | ---- | C] () -- C:\Windows\SysWow64\PidList.ini
[2012.11.04 17:35:13 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012.11.04 14:24:30 | 000,007,597 | ---- | C] () -- C:\Users\Damjan\AppData\Local\Resmon.ResmonCfg
[2012.11.02 18:43:28 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.09.28 02:29:54 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.09.28 02:29:54 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.05.02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== ZeroAccess Check ==========

[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Custom Scans ==========

========== Base Services ==========
SRV:64bit: - [2009.07.14 02:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2010.11.20 14:25:40 | 000,070,656 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2009.07.14 02:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2010.11.20 14:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2010.11.20 14:25:45 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2011.11.17 07:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:64bit: - [2009.07.14 02:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009.07.14 02:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2012.07.04 23:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2012.06.02 06:41:28 | 000,184,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2012.06.02 05:36:29 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2010.11.20 14:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2010.11.20 14:26:04 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2010.11.20 13:18:30 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2011.03.03 07:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2009.07.14 02:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:64bit: - [2009.07.14 02:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009.07.14 02:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2009.07.14 02:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2010.11.20 14:26:39 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
SRV:64bit: - [2012.09.12 21:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2012.09.12 21:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2009.07.14 02:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2009.07.14 02:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2009.07.14 02:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2009.07.14 02:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009.07.14 02:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:64bit: - [2012.10.03 18:44:21 | 000,303,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2009.07.14 02:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2011.05.24 12:42:55 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2012.02.11 07:36:02 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:64bit: - [2011.11.17 07:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:64bit: - [2009.07.14 02:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2010.11.20 14:27:24 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2010.11.20 14:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2010.11.20 14:27:25 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2011.11.17 07:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:64bit: - [2009.07.14 02:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2010.11.20 14:27:26 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2010.11.20 14:27:25 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2010.11.20 13:21:19 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2010.11.20 14:27:25 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2010.11.20 14:27:26 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2010.11.20 13:21:28 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2009.07.14 02:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2012.05.01 06:40:20 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2010.11.20 14:25:27 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2010.11.20 14:25:42 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:64bit: - [2010.11.20 14:25:42 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2010.11.20 14:27:25 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010.11.20 14:27:28 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:64bit: - [2010.11.20 14:26:59 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2010.11.20 14:27:28 | 000,580,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2010.11.20 14:24:58 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2010.11.20 13:17:22 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2009.07.14 02:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2012.06.02 23:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2010.11.20 14:26:07 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2009.07.14 02:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:64bit: - [2010.11.20 14:27:28 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2011.02.26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009.08.03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010.11.20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009.10.31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011.02.26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009.08.03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: SERVICES >
[2009.06.10 22:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services

< MD5 for: SERVICES.CFG >
[2012.09.23 20:43:36 | 000,603,848 | ---- | M] () MD5=81B120EAEE296F0E54F66C16C5A21367 -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Services\Services.cfg

< MD5 for: SERVICES.EXE >
[2009.07.14 02:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009.07.14 02:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2009.07.14 03:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui
[2009.07.14 03:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui

< MD5 for: SERVICES.H >
[2011.07.13 21:09:02 | 000,001,043 | ---- | M] () MD5=EFA6260E75D8055649F88462E3E9E929 -- C:\ArmA 2\xampp\mysql\include\mysql\services.h

< MD5 for: SERVICES.LNK >
[2009.07.14 05:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 05:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2009.06.10 21:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009.06.10 21:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof

< MD5 for: SERVICES.MSC >
[2009.07.14 03:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2009.06.10 21:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2009.07.14 03:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009.06.10 22:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2009.07.14 03:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009.06.10 21:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2009.07.14 03:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009.06.10 22:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PTXML >
[2009.07.13 21:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009.07.13 21:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml

< MD5 for: SVCHOST.EXE >
[2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009.07.14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009.07.14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< End of report >
  • 0

Advertisements

#2
gringo_pr
Posted 07 December 2012 - 02:01 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
  • 0

#3
CrazyShadowDami
Posted 07 December 2012 - 02:08 PM

CrazyShadowDami

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
WOW, that was quick! anyway, i was browing through the net, and i allready found a tool called "spyware doctor" or sumthin like that. its running for about 5 minutes, and it allready found lots of stuff. ill just let it do its job, and then ill do the things you recommended. or its an imperative not to use the software?

heres the report for sec check:
Results of screen317's Security Check version 0.99.56
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
PC Tools Spyware Doctor with AntiVirus
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
PC Tools Spyware Doctor 9.1
AVG PC TuneUp Language Pack (en-US)
Adobe Flash Player 11.4.402.287 Flash Player out of Date!
Adobe Reader XI
Google Chrome 23.0.1271.64
Google Chrome 23.0.1271.91
Google Chrome 23.0.1271.95
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 6%
````````````````````End of Log``````````````````````


adwcleaner:


# AdwCleaner v2.011 - Logfile created 12/07/2012 at 21:45:04
# Updated 02/12/2012 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : Damjan - DAMJAN-PC
# Boot Mode : Normal
# Running from : C:\Users\Damjan\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : Browser Manager

***** [Files / Folders] *****

Deleted on reboot : C:\ProgramData\Browser Manager
Deleted on reboot : C:\ProgramData\Premium
File Deleted : C:\Users\Damjan\AppData\Local\Temp\Uninstall.exe
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\Users\Damjan\AppData\Roaming\Babylon

***** [Registry] *****

Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\progra~3\browse~1\25976~1.107\{c16c1~1\mngr.dll
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKU\S-1-5-21-1244192888-2074367317-640824109-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Value Deleted : HKCU\Software\Mozilla\Firefox\extensions [{58BD07EB-0EE0-4DF0-8121-DC9B693373DF}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16455

Deleted : [HKCU\Software\Microsoft\Internet Explorer\Main - bProtector Start Page]

-\\ Google Chrome v23.0.1271.95

File : C:\Users\Damjan\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [2780 octets] - [07/12/2012 21:45:04]

########## EOF - C:\AdwCleaner[S1].txt - [2840 octets] ##########


rougekiller:


RogueKiller V8.3.2 [Dec 7 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Damjan [Admin rights]
Mode : Remove -- Date : 12/07/2012 21:52:26

¤¤¤ Bad processes : 2 ¤¤¤
[SUSP PATH] OptimizerPro.exe -- C:\ProgramData\Premium\OptimizerPro\OptimizerPro.exe -> KILLED [TermProc]
[SUSP PATH] PLFSetI.exe -- C:\Windows\PLFSetI.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 6 ¤¤¤
[RUN][SUSP PATH] HKLM\[...]\Run : PLFSetI (C:\Windows\PLFSetI.exe) -> DELETED
[TASK][SUSP PATH] OptimizerProUpdaterTask{2D515F86-C985-4F21-8B2D-CCA75803FB32}.job : C:\ProgramData\Premium\OptimizerPro\OptimizerPro.exe /schedule /profilepath "C:\ProgramData\Premium\OptimizerPro\profile.ini" -> DELETED
[DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{9846893D-56D2-4C86-BD86-9E07206BEA4F} : NameServer (172.24.2.9,192.168.1.20) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{9846893D-56D2-4C86-BD86-9E07206BEA4F} : NameServer (172.24.2.9,192.168.1.20) -> NOT REMOVED, USE DNSFIX
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS541010A9E680 ATA Device +++++
--- User ---
[MBR] 599c8dffbb71c11ced81d53d0f915eac
[BSP] b43126500848e8b2b4e3df045db79f3d : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 453768 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 929523712 | Size: 499999 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_12072012_02d2152.txt >>
RKreport[1]_S_12072012_02d2152.txt ; RKreport[2]_D_12072012_02d2152.txt




also, the software i downloaded has made its promise: it scans for free!!! but you need to pay to fix them. how could i ever expect more?

Edited by CrazyShadowDami, 07 December 2012 - 02:55 PM.

  • 0

#4
gringo_pr
Posted 07 December 2012 - 07:13 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
  • 0

#5
CrazyShadowDami
Posted 08 December 2012 - 07:21 AM

CrazyShadowDami

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
log:

ComboFix 12-12-07.01 - Damjan 8.12.2012. 14:06:45.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.385.1033.18.3838.2364 [GMT 1:00]
Running from: c:\users\Damjan\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
AV: PC Tools Spyware Doctor with AntiVirus *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: PC Tools Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-11-08 to 2012-12-08 )))))))))))))))))))))))))))))))
.
.
2012-12-08 13:15 . 2012-12-08 13:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-08 13:00 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DFA3C935-B54C-45F2-B51C-8199C6C5B410}\mpengine.dll
2012-12-07 20:57 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-12-07 19:50 . 2012-10-23 16:40 77144 ----a-w- c:\windows\system32\drivers\PCTBD64.sys
2012-12-07 19:50 . 2012-10-23 16:40 769144 ----a-w- c:\windows\BDTSupport.dll
2012-12-07 19:50 . 2012-10-23 16:40 150648 ----a-w- c:\windows\SGDetectionTool.dll
2012-12-07 19:50 . 2012-10-23 16:40 2280568 ----a-w- c:\windows\PCTBDCore.dll
2012-12-07 19:50 . 2012-10-23 16:40 1690744 ----a-w- c:\windows\PCTBDRes.dll
2012-12-07 19:47 . 2012-10-31 13:21 258424 ----a-w- c:\windows\system32\drivers\pctwfpfilter64.sys
2012-12-07 19:47 . 2012-10-31 13:21 347016 ----a-w- c:\windows\system32\drivers\pctgntdi64.sys
2012-12-07 19:47 . 2012-11-01 14:35 16392 ----a-w- c:\windows\system32\drivers\pctBTFix64.sys
2012-12-07 19:46 . 2012-11-01 14:35 87968 ----a-w- c:\windows\system32\drivers\pctplsm64.sys
2012-12-07 19:46 . 2012-11-01 14:35 93600 ----a-w- c:\windows\system32\drivers\pctplsg64.sys
2012-12-07 19:46 . 2012-12-07 19:46 -------- d-----w- c:\program files (x86)\PC Tools
2012-12-07 19:42 . 2012-02-28 10:43 1096176 ----a-w- c:\windows\system32\drivers\pctEFA64.sys
2012-12-07 19:42 . 2012-02-28 10:43 453896 ----a-w- c:\windows\system32\drivers\pctDS64.sys
2012-12-07 19:41 . 2012-10-22 15:38 413448 ----a-w- c:\windows\system32\drivers\PCTCore64.sys
2012-12-07 19:41 . 2012-11-01 14:35 253256 ----a-w- c:\windows\system32\drivers\PCTSD64.sys
2012-12-07 19:41 . 2012-12-07 19:51 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2012-12-07 19:40 . 2012-12-07 19:47 -------- d-----w- c:\programdata\PC Tools
2012-12-07 19:40 . 2012-12-07 19:40 -------- d-----w- c:\users\Damjan\AppData\Roaming\TestApp
2012-12-07 19:33 . 2012-12-07 19:33 -------- d-----w- c:\users\Damjan\AppData\Roaming\Optimizer Pro
2012-12-07 19:18 . 2012-12-07 19:18 -------- d-----w- c:\program files (x86)\MocaFlix
2012-12-07 19:18 . 2012-12-07 20:47 -------- d-----w- c:\programdata\Premium
2012-12-07 19:17 . 2012-12-07 19:18 -------- d-----w- c:\program files (x86)\Optimizer Pro
2012-12-07 19:17 . 2012-12-07 19:17 -------- d-----w- c:\programdata\SaveAs
2012-12-04 21:33 . 2012-12-04 21:33 -------- d-----w- c:\windows\Battlefield Mod Development Toolkit
2012-12-04 19:44 . 2012-12-04 19:44 -------- d-----w- c:\users\Damjan\.thumbnails
2012-12-04 19:42 . 2012-12-04 19:42 -------- d-----w- c:\users\Damjan\AppData\Local\fontconfig
2012-12-04 19:42 . 2012-12-04 19:49 -------- d-----w- c:\users\Damjan\.gimp-2.8
2012-12-04 19:42 . 2012-12-04 19:42 -------- d-----w- c:\users\Damjan\AppData\Local\gegl-0.2
2012-12-04 19:40 . 2012-12-04 19:41 -------- d-----w- c:\program files\GIMP 2
2012-12-03 17:33 . 2012-12-03 17:33 -------- d-----w- c:\users\Damjan\AppData\Roaming\Wargaming.net
2012-12-02 17:47 . 2012-12-02 17:47 -------- d-----w- C:\Games
2012-12-01 18:19 . 2012-12-01 18:19 -------- d--h--w- c:\program files (x86)\Common Files\EAInstaller
2012-12-01 17:45 . 2012-12-01 17:49 -------- d-----w- c:\users\Damjan\AppData\Roaming\Origin
2012-12-01 17:45 . 2012-12-01 17:45 -------- d-----w- c:\users\Damjan\AppData\Local\Origin
2012-12-01 17:44 . 2012-12-01 18:20 -------- d-----w- c:\programdata\Origin
2012-12-01 17:44 . 2012-12-06 22:04 -------- d-----w- c:\program files (x86)\Origin Games
2012-12-01 17:44 . 2012-12-01 18:20 -------- d-----w- c:\programdata\Electronic Arts
2012-12-01 17:43 . 2012-12-01 17:49 -------- d-----w- c:\program files (x86)\Origin
2012-11-28 15:57 . 2012-11-28 15:57 -------- d-----w- c:\users\Damjan\AppData\Local\SKIDROW
2012-11-28 15:57 . 2012-11-28 15:57 -------- d-----w- c:\users\Damjan\AppData\Local\BigHugeEngine
2012-11-28 15:43 . 2012-12-04 21:33 -------- d-----w- c:\program files (x86)\EA Games
2012-11-28 15:22 . 2012-11-28 15:23 -------- d-----w- c:\users\Damjan\AppData\Local\ArmA 2
2012-11-28 09:26 . 2012-11-28 09:26 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6742D8C5-F58D-477F-8B62-77BEF0D92B94}\gapaengine.dll
2012-11-28 09:26 . 2012-11-02 22:00 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-11-26 22:53 . 2012-11-26 22:53 -------- d-----w- c:\program files (x86)\Probit Software
2012-11-26 15:57 . 2012-11-26 15:57 -------- d-----w- c:\users\Damjan\AppData\Local\SCE
2012-11-26 15:57 . 2012-11-26 15:57 -------- d-----w- C:\Crash
2012-11-26 15:57 . 2012-11-26 15:57 -------- d-----w- c:\users\Damjan\AppData\Local\Sony Online Entertainment
2012-11-26 15:56 . 2012-11-26 18:05 -------- d-----w- c:\program files (x86)\PlanetSide
2012-11-25 13:03 . 2012-11-25 13:03 -------- d-----w- c:\users\Damjan\AppData\Local\DayZCommander
2012-11-25 13:02 . 2012-11-25 13:02 -------- d-----w- c:\program files (x86)\Dotjosh Studios
2012-11-25 12:50 . 2012-11-25 12:52 -------- d-----w- c:\users\sgr
2012-11-24 20:10 . 2012-11-24 20:10 -------- d-----w- c:\program files (x86)\Bohemia Interactive
2012-11-24 14:00 . 2012-12-05 23:37 -------- d-----w- c:\users\Damjan\AppData\Local\ArmA 2 OA
2012-11-24 12:50 . 2012-12-05 21:00 -------- d-----w- C:\ArmA 2
2012-11-22 20:58 . 2012-11-29 15:05 -------- d-----w- c:\users\Damjan\AppData\Local\Deployment
2012-11-22 20:58 . 2012-11-22 20:58 -------- d-----w- c:\users\Damjan\AppData\Local\Apps
2012-11-22 20:46 . 2012-11-22 20:46 -------- d-----w- c:\windows\system32\appmgmt
2012-11-22 12:08 . 2012-11-22 12:08 -------- d-----w- c:\windows\SysWow64\searchplugins
2012-11-22 12:08 . 2012-11-22 12:08 -------- d-----w- c:\windows\SysWow64\Extensions
2012-11-22 12:08 . 2012-12-07 20:46 -------- d-----w- c:\programdata\Browser Manager
2012-11-21 19:02 . 2011-02-17 20:24 65024 ----a-w- c:\windows\system32\Spool\prtprocs\x64\PPhp1600.DLL
2012-11-21 13:25 . 2011-02-17 20:25 136704 ----a-w- c:\windows\system32\ZLhp1600.DLL
2012-11-21 13:25 . 2011-02-17 13:37 424960 ----a-w- c:\windows\system32\ZSHP1600.EXE
2012-11-21 13:24 . 2012-11-21 14:11 -------- d-----w- c:\program files\HP
2012-11-21 13:24 . 2012-11-21 13:24 -------- d-----w- c:\users\Damjan\AppData\Roaming\HP
2012-11-21 13:24 . 2012-11-21 18:53 -------- d-----w- C:\hp_CLJ_1600_Full_Solution
2012-11-21 02:32 . 2012-11-22 12:09 -------- d-----w- c:\program files (x86)\GoforFiles
2012-11-21 02:32 . 2012-11-21 02:32 -------- d-----w- c:\users\Damjan\AppData\Roaming\GoforFiles
2012-11-18 19:02 . 2006-02-07 14:44 65024 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ISBEW64.exe
2012-11-18 19:02 . 2006-02-07 14:39 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2012-11-18 19:02 . 2006-02-07 14:45 757760 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll
2012-11-18 19:02 . 2006-02-07 14:40 204800 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll
2012-11-18 19:02 . 2006-02-07 14:40 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll
2012-11-18 19:02 . 2006-02-07 14:40 274432 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll
2012-11-18 19:02 . 2005-11-13 22:19 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
2012-11-18 19:02 . 2012-11-18 19:02 331908 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
2012-11-18 19:02 . 2012-11-18 19:02 200836 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
2012-11-14 19:50 . 2008-10-15 05:22 519000 ----a-w- c:\windows\system32\d3dx10_40.dll
2012-11-14 19:50 . 2008-10-15 05:22 452440 ----a-w- c:\windows\SysWow64\d3dx10_40.dll
2012-11-14 19:50 . 2008-10-15 05:22 2605920 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2012-11-14 19:50 . 2008-10-15 05:22 2036576 ----a-w- c:\windows\SysWow64\D3DCompiler_40.dll
2012-11-14 19:50 . 2008-10-15 05:22 5631312 ----a-w- c:\windows\system32\D3DX9_40.dll
2012-11-14 19:50 . 2008-10-15 05:22 4379984 ----a-w- c:\windows\SysWow64\D3DX9_40.dll
2012-11-14 19:43 . 2012-11-14 19:43 -------- d-----w- c:\users\Damjan\AppData\Roaming\NBSoftSolutions
2012-11-14 19:43 . 2012-11-14 19:43 -------- d-----w- c:\program files (x86)\NBSoftSolutions
2012-11-14 13:11 . 2012-11-15 20:47 -------- d-----w- C:\hoi3 modded files2
2012-11-14 10:21 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-14 10:21 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-14 10:21 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2012-11-14 10:21 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-14 10:12 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-14 10:12 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-14 10:12 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-14 10:11 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-14 10:11 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-14 10:11 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-14 10:11 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-13 20:12 . 2012-10-09 18:17 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-11-13 20:12 . 2012-10-09 18:17 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-11-13 20:12 . 2012-10-09 17:40 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
2012-11-13 20:12 . 2012-10-09 17:40 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
2012-11-13 20:12 . 2012-10-18 18:25 3149824 ----a-w- c:\windows\system32\win32k.sys
2012-11-13 12:28 . 2012-12-08 13:03 -------- d-----w- c:\users\Damjan\AppData\Roaming\Skype
2012-11-13 12:27 . 2012-11-13 12:27 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-11-13 12:27 . 2012-11-25 12:27 -------- d-----r- c:\program files (x86)\Skype
2012-11-13 12:27 . 2012-11-28 09:16 -------- d-----w- c:\programdata\Skype
2012-11-09 13:42 . 2012-11-14 13:19 -------- d-----w- C:\Hoi3
2012-11-09 11:32 . 2009-11-19 23:00 464384 ----a-w- c:\windows\system32\esxw2ud.dll
2012-11-09 11:32 . 2009-04-30 23:00 17408 ----a-w- c:\windows\system32\esxcdev.dll
2012-11-09 11:32 . 2009-04-30 23:00 128392 ----a-w- c:\windows\system32\esdevapp.exe
2012-11-09 11:32 . 2012-11-09 11:32 -------- d-----w- c:\program files (x86)\epson
2012-11-09 10:57 . 2012-11-09 10:57 -------- d-----w- c:\program files\Common Files\EPSON
2012-11-09 10:57 . 2007-04-10 09:06 10752 ----a-w- c:\windows\system32\E_GCINST.DLL
2012-11-09 10:57 . 2008-11-12 11:00 118784 ----a-w- c:\windows\system32\E_ILMGGE.DLL
2012-11-09 10:56 . 2009-10-01 11:01 88064 ----a-w- c:\windows\system32\E_IBCBGGE.DLL
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-14 10:13 . 2012-11-02 18:36 66395536 ----a-w- c:\windows\system32\MRT.exe
2012-11-04 19:22 . 2012-11-03 23:35 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-04 19:22 . 2012-11-03 23:35 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-04 17:49 . 2012-11-04 17:49 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-11-03 23:31 . 2012-11-03 23:31 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2012-11-03 23:31 . 2012-11-03 23:31 289768 ----a-w- c:\windows\system32\javaws.exe
2012-11-03 23:31 . 2012-11-03 23:31 189416 ----a-w- c:\windows\system32\javaw.exe
2012-11-03 23:31 . 2012-11-03 23:31 188904 ----a-w- c:\windows\system32\java.exe
2012-11-03 23:31 . 2012-11-03 23:31 916456 ----a-w- c:\windows\system32\deployJava1.dll
2012-11-03 23:31 . 2012-11-03 23:31 1034216 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-11-02 19:47 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-11-02 19:47 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-11-02 17:49 . 2012-11-02 17:49 95544 ----a-w- c:\windows\system32\bcmwlcoi.dll
2012-11-02 17:49 . 2012-11-02 17:49 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2012-11-02 17:49 . 2012-11-02 17:49 3561272 ----a-w- c:\windows\system32\bcmihvui64.dll
2012-11-02 17:49 . 2012-11-02 17:49 3896632 ----a-w- c:\windows\system32\bcmihvsrv64.dll
2012-11-02 17:49 . 2012-11-02 17:49 3060800 ----a-w- c:\windows\system32\drivers\BCMWL664.SYS
2012-11-02 14:20 . 2012-11-02 14:20 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-11-02 14:20 . 2012-11-02 14:20 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-11-02 14:20 . 2012-11-02 14:20 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-11-02 14:20 . 2012-11-02 14:20 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-11-02 14:20 . 2012-11-02 14:20 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-11-02 14:20 . 2012-11-02 14:20 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-11-02 14:20 . 2012-11-02 14:20 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-11-02 14:20 . 2012-11-02 14:20 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-11-02 14:20 . 2012-11-02 14:20 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-11-02 14:20 . 2012-11-02 14:20 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-11-02 14:20 . 2012-11-02 14:20 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-11-02 14:20 . 2012-11-02 14:20 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-11-02 14:20 . 2012-11-02 14:20 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-11-02 14:20 . 2012-11-02 14:20 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-11-02 14:20 . 2012-11-02 14:20 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-11-02 14:20 . 2012-11-02 14:20 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-11-02 14:20 . 2012-11-02 14:20 222208 ----a-w- c:\windows\system32\msls31.dll
2012-11-02 14:20 . 2012-11-02 14:20 65024 ----a-w- c:\windows\system32\pngfilt.dll
2012-11-02 14:20 . 2012-11-02 14:20 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-11-02 14:20 . 2012-11-02 14:20 267776 ----a-w- c:\windows\system32\ieaksie.dll
2012-11-02 14:20 . 2012-11-02 14:20 197120 ----a-w- c:\windows\system32\msrating.dll
2012-11-02 14:20 . 2012-11-02 14:20 163840 ----a-w- c:\windows\system32\ieakui.dll
2012-11-02 14:20 . 2012-11-02 14:20 149504 ----a-w- c:\windows\system32\occache.dll
2012-11-02 14:20 . 2012-11-02 14:20 145920 ----a-w- c:\windows\system32\iepeers.dll
2012-11-02 14:20 . 2012-11-02 14:20 12288 ----a-w- c:\windows\system32\mshta.exe
2012-11-02 14:20 . 2012-11-02 14:20 114176 ----a-w- c:\windows\system32\admparse.dll
2012-11-02 14:20 . 2012-11-02 14:20 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-11-02 14:20 . 2012-11-02 14:20 89088 ----a-w- c:\windows\system32\ie4uinit.exe
2012-11-02 14:20 . 2012-11-02 14:20 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-11-02 14:20 . 2012-11-02 14:20 82432 ----a-w- c:\windows\system32\icardie.dll
2012-11-02 14:20 . 2012-11-02 14:20 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-11-02 14:20 . 2012-11-02 14:20 55296 ----a-w- c:\windows\system32\msfeedsbs.dll
2012-11-02 14:20 . 2012-11-02 14:20 534528 ----a-w- c:\windows\system32\ieapfltr.dll
2012-11-02 14:20 . 2012-11-02 14:20 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-11-02 14:20 . 2012-11-02 14:20 452608 ----a-w- c:\windows\system32\dxtmsft.dll
2012-11-02 14:20 . 2012-11-02 14:20 448512 ----a-w- c:\windows\system32\html.iec
2012-11-02 14:20 . 2012-11-02 14:20 403248 ----a-w- c:\windows\system32\iedkcs32.dll
2012-11-02 14:20 . 2012-11-02 14:20 39936 ----a-w- c:\windows\system32\iernonce.dll
2012-11-02 14:20 . 2012-11-02 14:20 3695416 ----a-w- c:\windows\system32\ieapfltr.dat
2012-11-02 14:20 . 2012-11-02 14:20 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-11-02 14:20 . 2012-11-02 14:20 282112 ----a-w- c:\windows\system32\dxtrans.dll
2012-11-02 14:20 . 2012-11-02 14:20 249344 ----a-w- c:\windows\system32\webcheck.dll
2012-11-02 14:20 . 2012-11-02 14:20 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-11-02 14:20 . 2012-11-02 14:20 160256 ----a-w- c:\windows\system32\wextract.exe
2012-11-02 14:20 . 2012-11-02 14:20 160256 ----a-w- c:\windows\system32\ieakeng.dll
2012-11-02 14:20 . 2012-11-02 14:20 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-11-02 14:20 . 2012-11-02 14:20 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-11-02 14:20 . 2012-11-02 14:20 10752 ----a-w- c:\windows\system32\msfeedssync.exe
2012-11-02 14:20 . 2012-11-02 14:20 103936 ----a-w- c:\windows\system32\inseng.dll
2012-10-23 15:30 . 2012-12-07 19:50 3488 ----a-w- c:\windows\UDB.zip
2012-10-23 15:30 . 2012-12-07 19:50 131 ----a-w- c:\windows\IDB.zip
2012-10-17 01:31 . 2012-11-02 18:21 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{34ADFFFA-4281-4B9D-AAF9-7DD14A1F919B}\mpengine.dll
2012-10-16 08:38 . 2012-11-28 11:46 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 11:46 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 11:46 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-09-28 14:37 . 2012-09-28 14:37 221696 ----a-w- c:\windows\system32\clinfo.exe
2012-09-28 14:36 . 2012-09-28 14:36 75776 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-09-28 14:36 . 2012-09-28 14:36 65536 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-09-28 14:36 . 2012-09-28 14:36 63488 ----a-w- c:\windows\system32\OVDecode64.dll
2012-09-28 14:36 . 2012-09-28 14:36 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-09-28 14:36 . 2012-09-28 14:36 32635904 ----a-w- c:\windows\system32\amdocl64.dll
2012-09-28 14:32 . 2012-09-28 14:32 27341824 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-09-28 14:28 . 2012-09-28 14:28 54784 ----a-w- c:\windows\system32\OpenCL.dll
2012-09-28 14:28 . 2012-09-28 14:28 50176 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-09-28 02:05 . 2012-09-28 02:05 70144 ----a-w- c:\windows\system32\coinst_9.002.dll
2012-09-28 02:03 . 2012-09-28 02:03 163840 ----a-w- c:\windows\system32\atiapfxx.exe
2012-09-28 01:43 . 2012-09-28 01:43 935424 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-09-28 01:41 . 2012-09-28 01:41 1120768 ----a-w- c:\windows\system32\aticfx64.dll
2012-09-28 01:39 . 2012-09-28 01:39 442368 ----a-w- c:\windows\system32\atidemgy.dll
2012-09-28 01:13 . 2012-09-28 01:13 17920 ----a-w- c:\windows\system32\atig6pxx.dll
2012-09-28 01:13 . 2012-09-28 01:13 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-09-28 01:13 . 2012-09-28 01:13 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-09-28 01:13 . 2012-09-28 01:13 41984 ----a-w- c:\windows\system32\atig6txx.dll
2012-09-28 01:13 . 2012-09-28 01:13 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-09-28 01:12 . 2012-09-28 01:12 460288 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-09-28 01:11 . 2012-09-28 01:11 129536 ----a-w- c:\windows\system32\atiuxp64.dll
2012-09-28 01:11 . 2012-09-28 01:11 109568 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-09-28 01:11 . 2012-09-28 01:11 103424 ----a-w- c:\windows\system32\atiu9p64.dll
2012-09-28 01:10 . 2012-09-28 01:10 82944 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-09-14 19:19 . 2012-11-02 14:05 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-11-02 14:05 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{419C3039-26F5-7982-FDD1-1BE030478752}]
2012-12-07 19:19 128000 ----a-w- c:\programdata\SaveAs\50c24129056ad.ocx
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-08-28 3671904]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-11-09 17888944]
"mapdisk"="c:\users\Damjan\Documents\ArmAWork\mapdisk.bat" [2012-11-24 49]
"Easy Driver Pro"="c:\program files (x86)\Probit Software\Easy Driver Pro\DPLauncher.exe" [2012-09-23 147312]
"EADM"="c:\program files (x86)\Origin\Origin.exe" [2012-12-01 3492504]
"Optimizer Pro"="c:\program files (x86)\Optimizer Pro\OptProLauncher.exe" [2012-10-21 81952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-09-28 642728]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-23 926896]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-3-26 1125152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~3\BROWSE~1\25976~1.107\{C16C1~1\mngr.dll c:\progra~2\MocaFlix\sprotector.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-11-22 3290304]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-10-19 160944]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-03-05 335400]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-03-01 39464]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 128456]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-12 368896]
R3 pctplsm;pctplsm;c:\windows\System32\drivers\pctplsm64.sys [2012-11-01 87968]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe [2012-10-31 403416]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-11-02 1255736]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [2010-11-01 14544]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [2012-10-22 413448]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys [2012-02-28 453896]
S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA64.sys [2012-02-28 1096176]
S1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi64.sys [2012-10-31 347016]
S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD64.sys [2012-11-01 253256]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-09-28 361984]
S2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-04-09 57472]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [2012-10-23 580728]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2012-04-05 255376]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-11-04 283200]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-01-18 75304]
S3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\Drivers\PCTBD64.sys [2012-10-23 77144]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-03 19:22]
.
2012-12-05 c:\windows\Tasks\DLL-files.com Fixer_MONTHLY.job
- c:\program files (x86)\Dll-Files.com Fixer\DLLFixer.exe [2012-11-07 13:31]
.
2012-12-08 c:\windows\Tasks\DLL-files.com Fixer_UPDATES.job
- c:\program files (x86)\Dll-Files.com Fixer\DLLFixer.exe [2012-11-07 13:31]
.
2012-12-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-05 14:22]
.
2012-12-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-05 14:22]
.
2012-12-07 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
2012-12-08 c:\windows\Tasks\ParetoLogic Update Version3 Startup Task.job
- c:\program files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2012-06-27 21:07]
.
2012-12-04 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2012-06-27 21:07]
.
2012-11-16 c:\windows\Tasks\PC Health Advisor Defrag.job
- c:\program files (x86)\ParetoLogic\PCHA\PCHA.exe [2012-06-25 23:02]
.
2012-12-02 c:\windows\Tasks\PC Health Advisor.job
- c:\program files (x86)\ParetoLogic\PCHA\PCHA.exe [2012-06-25 23:02]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PLFSetL"="c:\windows\\PLFSetL.exe" [2007-07-05 94208]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 1289704]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-02-05 324608]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://websearch.mocaflix.com/
mStart Page = hxxp://websearch.mocaflix.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{9846893D-56D2-4C86-BD86-9E07206BEA4F}: NameServer = 172.24.2.9,192.168.1.20
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-12-08 14:18:20
ComboFix-quarantined-files.txt 2012-12-08 13:18
.
Pre-Run: 326.547.251.200 bytes free
Post-Run: 326.886.121.472 bytes free
.
- - End Of File - - 657D4C042FD7049517F2E40297579263


well, i can say that the browser does not appear anymore ever since i run one of the tree programs you gave me, but i can say for shure that the buggers is there somewhere. also, the latest update lasted forever, when starting up, but a simple restart fixed that, so thats probably an error of other origin.
  • 0

#6
gringo_pr
Posted 08 December 2012 - 12:33 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
c:\users\Damjan\AppData\Roaming\Optimizer Pro
c:\program files (x86)\MocaFlix
c:\programdata\Premium
c:\program files (x86)\Optimizer Pro
c:\programdata\Browser Manager

DDS::
uStart Page = hxxp://websearch.mocaflix.com/
mStart Page = hxxp://websearch.mocaflix.com/

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo
  • 0

#7
CrazyShadowDami
Posted 09 December 2012 - 03:14 PM

CrazyShadowDami

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
well, you didnt ask for log file, but you are probably look ing for it:

ComboFix 12-12-07.01 - Damjan 9.12.2012. 21:59:31.2.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.385.1033.18.3838.2159 [GMT 1:00]
Running from: c:\users\Damjan\Desktop\ComboFix.exe
Command switches used :: c:\users\Damjan\Desktop\CFScript.txt.txt
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
AV: PC Tools Spyware Doctor with AntiVirus *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: PC Tools Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\MocaFlix
c:\program files (x86)\MocaFlix\sprotector.dll
c:\program files (x86)\MocaFlix\uninstall.exe
c:\program files (x86)\Optimizer Pro
c:\program files (x86)\Optimizer Pro\English.ini
c:\program files (x86)\Optimizer Pro\file_id.diz
c:\program files (x86)\Optimizer Pro\HomePage.url
c:\program files (x86)\Optimizer Pro\OptimizerPro.chm
c:\program files (x86)\Optimizer Pro\OptimizerPro.exe
c:\program files (x86)\Optimizer Pro\OptProGuard.exe
c:\program files (x86)\Optimizer Pro\OptProLauncher.exe
c:\program files (x86)\Optimizer Pro\OptProReminder.exe
c:\program files (x86)\Optimizer Pro\OptProSchedule.exe
c:\program files (x86)\Optimizer Pro\OptProSmartScan.exe
c:\program files (x86)\Optimizer Pro\OptProStart.exe
c:\program files (x86)\Optimizer Pro\OptProUninstaller.exe
c:\program files (x86)\Optimizer Pro\scan.gif
c:\program files (x86)\Optimizer Pro\sqlite3.dll
c:\program files (x86)\Optimizer Pro\unins000.dat
c:\program files (x86)\Optimizer Pro\unins000.exe
c:\programdata\Premium
c:\programdata\Premium\OptimizerPro\OptimizerPro.exe
c:\users\Damjan\AppData\Roaming\Optimizer Pro
.
.
((((((((((((((((((((((((( Files Created from 2012-11-09 to 2012-12-09 )))))))))))))))))))))))))))))))
.
.
2012-12-09 21:08 . 2012-12-09 21:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-09 20:21 . 2012-12-09 20:21 -------- d-----w- c:\program files\CCleaner
2012-12-09 14:33 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{54F905F9-10AD-4732-A02E-ACB6F8BE1626}\mpengine.dll
2012-12-08 13:22 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-12-07 19:50 . 2012-10-23 16:40 77144 ----a-w- c:\windows\system32\drivers\PCTBD64.sys
2012-12-07 19:50 . 2012-10-23 16:40 769144 ----a-w- c:\windows\BDTSupport.dll
2012-12-07 19:50 . 2012-10-23 16:40 150648 ----a-w- c:\windows\SGDetectionTool.dll
2012-12-07 19:50 . 2012-10-23 16:40 2280568 ----a-w- c:\windows\PCTBDCore.dll
2012-12-07 19:50 . 2012-10-23 16:40 1690744 ----a-w- c:\windows\PCTBDRes.dll
2012-12-07 19:47 . 2012-10-31 13:21 258424 ----a-w- c:\windows\system32\drivers\pctwfpfilter64.sys
2012-12-07 19:47 . 2012-10-31 13:21 347016 ----a-w- c:\windows\system32\drivers\pctgntdi64.sys
2012-12-07 19:47 . 2012-11-01 14:35 16392 ----a-w- c:\windows\system32\drivers\pctBTFix64.sys
2012-12-07 19:46 . 2012-11-01 14:35 87968 ----a-w- c:\windows\system32\drivers\pctplsm64.sys
2012-12-07 19:46 . 2012-11-01 14:35 93600 ----a-w- c:\windows\system32\drivers\pctplsg64.sys
2012-12-07 19:46 . 2012-12-07 19:46 -------- d-----w- c:\program files (x86)\PC Tools
2012-12-07 19:42 . 2012-02-28 10:43 1096176 ----a-w- c:\windows\system32\drivers\pctEFA64.sys
2012-12-07 19:42 . 2012-02-28 10:43 453896 ----a-w- c:\windows\system32\drivers\pctDS64.sys
2012-12-07 19:41 . 2012-10-22 15:38 413448 ----a-w- c:\windows\system32\drivers\PCTCore64.sys
2012-12-07 19:41 . 2012-11-01 14:35 253256 ----a-w- c:\windows\system32\drivers\PCTSD64.sys
2012-12-07 19:41 . 2012-12-07 19:51 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2012-12-07 19:40 . 2012-12-07 19:47 -------- d-----w- c:\programdata\PC Tools
2012-12-07 19:40 . 2012-12-07 19:40 -------- d-----w- c:\users\Damjan\AppData\Roaming\TestApp
2012-12-07 19:17 . 2012-12-07 19:17 -------- d-----w- c:\programdata\SaveAs
2012-12-04 21:33 . 2012-12-04 21:33 -------- d-----w- c:\windows\Battlefield Mod Development Toolkit
2012-12-04 19:44 . 2012-12-04 19:44 -------- d-----w- c:\users\Damjan\.thumbnails
2012-12-04 19:42 . 2012-12-04 19:42 -------- d-----w- c:\users\Damjan\AppData\Local\fontconfig
2012-12-04 19:42 . 2012-12-04 19:49 -------- d-----w- c:\users\Damjan\.gimp-2.8
2012-12-04 19:42 . 2012-12-04 19:42 -------- d-----w- c:\users\Damjan\AppData\Local\gegl-0.2
2012-12-04 19:40 . 2012-12-04 19:41 -------- d-----w- c:\program files\GIMP 2
2012-12-03 17:33 . 2012-12-03 17:33 -------- d-----w- c:\users\Damjan\AppData\Roaming\Wargaming.net
2012-12-02 17:47 . 2012-12-02 17:47 -------- d-----w- C:\Games
2012-12-01 18:19 . 2012-12-01 18:19 -------- d--h--w- c:\program files (x86)\Common Files\EAInstaller
2012-12-01 17:45 . 2012-12-01 17:49 -------- d-----w- c:\users\Damjan\AppData\Roaming\Origin
2012-12-01 17:45 . 2012-12-01 17:45 -------- d-----w- c:\users\Damjan\AppData\Local\Origin
2012-12-01 17:44 . 2012-12-01 18:20 -------- d-----w- c:\programdata\Origin
2012-12-01 17:44 . 2012-12-06 22:04 -------- d-----w- c:\program files (x86)\Origin Games
2012-12-01 17:44 . 2012-12-01 18:20 -------- d-----w- c:\programdata\Electronic Arts
2012-12-01 17:43 . 2012-12-01 17:49 -------- d-----w- c:\program files (x86)\Origin
2012-11-28 15:57 . 2012-11-28 15:57 -------- d-----w- c:\users\Damjan\AppData\Local\SKIDROW
2012-11-28 15:57 . 2012-11-28 15:57 -------- d-----w- c:\users\Damjan\AppData\Local\BigHugeEngine
2012-11-28 15:43 . 2012-12-04 21:33 -------- d-----w- c:\program files (x86)\EA Games
2012-11-28 15:22 . 2012-11-28 15:23 -------- d-----w- c:\users\Damjan\AppData\Local\ArmA 2
2012-11-28 09:26 . 2012-11-28 09:26 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6742D8C5-F58D-477F-8B62-77BEF0D92B94}\gapaengine.dll
2012-11-28 09:26 . 2012-11-02 22:00 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-11-26 22:53 . 2012-11-26 22:53 -------- d-----w- c:\program files (x86)\Probit Software
2012-11-26 15:57 . 2012-11-26 15:57 -------- d-----w- c:\users\Damjan\AppData\Local\SCE
2012-11-26 15:57 . 2012-11-26 15:57 -------- d-----w- C:\Crash
2012-11-26 15:57 . 2012-11-26 15:57 -------- d-----w- c:\users\Damjan\AppData\Local\Sony Online Entertainment
2012-11-26 15:56 . 2012-11-26 18:05 -------- d-----w- c:\program files (x86)\PlanetSide
2012-11-25 13:03 . 2012-11-25 13:03 -------- d-----w- c:\users\Damjan\AppData\Local\DayZCommander
2012-11-25 13:02 . 2012-11-25 13:02 -------- d-----w- c:\program files (x86)\Dotjosh Studios
2012-11-25 12:50 . 2012-12-08 13:18 -------- d-----w- c:\users\sgr
2012-11-24 20:10 . 2012-11-24 20:10 -------- d-----w- c:\program files (x86)\Bohemia Interactive
2012-11-24 14:00 . 2012-12-05 23:37 -------- d-----w- c:\users\Damjan\AppData\Local\ArmA 2 OA
2012-11-24 12:50 . 2012-12-05 21:00 -------- d-----w- C:\ArmA 2
2012-11-22 20:58 . 2012-11-29 15:05 -------- d-----w- c:\users\Damjan\AppData\Local\Deployment
2012-11-22 20:58 . 2012-11-22 20:58 -------- d-----w- c:\users\Damjan\AppData\Local\Apps
2012-11-22 20:46 . 2012-11-22 20:46 -------- d-----w- c:\windows\system32\appmgmt
2012-11-22 12:08 . 2012-11-22 12:08 -------- d-----w- c:\windows\SysWow64\searchplugins
2012-11-22 12:08 . 2012-11-22 12:08 -------- d-----w- c:\windows\SysWow64\Extensions
2012-11-22 12:08 . 2012-12-07 20:46 -------- d-----w- c:\programdata\Browser Manager
2012-11-21 19:02 . 2011-02-17 20:24 65024 ----a-w- c:\windows\system32\Spool\prtprocs\x64\PPhp1600.DLL
2012-11-21 13:25 . 2011-02-17 20:25 136704 ----a-w- c:\windows\system32\ZLhp1600.DLL
2012-11-21 13:25 . 2011-02-17 13:37 424960 ----a-w- c:\windows\system32\ZSHP1600.EXE
2012-11-21 13:24 . 2012-11-21 14:11 -------- d-----w- c:\program files\HP
2012-11-21 13:24 . 2012-11-21 13:24 -------- d-----w- c:\users\Damjan\AppData\Roaming\HP
2012-11-21 13:24 . 2012-11-21 18:53 -------- d-----w- C:\hp_CLJ_1600_Full_Solution
2012-11-21 02:32 . 2012-11-22 12:09 -------- d-----w- c:\program files (x86)\GoforFiles
2012-11-21 02:32 . 2012-11-21 02:32 -------- d-----w- c:\users\Damjan\AppData\Roaming\GoforFiles
2012-11-18 19:02 . 2006-02-07 14:44 65024 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ISBEW64.exe
2012-11-18 19:02 . 2006-02-07 14:39 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2012-11-18 19:02 . 2006-02-07 14:45 757760 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll
2012-11-18 19:02 . 2006-02-07 14:40 204800 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll
2012-11-18 19:02 . 2006-02-07 14:40 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll
2012-11-18 19:02 . 2006-02-07 14:40 274432 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll
2012-11-18 19:02 . 2005-11-13 22:19 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
2012-11-18 19:02 . 2012-11-18 19:02 331908 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
2012-11-18 19:02 . 2012-11-18 19:02 200836 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
2012-11-14 19:50 . 2008-10-15 05:22 519000 ----a-w- c:\windows\system32\d3dx10_40.dll
2012-11-14 19:50 . 2008-10-15 05:22 452440 ----a-w- c:\windows\SysWow64\d3dx10_40.dll
2012-11-14 19:50 . 2008-10-15 05:22 2605920 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2012-11-14 19:50 . 2008-10-15 05:22 2036576 ----a-w- c:\windows\SysWow64\D3DCompiler_40.dll
2012-11-14 19:50 . 2008-10-15 05:22 5631312 ----a-w- c:\windows\system32\D3DX9_40.dll
2012-11-14 19:50 . 2008-10-15 05:22 4379984 ----a-w- c:\windows\SysWow64\D3DX9_40.dll
2012-11-14 19:43 . 2012-11-14 19:43 -------- d-----w- c:\users\Damjan\AppData\Roaming\NBSoftSolutions
2012-11-14 19:43 . 2012-11-14 19:43 -------- d-----w- c:\program files (x86)\NBSoftSolutions
2012-11-14 13:11 . 2012-11-15 20:47 -------- d-----w- C:\hoi3 modded files2
2012-11-14 10:21 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-14 10:21 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-14 10:21 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2012-11-14 10:21 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-14 10:12 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-14 10:12 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-14 10:12 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-14 10:11 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-14 10:11 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-14 10:11 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-14 10:11 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-13 20:12 . 2012-10-09 18:17 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-11-13 20:12 . 2012-10-09 18:17 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-11-13 20:12 . 2012-10-09 17:40 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
2012-11-13 20:12 . 2012-10-09 17:40 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
2012-11-13 20:12 . 2012-10-18 18:25 3149824 ----a-w- c:\windows\system32\win32k.sys
2012-11-13 12:28 . 2012-12-09 20:58 -------- d-----w- c:\users\Damjan\AppData\Roaming\Skype
2012-11-13 12:27 . 2012-11-13 12:27 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-11-13 12:27 . 2012-11-25 12:27 -------- d-----r- c:\program files (x86)\Skype
2012-11-13 12:27 . 2012-11-28 09:16 -------- d-----w- c:\programdata\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-14 10:13 . 2012-11-02 18:36 66395536 ----a-w- c:\windows\system32\MRT.exe
2012-11-04 19:22 . 2012-11-03 23:35 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-04 19:22 . 2012-11-03 23:35 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-04 17:49 . 2012-11-04 17:49 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-11-03 23:31 . 2012-11-03 23:31 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2012-11-03 23:31 . 2012-11-03 23:31 289768 ----a-w- c:\windows\system32\javaws.exe
2012-11-03 23:31 . 2012-11-03 23:31 189416 ----a-w- c:\windows\system32\javaw.exe
2012-11-03 23:31 . 2012-11-03 23:31 188904 ----a-w- c:\windows\system32\java.exe
2012-11-03 23:31 . 2012-11-03 23:31 916456 ----a-w- c:\windows\system32\deployJava1.dll
2012-11-03 23:31 . 2012-11-03 23:31 1034216 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-11-02 19:47 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-11-02 19:47 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-11-02 17:49 . 2012-11-02 17:49 95544 ----a-w- c:\windows\system32\bcmwlcoi.dll
2012-11-02 17:49 . 2012-11-02 17:49 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2012-11-02 17:49 . 2012-11-02 17:49 3561272 ----a-w- c:\windows\system32\bcmihvui64.dll
2012-11-02 17:49 . 2012-11-02 17:49 3896632 ----a-w- c:\windows\system32\bcmihvsrv64.dll
2012-11-02 17:49 . 2012-11-02 17:49 3060800 ----a-w- c:\windows\system32\drivers\BCMWL664.SYS
2012-11-02 14:20 . 2012-11-02 14:20 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-11-02 14:20 . 2012-11-02 14:20 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-11-02 14:20 . 2012-11-02 14:20 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-11-02 14:20 . 2012-11-02 14:20 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-11-02 14:20 . 2012-11-02 14:20 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-11-02 14:20 . 2012-11-02 14:20 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-11-02 14:20 . 2012-11-02 14:20 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-11-02 14:20 . 2012-11-02 14:20 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-11-02 14:20 . 2012-11-02 14:20 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-11-02 14:20 . 2012-11-02 14:20 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-11-02 14:20 . 2012-11-02 14:20 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-11-02 14:20 . 2012-11-02 14:20 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-11-02 14:20 . 2012-11-02 14:20 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-11-02 14:20 . 2012-11-02 14:20 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-11-02 14:20 . 2012-11-02 14:20 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-11-02 14:20 . 2012-11-02 14:20 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-11-02 14:20 . 2012-11-02 14:20 222208 ----a-w- c:\windows\system32\msls31.dll
2012-11-02 14:20 . 2012-11-02 14:20 65024 ----a-w- c:\windows\system32\pngfilt.dll
2012-11-02 14:20 . 2012-11-02 14:20 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-11-02 14:20 . 2012-11-02 14:20 267776 ----a-w- c:\windows\system32\ieaksie.dll
2012-11-02 14:20 . 2012-11-02 14:20 197120 ----a-w- c:\windows\system32\msrating.dll
2012-11-02 14:20 . 2012-11-02 14:20 163840 ----a-w- c:\windows\system32\ieakui.dll
2012-11-02 14:20 . 2012-11-02 14:20 149504 ----a-w- c:\windows\system32\occache.dll
2012-11-02 14:20 . 2012-11-02 14:20 145920 ----a-w- c:\windows\system32\iepeers.dll
2012-11-02 14:20 . 2012-11-02 14:20 12288 ----a-w- c:\windows\system32\mshta.exe
2012-11-02 14:20 . 2012-11-02 14:20 114176 ----a-w- c:\windows\system32\admparse.dll
2012-11-02 14:20 . 2012-11-02 14:20 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-11-02 14:20 . 2012-11-02 14:20 89088 ----a-w- c:\windows\system32\ie4uinit.exe
2012-11-02 14:20 . 2012-11-02 14:20 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-11-02 14:20 . 2012-11-02 14:20 82432 ----a-w- c:\windows\system32\icardie.dll
2012-11-02 14:20 . 2012-11-02 14:20 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-11-02 14:20 . 2012-11-02 14:20 55296 ----a-w- c:\windows\system32\msfeedsbs.dll
2012-11-02 14:20 . 2012-11-02 14:20 534528 ----a-w- c:\windows\system32\ieapfltr.dll
2012-11-02 14:20 . 2012-11-02 14:20 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-11-02 14:20 . 2012-11-02 14:20 452608 ----a-w- c:\windows\system32\dxtmsft.dll
2012-11-02 14:20 . 2012-11-02 14:20 448512 ----a-w- c:\windows\system32\html.iec
2012-11-02 14:20 . 2012-11-02 14:20 403248 ----a-w- c:\windows\system32\iedkcs32.dll
2012-11-02 14:20 . 2012-11-02 14:20 39936 ----a-w- c:\windows\system32\iernonce.dll
2012-11-02 14:20 . 2012-11-02 14:20 3695416 ----a-w- c:\windows\system32\ieapfltr.dat
2012-11-02 14:20 . 2012-11-02 14:20 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-11-02 14:20 . 2012-11-02 14:20 282112 ----a-w- c:\windows\system32\dxtrans.dll
2012-11-02 14:20 . 2012-11-02 14:20 249344 ----a-w- c:\windows\system32\webcheck.dll
2012-11-02 14:20 . 2012-11-02 14:20 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-11-02 14:20 . 2012-11-02 14:20 160256 ----a-w- c:\windows\system32\wextract.exe
2012-11-02 14:20 . 2012-11-02 14:20 160256 ----a-w- c:\windows\system32\ieakeng.dll
2012-11-02 14:20 . 2012-11-02 14:20 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-11-02 14:20 . 2012-11-02 14:20 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-11-02 14:20 . 2012-11-02 14:20 10752 ----a-w- c:\windows\system32\msfeedssync.exe
2012-11-02 14:20 . 2012-11-02 14:20 103936 ----a-w- c:\windows\system32\inseng.dll
2012-10-23 15:30 . 2012-12-07 19:50 3488 ----a-w- c:\windows\UDB.zip
2012-10-23 15:30 . 2012-12-07 19:50 131 ----a-w- c:\windows\IDB.zip
2012-10-17 01:31 . 2012-11-02 18:21 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{34ADFFFA-4281-4B9D-AAF9-7DD14A1F919B}\mpengine.dll
2012-10-16 08:38 . 2012-11-28 11:46 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 11:46 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 11:46 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-09-28 14:37 . 2012-09-28 14:37 221696 ----a-w- c:\windows\system32\clinfo.exe
2012-09-28 14:36 . 2012-09-28 14:36 75776 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-09-28 14:36 . 2012-09-28 14:36 65536 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-09-28 14:36 . 2012-09-28 14:36 63488 ----a-w- c:\windows\system32\OVDecode64.dll
2012-09-28 14:36 . 2012-09-28 14:36 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-09-28 14:36 . 2012-09-28 14:36 32635904 ----a-w- c:\windows\system32\amdocl64.dll
2012-09-28 14:32 . 2012-09-28 14:32 27341824 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-09-28 14:28 . 2012-09-28 14:28 54784 ----a-w- c:\windows\system32\OpenCL.dll
2012-09-28 14:28 . 2012-09-28 14:28 50176 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-09-28 02:05 . 2012-09-28 02:05 70144 ----a-w- c:\windows\system32\coinst_9.002.dll
2012-09-28 02:03 . 2012-09-28 02:03 163840 ----a-w- c:\windows\system32\atiapfxx.exe
2012-09-28 01:43 . 2012-09-28 01:43 935424 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-09-28 01:41 . 2012-09-28 01:41 1120768 ----a-w- c:\windows\system32\aticfx64.dll
2012-09-28 01:39 . 2012-09-28 01:39 442368 ----a-w- c:\windows\system32\atidemgy.dll
2012-09-28 01:13 . 2012-09-28 01:13 17920 ----a-w- c:\windows\system32\atig6pxx.dll
2012-09-28 01:13 . 2012-09-28 01:13 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-09-28 01:13 . 2012-09-28 01:13 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-09-28 01:13 . 2012-09-28 01:13 41984 ----a-w- c:\windows\system32\atig6txx.dll
2012-09-28 01:13 . 2012-09-28 01:13 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-09-28 01:12 . 2012-09-28 01:12 460288 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-09-28 01:11 . 2012-09-28 01:11 129536 ----a-w- c:\windows\system32\atiuxp64.dll
2012-09-28 01:11 . 2012-09-28 01:11 109568 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-09-28 01:11 . 2012-09-28 01:11 103424 ----a-w- c:\windows\system32\atiu9p64.dll
2012-09-28 01:10 . 2012-09-28 01:10 82944 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-09-14 19:19 . 2012-11-02 14:05 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-11-02 14:05 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{419C3039-26F5-7982-FDD1-1BE030478752}]
2012-12-07 19:19 128000 ----a-w- c:\programdata\SaveAs\50c24129056ad.ocx
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-08-28 3671904]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-11-09 17888944]
"mapdisk"="c:\users\Damjan\Documents\ArmAWork\mapdisk.bat" [2012-11-24 49]
"Easy Driver Pro"="c:\program files (x86)\Probit Software\Easy Driver Pro\DPLauncher.exe" [2012-09-23 147312]
"EADM"="c:\program files (x86)\Origin\Origin.exe" [2012-12-01 3492504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-09-28 642728]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-23 926896]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-3-26 1125152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~3\BROWSE~1\25976~1.107\{C16C1~1\mngr.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-11-22 3290304]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-10-19 160944]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-03-05 335400]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-03-01 39464]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 128456]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-12 368896]
R3 pctplsm;pctplsm;c:\windows\System32\drivers\pctplsm64.sys [2012-11-01 87968]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe [2012-10-31 403416]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-11-02 1255736]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [2010-11-01 14544]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [2012-10-22 413448]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys [2012-02-28 453896]
S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA64.sys [2012-02-28 1096176]
S1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi64.sys [2012-10-31 347016]
S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD64.sys [2012-11-01 253256]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-09-28 361984]
S2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-04-09 57472]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [2012-10-23 580728]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2012-04-05 255376]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-11-04 283200]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-01-18 75304]
S3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\Drivers\PCTBD64.sys [2012-10-23 77144]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-03 19:22]
.
2012-12-05 c:\windows\Tasks\DLL-files.com Fixer_MONTHLY.job
- c:\program files (x86)\Dll-Files.com Fixer\DLLFixer.exe [2012-11-07 13:31]
.
2012-12-08 c:\windows\Tasks\DLL-files.com Fixer_UPDATES.job
- c:\program files (x86)\Dll-Files.com Fixer\DLLFixer.exe [2012-11-07 13:31]
.
2012-12-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-05 14:22]
.
2012-12-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-05 14:22]
.
2012-12-09 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
2012-12-09 c:\windows\Tasks\ParetoLogic Update Version3 Startup Task.job
- c:\program files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2012-06-27 21:07]
.
2012-12-04 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2012-06-27 21:07]
.
2012-11-16 c:\windows\Tasks\PC Health Advisor Defrag.job
- c:\program files (x86)\ParetoLogic\PCHA\PCHA.exe [2012-06-25 23:02]
.
2012-12-02 c:\windows\Tasks\PC Health Advisor.job
- c:\program files (x86)\ParetoLogic\PCHA\PCHA.exe [2012-06-25 23:02]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"PLFSetL"="c:\windows\\PLFSetL.exe" [2007-07-05 94208]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 1289704]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-02-05 324608]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://websearch.mocaflix.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{9846893D-56D2-4C86-BD86-9E07206BEA4F}: NameServer = 172.24.2.9,192.168.1.20
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-Optimizer Pro - c:\program files (x86)\Optimizer Pro\OptProLauncher.exe
AddRemove-Optimizer Pro_is1 - c:\program files (x86)\Optimizer Pro\unins000.exe
AddRemove-SP_8e4eb48d - c:\program files (x86)\MocaFlix\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-12-09 22:11:59
ComboFix-quarantined-files.txt 2012-12-09 21:11
ComboFix2.txt 2012-12-08 13:18
.
Pre-Run: 327.162.728.448 bytes free
Post-Run: 326.863.740.928 bytes free
.
- - End Of File - - BD1AB2798923ADC70842108B91D4AA8E








DUM DUM DUM
  • 0

#8
gringo_pr
Posted 09 December 2012 - 03:18 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
  • 0

#9
gringo_pr
Posted 11 December 2012 - 10:41 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
  • 0

#10
CrazyShadowDami
Posted 12 December 2012 - 06:38 AM

CrazyShadowDami

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Acer Crystal Eye Webcam
Acer Crystal Eye Webcam Video Class Camera
Acer Updater
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI
Alcor Micro USB Card Reader
AMD VISION Engine Control Center
Apple Application Support
Apple Software Update
applicationupdater
ArnA 2: Combined Operations
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
µTorrent
AVG PC TuneUp Language Pack (en-US)
Battlefield 1942™
Battlefield Mod Development Toolkit
BattlEye for OA Uninstall
BI's Tools drive Uninstall
BinMake Uninstall
BinPBO Personal Edition Uninstall
Browser Guard 4.0
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
DAEMON Tools Lite
DayZ Commander
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dll-Files.com Fixer
Easy Driver Pro v8.03
EPSON Scan
Europa Universalis III
ffdshow [rev 3154] [2009-12-09]
For the Motherland version 3.05
FSM Editor Personal Edition Uninstall
Game Booster 3
gamelauncher-ps2-psg (x86)-PlanetSide
Google Chrome
Google Earth Plug-in
Google Update Helper
Hearts of Iron III
Hearts of Iron III - Their Finest Hour version 4.02
HOI3Editor
Kingdoms of Amalur Reckoning
Magical Jelly Bean KeyFinder
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Notepad++
Optimizer Pro v3.0
Origin
Oxygen 2 Personal Edition Uninstall
ParetoLogic PC Health Advisor
PC Tools Spyware Doctor 9.1
PlanetSide 2
SaveAs
Search Assistant MocaFlix 1.66
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2553488) 32-Bit Edition
Semper Fi 1.0
Skype Click to Call
Skype™ 6.0
Sound Tools Uninstall
TexView 2 Uninstall
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Victoria 2
Visitor 3 Uninstall
VLC media player 2.0.4
World of Tanks
  • 0

Advertisements

#11
gringo_pr
Posted 12 December 2012 - 12:02 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

µTorrent
Optimizer Pro v3.0
Search Assistant MocaFlix 1.66
 [/list]

  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.


Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
  • 0

#12
CrazyShadowDami
Posted 12 December 2012 - 01:04 PM

CrazyShadowDami

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.12.12.10

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Damjan :: DAMJAN-PC [administrator]

12.12.2012. 19:59:13
mbam-log-2012-12-12 (19-59-13).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 214272
Time elapsed: 2 minute(s), 58 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 5
C:\Users\Damjan\Downloads\DownloadSetup.exe (Affiliate.Downloader) -> Quarantined and deleted successfully.
C:\Users\Damjan\Downloads\installer_epson_sx125 (1).exe (PUP.BundleInstaller.PHP) -> Quarantined and deleted successfully.
C:\Users\Damjan\Downloads\installer_epson_sx125.exe (PUP.BundleInstaller.PHP) -> Quarantined and deleted successfully.
C:\Users\Damjan\Downloads\pdtrain.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Damjan\Downloads\SaveAs.exe (Affiliate.Downloader) -> Quarantined and deleted successfully.

(end)
  • 0

#13
gringo_pr
Posted 12 December 2012 - 09:25 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
did you run hijackthis?


gringo
  • 0

#14
CrazyShadowDami
Posted 13 December 2012 - 05:28 AM

CrazyShadowDami

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:27:51, on 13.12.2012.
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Origin\Origin.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Damjan\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.mocaflix.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: PC Tools Browser Guard - {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Browser Guard BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
O2 - BHO: SaveAs - {419C3039-26F5-7982-FDD1-1BE030478752} - C:\ProgramData\SaveAs\50c24129056ad.ocx
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [mapdisk] "C:\Users\Damjan\Documents\ArmAWork\mapdisk.bat"
O4 - HKCU\..\Run: [Easy Driver Pro] C:\Program Files (x86)\Probit Software\Easy Driver Pro\DPLauncher.exe
O4 - HKCU\..\Run: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{9846893D-56D2-4C86-BD86-9E07206BEA4F}: NameServer = 172.24.2.9,192.168.1.20
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: c:\PROGRA~3\BROWSE~1\25976~1.107\{C16C1~1\mngr.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Usluga Google ažuriranje (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Usluga Google ažuriranje (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Live Updater Service - Acer Incorporated - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10873 bytes



not removing utorrent, 6 years of experience with it is enough.
  • 0

#15
gringo_pr
Posted 13 December 2012 - 07:07 AM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.mocaflix.com/
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
      O2 - BHO: SaveAs - {419C3039-26F5-7982-FDD1-1BE030478752} - C:\ProgramData\SaveAs\50c24129056ad.ocx
      O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
      O4 - HKCU\..\Run: [Easy Driver Pro] C:\Program Files (x86)\Probit Software\Easy Driver Pro\DPLauncher.exe
      O4 - HKCU\..\Run: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

  • If threats were found
  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish
  • close program
  • copy and paste the report here


Gringo
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP