WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93084 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Virus/Trojan - Can't install Antivirus or open Text document.. jus

Started by bacman , Jul 06 2014 11:46 PM

This topic is locked

11 replies to this topic

#1 bacman

New Member

Authentic Member
7 posts

Posted 06 July 2014 - 11:46 PM

Hi,

Before 2 days i installed suspicius software(.exe + .dll) from some link.

And before the download & the installation i must Disable the Anti-virus because AV show some "THREAT" but some guy tell me that "threat" is FALSE POSITIVE, (but those was a hacker, he trick me), and i disable it!

And when i install that SOFT(.EXE) and second FILE (.EXE -to install missing .DLL) , suddenly PC Restarted !!!

And after Restart, when Windows Run it Not start-up with Anti-Virus, and

i see that's something wrong & i go to program files and want to start AV Manually but it Not gave me the "Access the folder ESET"(NOD32), after that i go to "Add Remove Programs" and see that NOD32 IS NOT Uninstalled ...

After that i UNINSTAL the ESET-Nod32 ( I DID IT BECAUSE I WANT TO REINSTALL and FIX the PROBLEM)...

Then,

i go to TASK MENAGER & noticed that my CPU was 100%(constantly) with NO PROGRAM RUNNING.. than i Disconnect the Internet and CPU came to 0%, but when i connect again , again CPU come to 100%.

The other things i noticed was when i want to install again Eset-Nod32-AV (i have the soft. setup in my soft. collection folder) it tells me that: "I HAVEN'T SOME PRIVILEGES". After that i download setup(Nod32-AV) from internet & same again ... Than i noticed that i cant install Software"i HAVENT SOME PRIVILEGES"... Than i search on internet some online scanners, and can't install it, then i open TaskManager and i find strange 2 files:"IsYKPdaSMMg.exe"(in Administrator) and "Regsvcs.exe"(in Administrator).

When i close "Regsvcs.exe" & he start again & again & again & -||-, and i can't close it..

Than i want to close the other suspicius file "IsYKPdaSMMg.exe" and when i close (end Process) it came BLUE SCREEN WITH WHITE CHARACTERS NUMBERS.. Than i Reset (from button), and the PC start normally, but same things, same files...

The those 2 files didnt give me to close them, and i do again same steps to CLOSE THEM, and no progress! After some time after some Resets(from button) i realised that i CAN'T : TURN OFF, RESTART, SWITCH USERS,.... NOTHING, because when i click some of those BLUE SCREEN came up & i can just RESET from Button....

And then i search on internet & found "RogueKiller.exe" and MAGICLY he start without problems LOL...

And i start SCAN & found many "BAD" things in Registry and in other places, and find just one .exe suspicius "dgen.exe".

I Don't remember what i click on that RogueKiller software, but Magicly PC RESTARTed after SCAN. After Restart, the two files "Regsvcs.exe" and "IsYKPdaSMMg.exe" is no more there, but dgen.exe was there and again my CPU was 100% and i have "NO Privileges" and it was some release for me because i now can TURN OFF , RESTART and Swich users, but other things left same, 1. Still "no privileges", 2. Cant install softs, But NOW CAN OPEN AND SAVE TEXT DOCs, i now can send you logs from RogueKiller(i EDIT This POST & ADDED the REPORT from RogueKiller).. But forgot to tell that i discover that i CAN MANUALLY CLOSE "dgen.exe" FILE, and my CPU go to 0%... That is good & can make TEXT Documents and Save (GREAT), but still no privileges, still cant install nothing... Everytime when i TURN ON the PC or Restart, i must Manually CLOSE "dgen.exe" from TaskMenager...

PLEASE HELP ME TO GET BACK MY PC IN MY HANDS(Privileges to install everything), to install ESET NOD32 again, to clean that dgen.exe file and every suspicius files, and be like before..? will be my life saver and i

I will DONATE to you & your web too(to be fair)...

Please HELP ME?

- HERE ARE THE LOGs (from RogueKiller):

RogueKiller V9.1.0.0 [Jun 23 2014] by Adlice Software

mail : http://www.adlice.com/contact/

Feedback : http://forum.adlice.com

Website : http://www.adlice.co...es/roguekiller/

Blog : http://www.adlice.com

Operating System : Windows XP (5.1.2600 Service Pack 2) 32 bits version

Started in : Normal mode

User : Administrator [Admin rights]

Mode : Scan -- Date : 07/07/2014 09:35:38

¤¤¤ Bad processes : 1 ¤¤¤

[Suspicious.Path] dgen.exe -- C:\WINDOWS\Temp\dgen.exe[-] -> KILLED [TermProc]

¤¤¤ Registry Entries : 16 ¤¤¤

[Suspicious.Path] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | BigDog305 : C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305) -> FOUND

[Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\PBDOWNFORCE_SERVICE -> FOUND

[Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\vtany -> FOUND

[Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\xhunter1 -> FOUND

[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PBDOWNFORCE_SERVICE -> FOUND

[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vtany -> FOUND

[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xhunter1 -> FOUND

[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PBDOWNFORCE_SERVICE -> FOUND

[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\vtany -> FOUND

[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\xhunter1 -> FOUND

[PUM.Proxy] HKEY_USERS\S-1-5-21-329068152-1957994488-839522115-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=;ftp=;https=; -> FOUND

[PUM.Policies] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0 -> FOUND

[PUM.Policies] HKEY_USERS\S-1-5-21-329068152-1957994488-839522115-500\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0 -> FOUND

[PUM.SysRestore] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\SystemRestore | DisableSR : 1 -> FOUND

[PUM.SecurityCenter] HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center | UpdatesDisableNotify : 1 -> FOUND

[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ HOSTS File : 1 ¤¤¤

[C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1 gsin256345.elasticbeanstalk.com

¤¤¤ Antirootkit : 2 ¤¤¤

[SSDT:Inl] NtRequestPort[199] : Unknown @ 0xb84aa480

[SSDT:Inl] NtRequestWaitReplyPort[200] : Unknown @ 0xb84aa520

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤

+++++ PhysicalDrive0: Hitachi HDS721050CLA362 +++++

--- User ---

[MBR] 56ba1b66eaf4677568165da57d40f758

[BSP] b7cb42b22dc882131a6a6f85b63be1e5 : Windows XP MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 376931 MB

1 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 771955380 | Size: 99998 MB

User = LL1 ... OK

User = LL2 ... OK

============================================

RKreport_DEL_07062014_083710.log - RKreport_SCN_07062014_082547.log - RKreport_SCN_07072014_071646.log

Edited by bacman, 08 July 2014 - 03:28 AM.

Advertisements

Register to Remove

#2 ----------------

SuperMember

Authentic Member
1,095 posts

Posted 07 July 2014 - 03:42 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
Perform everything in the correct order. Sometimes one step requires the previous one.
If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

HijackThis is not the preferred initial scanning tool in this forum. With today's malware, a more comprehensive set of logs is required to determine the presence of malware.

Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)

Run FRST.
Don´t change one of the checkboxes and hit Scan.
Logfiles are created on your desktop.
Poste the FRST.txt and (after the first scan only!) the Addition.txt.

Scan with aswMBR

Please download aswMBR ( 4.5MB ) to your desktop.

Double click the aswMBR.exe icon, and click Run.
There will be a short delay before the next dialog box comes up. Please just wait a minute or two.
When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
Typically this is about a 100MB download so depending on your connection speed it can take a short while to download and become ready.
Click the Scan button to start the scan once the update has finished downloading
On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.

Note: There will also be a file on your desktop named MBR.dat do not delete this for now. It is an actual backup of the MBR (master boot record).

Proud Member of UNITE & TB

#3 bacman

New Member

Authentic Member
7 posts

Posted 07 July 2014 - 07:00 AM

At first i forgot to ask, IF I DO THIS STEPS Does has a chance to LOOSE MY DATA... Now i can SAFE my data have to BURN DVDs 20 cds to burn to save my data.. but if its no chance to loose my files than to begin withSTEPS ?

#4 ----------------

SuperMember

Authentic Member
1,095 posts

Posted 07 July 2014 - 07:02 AM

Running my scans will not harm your data.

Proud Member of UNITE & TB

#5 bacman

New Member

Authentic Member
7 posts

Posted 07 July 2014 - 07:54 AM

FRST: I Finished with SCAN !

I just did the SCAN like you tell me.. I Dont Click FIX button, just SCAN...

HERE ARE THE 2 LOGs (from FRST) "Frst.txt & Addition.txt":

FRST.txt:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:05-07-2014 01

Ran by Administrator (administrator) on XXX on 07-07-2014 15:46:21

Running from C:\Documents and Settings\Administrator\Desktop

Platform: Microsoft Windows XP Professional Service Pack 2 (X86) OS Language: English (United States)

Internet Explorer Version 7

Boot Mode: Normal

The only official download link for FRST:

Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/

Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(Elex do Brasil Participações Ltda) C:\Program Files\iSafe\iSafeSvc.exe

(Elex do Brasil Participações Ltda) C:\Program Files\iSafe\iSafeSvc2.exe

(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe

(VIA Technologies, Inc.) C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

(Applian Technologies, Inc.) C:\Program Files\Freecorder\FLVSrvc.exe

(Creative Technology Ltd.) C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe

(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe

(Nalpeiron Ltd.) C:\WINDOWS\system32\ASTSRV.EXE

(Apple Computer, Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(FileZilla Project) C:\Program Files\FileZilla Server\FileZilla server.exe

(ClanServers Hosting LLC) D:\Igri\GameTracker\GSInGameService.exe

(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe

(Nero AG) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

(Skype Technologies S.A.) C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe

(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

(Microsoft Corporation) C:\WINDOWS\system32\taskmgr.exe

() C:\WINDOWS\Temp\dgen.exe

(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe

() C:\Program Files\iSafe\ipcdl.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NvCplDaemon] => C:\WINDOWS\system32\NvCpl.dll [16744256 2011-10-08] (NVIDIA Corporation)

HKLM\...\Run: [TNOD UP] => "C:\Program Files\TNod User & Password Finder\TNODUP.exe" /i

HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [153136 2007-03-01] (Nero AG)

HKLM\...\Run: [NBKeyScan] => C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [1836328 2007-09-20] (Nero AG)

HKLM\...\Run: [HDAudDeck] => C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe [33714176 2010-01-18] (VIA Technologies, Inc.)

HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)

HKLM\...\Run: [Freecorder FLV Service] => C:\Program Files\Freecorder\FLVSrvc.exe [167936 2010-06-26] (Applian Technologies, Inc.)

HKLM\...\Run: [facemoods] => "C:\Program Files\facemoods.com\facemoods\1.4.17.7\facemoodssrv.exe" /md I

HKLM\...\Run: [KeyScrambler] => C:\Program Files\KeyScrambler\keyscrambler.exe /a

HKLM\...\Run: [BigDog305] => C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)

HKLM\...\Run: [LogitechQuickCamRibbon] => "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide

HKLM\...\Run: [AVFX Engine] => C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe [24576 2006-06-09] (Creative Technology Ltd.)

HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)

HKLM\...\Run: [NvMediaCenter] => C:\WINDOWS\system32\NvMCTray.dll [203072 2011-10-08] (NVIDIA Corporation)

HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [1632360 2011-10-08] ()

HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [0 ] (ESET)

HKLM\...\Run: [avast5] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [2837864 2010-06-28] (AVAST Software)

HKU\.DEFAULT\...\RunOnce: [ShowDeskFix] - regsvr32 /s /n /i:u shell32

HKU\S-1-5-19\...\RunOnce: [ShowDeskFix] - regsvr32 /s /n /i:u shell32

HKU\S-1-5-20\...\RunOnce: [ShowDeskFix] - regsvr32 /s /n /i:u shell32

HKU\S-1-5-21-329068152-1957994488-839522115-1003\...\RunOnce: [ShowDeskFix] - regsvr32 /s /n /i:u shell32

HKU\S-1-5-21-329068152-1957994488-839522115-1003\...\RunOnce: [IE7-10] - rundll32 advpack.dll,LaunchINFSectionEx NR_IE7en.inf,AfterUserStart,,4,N

HKU\S-1-5-21-329068152-1957994488-839522115-500\...\Policies\system: [EnableLUA] 0

HKU\S-1-5-21-329068152-1957994488-839522115-500\...\Policies\Explorer: [NoFolderOptions] 1

HKU\S-1-5-21-329068152-1957994488-839522115-500\...\MountPoints2: {42a7ce7f-a7f1-11e1-844f-4487fcefd61f} - F:\setup.exe

HKU\S-1-5-21-329068152-1957994488-839522115-500\...\MountPoints2: {af5a2ccd-6be6-11e0-8176-4487fcefd61f} - G:\setup.exe

HKU\S-1-5-21-329068152-1957994488-839522115-500\...\Winlogon: [Shell] explorer.exe,"C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe" <==== ATTENTION

IFEO\AvastSvc.exe: [Debugger] nqij.exe

IFEO\AvastUI.exe: [Debugger] nqij.exe

IFEO\avcenter.exe: [Debugger] nqij.exe

IFEO\avconfig.exe: [Debugger] nqij.exe

IFEO\avgcsrvx.exe: [Debugger] nqij.exe

IFEO\avgidsagent.exe: [Debugger] nqij.exe

IFEO\avgnt.exe: [Debugger] nqij.exe

IFEO\avgrsx.exe: [Debugger] nqij.exe

IFEO\avguard.exe: [Debugger] nqij.exe

IFEO\avgui.exe: [Debugger] nqij.exe

IFEO\avgwdsvc.exe: [Debugger] nqij.exe

IFEO\avp.exe: [Debugger] nqij.exe

IFEO\avscan.exe: [Debugger] nqij.exe

IFEO\bdagent.exe: [Debugger] nqij.exe

IFEO\blindman.exe: [Debugger] nqij.exe

IFEO\ccuac.exe: [Debugger] nqij.exe

IFEO\ComboFix.exe: [Debugger] nqij.exe

IFEO\egui.exe: [Debugger] nqij.exe

IFEO\ekrn.exe: [Debugger] nqij.exe

IFEO\hijackthis.exe: [Debugger] nqij.exe

IFEO\instup.exe: [Debugger] nqij.exe

IFEO\keyscrambler.exe: [Debugger] nqij.exe

IFEO\mbam.exe: [Debugger] nqij.exe

IFEO\mbamgui.exe: [Debugger] nqij.exe

IFEO\mbampt.exe: [Debugger] nqij.exe

IFEO\mbamscheduler.exe: [Debugger] nqij.exe

IFEO\mbamservice.exe: [Debugger] nqij.exe

IFEO\MpCmdRun.exe: [Debugger] nqij.exe

IFEO\MSASCui.exe: [Debugger] nqij.exe

IFEO\MsMpEng.exe: [Debugger] nqij.exe

IFEO\msseces.exe: [Debugger] nqij.exe

IFEO\rstrui.exe: [Debugger] nqij.exe

IFEO\SDFiles.exe: [Debugger] nqij.exe

IFEO\SDMain.exe: [Debugger] nqij.exe

IFEO\SDWinSec.exe: [Debugger] nqij.exe

IFEO\spybotsd.exe: [Debugger] nqij.exe

IFEO\wireshark.exe: [Debugger] nqij.exe

IFEO\zlclient.exe: [Debugger] nqij.exe

Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk

ShortcutTarget: ERUNT AutoBackup.lnk -> C:\Program Files\ERUNT\AUTOBACK.EXE ()

Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

ShortcutTarget: Adobe Reader Speed Launch.lnk -> C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-A70001000000}\SC_Reader.exe ()

==================== Internet (Whitelisted) ====================

ProxyServer: http=;ftp=;https=;

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search.as...o=102869&gct=hp

HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www.claro-sea...00074ea3ace0ee7

HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://searchab.com/...70-74ea3ace0ee7

SearchScopes: HKLM - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = ${SEARCH_URL}{searchTerms}

SearchScopes: HKCU - DefaultScope {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://websearch.ask...B0-F7684CF6C545

SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}

SearchScopes: HKCU - {0D7562AE-8EF6-416d-A838-AB665251703A} URL = http://start.facemoo...earchTerms}&f=4

SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://searchab.com/...q={searchTerms}

SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://websearch.ask...B0-F7684CF6C545

SearchScopes: HKCU - {C306FB0A-403F-44FA-B36E-DDA64DA7432A} URL = http://www.claro-sea...00074ea3ace0ee7

BHO: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.co...iaSmartScan.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab

DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} https://battlefield....er_1.0.96.0.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)

Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [94208] (Apple Computer, Inc.)

Hosts: 127.0.0.1 gsin256345.elasticbeanstalk.com

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:

========

FF ProfilePath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\fj5zir92.default

FF DefaultSearchEngine: Ask.com

FF SearchEngineOrder.1: Ask.com

FF SelectedSearchEngine: Ask.com

FF Homepage: https://duckduckgo.com/

FF Plugin: @3gstudios.com/webmediaclient,version=1.0 - C:\Program Files\3G Studios\Web Media Client\npWebMediaClient.dll No File

FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()

FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)

FF Plugin: @bittorrent.com/BitTorrentDNA - C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)

FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin: @idsoftware.com/QuakeLive - C:\Documents and Settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll (id Software Inc.)

FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin: @virtools.com/3DviaPlayer - C:\Program Files\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)

FF Plugin: @vizzed.com/VizzedRGR - C:\Program Files\Vizzed\Vizzed Retro Game Room\NpVizzedRgr.dll (Vizzed.com)

FF Plugin HKCU: @coreonline.com/run3d,version=1.0 - C:\Documents and Settings\Administrator\Local Settings\Application Data\Square Enix\nprun3d.dll (Square Enix)

FF Plugin HKCU: @eximion.com/KalydoPlayer - C:\Documents and Settings\Administrator\Application Data\Kalydo\KalydoPlayer\bin2\npkalydo.dll (Eximion B.V.)

FF Plugin HKCU: @gnometech.com/ZworldoWebPlugin12 - C:\Documents and Settings\Administrator\Local Settings\Application Data\Zworldo\player\NP Zworldo Plugin12.dll (Gnometech Inc)

FF Plugin HKCU: @powerchallenge.com/PowerLoader - C:\DOCUME~1\ADMINI~1\APPLIC~1\POWERC~1\nppowerloader.dll (Power Challenge Sweden AB)

FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Documents and Settings\Administrator\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @TrianglePlayer - C:\Documents and Settings\Administrator\Application Data\TrianglePlayer\NPTrianglePlayer.dll ()

FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Documents and Settings\Administrator\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)

FF SearchPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\fj5zir92.default\searchplugins\askcom.xml

FF SearchPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\fj5zir92.default\searchplugins\duckduckgo.xml

FF SearchPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\fj5zir92.default\searchplugins\Searchab.xml

FF SearchPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\fj5zir92.default\searchplugins\softonic.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\babylon.xml

FF Extension: Battlefield Play4Free - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\fj5zir92.default\Extensions\battlefieldplay4free@ea.com [2014-02-05]

FF Extension: arcadeox - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\fj5zir92.default\Extensions\nparcadeox@nparcadeox.com [2013-12-01]

FF Extension: Super Hide IP - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\fj5zir92.default\Extensions\support@super-hide-ip.com [2011-08-29]

FF Extension: Tilt - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\fj5zir92.default\Extensions\tilt@mozilla.com [2012-06-17]

FF Extension: Freecorder - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\fj5zir92.default\Extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612} [2014-07-05]

FF Extension: Live HTTP Headers - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\fj5zir92.default\Extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} [2014-03-27]

FF Extension: flashget3 Extension - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\fj5zir92.default\Extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A} [2011-12-01]

FF Extension: Edit Cookies - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\fj5zir92.default\Extensions\{ea2b95c2-9be8-48ed-bdd1-5fcd2ad0ff99} [2011-05-14]

FF Extension: anonymoX - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\fj5zir92.default\Extensions\client@anonymox.net.xpi [2012-09-08]

FF Extension: Cookie Exporter - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\fj5zir92.default\Extensions\cookieexporter@krk.xpi [2012-12-24]

FF Extension: Cookie Importer - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\fj5zir92.default\Extensions\cookieimporter@krk.xpi [2012-12-24]

FF Extension: Ghostery - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\fj5zir92.default\Extensions\firefox@ghostery.com.xpi [2013-10-10]

FF Extension: Session Manager - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\fj5zir92.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2013-10-12]

FF Extension: FlashGot - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\fj5zir92.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2014-06-28]

FF Extension: Tamper Data - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\fj5zir92.default\Extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}.xpi [2013-02-11]

FF Extension: Facebook Downloader Videos - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\fj5zir92.default\Extensions\{a3a5c777-f583-4fef-9380-ab4add1bc2e8}.xpi [2014-04-26]

FF Extension: Download YouTube Videos as MP4 - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\fj5zir92.default\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2014-03-01]

FF Extension: Fast Video Download - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\fj5zir92.default\Extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}.xpi [2012-06-28]

FF Extension: Greasemonkey - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\fj5zir92.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2014-02-13]

FF Extension: User Agent Switcher - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\fj5zir92.default\Extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi [2012-11-11]

FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2011-11-14]

FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2011-05-03]

FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-06-10]

FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-03-05]

FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff

FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2012-04-18]

FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

FF HKCU\...\Firefox\Extensions: [{58bd07eb-0ee0-4df0-8121-dc9b693373df}] - C:\Documents and Settings\All Users\Application Data\Browser Manager\2.5.976.107\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension

FF Extension: Browser Manager - C:\Documents and Settings\All Users\Application Data\Browser Manager\2.5.976.107\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension [2012-12-07]

Chrome:

=======

CHR HomePage: hxxp://www.search.ask.com/?l=dis&o=102869cr&gct=hp

CHR StartupUrls: "hxxp://www.google.com/"

CHR Plugin: (Remoting Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll No File

CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\34.0.1847.131\pdf.dll No File

CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\34.0.1847.131\gcswf32.dll No File

CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll No File

CHR Plugin: (Skype Toolbars) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll No File

CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)

CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll No File

CHR Plugin: (Java™ Platform SE 6 U31) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

CHR Plugin: (2007 Microsoft Office system) - C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)

CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)

CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)

CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)

CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))

CHR Plugin: (Power Challenge Loader) - C:\DOCUME~1\ADMINI~1\APPLIC~1\POWERC~1\nppowerloader.dll (Power Challenge Sweden AB)

CHR Plugin: (Google Update) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File

CHR Plugin: (Unity Player) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

CHR Plugin: (QUAKE LIVE) - C:\Documents and Settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll (id Software Inc.)

CHR Plugin: (DNA Plug-in) - C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)

CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

CHR Plugin: (Pando Web Plugin) - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

CHR Plugin: (Shockwave for Director) - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll No File

CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll No File

CHR Extension: (YouTube) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-17]

CHR Extension: (Google Search) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-17]

CHR Extension: (Arcane Legends) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ibmlkgieigeddcedpbijnpojheoddido [2013-08-05]

CHR Extension: (Google Wallet) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-07]

CHR Extension: (Gmail) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-17]

CHR HKLM\...\Chrome\Extension: [egnimkioipookhfihpljiedpgjffibpa] - C:\Program Files (x86)\MyBrowserCash\MBC_chrome.crx [2011-12-17]

CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-09-16]

CHR HKLM\...\Chrome\Extension: [mhgkogmomehdgfcheknganbgdaaoemop] - C:\Program Files\3G Studios\Web Media Client\WebMediaClient.crx [2013-09-16]

CHR HKLM\...\Chrome\Extension: [pgafcinpmmpklohkojmllohdhomoefph] - C:\Documents and Settings\All Users\Application Data\Browser Manager\2.5.976.107\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.crx [2012-12-07]

CHR StartMenuInternet: Google Chrome - c:\documents and settings\administrator\local settings\application data\google\chrome\application\chrome.exe

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

R2 astcc; C:\WINDOWS\system32\astsrv.exe [57344 2007-02-16] (Nalpeiron Ltd.) [File not signed]

S2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [40384 2010-06-28] (AVAST Software)

S3 avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [40384 2010-06-28] (AVAST Software)

S3 avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [40384 2010-06-28] (AVAST Software)

R2 Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed]

S3 CGVPNCliSrvc; C:\Program Files\S.A.D\CyberGhost VPN\CGVPNCliService.exe [2421384 2011-03-22] (mobile concepts GmbH)

S3 EasyAntiCheat; C:\WINDOWS\system32\EasyAntiCheat.exe [93048 2014-02-28] (EasyAntiCheat Ltd)

R2 FileZilla Server; C:\Program Files\FileZilla Server\FileZilla Server.exe [742912 2010-10-17] (FileZilla Project) [File not signed]

S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2011-03-08] (Macrovision Europe Ltd.) [File not signed]

R2 GS In-Game Service; D:\Igri\GameTracker\GSInGameService.exe [1677096 2010-11-09] (ClanServers Hosting LLC)

R2 iSafeService; C:\Program Files\iSafe\iSafeSvc.exe [118048 2014-06-27] (Elex do Brasil Participações Ltda)

R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [153376 2012-04-18] (Sun Microsystems, Inc.)

S3 Macromedia Licensing Service; C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [69632 2011-04-09] (Macromedia) [File not signed]

S3 npggsvc; C:\WINDOWS\system32\GameMon.des [4726616 2012-01-03] (INCA Internet Co., Ltd.)

R2 nvUpdatusService; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2253120 2011-10-08] (NVIDIA Corporation)

S2 ProtectMonitor; C:\Program Files\PCDApp\StartHelp.exe [65846 2014-06-28] () [File not signed]

R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [131272 2014-01-17] (Sandboxie Holdings, LLC)

R2 Skype C2C Service; C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3273088 2013-09-16] (Skype Technologies S.A.)

S3 TunngleService; C:\Program Files\Tunngle\TnglCtrl.exe [758224 2013-11-06] (Tunngle.net GmbH)

S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]

==================== Drivers (Whitelisted) ====================

R1 Aavmker4; C:\WINDOWS\system32\Drivers\Aavmker4.sys [28880 2010-06-28] (ALWIL Software)

S3 AKSUP; C:\WINDOWS\System32\drivers\aksup.sys [32472 2004-11-30] (Aladdin Knowledge Systems, Ltd.)

R3 AR5416; C:\WINDOWS\System32\DRIVERS\athw.sys [1599136 2010-06-11] (Atheros Communications, Inc.)

R2 aswFsBlk; C:\WINDOWS\system32\Drivers\aswFsBlk.sys [17744 2010-06-28] (ALWIL Software)

R2 aswMon2; C:\WINDOWS\system32\Drivers\aswMon2.sys [100176 2010-06-28] (ALWIL Software)

S3 aswRdr; C:\WINDOWS\system32\Drivers\aswRdr.sys [23376 2010-06-28] (ALWIL Software)

R1 aswSP; C:\WINDOWS\system32\Drivers\aswSP.sys [165456 2010-06-28] (ALWIL Software)

R1 aswTdi; C:\WINDOWS\system32\Drivers\aswTdi.sys [46672 2010-06-28] (ALWIL Software)

R2 atksgt; C:\WINDOWS\System32\DRIVERS\atksgt.sys [281760 2014-02-22] ()

S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2004-08-03] (Microsoft Corporation)

R1 iSafeKrnl; C:\Program Files\iSafe\iSafeKrnl.sys [213888 2014-06-27] (Elex do Brasil Participações Ltda)

R1 iSafeKrnlKit; C:\Program Files\iSafe\iSafeKrnlKit.sys [64512 2014-06-27] (Elex do Brasil Participações Ltda)

R1 iSafeKrnlR3; C:\Program Files\iSafe\iSafeKrnlR3.sys [36992 2014-06-27] (Elex do Brasil Participações Ltda)

R1 iSafeNetFilter; C:\Program Files\iSafe\iSafeNetFilter.sys [52056 2014-06-03] (Elex do Brasil Participações Ltda)

R3 KeyScrambler; C:\WINDOWS\System32\drivers\keyscrambler.sys [114952 2010-02-11] (QFX Software Corporation)

R2 lirsgt; C:\WINDOWS\System32\DRIVERS\lirsgt.sys [25888 2014-02-22] ()

S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2004-08-03] (Microsoft Corporation)

R1 nethfdrv; C:\WINDOWS\system32\drivers\nethfdrv.sys [49152 2014-06-15] () [File not signed]

R2 NPF; C:\WINDOWS\System32\drivers\npf.sys [35088 2010-06-25] (CACE Technologies, Inc.)

R3 NVHDA; C:\WINDOWS\System32\drivers\nvhda32.sys [119656 2011-07-08] (NVIDIA Corporation)

S3 qcusbser; C:\WINDOWS\System32\DRIVERS\ZTEusbser.sys [99584 2007-03-08] (ZTE Incorporated)

R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [161888 2014-01-17] (Sandboxie Holdings, LLC)

R3 SCREAMINGBDRIVER; C:\WINDOWS\System32\drivers\ScreamingBAudio.sys [34896 2010-07-01] (Screaming Bee LLC)

R2 Secdrv; C:\WINDOWS\System32\DRIVERS\secdrv.sys [163644 2007-07-22] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed]

S3 SNCP106; C:\WINDOWS\System32\DRIVERS\sncp106.sys [243712 2002-12-27] ()

R0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [466008 2013-12-09] (Duplex Secure Ltd.)

R3 tap0901; C:\WINDOWS\System32\DRIVERS\tap0901.sys [25216 2010-02-25] (The OpenVPN Project) [File not signed]

R3 tap0901t; C:\WINDOWS\System32\DRIVERS\tap0901t.sys [27136 2009-09-16] (Tunngle.net) [File not signed]

R1 Tcpip; C:\WINDOWS\System32\DRIVERS\tcpip.sys [360704 2007-07-22] (Microsoft Corporation) [File not signed]

S3 teamviewervpn; C:\WINDOWS\System32\DRIVERS\teamviewervpn.sys [25088 2011-03-30] (TeamViewer GmbH)

R0 TPkd; C:\WINDOWS\system32\Drivers\TPkd.sys [90472 2009-05-21] (PACE Anti-Piracy, Inc.) [File not signed]

S3 V0090VID; C:\WINDOWS\System32\DRIVERS\V0090Vid.sys [138112 2005-04-14] (PixArt Imaging Inc.)

R3 VIAHdAudAddService; C:\WINDOWS\System32\drivers\viahduaa.sys [2106880 2010-01-11] (VIA Technologies, Inc.)

U3 arl343oy; C:\WINDOWS\system32\Drivers\arl343oy.sys [0 ] (Microsoft Corporation)

S3 EagleXNt; \??\C:\WINDOWS\system32\drivers\EagleXNt.sys [X]

S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]

S3 GGSAFERDriver; \??\D:\Igri\Garena\safedrv.sys [X]

S4 IntelIde; No ImagePath

S3 iSafeKrnlBoot; \??\system32\DRIVERS\iSafeKrnlBoot.sys [X]

S3 PBDOWNFORCE_SERVICE; \??\C:\Documents and Settings\Administrator\Desktop\!!! UnBan for GAMES\1\PBDownforce.sys [X]

S3 PID_0928; system32\DRIVERS\LV561AV.SYS [X]

U5 Sdbus; C:\Windows\System32\Drivers\Sdbus.sys [78720 2007-07-22] (Microsoft Corporation)

S3 vtany; \??\C:\WINDOWS\vtany.sys [X]

S3 XDva386; \??\C:\WINDOWS\system32\XDva386.sys [X]

S3 xhunter1; \??\C:\WINDOWS\xhunter1.sys [X]

S3 ZSMC0305; System32\Drivers\usbVM305.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-07-07 15:44 - 2014-07-07 15:46 - 00035610 _____ () C:\Documents and Settings\Administrator\Desktop\FRST.txt

2014-07-07 15:43 - 2014-07-07 15:43 - 00000020 ___SH () C:\Documents and Settings\UpdatusUser\ntuser.ini

2014-07-07 15:43 - 2011-03-08 00:27 - 00000000 ____D () C:\Documents and Settings\UpdatusUser\Application Data\Macromedia

2014-07-07 15:43 - 2011-03-05 22:21 - 00000000 ____D () C:\Documents and Settings\UpdatusUser\Local Settings\Temp

2014-07-07 15:43 - 2011-03-05 21:33 - 00001599 _____ () C:\Documents and Settings\UpdatusUser\Start Menu\Programs\Remote Assistance.lnk

2014-07-07 15:43 - 2011-03-05 21:33 - 00000788 _____ () C:\Documents and Settings\UpdatusUser\Start Menu\Programs\Windows Media Player.lnk

2014-07-07 15:43 - 2011-03-05 21:33 - 00000000 ___RD () C:\Documents and Settings\UpdatusUser\Start Menu\Programs\Accessories

2014-07-07 15:39 - 2014-07-07 15:37 - 05185536 _____ (AVAST Software) C:\Documents and Settings\Administrator\Desktop\aswmbr.exe

2014-07-07 15:36 - 2014-07-07 15:46 - 00000000 ____D () C:\FRST

2014-07-07 15:36 - 2014-07-07 15:37 - 05185536 _____ (AVAST Software) C:\Documents and Settings\Administrator\My Documents\aswmbr.exe

2014-07-07 15:35 - 2014-07-07 15:34 - 01074688 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\FRST.exe

2014-07-07 15:34 - 2014-07-07 15:34 - 01074688 _____ (Farbar) C:\Documents and Settings\Administrator\My Documents\FRST.exe

2014-07-07 09:36 - 2014-07-07 09:36 - 00003315 _____ () C:\Documents and Settings\Administrator\Desktop\RKreport_SCN_07072014_093538.log

2014-07-07 07:04 - 2014-07-07 07:04 - 04721240 _____ () C:\Documents and Settings\Administrator\My Documents\RogueKiller-1.exe

2014-07-06 11:46 - 2014-07-06 11:46 - 00000000 ____D () C:\WINDOWS\CSC

2014-07-06 11:42 - 2014-07-06 11:42 - 00000000 ____D () C:\Program Files\Alwil Software

2014-07-06 11:42 - 2014-07-06 11:42 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus

2014-07-06 11:42 - 2014-07-06 11:42 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Alwil Software

2014-07-06 11:42 - 2010-06-28 22:57 - 00165032 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe

2014-07-06 11:42 - 2010-06-28 22:57 - 00038848 _____ (ALWIL Software) C:\WINDOWS\avastSS.scr

2014-07-06 11:42 - 2010-06-28 22:37 - 00165456 _____ (ALWIL Software) C:\WINDOWS\system32\Drivers\aswSP.sys

2014-07-06 11:42 - 2010-06-28 22:37 - 00046672 _____ (ALWIL Software) C:\WINDOWS\system32\Drivers\aswTdi.sys

2014-07-06 11:42 - 2010-06-28 22:33 - 00023376 _____ (ALWIL Software) C:\WINDOWS\system32\Drivers\aswRdr.sys

2014-07-06 11:42 - 2010-06-28 22:32 - 00100176 _____ (ALWIL Software) C:\WINDOWS\system32\Drivers\aswmon2.sys

2014-07-06 11:42 - 2010-06-28 22:32 - 00094544 _____ (ALWIL Software) C:\WINDOWS\system32\Drivers\aswmon.sys

2014-07-06 11:42 - 2010-06-28 22:32 - 00028880 _____ (ALWIL Software) C:\WINDOWS\system32\Drivers\aavmker4.sys

2014-07-06 11:42 - 2010-06-28 22:32 - 00017744 _____ (ALWIL Software) C:\WINDOWS\system32\Drivers\aswFsBlk.sys

2014-07-06 09:28 - 2014-07-06 11:07 - 00002711 _____ () C:\Documents and Settings\Administrator\My Documents\reset.cmd

2014-07-06 09:28 - 2014-07-06 09:28 - 00000004 _____ () C:\Documents and Settings\Administrator\reset.cmd

2014-07-06 09:26 - 2014-07-06 09:26 - 00000000 ____D () C:\Program Files\Windows Resource Kits

2014-07-06 09:23 - 2014-07-06 09:23 - 00379392 _____ () C:\Documents and Settings\Administrator\My Documents\subinacl.msi

2014-07-06 08:22 - 2014-07-07 09:31 - 00035152 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys

2014-07-06 08:22 - 2014-07-06 08:22 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RogueKiller

2014-07-06 08:19 - 2014-07-07 15:43 - 00000000 ____D () C:\Program Files\iSafe

2014-07-06 08:19 - 2014-07-06 08:20 - 00001455 _____ () C:\Documents and Settings\All Users\Start Menu\YAC.lnk

2014-07-06 08:19 - 2014-07-06 08:20 - 00001455 _____ () C:\Documents and Settings\All Users\Desktop\YAC.lnk

2014-07-06 08:19 - 2014-07-06 08:19 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\YAC

2014-07-06 08:19 - 2014-07-06 08:19 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\iSafe

2014-07-06 08:19 - 2014-06-27 11:54 - 00040064 _____ (Elex do Brasil Participações Ltda) C:\WINDOWS\system32\Drivers\iSafeKrnlBoot.sys

2014-07-06 08:10 - 2014-07-06 08:10 - 00000687 _____ () C:\awh17.tmp

2014-07-06 08:01 - 2014-07-06 08:01 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes

2014-07-06 07:56 - 2014-07-06 07:58 - 17292760 _____ (Malwarebytes Corporation ) C:\Documents and Settings\Administrator\My Documents\mbam-setup-2.0.2.1012.exe

2014-07-06 07:16 - 2014-07-06 07:16 - 00000000 ____D () C:\TDSSKiller_Quarantine

2014-07-06 07:14 - 2014-07-06 07:15 - 04181856 _____ (Kaspersky Lab ZAO) C:\Documents and Settings\Administrator\My Documents\tdsskiller.exe

2014-07-06 07:13 - 2014-07-06 07:13 - 00000000 ____D () C:\Program Files\Enigma Software Group

2014-07-06 07:12 - 2014-07-06 10:57 - 00000000 ____D () C:\WINDOWS\455F074C814E4520B69B5584BD90400C.TMP

2014-07-06 07:09 - 2014-07-06 07:09 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Documents and Settings\Administrator\My Documents\SpyHunter-Installer.exe

2014-07-06 00:46 - 2014-07-06 00:46 - 00000000 ____D () C:\Program Files\AVG

2014-07-06 00:39 - 2014-07-06 00:44 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData

2014-07-06 00:39 - 2014-07-06 00:39 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\MFAData

2014-07-06 00:39 - 2014-07-06 00:39 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Avg2014

2014-07-06 00:02 - 2014-07-06 08:41 - 00046252 _____ () C:\Documents and Settings\Administrator\Application Data\msconfig.ini

2014-07-06 00:01 - 2014-07-06 08:42 - 00000000 __SHD () C:\Documents and Settings\Administrator\odUhcnSV

2014-07-06 00:01 - 2014-07-06 08:39 - 00000000 __SHD () C:\WINDOWS\system32\Windows Services

2014-07-06 00:01 - 2014-07-06 00:01 - 00000000 ___SH () C:\Documents and Settings\Administrator\ytSuu.txt

2014-07-05 23:45 - 2014-07-07 15:44 - 00000000 ____D () C:\Program Files\PCDApp

2014-07-05 23:44 - 2014-07-05 23:44 - 00000687 _____ () C:\awh6409.tmp

2014-07-05 23:40 - 2014-07-06 10:54 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\21805

2014-07-05 17:59 - 2014-07-05 18:06 - 91909180 _____ () C:\Documents and Settings\Administrator\My Documents\Lana Del Rey - Shades Of Cool.mp4

2014-07-05 17:18 - 2014-07-06 09:25 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\for RUST

2014-07-05 16:27 - 2014-07-05 16:28 - 17334447 _____ () C:\Documents and Settings\Administrator\My Documents\9_11 Incontrovertible Proof the Government is Lying.mp4

2014-07-05 16:23 - 2014-07-05 16:23 - 05228610 _____ () C:\Documents and Settings\Administrator\My Documents\Donald Rumsfeld 2.3 Trillion Dollars Just Gone.mp4

2014-07-05 16:11 - 2014-07-05 16:13 - 46545635 _____ () C:\Documents and Settings\Administrator\My Documents\Piers Morgan Gets OWNED By Ben Shapiro.mp4

2014-07-05 16:09 - 2014-07-05 16:14 - 71570800 _____ () C:\Documents and Settings\Administrator\My Documents\Black Budget US govt clueless about missing Pentagon $trillions.mp4

2014-07-05 15:19 - 2014-07-05 15:22 - 41034332 _____ () C:\Documents and Settings\Administrator\My Documents\Truth in Media 100 Years of the Federal Reserve.mp4

2014-07-05 15:12 - 2014-07-05 15:31 - 273059935 _____ () C:\Documents and Settings\Administrator\My Documents\SANDY HOOK HOAX - GUN CONTROL AGENDA SCAM.mp4

2014-07-05 14:56 - 2014-07-05 15:00 - 44465919 _____ () C:\Documents and Settings\Administrator\My Documents\The Sandy Hook Actors PART 2.mp4

2014-07-05 14:51 - 2014-07-05 14:52 - 28565326 _____ () C:\Documents and Settings\Administrator\My Documents\Absolute Proof Sandy Hook was Staged.mp4

2014-07-05 14:33 - 2014-07-05 14:34 - 36725290 _____ () C:\Documents and Settings\Administrator\My Documents\The Sandy Hook Actors PART 1.mp4

2014-07-05 13:40 - 2014-07-05 13:40 - 03946207 _____ () C:\Documents and Settings\Administrator\My Documents\SANDY HOOK KID SPILLS THE BEANS.mp4

2014-07-05 12:56 - 2014-07-05 13:00 - 113756728 _____ () C:\Documents and Settings\Administrator\My Documents\REAL PROOF! SANDY HOOK SHOOTING WAS FAKE!!! TOTALLY STAGED!!!.mp4

2014-07-05 11:47 - 2014-07-05 11:47 - 00841485 _____ () C:\Documents and Settings\Administrator\My Documents\Gigantic_insect_lands_on_James_Rodriguez_shortly_after_scoring.mp4

2014-07-05 10:06 - 2014-07-05 10:11 - 78739206 _____ () C:\Documents and Settings\Administrator\My Documents\Living Without Laws Slab City, USA.mp4

2014-07-05 10:05 - 2014-07-05 10:16 - 177358501 _____ () C:\Documents and Settings\Administrator\My Documents\The Mexican Mormon War (Drug Cartels vs. Mormons Full Length).mp4

2014-07-05 10:03 - 2014-07-05 10:22 - 374896851 _____ () C:\Documents and Settings\Administrator\My Documents\This Is What Winning Looks Like (Full Length)(1).mp4

2014-07-04 09:24 - 2014-07-04 09:24 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\KONAMI

2014-07-04 09:11 - 2014-07-04 09:11 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\KONAMI

2014-07-04 09:09 - 2014-07-04 09:09 - 00000218 _____ () C:\Documents and Settings\Administrator\.recently-used.xbel

2014-07-03 07:30 - 2014-07-03 07:36 - 78869933 _____ () C:\Documents and Settings\Administrator\My Documents\ISON Coming in the clouds with great Glory!! A must see!.mp4

2014-07-03 06:53 - 2014-07-03 06:53 - 05164160 _____ () C:\Documents and Settings\Administrator\My Documents\The Carbonaro Effect - Amazing Self-Tying Shoelaces.mp4

2014-07-03 06:51 - 2014-07-03 06:52 - 04647326 _____ () C:\Documents and Settings\Administrator\My Documents\The Carbonaro Effect - How To Mail A Bowling Ball.mp4

2014-07-03 06:48 - 2014-07-03 06:49 - 29423359 _____ () C:\Documents and Settings\Administrator\My Documents\The carbonaro effect - BRIEFCASE PRANK.mp4

2014-07-03 06:43 - 2014-07-03 06:46 - 78361742 _____ () C:\Documents and Settings\Administrator\My Documents\Ghosts Caught In Lincoln Civil War Museum.mp4

2014-07-03 06:32 - 2014-07-03 06:37 - 126726417 _____ () C:\Documents and Settings\Administrator\My Documents\Satan's Hollow - The Tunnel To Hell.mp4

2014-07-03 05:44 - 2014-07-03 05:45 - 25325877 _____ () C:\Documents and Settings\Administrator\My Documents\Life is hard.mp4

2014-07-03 05:19 - 2014-07-03 05:20 - 10439202 _____ () C:\Documents and Settings\Administrator\My Documents\The Carbonaro Effect - Grown Ups Freak Out In A Toy Store.mp4

2014-07-03 03:36 - 2014-07-03 03:36 - 09283147 _____ () C:\Documents and Settings\Administrator\My Documents\The Carbonaro Effect - Family Pet Chiropractor.mp4

2014-07-03 02:18 - 2014-07-03 02:19 - 06208615 _____ () C:\Documents and Settings\Administrator\My Documents\Cross at the Destiny line in your hand is an indication of ultimate success.mp4

2014-07-03 01:51 - 2014-07-03 01:52 - 16420691 _____ () C:\Documents and Settings\Administrator\My Documents\Michael Jackson. Palmistry. Analysis of the hand.mp4

2014-07-03 01:41 - 2014-07-03 01:45 - 37331470 _____ () C:\Documents and Settings\Administrator\My Documents\WILL I HAVE MONEY - UNBELIEVABLE ANSWER 16 Q_A.mp4

2014-07-03 01:36 - 2014-07-03 01:37 - 18023383 _____ () C:\Documents and Settings\Administrator\My Documents\PARANORMAL WATCH DOGS - UNBELIEVABLE EVIDENCE - 20 Q_A.mp4

2014-07-03 01:19 - 2014-07-03 02:39 - 1081440121 _____ () C:\Documents and Settings\Administrator\My Documents\Восточные Сказки - RUSSIA The Rise and Fall of the Oligarchs.mp4

2014-07-03 01:08 - 2014-07-03 01:10 - 17118696 _____ () C:\Documents and Settings\Administrator\My Documents\5 Hidden Secrets in your Hands.mp4

2014-06-30 17:52 - 2014-06-30 17:54 - 14323565 _____ () C:\Documents and Settings\Administrator\My Documents\HOW TO Get your SteamID for Cracked RUST Servers __ XpliCitMods.mp4

2014-06-30 15:56 - 2014-06-30 16:42 - 00000000 __SHD () C:\WINDOWS\system32\MSDCSC

2014-06-30 09:16 - 2014-06-30 09:26 - 192128051 _____ () C:\Documents and Settings\Administrator\My Documents\Truffles The Most Expensive Food in the World.mp4

2014-06-29 11:15 - 2014-06-29 11:15 - 01195358 _____ () C:\Documents and Settings\Administrator\Desktop\Katy Perry COVER YT.psd

2014-06-29 09:05 - 2014-06-29 09:05 - 00000000 ____D () C:\Program Files\Common Files\Skype

2014-06-29 07:52 - 2014-06-29 07:52 - 10136013 _____ () C:\Documents and Settings\Administrator\My Documents\Evil SpongeBob Toy Prank!.mp4

2014-06-29 07:51 - 2014-06-29 07:53 - 18922925 _____ () C:\Documents and Settings\Administrator\My Documents\World's Best Stink Prank!.mp4

2014-06-28 08:37 - 2014-06-28 08:50 - 319799298 _____ () C:\Documents and Settings\Administrator\My Documents\Military Remote Viewing Psychic Training Course - FULL DVD ON YOUTUBE.mp4

2014-06-28 05:44 - 2014-06-28 05:52 - 136561443 _____ () C:\Documents and Settings\Administrator\My Documents\Ninjas Secret History of the Ninja Uncovered (Full Documentary).mp4

2014-06-28 05:03 - 2014-06-28 05:08 - 86726440 _____ () C:\Documents and Settings\Administrator\My Documents\Pitbull ft. Jennifer Lopez - We Are One (Ole Ola) [2014 World Cup Song] PARODY.mp4

2014-06-28 04:52 - 2014-06-28 04:53 - 09334184 _____ () C:\Documents and Settings\Administrator\My Documents\MILEY CYRUS SELLS OUT TO ILLUMINATI.mp4

2014-06-28 04:09 - 2014-06-28 04:55 - 596133205 _____ () C:\Documents and Settings\Administrator\My Documents\Dagger - ArmA 3 SEALs Co-op Gameplay - OAW 3.mp4

2014-06-28 03:02 - 2014-06-28 03:04 - 41380441 _____ () C:\Documents and Settings\Administrator\My Documents\Ariana Grande - Problem ft. Iggy Azalea.mp4

2014-06-28 02:38 - 2014-06-28 02:43 - 57627331 _____ () C:\Documents and Settings\Administrator\My Documents\Wide Awake - Katy Perry (Lyrics) Official Video HD.mp4

2014-06-28 02:33 - 2014-06-28 02:35 - 39556009 _____ () C:\Documents and Settings\Administrator\My Documents\IS KATY OUT OF THE ILLUMINANTI WIDE AWAKE EXAMINED.mp4

2014-06-28 01:34 - 2014-06-28 01:34 - 13681250 _____ () C:\Documents and Settings\Administrator\My Documents\Time Travel Tunnel Discovered in China.mp4

2014-06-18 17:44 - 2014-06-18 17:46 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\4GB Patch 1.0.0.1 (Run 32Bit SOFTs, GAMEs & OTHER on 64bit OS)

2014-06-15 08:46 - 2014-06-15 08:46 - 00108544 _____ () C:\WINDOWS\system32\installd.exe

2014-06-15 08:46 - 2014-06-15 08:46 - 00049152 _____ () C:\WINDOWS\system32\Drivers\nethfdrv.sys

2014-06-15 08:45 - 2014-06-15 08:45 - 00246784 _____ () C:\WINDOWS\system32\hfpapi.dll

2014-06-15 08:45 - 2014-06-15 08:45 - 00108544 _____ () C:\WINDOWS\system32\hfnapi.dll

2014-06-14 19:12 - 2014-06-14 19:12 - 00000000 ____D () C:\Program Files\Realtek

2014-06-14 19:12 - 2010-07-27 07:54 - 01251944 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\RtlExUpd.dll

2014-06-12 12:06 - 2014-06-12 12:06 - 00000000 ____D () C:\Documents and Settings\Administrator\My Documents\CAPCOM

2014-06-12 11:03 - 2014-06-12 11:03 - 00000000 ____D () C:\WINDOWS\system32\xlive

2014-06-12 11:03 - 2014-06-12 11:03 - 00000000 ____D () C:\Program Files\Microsoft Games for Windows - LIVE

2014-06-12 11:03 - 2014-06-12 11:03 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Games for Windows - LIVE

2014-06-08 05:46 - 2014-06-08 05:46 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\Game DECOMPILERs (To Edit-MOD Games)

2014-06-07 12:49 - 2014-06-07 12:49 - 00000000 ____D () C:\WINDOWS\system32\QuickTime

2014-06-07 12:49 - 2014-06-07 12:49 - 00000000 ____D () C:\Program Files\Common Files\TechSmith Shared

2014-06-07 12:49 - 2014-06-07 12:49 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Camtasia Studio 7

2014-06-07 12:49 - 2014-06-07 12:49 - 00000000 ____D () C:\Documents and Settings\Administrator\My Documents\Camtasia Studio

2014-06-07 12:48 - 2014-06-07 12:49 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\TechSmith

2014-06-07 12:48 - 2014-06-07 12:48 - 00000000 ____D () C:\Program Files\TechSmith

==================== One Month Modified Files and Folders =======

2014-07-07 15:46 - 2014-07-07 15:44 - 00035610 _____ () C:\Documents and Settings\Administrator\Desktop\FRST.txt

2014-07-07 15:46 - 2014-07-07 15:36 - 00000000 ____D () C:\FRST

2014-07-07 15:46 - 2011-03-05 21:39 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Temp

2014-07-07 15:44 - 2014-07-05 23:45 - 00000000 ____D () C:\Program Files\PCDApp

2014-07-07 15:44 - 2011-03-05 22:20 - 01573984 _____ () C:\WINDOWS\setupapi.log

2014-07-07 15:43 - 2014-07-07 15:43 - 00000020 ___SH () C:\Documents and Settings\UpdatusUser\ntuser.ini

2014-07-07 15:43 - 2014-07-06 08:19 - 00000000 ____D () C:\Program Files\iSafe

2014-07-07 15:43 - 2011-03-21 16:35 - 00000000 ____D () C:\Documents and Settings\LocalService\Application Data\GameTracker

2014-07-07 15:43 - 2011-03-05 22:23 - 00000159 _____ () C:\WINDOWS\wiadebug.log

2014-07-07 15:43 - 2011-03-05 22:23 - 00000050 _____ () C:\WINDOWS\wiaservc.log

2014-07-07 15:43 - 2011-03-05 21:32 - 01711956 _____ () C:\WINDOWS\WindowsUpdate.log

2014-07-07 15:42 - 2011-03-05 21:39 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini

2014-07-07 15:41 - 2011-03-05 21:39 - 00000000 ____D () C:\Documents and Settings\Administrator

2014-07-07 15:37 - 2014-07-07 15:39 - 05185536 _____ (AVAST Software) C:\Documents and Settings\Administrator\Desktop\aswmbr.exe

2014-07-07 15:37 - 2014-07-07 15:36 - 05185536 _____ (AVAST Software) C:\Documents and Settings\Administrator\My Documents\aswmbr.exe

2014-07-07 15:34 - 2014-07-07 15:35 - 01074688 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\FRST.exe

2014-07-07 15:34 - 2014-07-07 15:34 - 01074688 _____ (Farbar) C:\Documents and Settings\Administrator\My Documents\FRST.exe

2014-07-07 12:32 - 2011-03-05 22:01 - 00000132 _____ () C:\WINDOWS\winamp.ini

2014-07-07 09:36 - 2014-07-07 09:36 - 00003315 _____ () C:\Documents and Settings\Administrator\Desktop\RKreport_SCN_07072014_093538.log

2014-07-07 09:31 - 2014-07-06 08:22 - 00035152 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys

2014-07-07 07:04 - 2014-07-07 07:04 - 04721240 _____ () C:\Documents and Settings\Administrator\My Documents\RogueKiller-1.exe

2014-07-06 21:14 - 2011-03-05 22:20 - 02615472 _____ () C:\WINDOWS\system32\FNTCACHE.DAT

2014-07-06 11:46 - 2014-07-06 11:46 - 00000000 ____D () C:\WINDOWS\CSC

2014-07-06 11:42 - 2014-07-06 11:42 - 00000000 ____D () C:\Program Files\Alwil Software

2014-07-06 11:42 - 2014-07-06 11:42 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus

2014-07-06 11:42 - 2014-07-06 11:42 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Alwil Software

2014-07-06 11:42 - 2011-03-05 21:33 - 00002626 _____ () C:\WINDOWS\system32\CONFIG.NT

2014-07-06 11:07 - 2014-07-06 09:28 - 00002711 _____ () C:\Documents and Settings\Administrator\My Documents\reset.cmd

2014-07-06 10:57 - 2014-07-06 07:12 - 00000000 ____D () C:\WINDOWS\455F074C814E4520B69B5584BD90400C.TMP

2014-07-06 10:54 - 2014-07-05 23:40 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\21805

2014-07-06 09:28 - 2014-07-06 09:28 - 00000004 _____ () C:\Documents and Settings\Administrator\reset.cmd

2014-07-06 09:26 - 2014-07-06 09:26 - 00000000 ____D () C:\Program Files\Windows Resource Kits

2014-07-06 09:25 - 2014-07-05 17:18 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\for RUST

2014-07-06 09:23 - 2014-07-06 09:23 - 00379392 _____ () C:\Documents and Settings\Administrator\My Documents\subinacl.msi

2014-07-06 09:13 - 2011-12-16 04:49 - 00000000 ____D () C:\WINDOWS\Minidump

2014-07-06 08:55 - 2011-03-05 22:19 - 00000211 ___SH () C:\boot.ini

2014-07-06 08:55 - 2001-08-23 16:00 - 00000856 _____ () C:\WINDOWS\win.ini

2014-07-06 08:55 - 2001-08-23 16:00 - 00000227 _____ () C:\WINDOWS\system.ini

2014-07-06 08:42 - 2014-07-06 00:01 - 00000000 __SHD () C:\Documents and Settings\Administrator\odUhcnSV

2014-07-06 08:41 - 2014-07-06 00:02 - 00046252 _____ () C:\Documents and Settings\Administrator\Application Data\msconfig.ini

2014-07-06 08:39 - 2014-07-06 00:01 - 00000000 __SHD () C:\WINDOWS\system32\Windows Services

2014-07-06 08:22 - 2014-07-06 08:22 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RogueKiller

2014-07-06 08:20 - 2014-07-06 08:19 - 00001455 _____ () C:\Documents and Settings\All Users\Start Menu\YAC.lnk

2014-07-06 08:20 - 2014-07-06 08:19 - 00001455 _____ () C:\Documents and Settings\All Users\Desktop\YAC.lnk

2014-07-06 08:19 - 2014-07-06 08:19 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\YAC

2014-07-06 08:19 - 2014-07-06 08:19 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\iSafe

2014-07-06 08:10 - 2014-07-06 08:10 - 00000687 _____ () C:\awh17.tmp

2014-07-06 08:01 - 2014-07-06 08:01 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes

2014-07-06 07:58 - 2014-07-06 07:56 - 17292760 _____ (Malwarebytes Corporation ) C:\Documents and Settings\Administrator\My Documents\mbam-setup-2.0.2.1012.exe

2014-07-06 07:44 - 2014-04-30 14:46 - 00000646 _____ () C:\Documents and Settings\Administrator\Desktop\! ! ! BILKITE na Baba RADA - 2 ! ! !.lnk

2014-07-06 07:16 - 2014-07-06 07:16 - 00000000 ____D () C:\TDSSKiller_Quarantine

2014-07-06 07:15 - 2014-07-06 07:14 - 04181856 _____ (Kaspersky Lab ZAO) C:\Documents and Settings\Administrator\My Documents\tdsskiller.exe

2014-07-06 07:13 - 2014-07-06 07:13 - 00000000 ____D () C:\Program Files\Enigma Software Group

2014-07-06 07:12 - 2011-03-09 08:18 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard

2014-07-06 07:09 - 2014-07-06 07:09 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Documents and Settings\Administrator\My Documents\SpyHunter-Installer.exe

2014-07-06 00:46 - 2014-07-06 00:46 - 00000000 ____D () C:\Program Files\AVG

2014-07-06 00:44 - 2014-07-06 00:39 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData

2014-07-06 00:39 - 2014-07-06 00:39 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\MFAData

2014-07-06 00:39 - 2014-07-06 00:39 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Avg2014

2014-07-06 00:15 - 2012-12-07 13:40 - 00000308 _____ () C:\WINDOWS\Tasks\Browser Manager.job

2014-07-06 00:15 - 2011-07-15 16:42 - 00000900 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

2014-07-06 00:15 - 2001-08-23 16:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl

2014-07-06 00:13 - 2011-12-01 04:39 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\DNA

2014-07-06 00:09 - 2011-06-22 12:31 - 00001010 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-1957994488-839522115-500UA.job

2014-07-06 00:01 - 2014-07-06 00:01 - 00000000 ___SH () C:\Documents and Settings\Administrator\ytSuu.txt

2014-07-05 23:44 - 2014-07-05 23:44 - 00000687 _____ () C:\awh6409.tmp

2014-07-05 23:37 - 2013-02-10 15:56 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job

2014-07-05 23:28 - 2011-03-05 21:38 - 00032586 _____ () C:\WINDOWS\SchedLgU.Txt

2014-07-05 22:29 - 2011-03-06 15:39 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\FLVService

2014-07-05 22:16 - 2013-06-30 13:08 - 00001030 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-329068152-1957994488-839522115-500UA.job

2014-07-05 20:09 - 2011-06-22 12:31 - 00000958 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-1957994488-839522115-500Core.job

2014-07-05 18:06 - 2014-07-05 17:59 - 91909180 _____ () C:\Documents and Settings\Administrator\My Documents\Lana Del Rey - Shades Of Cool.mp4

2014-07-05 16:28 - 2014-07-05 16:27 - 17334447 _____ () C:\Documents and Settings\Administrator\My Documents\9_11 Incontrovertible Proof the Government is Lying.mp4

2014-07-05 16:23 - 2014-07-05 16:23 - 05228610 _____ () C:\Documents and Settings\Administrator\My Documents\Donald Rumsfeld 2.3 Trillion Dollars Just Gone.mp4

2014-07-05 16:14 - 2014-07-05 16:09 - 71570800 _____ () C:\Documents and Settings\Administrator\My Documents\Black Budget US govt clueless about missing Pentagon $trillions.mp4

2014-07-05 16:13 - 2014-07-05 16:11 - 46545635 _____ () C:\Documents and Settings\Administrator\My Documents\Piers Morgan Gets OWNED By Ben Shapiro.mp4

2014-07-05 15:31 - 2014-07-05 15:12 - 273059935 _____ () C:\Documents and Settings\Administrator\My Documents\SANDY HOOK HOAX - GUN CONTROL AGENDA SCAM.mp4

2014-07-05 15:22 - 2014-07-05 15:19 - 41034332 _____ () C:\Documents and Settings\Administrator\My Documents\Truth in Media 100 Years of the Federal Reserve.mp4

2014-07-05 15:00 - 2014-07-05 14:56 - 44465919 _____ () C:\Documents and Settings\Administrator\My Documents\The Sandy Hook Actors PART 2.mp4

2014-07-05 14:52 - 2014-07-05 14:51 - 28565326 _____ () C:\Documents and Settings\Administrator\My Documents\Absolute Proof Sandy Hook was Staged.mp4

2014-07-05 14:34 - 2014-07-05 14:33 - 36725290 _____ () C:\Documents and Settings\Administrator\My Documents\The Sandy Hook Actors PART 1.mp4

2014-07-05 13:40 - 2014-07-05 13:40 - 03946207 _____ () C:\Documents and Settings\Administrator\My Documents\SANDY HOOK KID SPILLS THE BEANS.mp4

2014-07-05 13:16 - 2013-06-30 13:08 - 00001008 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-329068152-1957994488-839522115-500Core.job

2014-07-05 13:00 - 2014-07-05 12:56 - 113756728 _____ () C:\Documents and Settings\Administrator\My Documents\REAL PROOF! SANDY HOOK SHOOTING WAS FAKE!!! TOTALLY STAGED!!!.mp4

2014-07-05 11:47 - 2014-07-05 11:47 - 00841485 _____ () C:\Documents and Settings\Administrator\My Documents\Gigantic_insect_lands_on_James_Rodriguez_shortly_after_scoring.mp4

2014-07-05 11:47 - 2011-03-08 08:31 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\vlc

2014-07-05 10:22 - 2014-07-05 10:03 - 374896851 _____ () C:\Documents and Settings\Administrator\My Documents\This Is What Winning Looks Like (Full Length)(1).mp4

2014-07-05 10:16 - 2014-07-05 10:05 - 177358501 _____ () C:\Documents and Settings\Administrator\My Documents\The Mexican Mormon War (Drug Cartels vs. Mormons Full Length).mp4

2014-07-05 10:11 - 2014-07-05 10:06 - 78739206 _____ () C:\Documents and Settings\Administrator\My Documents\Living Without Laws Slab City, USA.mp4

2014-07-05 05:15 - 2011-07-15 16:42 - 00000896 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2014-07-04 10:12 - 2011-03-14 00:56 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\Za DL

2014-07-04 09:32 - 2013-09-09 13:49 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\Games

2014-07-04 09:27 - 2011-03-22 18:20 - 00000000 ____D () C:\Documents and Settings\Administrator\My Documents\KONAMI

2014-07-04 09:24 - 2014-07-04 09:24 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\KONAMI

2014-07-04 09:11 - 2014-07-04 09:11 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\KONAMI

2014-07-04 09:11 - 2013-12-09 15:08 - 00000000 ____D () C:\Program Files\IGRI

2014-07-04 09:09 - 2014-07-04 09:09 - 00000218 _____ () C:\Documents and Settings\Administrator\.recently-used.xbel

2014-07-04 09:09 - 2011-03-17 16:54 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\BitLord

2014-07-03 17:31 - 2011-12-01 04:39 - 00000000 ____D () C:\Program Files\DNA

2014-07-03 17:31 - 2011-03-18 12:43 - 00000000 ____D () C:\Program Files\Steam

2014-07-03 17:31 - 2011-03-05 21:38 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT

2014-07-03 07:36 - 2014-07-03 07:30 - 78869933 _____ () C:\Documents and Settings\Administrator\My Documents\ISON Coming in the clouds with great Glory!! A must see!.mp4

2014-07-03 06:53 - 2014-07-03 06:53 - 05164160 _____ () C:\Documents and Settings\Administrator\My Documents\The Carbonaro Effect - Amazing Self-Tying Shoelaces.mp4

2014-07-03 06:52 - 2014-07-03 06:51 - 04647326 _____ () C:\Documents and Settings\Administrator\My Documents\The Carbonaro Effect - How To Mail A Bowling Ball.mp4

2014-07-03 06:49 - 2014-07-03 06:48 - 29423359 _____ () C:\Documents and Settings\Administrator\My Documents\The carbonaro effect - BRIEFCASE PRANK.mp4

2014-07-03 06:46 - 2014-07-03 06:43 - 78361742 _____ () C:\Documents and Settings\Administrator\My Documents\Ghosts Caught In Lincoln Civil War Museum.mp4

2014-07-03 06:37 - 2014-07-03 06:32 - 126726417 _____ () C:\Documents and Settings\Administrator\My Documents\Satan's Hollow - The Tunnel To Hell.mp4

2014-07-03 05:45 - 2014-07-03 05:44 - 25325877 _____ () C:\Documents and Settings\Administrator\My Documents\Life is hard.mp4

2014-07-03 05:20 - 2014-07-03 05:19 - 10439202 _____ () C:\Documents and Settings\Administrator\My Documents\The Carbonaro Effect - Grown Ups Freak Out In A Toy Store.mp4

2014-07-03 04:41 - 2011-03-06 14:45 - 00000069 _____ () C:\WINDOWS\NeroDigital.ini

2014-07-03 03:36 - 2014-07-03 03:36 - 09283147 _____ () C:\Documents and Settings\Administrator\My Documents\The Carbonaro Effect - Family Pet Chiropractor.mp4

2014-07-03 02:39 - 2014-07-03 01:19 - 1081440121 _____ () C:\Documents and Settings\Administrator\My Documents\Восточные Сказки - RUSSIA The Rise and Fall of the Oligarchs.mp4

2014-07-03 02:19 - 2014-07-03 02:18 - 06208615 _____ () C:\Documents and Settings\Administrator\My Documents\Cross at the Destiny line in your hand is an indication of ultimate success.mp4

2014-07-03 01:52 - 2014-07-03 01:51 - 16420691 _____ () C:\Documents and Settings\Administrator\My Documents\Michael Jackson. Palmistry. Analysis of the hand.mp4

2014-07-03 01:45 - 2014-07-03 01:41 - 37331470 _____ () C:\Documents and Settings\Administrator\My Documents\WILL I HAVE MONEY - UNBELIEVABLE ANSWER 16 Q_A.mp4

2014-07-03 01:37 - 2014-07-03 01:36 - 18023383 _____ () C:\Documents and Settings\Administrator\My Documents\PARANORMAL WATCH DOGS - UNBELIEVABLE EVIDENCE - 20 Q_A.mp4

2014-07-03 01:10 - 2014-07-03 01:08 - 17118696 _____ () C:\Documents and Settings\Administrator\My Documents\5 Hidden Secrets in your Hands.mp4

2014-07-02 13:58 - 2014-05-25 11:42 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\ZA SREDUVANJE

2014-07-02 10:51 - 2013-05-21 18:59 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\TechSmith

2014-07-02 06:51 - 2011-11-08 21:39 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\za !!!.....!!!

2014-06-30 17:54 - 2014-06-30 17:52 - 14323565 _____ () C:\Documents and Settings\Administrator\My Documents\HOW TO Get your SteamID for Cracked RUST Servers __ XpliCitMods.mp4

2014-06-30 16:42 - 2014-06-30 15:56 - 00000000 __SHD () C:\WINDOWS\system32\MSDCSC

2014-06-30 09:26 - 2014-06-30 09:16 - 192128051 _____ () C:\Documents and Settings\Administrator\My Documents\Truffles The Most Expensive Food in the World.mp4

2014-06-29 11:15 - 2014-06-29 11:15 - 01195358 _____ () C:\Documents and Settings\Administrator\Desktop\Katy Perry COVER YT.psd

2014-06-29 09:22 - 2011-03-13 13:15 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Skype

2014-06-29 09:05 - 2014-06-29 09:05 - 00000000 ____D () C:\Program Files\Common Files\Skype

2014-06-29 09:05 - 2011-03-13 13:15 - 00000000 ___RD () C:\Program Files\Skype

2014-06-29 09:05 - 2011-03-13 13:15 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Skype

2014-06-29 07:53 - 2014-06-29 07:51 - 18922925 _____ () C:\Documents and Settings\Administrator\My Documents\World's Best Stink Prank!.mp4

2014-06-29 07:52 - 2014-06-29 07:52 - 10136013 _____ () C:\Documents and Settings\Administrator\My Documents\Evil SpongeBob Toy Prank!.mp4

2014-06-28 08:50 - 2014-06-28 08:37 - 319799298 _____ () C:\Documents and Settings\Administrator\My Documents\Military Remote Viewing Psychic Training Course - FULL DVD ON YOUTUBE.mp4

2014-06-28 05:52 - 2014-06-28 05:44 - 136561443 _____ () C:\Documents and Settings\Administrator\My Documents\Ninjas Secret History of the Ninja Uncovered (Full Documentary).mp4

2014-06-28 05:08 - 2014-06-28 05:03 - 86726440 _____ () C:\Documents and Settings\Administrator\My Documents\Pitbull ft. Jennifer Lopez - We Are One (Ole Ola) [2014 World Cup Song] PARODY.mp4

2014-06-28 04:55 - 2014-06-28 04:09 - 596133205 _____ () C:\Documents and Settings\Administrator\My Documents\Dagger - ArmA 3 SEALs Co-op Gameplay - OAW 3.mp4

2014-06-28 04:53 - 2014-06-28 04:52 - 09334184 _____ () C:\Documents and Settings\Administrator\My Documents\MILEY CYRUS SELLS OUT TO ILLUMINATI.mp4

2014-06-28 03:04 - 2014-06-28 03:02 - 41380441 _____ () C:\Documents and Settings\Administrator\My Documents\Ariana Grande - Problem ft. Iggy Azalea.mp4

2014-06-28 02:43 - 2014-06-28 02:38 - 57627331 _____ () C:\Documents and Settings\Administrator\My Documents\Wide Awake - Katy Perry (Lyrics) Official Video HD.mp4

2014-06-28 02:35 - 2014-06-28 02:33 - 39556009 _____ () C:\Documents and Settings\Administrator\My Documents\IS KATY OUT OF THE ILLUMINANTI WIDE AWAKE EXAMINED.mp4

2014-06-28 01:34 - 2014-06-28 01:34 - 13681250 _____ () C:\Documents and Settings\Administrator\My Documents\Time Travel Tunnel Discovered in China.mp4

2014-06-27 11:54 - 2014-07-06 08:19 - 00040064 _____ (Elex do Brasil Participações Ltda) C:\WINDOWS\system32\Drivers\iSafeKrnlBoot.sys

2014-06-27 11:37 - 2014-05-31 13:02 - 00000000 ____D () C:\2

2014-06-27 11:04 - 2014-04-06 12:13 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\MONEY MAKER (Project) BAC

2014-06-25 09:05 - 2011-11-08 13:56 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\WEBs BAC (Nov 2011)

2014-06-25 00:20 - 2014-04-24 17:41 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\!!! SHOP (Bac)

2014-06-22 05:52 - 2011-03-05 22:10 - 00001984 _____ () C:\WINDOWS\system32\d3d9caps.dat

2014-06-20 10:54 - 2012-11-25 16:46 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\Saved Firefox Session

2014-06-20 10:17 - 2011-03-05 21:57 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\BAC Music (Nov 2011)

2014-06-19 09:48 - 2014-02-23 13:09 - 00004707 _____ () C:\Documents and Settings\Administrator\Desktop\za da GI PREGLEDAM.txt

2014-06-18 17:46 - 2014-06-18 17:44 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\4GB Patch 1.0.0.1 (Run 32Bit SOFTs, GAMEs & OTHER on 64bit OS)

2014-06-17 22:04 - 2014-05-01 18:52 - 00001031 _____ () C:\Documents and Settings\Administrator\Desktop\! ! ! ! RUST - Design a BASE that none can get in (USTAV).lnk

2014-06-17 13:10 - 2011-03-08 10:48 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\Za INSTALL

2014-06-15 08:46 - 2014-06-15 08:46 - 00108544 _____ () C:\WINDOWS\system32\installd.exe

2014-06-15 08:46 - 2014-06-15 08:46 - 00049152 _____ () C:\WINDOWS\system32\Drivers\nethfdrv.sys

2014-06-15 08:45 - 2014-06-15 08:45 - 00246784 _____ () C:\WINDOWS\system32\hfpapi.dll

2014-06-15 08:45 - 2014-06-15 08:45 - 00108544 _____ () C:\WINDOWS\system32\hfnapi.dll

2014-06-14 19:12 - 2014-06-14 19:12 - 00000000 ____D () C:\Program Files\Realtek

2014-06-14 19:12 - 2011-03-05 21:52 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information

2014-06-13 11:12 - 2011-06-22 12:32 - 00002344 _____ () C:\Documents and Settings\Administrator\Desktop\Google Chrome.lnk

2014-06-12 12:06 - 2014-06-12 12:06 - 00000000 ____D () C:\Documents and Settings\Administrator\My Documents\CAPCOM

2014-06-12 11:05 - 2011-03-05 21:32 - 00000000 ____D () C:\WINDOWS\system32\DirectX

2014-06-12 11:03 - 2014-06-12 11:03 - 00000000 ____D () C:\WINDOWS\system32\xlive

2014-06-12 11:03 - 2014-06-12 11:03 - 00000000 ____D () C:\Program Files\Microsoft Games for Windows - LIVE

2014-06-12 11:03 - 2014-06-12 11:03 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Games for Windows - LIVE

2014-06-12 11:03 - 2011-03-21 17:19 - 00265696 _____ () C:\WINDOWS\DirectX.log

2014-06-09 15:05 - 2013-10-09 12:00 - 00000000 ____D () C:\Program Files\Full Tilt Poker

2014-06-08 05:46 - 2014-06-08 05:46 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\Game DECOMPILERs (To Edit-MOD Games)

2014-06-08 04:23 - 2014-05-26 19:14 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\DDoS & BANNED - RUST Server

2014-06-07 12:52 - 2011-03-05 22:16 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\Programi

2014-06-07 12:49 - 2014-06-07 12:49 - 00000000 ____D () C:\WINDOWS\system32\QuickTime

2014-06-07 12:49 - 2014-06-07 12:49 - 00000000 ____D () C:\Program Files\Common Files\TechSmith Shared

2014-06-07 12:49 - 2014-06-07 12:49 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Camtasia Studio 7

2014-06-07 12:49 - 2014-06-07 12:49 - 00000000 ____D () C:\Documents and Settings\Administrator\My Documents\Camtasia Studio

2014-06-07 12:49 - 2014-06-07 12:48 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\TechSmith

2014-06-07 12:48 - 2014-06-07 12:48 - 00000000 ____D () C:\Program Files\TechSmith

2014-06-07 12:48 - 2011-03-05 21:29 - 00008044 _____ () C:\WINDOWS\wmsetup.log

2014-06-07 12:36 - 2011-03-13 12:49 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Sony

Files to move or delete:

====================

C:\Documents and Settings\Administrator\awt43abr.exe

C:\Documents and Settings\Administrator\Application Data\msconfig.ini

C:\Documents and Settings\All Users\hash.dat

Some content of TEMP:

====================

C:\Documents and Settings\Administrator\Local Settings\Temp\3852.tmpcrt.dll

C:\Documents and Settings\Administrator\Local Settings\Temp\3853.tmpcrt.dll

C:\Documents and Settings\Administrator\Local Settings\Temp\app_d.exe

C:\Documents and Settings\Administrator\Local Settings\Temp\app_e.exe

C:\Documents and Settings\Administrator\Local Settings\Temp\AutoRun.exe

C:\Documents and Settings\Administrator\Local Settings\Temp\AutoRunGUI.dll

C:\Documents and Settings\Administrator\Local Settings\Temp\bassmod.dll

C:\Documents and Settings\Administrator\Local Settings\Temp\bb13ed4e1f0f5a5b9debae6996774abf.dll

C:\Documents and Settings\Administrator\Local Settings\Temp\comver.dll

C:\Documents and Settings\Administrator\Local Settings\Temp\Core.dll

C:\Documents and Settings\Administrator\Local Settings\Temp\crpt.exe

C:\Documents and Settings\Administrator\Local Settings\Temp\CTOSChk.exe

C:\Documents and Settings\Administrator\Local Settings\Temp\dbghelp.dll

C:\Documents and Settings\Administrator\Local Settings\Temp\dgen.exe

C:\Documents and Settings\Administrator\Local Settings\Temp\drm_dyndata_7400009.dll

C:\Documents and Settings\Administrator\Local Settings\Temp\EAInstall.dll

C:\Documents and Settings\Administrator\Local Settings\Temp\eauninstall.exe

C:\Documents and Settings\Administrator\Local Settings\Temp\Engine.dll

C:\Documents and Settings\Administrator\Local Settings\Temp\firefoxjre_exe.exe

C:\Documents and Settings\Administrator\Local Settings\Temp\FP_PL_PFS_INSTALLER.exe

C:\Documents and Settings\Administrator\Local Settings\Temp\Freeze.exe

C:\Documents and Settings\Administrator\Local Settings\Temp\gface_swap.exe

C:\Documents and Settings\Administrator\Local Settings\Temp\gtapi_signed.dll

C:\Documents and Settings\Administrator\Local Settings\Temp\GUR2.exe

C:\Documents and Settings\Administrator\Local Settings\Temp\htmlayout.dll

C:\Documents and Settings\Administrator\Local Settings\Temp\IFC23.dll

C:\Documents and Settings\Administrator\Local Settings\Temp\ildownloader_install.exe

C:\Documents and Settings\Administrator\Local Settings\Temp\inethnfd-setup.exe

C:\Documents and Settings\Administrator\Local Settings\Temp\JACKED LOADER.EXE

C:\Documents and Settings\Administrator\Local Settings\Temp\jre-7u13-windows-i586-iftw.exe

C:\Documents and Settings\Administrator\Local Settings\Temp\jshortcut-3778555169403432658.dll

C:\Documents and Settings\Administrator\Local Settings\Temp\kpinstaller.exe

C:\Documents and Settings\Administrator\Local Settings\Temp\libcurl.dll

C:\Documents and Settings\Administrator\Local Settings\Temp\LOOP.EXE

C:\Documents and Settings\Administrator\Local Settings\Temp\LOTR The Return of the King tm_uninst.exe

C:\Documents and Settings\Administrator\Local Settings\Temp\mgxfonts.exe

C:\Documents and Settings\Administrator\Local Settings\Temp\MSVCR71.dll

C:\Documents and Settings\Administrator\Local Settings\Temp\ogg.dll

C:\Documents and Settings\Administrator\Local Settings\Temp\pthreadGC2.dll

C:\Documents and Settings\Administrator\Local Settings\Temp\Second Life Setup.exe

C:\Documents and Settings\Administrator\Local Settings\Temp\Second_Life_3-0-3-240895_Setup.exe

C:\Documents and Settings\Administrator\Local Settings\Temp\Shockwave_Installer_FF.exe

C:\Documents and Settings\Administrator\Local Settings\Temp\SHSetup.exe

C:\Documents and Settings\Administrator\Local Settings\Temp\SIntf16.dll

C:\Documents and Settings\Administrator\Local Settings\Temp\SIntf32.dll

C:\Documents and Settings\Administrator\Local Settings\Temp\SIntfNT.dll

C:\Documents and Settings\Administrator\Local Settings\Temp\SkypeSetup.exe

C:\Documents and Settings\Administrator\Local Settings\Temp\starter.exe

C:\Documents and Settings\Administrator\Local Settings\Temp\swt-win32-3349.dll

C:\Documents and Settings\Administrator\Local Settings\Temp\tmp2D.exe

C:\Documents and Settings\Administrator\Local Settings\Temp\tmp30.exe

C:\Documents and Settings\Administrator\Local Settings\Temp\tmp5114.exe

C:\Documents and Settings\Administrator\Local Settings\Temp\tmp511F.exe

C:\Documents and Settings\Administrator\Local Settings\Temp\tmp7D6.exe

C:\Documents and Settings\Administrator\Local Settings\Temp\tmp7DC.exe

C:\Documents and Settings\Administrator\Local Settings\Temp\tmp7F6B.exe

C:\Documents and Settings\Administrator\Local Settings\Temp\tmp7F71.exe

C:\Documents and Settings\Administrator\Local Settings\Temp\tmpC551.exe

C:\Documents and Settings\Administrator\Local Settings\Temp\tmpC557.exe

C:\Documents and Settings\Administrator\Local Settings\Temp\tmpC76B.exe

C:\Documents and Settings\Administrator\Local Settings\Temp\tmpFCF9.exe

C:\Documents and Settings\Administrator\Local Settings\Temp\tmpFCFF.exe

C:\Documents and Settings\Administrator\Local Settings\Temp\ubertmp.exe

C:\Documents and Settings\Administrator\Local Settings\Temp\uninst1.exe

C:\Documents and Settings\Administrator\Local Settings\Temp\Uninstall.exe

C:\Documents and Settings\Administrator\Local Settings\Temp\UNINSTALLER-1908.exe

C:\Documents and Settings\Administrator\Local Settings\Temp\UNINSTALLER-3864.exe

C:\Documents and Settings\Administrator\Local Settings\Temp\Uninstaller-4000.exe

C:\Documents and Settings\Administrator\Local Settings\Temp\UNINSTALLER-4060.exe

C:\Documents and Settings\Administrator\Local Settings\Temp\Uninstaller-6672.exe

C:\Documents and Settings\Administrator\Local Settings\Temp\unwise.exe

C:\Documents and Settings\Administrator\Local Settings\Temp\Updater.exe

C:\Documents and Settings\Administrator\Local Settings\Temp\vc2008SP1_redist_x86.exe

C:\Documents and Settings\Administrator\Local Settings\Temp\vlc-2.0.8-win32.exe

C:\Documents and Settings\Administrator\Local Settings\Temp\vlc-2.1.2-win32.exe

C:\Documents and Settings\Administrator\Local Settings\Temp\vorbis.dll

C:\Documents and Settings\Administrator\Local Settings\Temp\vorbisfile.dll

C:\Documents and Settings\Administrator\Local Settings\Temp\vty_install_0231.exe

C:\Documents and Settings\Administrator\Local Settings\Temp\Window.dll

C:\Documents and Settings\Administrator\Local Settings\Temp\_is1574.exe

C:\Documents and Settings\Administrator\Local Settings\Temp\_is1577.exe

C:\Documents and Settings\Administrator\Local Settings\Temp\_is157F.exe

C:\Documents and Settings\Administrator\Local Settings\Temp\_tmpdgp.exe

C:\Documents and Settings\Administrator\Local Settings\Temp\{68AAAE55-D39E-4016-A5DB-FADDFA9899D1}.exe

==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => File is digitally signed

C:\WINDOWS\system32\winlogon.exe => File is digitally signed

C:\WINDOWS\system32\svchost.exe => File is digitally signed

C:\WINDOWS\system32\services.exe => File is digitally signed

C:\WINDOWS\system32\User32.dll => File is digitally signed

C:\WINDOWS\system32\userinit.exe => File is digitally signed

C:\WINDOWS\system32\rpcss.dll => File is digitally signed

C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

ADDITION.txt:

Additional scan result of Farbar Recovery Scan Tool (x86) Version:05-07-2014 01

Ran by Administrator at 2014-07-07 15:48:01

Running from C:\Documents and Settings\Administrator\Desktop

Boot Mode: Normal

==========================================================

==================== Security Center ========================

==================== Installed Programs ======================

3DVIA player 5.0.0.20 (HKLM\...\{F06365EC-061E-48C3-B761-E1816658D618}) (Version: 5.0.20 - 3DVIA)

AAA Logo 2009 Business Edition 3.0 (HKLM\...\AAA Logo 2009 Business_is1) (Version: - SWGSoft.com)

AdfBotPro 3.3.1 Final (HKLM\...\{E24F9D84-DF31-44A0-BC30-A97C42C99282}) (Version: 3.3.1 - Wss Ltd)

Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)

Adobe AIR (Version: 1.5.3.9120 - Adobe Systems Inc.) Hidden

Adobe Anchor Service CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden

Adobe Asset Services CS3 (Version: 3 - Adobe Systems Incorporated) Hidden

Adobe Bridge CS3 (Version: 2 - Adobe Systems Incorporated) Hidden

Adobe Bridge Start Meeting (Version: 1.0 - Adobe Systems Incorporated) Hidden

Adobe Camera Raw 4.0 (Version: 4.0 - Adobe Systems Incorporated) Hidden

Adobe CMaps (Version: 1.0 - Adobe Systems Incorporated) Hidden

Adobe Color - Photoshop Specific (Version: 1.0 - Adobe Systems Incorporated) Hidden

Adobe Color Common Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden

Adobe Color EU Extra Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden

Adobe Color JA Extra Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden

Adobe Color NA Recommended Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden

Adobe Default Language CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden

Adobe Device Central CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden

Adobe Dreamweaver CS3 (HKLM\...\Adobe_435a6af7459cb02a9c1138113a26e93) (Version: 9.0 - Adobe Systems Incorporated)

Adobe Dreamweaver CS3 (Version: 9 - Adobe Systems Incorporated) Hidden

Adobe ExtendScript Toolkit 2 (Version: 2.0 - Adobe Systems Incorporated) Hidden

Adobe Extension Manager CS3 (Version: 1.8 - Adobe Systems Incorporated) Hidden

Adobe Fireworks CS3 (HKLM\...\Adobe_bbef028176efa5abf0233d3e1747be8) (Version: 9.0 - Adobe Systems Incorporated)

Adobe Fireworks CS3 (Version: 9.0 - Adobe Systems Incorporated) Hidden

Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)

Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)

Adobe Fonts All (Version: 1.0 - Adobe Systems Incorporated) Hidden

Adobe Help Viewer CS3 (Version: 1 - Adobe Systems Incorporated) Hidden

Adobe Linguistics CS3 (Version: 3.0.0 - Adobe Systems Incorporated) Hidden

Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)

Adobe Media Player (Version: 1.8 - Adobe Systems Incorporated) Hidden

Adobe PDF Library Files (Version: 8.0 - Adobe Systems Incorporated) Hidden

Adobe Photoshop CS3 (HKLM\...\Adobe_2ac78060bc5856b0c1cf873bb919b58) (Version: 10.0 - Adobe Systems Incorporated)

Adobe Photoshop CS3 (Version: 10 - Adobe Systems Incorporated) Hidden

Adobe Reader 7.0 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A70001000000}) (Version: 7.9.0 - Adobe Systems Incorporated)

Adobe Setup (Version: 1.0 - Adobe Systems Incorporated) Hidden

Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)

Adobe Stock Photos CS3 (Version: 1.5 - Adobe Systems Incorporated) Hidden

Adobe Type Support (Version: 1.0 - Adobe Systems Incorporated) Hidden

Adobe Update Manager CS3 (Version: 5.1.0 - Adobe Systems Incorporated) Hidden

Adobe Version Cue CS3 Client (Version: 3 - Adobe Systems Incorporated) Hidden

Adobe WinSoft Linguistics Plugin (Version: 1.0 - Adobe Systems Incorporated) Hidden

Adobe XMP Panels CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden

AdultTV (HKLM\...\AdultTV) (Version: - )

Advanced Video FX Engine (HKLM\...\Advanced Video FX Engine) (Version: - )

AGEIA GAME System Software 2.8.0 (HKLM\...\{5C9530C0-957F-4CC4-ADA9-A7195BD9394C}) (Version: 2.8.0 - AGEIA Technologies, Inc.)

Akamai NetSession Interface (HKCU\...\Akamai) (Version: - Akamai Technologies, Inc)

Alien303 (HKLM\...\Alien303) (Version: - )

AMCap (HKLM\...\AMCap) (Version: 9.20.132.2 - Noлl Danjou)

Analog Factory HipHop 2.2.1 (HKLM\...\Analog Factory HipHop_is1) (Version: - Arturia)

Ancient Weapon Sounds (HKLM\...\{D91802D9-6A42-4563-BC37-B3E2D04DC95B}) (Version: 2.1.0 - Screaming Bee)

Antares Auto-Tune Evo VST (HKLM\...\{FFF74EC9-1FF4-4456-99E3-4F05129F4FAB}) (Version: 6.00.0009 - Antares Audio Technologies)

AnyToISO (HKLM\...\AnyToISO_is1) (Version: 3.4 - CrystalIdea Software, Inc.)

Apex Video to MP3 WMA WAV Converter Free 4.52 (HKLM\...\Apex Video to MP3 WMA WAV Converter Free_is1) (Version: V4.52 - Apex Corporation)

Apple Application Support (HKLM\...\{EE6097DD-05F4-4178-9719-D3170BF098E8}) (Version: 1.4.1 - Apple Inc.)

Audio Damage Digitalis Discord VST v1.5 (HKLM\...\Audio Damage Digitalis Discord VST v1.5) (Version: - )

AudioRealism Bass Line 2 (remove only) (HKLM\...\AudioRealism) (Version: - )

AutoPlay Media Studio 8 (HKLM\...\AutoPlay Media Studio 8) (Version: 8.0.4.0 - Indigo Rose Corporation)

avast! Free Antivirus (HKLM\...\avast5) (Version: 5.0.594.0 - Alwil Software)

BitLord 1.2 (HKLM\...\BitLord) (Version: - House of Life)

Blue Satin Skin (HKLM\...\{B0C00181-ECF5-4124-A6DE-14EA663D4799}) (Version: 2.2.0 - Screaming Bee)

Browser Manager (HKLM\...\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}) (Version: - Bit89 Inc)

Camtasia Studio 7 (HKLM\...\{37B03AA0-B125-4649-900C-F26E1081F163}) (Version: 7.0.1 - TechSmith Corporation)

CDex extraction audio (HKLM\...\CDex) (Version: - )

Cheat Engine 6.2 (HKLM\...\Cheat Engine 6.2_is1) (Version: - Dark Byte)

Comic Sound Pack (HKLM\...\{79A743FA-FF99-42DF-8C35-BA40EAEA6668}) (Version: 2.1.0 - Screaming Bee)

Corel Graphics - Windows Shell Extension (HKLM\...\_{51DD370C-6690-424E-9674-5F14468B323F}) (Version: 15.0.0.487 - Corel Corporation)

Corel Graphics - Windows Shell Extension (Version: 15.0.487 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X5 - Capture (Version: 15.0 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X5 - Common (Version: 15.0 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X5 - Connect (Version: 15.0 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X5 - Custom Data (Version: 15.0 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X5 - Draw (Version: 15.0 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X5 - EN (Version: 15.0 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X5 - Filters (Version: 15.0 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X5 - FontNav (Version: 15.0 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X5 - IPM (Version: 15.0 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X5 - PHOTO-PAINT (Version: 15.0 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X5 - Photozoom Plugin (Version: 15.0 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X5 - Redist (Version: 15.0 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X5 - Setup Files (Version: 15.0 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X5 - VBA (Version: 15.0 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X5 - VideoBrowser (Version: 15.0 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X5 - VSTA (Version: 15.0 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X5 - WT (Version: 15.0 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X5 (Version: 15.0 - Corel Corporation) Hidden

CorelDRAW® Graphics Suite X5 (HKLM\...\_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}) (Version: 15.0.0.486 - Corel Corporation)

Corporate Identity Designer 4.0 (HKLM\...\Corporate Identity Designer 4.0) (Version: 4.0 - Corporate Identity Designer)

CPUID CPU-Z 1.68 (HKLM\...\CPUID CPU-Z_is1) (Version: - )

Creative Live! Cam Center (HKLM\...\Creative Live! Cam Center) (Version: - )

Creative WebCam Vista Plus Driver (1.02.02.0414) (HKLM\...\Creative VF0090) (Version: - )

Creatures of Darkness (HKLM\...\{5B616A3F-43D9-4F0B-9F49-D39342A98592}) (Version: 3.3.0 - Screaming Bee LLC)

CyberGhost VPN (HKLM\...\CyberGhost VPN_is1) (Version: - S.A.D. GmbH)

DAEMON Tools Pro (HKLM\...\DAEMON Tools Pro) (Version: 5.2.0.0348 - DT Soft Ltd)

Dafa Poker (HKLM\...\Dafa Poker) (Version: - )

Deep Space Voices (HKLM\...\{336E1A2D-E3EB-4846-B7D0-BD75BBBBC0A4}) (Version: 3.3.0 - Screaming Bee)

discoDSP Discovery v2.3 (HKLM\...\discoDSP Discovery v2.3_is1) (Version: 2.3 - discoDSP)

DivX Converter (HKLM\...\{13F3917B56CD4C25848BDC69916971BB}) (Version: 7.1.0 - DivX, Inc.)

DivX Converter (HKLM\...\{B13A7C41581B411290FBC0395694E2A9}) (Version: 7.1.0 - DivX, Inc.)

DivX Plus DirectShow Filters (HKLM\...\DivX Plus DirectShow Filters) (Version: - DivX, Inc.)

DivX Setup (HKLM\...\DivX Setup) (Version: 2.6.0.34 - DivX, LLC)

DivX Version Checker (HKLM\...\{3FC7CBBC4C1E11DCA1A752EA55D89593}) (Version: 7.1.0.9 - DivX, Inc.)

DNA (HKCU\...\BitTorrent DNA) (Version: 2.2.2 (13666) - BitTorrent Inc.)

Dragon UnPACKer 5 (HKLM\...\DragonUnPACKer5_is1) (Version: 5.6.2 Exedra Chac - Alexandre Devilliers (aka Elbereth))

Driver Checker v2.7.5 (HKLM\...\Driver Checker_is1) (Version: 2.7.5 - driverchecker.com, Inc.)

Driver Magician 3.5 (HKLM\...\Driver Magician_is1) (Version: - GoldSolution Software, Inc.)

Dynamic-Photo HDR 4.8 (HKLM\...\Dynamic-Photo HDR 4_is1) (Version: - Mediachance)

Easy GIF Animator Pro 5.1 (HKLM\...\{F4995503-86AA-432F-BF3C-0A613D444A27}) (Version: 5.1.0.44 - LeeGTs Software)

Elektronski Recnik Makedonski i Angliski verzija Voyager (HKLM\...\{710DDC8F-EDF5-44D5-906C-CAB1F9ED245F}) (Version: 1.1 - Turni Dooel)

ERUNT 1.1j (HKLM\...\ERUNT_is1) (Version: - Lars Hederer)

EximiousSoft Logo Designer V2.58 (HKLM\...\EximiousSoft Logo Designer_is1) (Version: - EximiousSoft)

Facebook Video Calling 2.0.0.447 (HKLM\...\{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}) (Version: 2.0.447 - Skype Limited)

Fake Voice 1.0.8 (HKLM\...\Fake Voice_is1) (Version: - Web Solution Mart)

Fantasy Sound Pack (HKLM\...\{06ACD0D6-537A-4831-9608-AA74A5795698}) (Version: 1.1.0 - Screaming Bee)

Fantasy Voice Pack (HKLM\...\{8061C2C9-C2A3-4550-A3FC-585B646840CB}) (Version: 1.3.0 - Screaming Bee)

Farm Animal Sounds (HKLM\...\{20052CA0-FF43-4901-8261-E6DBF0A09ED1}) (Version: 1.1.0 - Screaming Bee)

FBP - Facebook Blaster Pro (HKLM\...\{2C72AE8A-932F-4AF8-92DD-60B84AA30BDE}) (Version: 9.0.0 - Digital Media Group)

Female Voice Pack (HKLM\...\{71F8C486-8A13-468E-8B73-06051075556A}) (Version: 3.3.1 - Screaming Bee)

FileZilla Server (remove only) (HKLM\...\FileZilla Server) (Version: - )

FL Studio 10 (HKLM\...\FL Studio 10) (Version: - Image-Line)

FL Studio 7 (HKLM\...\FL Studio 7) (Version: - Image-Line bvba)

FL Studio 9 (HKLM\...\FL Studio 9) (Version: - Image-Line)

FLAC 1.2.1b (remove only) (HKLM\...\FLAC) (Version: 1.2.1b - Xiph.org)

FLUID 1.0 (HKLM\...\Tubeohm FLUID_is1) (Version: - )

Fraps (remove only) (HKLM\...\Fraps) (Version: - )

Freecorder (HKLM\...\Freecorder4.1) (Version: 4.1 - Applian Technologies Inc.)

FreeZ Online TV v1.43 (HKLM\...\{884BCE6D-0C47-4688-A335-4CE0C829643D}_is1) (Version: - FreezSoft.com)

Furry Voices for Second Life (HKLM\...\{0DB44859-4112-4946-BE5E-A4275B3FFB5E}) (Version: 1.3.0 - Screaming Bee)

Galactic Voices (HKLM\...\{DF3FE308-58F2-45E2-9BB0-6A993794AD5C}) (Version: 1.3.0 - Screaming Bee)

GameRanger (HKCU\...\GameRanger) (Version: - GameRanger Technologies)

GameSpy Arcade (HKLM\...\GameSpy Arcade) (Version: - )

Gif To Swf Converter 2.3 (HKLM\...\{3D3CB8A8-67B7-4FCB-B727-C3448D6A731F}_is1) (Version: - 789soft, Inc.)

Google Chrome (HKCU\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)

Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)

Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden

Half-Life (HKLM\...\Half-Life) (Version: - )

Hardcore (HKLM\...\Hardcore) (Version: - Image-Line)

Hercules Webcam (HKLM\...\{A250D351-A07F-4D5D-AB6C-693C69B9BFAF}) (Version: - )

Hide-IP-Browser 1.5 (HKLM\...\{7402084F-A3DA-4DDB-9689-8E8D2319D1B7}_is1) (Version: - Hide-IP-Browser)

HxD Hex Editor version 1.7.7.0 (HKLM\...\HxD Hex Editor_is1) (Version: 1.7.7.0 - Maлl Hцrz)

IL Download Manager (HKLM\...\IL Download Manager) (Version: - Image-Line)

IL Gross Beat (HKLM\...\IL Gross Beat) (Version: - Image-Line)

IL Harmless (HKLM\...\IL Harmless) (Version: - Image-Line)

IL Harmor (HKLM\...\IL Harmor) (Version: - Image-Line)

Inkscape 0.48.1 (HKLM\...\Inkscape) (Version: 0.48.1 - )

Intel® Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.10.5248 - Intel Corporation)

Interlok driver setup x32 (HKLM\...\{25613C10-27D2-410B-942B-D922D5C3A7BE}) (Version: 5.8.10 - PACE Anti-Piracy)

ISOBuddy (HKLM\...\ISOBuddy) (Version: - )

Java Auto Updater (Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden

Java™ 6 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216031FF}) (Version: 6.0.310 - Oracle)

JLC's Internet TV (HKLM\...\JLC's Internet TV) (Version: - )

Join ME (HKLM\...\{72FD5F2E-1F7A-4E9B-8838-29E842E178CD}) (Version: 2.0.3.0 - )

Jump, Bobo! Jump! (HKLM\...\Jump, Bobo! Jump!v1.0.0.0) (Version: v1.0.0.0 - IP Kapustin A.S.)

Kalydo Player 4.11.01 (HKCU\...\KalydoPlayer) (Version: 4.11.01 - Eximion B.V.)

KeyScrambler (HKLM\...\KeyScrambler) (Version: - QFX Software Corporation)

Kongregate Client version 1.0.0.0 (HKCU\...\{BE4BF7C1-AFE6-49B2-926E-FB63F7F56817}_is1) (Version: 1.0.0.0 - Kongregate)

Lennar Digital Sylenth VSTi v1.2.1 (HKLM\...\Lennar Digital Sylenth VSTi v1.2.1) (Version: - )

LogoMaker 3.0 (HKLM\...\LogoMaker_is1) (Version: - Studio V5)

Lux Delux 6.22 (HKLM\...\Lux Delux_is1) (Version: - Sillysoft Games)

Macromedia Extension Manager (HKLM\...\{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}) (Version: 1.7.240 - Macromedia, Inc.)

Macromedia Flash 8 Video Encoder (HKLM\...\{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}) (Version: 1.00.0000 - Macromedia)

Macromedia Flash MX 2004 (HKLM\...\{2F353D44-73BB-4971-B31D-F7642E9E9531}) (Version: 7.2 - Macromedia)

Macromedia Flash Player 8 (HKLM\...\{885A63EA-382B-4DD4-A755-14809B8557D6}) (Version: 8.0.22.0 - Macromedia)

Magic Flare 1.0 (HKLM\...\MagicFlare_1.0) (Version: - )

Magic ISO Maker v5.4 (build 0251) (HKLM\...\Magic ISO Maker v5.4 (build 0251)) (Version: - )

MAGIX 3D Maker Download version 6.0.0.4 (US) (HKLM\...\MAGIX 3D Maker Download version US) (Version: 6.0.0.4 - MAGIX AG)

Male Voice Pack (HKLM\...\{45BF4F8E-7BE7-4384-94C6-60AC70C401C6}) (Version: 1.3.0 - Screaming Bee)

Man1aCSSv59tov60 patcher + Updater 2.0 (HKLM\...\Man1aCSSv59tov60 patcher + Updater 2.0) (Version: - )

ManyCam 2.6.30 (remove only) (HKLM\...\ManyCam) (Version: 2.6.30 - ManyCam LLC)

Microsoft .NET Framework 1.1 (HKLM\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)

Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)

Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)

Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)

Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)

Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden

Microsoft Age of Empires II (HKLM\...\Age of Empires 2.0) (Version: - )

Microsoft Age of Empires II: The Conquerors Expansion (HKLM\...\Age of Empires II: The Conquerors Expansion 1.0) (Version: - )

Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden

Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden

Microsoft Games for Windows - LIVE (HKLM\...\{4D243BA7-9AC4-46D1-90E5-EEB88974F501}) (Version: 2.0.687.0 - Microsoft Corporation)

Microsoft Games for Windows - LIVE Redistributable (HKLM\...\{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}) (Version: 2.0.687.0 - Microsoft Corporation)

Microsoft Office Access MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)

Microsoft Office Enterprise 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Excel MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Groove MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Proof (Spanish) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Shared MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Word MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)

Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)

Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden

Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Windows Media Video 9 VCM (HKLM\...\WMV9_VCM) (Version: - )

Microsoft_VC80_CRT_x86 (Version: 1.00.0000 - Adobe) Hidden

Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden

Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden

Microsoft_VC90_ATL_x86 (Version: 1.00.0000 - Adobe) Hidden

Microsoft_VC90_CRT_x86 (Version: 1.00.0000 - Adobe) Hidden

Microsoft_VC90_MFC_x86 (Version: 1.00.0000 - Adobe) Hidden

Migo Digital Rescue 4 Premium (HKLM\...\Digital Rescue 4 Premium4) (Version: 4 - Migo Software Inc. )

Minecraft1.7.2 (HKLM\...\Minecraft1.7.2) (Version: - )

Minecraft1.7.8 (HKLM\...\Minecraft1.7.8) (Version: - )

Minecraft1.7.9 (HKLM\...\Minecraft1.7.9) (Version: - )

MorphVOX Pro (HKLM\...\{DE289787-7ECA-4BED-9D8C-99FAC407E3D6}) (Version: 4.3.13 - Screaming Bee)

Mozilla Firefox 24.0 (x86 en-US) (HKLM\...\Mozilla Firefox 24.0 (x86 en-US)) (Version: 24.0 - Mozilla)

Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 24.0 - Mozilla)

MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden

MSXML 6.0 Parser (HKLM\...\{AEB9948B-4FF2-47C9-990E-47014492A0FE}) (Version: 6.00.3883.8 - Microsoft Corporation)

MusicLab RealGuitar 2.0 (HKLM\...\{1864B4F0-7777-4A57-9930-C2B307597966}) (Version: - MusicLab, Inc.)

My Screen Recorder Pro 2.67 (HKLM\...\My Screen Recorder Pro_is1) (Version: - Deskshare Inc.)

Native Instruments Absynth 4 (HKLM\...\Native Instruments Absynth 4) (Version: - )

Native Instruments Absynth 5 (HKLM\...\Native Instruments Absynth 5) (Version: - Native Instruments)

Native Instruments Absynth 5 (Version: 5.0.0.829 - Native Instruments) Hidden

Native Instruments FM8 v1.0.1.002 VSTi DXi RTAS (HKLM\...\Native Instruments FM8 v1.0.1.002 VSTi DXi RTAS) (Version: - )

Native Instruments Reaktor 5 (HKLM\...\Native Instruments Reaktor 5) (Version: - )

Native Instruments Service Center (HKLM\...\Native Instruments Service Center) (Version: - Native Instruments)

Native Instruments Service Center (Version: 2.2.0.367 - Native Instruments) Hidden

Need for Speed™ Carbon (HKLM\...\{259C0ABB-A3B2-4D70-008F-BF7EE491B70B}) (Version: - )

Nero 8 (HKLM\...\{B944FA21-81AF-4A77-8328-CE4F4CC5D805}) (Version: 8.10.21 - Nero AG)

neroxml (Version: 1.0.0 - Nero AG) Hidden

Nettv Player 3.1.2 (HKLM\...\Nettv Player) (Version: 3.1.2 - Nettv)

Network System Driver (HKLM\...\inethnfd) (Version: 1.0.0.3001 - ) <==== ATTENTION

NVIDIA Control Panel 285.58 (Version: 285.58 - NVIDIA Corporation) Hidden

NVIDIA Graphics Driver 285.58 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 285.58 - NVIDIA Corporation)

NVIDIA HD Audio Driver 1.2.24.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.2.24.0 - NVIDIA Corporation)

NVIDIA Install Application (Version: 2.1002.46.235 - NVIDIA Corporation) Hidden

NVIDIA nView 135.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 135.95 - NVIDIA Corporation)

NVIDIA PhysX (Version: 9.11.0621 - NVIDIA Corporation) Hidden

NVIDIA PhysX System Software 9.11.0621 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.11.0621 - NVIDIA Corporation)

NVIDIA Update 1.5.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.5.20 - NVIDIA Corporation)

NVIDIA Update Components (Version: 1.5.20 - NVIDIA Corporation) Hidden

OpenAL (HKLM\...\OpenAL) (Version: - )

Oxy (HKCU\...\{9AAF2503-6CD5-414A-B5BA-37639B76C91F}) (Version: - FINEDREAM INVEST LTD) <==== ATTENTION

Pando Media Booster (HKLM\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.1 - Pando Networks Inc.)

PC Camera (6009 CIF) (HKLM\...\{A5B3028F-6845-48A6-A46E-77A716B57537}) (Version: 2.10.0.0 - )

PC Data App (HKLM\...\PCData App) (Version: - ) <==== ATTENTION

PCHand Screen Recorder 1.8.5.4 (HKLM\...\PCHand Screen Recorder_is1) (Version: - )

PDF Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden

PE Explorer 1.99 R6 (HKLM\...\PE Explorer_is1) (Version: 1.99.6 - Heaventools Software)

Personality Voices (HKLM\...\{29C042AB-059B-414C-840E-94775E3F24A8}) (Version: 1.0.0 - Screaming Bee)

Platform (Version: 1.34 - VIA Technologies, Inc.) Hidden

PoiZone (HKLM\...\PoiZone) (Version: - Image-Line)

PokerStars (HKLM\...\PokerStars) (Version: - PokerStars)

Power Challenge Game Plugin (HKCU\...\Power Loader) (Version: - )

Pro Evolution Soccer 2013 (HKLM\...\{C2523AE6-F335-4D0B-BC15-1C07E4ACE629}) (Version: 1.00.0000 - KONAMI)

Pro-sounds.Virus.Dream.Bank1 (HKLM\...\Pro-sounds.Virus.Dream.Bank1) (Version: - )

Quake Live Mozilla Plugin (HKLM\...\{FA66CFD7-0977-4C45-AACD-A8BB994B1A05}) (Version: 1.0.520 - id Software)

QuickTime (HKLM\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)

Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.6167 - Realtek Semiconductor Corp.)

reFX Nexus 1.4.0 (HKLM\...\reFX Nexus 1.4.0_is1) (Version: - )

reFX Trasher 2 VST v1.1 (HKLM\...\reFX Trasher 2 VST v1.1) (Version: - )

ReFX Vanguard VSTi v1.04 (HKLM\...\ReFX Vanguard VSTi v1.04) (Version: - )

requiemkongregate (HKCU\...\Kalydo App requiemkongregate) (Version: 0.00.01.100 - )

rgc:audio z3ta+ 1.5 (HKLM\...\z3ta+_x86_is1) (Version: 1.5 - Cakewalk Music Software)

Right Click Image Converter (HKLM\...\Kristanix Right Click Image Converter) (Version: - )

Rob Papen Albino 3 (HKLM\...\Rob Papen Albino 3) (Version: - )

RSO Vocal Magic Pro VST (HKLM\...\RSO Vocal Magic Pro VST) (Version: - )

Safari (HKLM\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)

Samplelord VSTi v1.0 (HKLM\...\Samplelord_is1) (Version: - )

Sandboxie 4.08 (32-bit) (HKLM\...\Sandboxie) (Version: 4.08 - Sandboxie Holdings, LLC)

Sawer (HKLM\...\Sawer) (Version: - Image-Line)

Sci-Fi 2 Sound Pack (HKLM\...\{E7E76513-335F-4995-86CF-A85B77D8D975}) (Version: 1.3.0 - Screaming Bee)

Sci-Fi Sound Pack (HKLM\...\{D13F2D95-1CE0-4147-846F-89ECB2E9A5CD}) (Version: 1.1.0 - Screaming Bee)

Sci-Fi Voice Pack (HKLM\...\{216E21F4-0489-4311-92D6-20D1FB950FCE}) (Version: 1.3.0 - Screaming Bee)

Segoe UI (Version: 14.0.4327.805 - Microsoft Corp) Hidden

Shockwave (HKLM\...\Shockwave) (Version: - )

Sierra Utilities (HKLM\...\Sierra Utilities) (Version: - )

Simple Search-Replace (HKLM\...\{04D645A0-18D5-4C33-8D2A-7E93944982DB}) (Version: 1.03.0000 - RJL Software, Inc.)

Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.12.13601 - Skype Technologies S.A.)

Skype™ 6.16 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)

SOE Web Installer (HKCU\...\SOE Web Installer) (Version: 1.0.3.171 - Sony Online Entertainment)

Software Update for Web Folders (Version: 9.60.6715.0 - Microsoft Corporation) Hidden

Soldat 1.5.0 (HKLM\...\Soldat_is1) (Version: - Michal Marcinkowski)

Soldat 1.6.0 (HKLM\...\Soldat patch 1.5.0-1.6.0_is1) (Version: 1.6.0 - Michal Marcinkowski)

Sonalksis Bundle (HKLM\...\Sonalksis Bundle1.0) (Version: 1.0 - Team Audio Pirate)

Sonic Charge Synplant 1.0 (HKLM\...\Sonic Charge Synplant_is1) (Version: - )

Sonik Synth 2 Free (HKLM\...\Sonik Synth 2 Free) (Version: - )

Sony Noise Reduction Plug-In 2.0e (HKLM\...\{D533C9D4-ED96-4191-B9C3-279C0DD6BABA}) (Version: 2.0.444 - Sony)

Sony Sound Forge 9.0 (HKLM\...\{6842DCCB-2840-4E46-8AF3-BEA9CFF3455B}) (Version: 9.0.297 - Sony)

SoulseekQt (HKLM\...\SoulseekQt) (Version: - )

Speccy (HKLM\...\Speccy) (Version: 1.16 - Piriform)

Spooky Sounds (HKLM\...\{D813EF9B-69CF-4996-893C-B400AE7292FA}) (Version: 2.1.0 - Screaming Bee)

Square Enix Secure Launcher (HKCU\...\Square Enix Secure Launcher) (Version: 1.0.0.108 - Square Enix)

Station LaunchPad (HKLM\...\{D7447B32-518C-442F-A8E4-DCF12D8A6D75}) (Version: 1.00.000 - )

Steam (HKLM\...\Steam) (Version: - Valve Corporation)

Super Hide IP (HKLM\...\SuperHideIP) (Version: 3.1.9.6 - )

Super Internet TV v8.0 (Premium Edition) (HKLM\...\Super Internet TV (Premium Edition)_is1) (Version: - Ahusoft)

SWF-AVI-GIF Converter 1.0 (HKLM\...\SWF-AVI-GIF Converter_is1) (Version: - IwantSoft, Inc.)

SWiSHmax (HKLM\...\SWiSHmax) (Version: - )

swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden

Synthation Vanguard Essentials Soundbank (HKLM\...\Synthation Vanguard Essentials Soundbank) (Version: - )

TechPowerUp GPU-Z (HKLM\...\TechPowerUp GPU-Z) (Version: - TechPowerUp)

Teleport Pro (HKLM\...\Teleport Pro) (Version: 1.63 - Tennyson Maxwell Information Systems, Inc.)

Tiffen Dfx v1.0 (HKLM\...\Tiffen Dfx v1.0) (Version: - )

TNod User & Password Finder (HKLM\...\TNod) (Version: 1.4.2.3 - Tukero[X]Team)

Toxic Biohazard (HKLM\...\Toxic Biohazard) (Version: - Image-Line)

T-RackS 3 Deluxe (HKLM\...\{423C4130-EBC3-410A-B3A0-37BBF9D607D5}) (Version: 3.1.2 - IK Multimedia)

Translator Fun Voice Pack (HKLM\...\{602A1471-063B-4E03-9DCE-0210B914EFF5}) (Version: 1.5.0 - Screaming Bee)

TruePianos 1.5.0 (HKLM\...\TruePianos_is1) (Version: - 4Front Technologies)

Truster (HKLM\...\ST5UNST #1) (Version: - )

Tunngle beta (HKLM\...\Tunngle beta_is1) (Version: - Tunngle.net GmbH)

Ulead Photo Express 3.0 SE (HKLM\...\Ulead Photo Express 3.0 SE) (Version: - )

Uninstall TrianglePlayer (HKLM\...\TrianglePlayer_is1) (Version: 2012 - Fuzhou Zhuo Yue Wu Xian Software Development Company Limited)

Unity Web Player (HKCU\...\UnityWebPlayer) (Version: - Unity Technologies ApS)

Update for Windows XP (KB932823-v3) (HKLM\...\KB932823-v3) (Version: 3 - Microsoft Corporation)

VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden

VCRedistSetup (Version: 1.0.0 - Nero AG) Hidden

Vector Magic (HKLM\...\Vector Magic) (Version: 1.08 - Vector Magic, Inc.)

VIA Platform Device Manager (HKLM\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)

Virtual DJ Pro Full - Atomix Productions (HKLM\...\Virtual DJ Pro Full - Atomix Productions) (Version: - )

Visual Basic for Applications ® Core - English (Version: 6.4.99.69 - Microsoft Corporation) Hidden

Visual Basic for Applications ® Core (Version: 6.4.99.69 - Microsoft Corporation) Hidden

Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)

Vizzed Retro Game Room (HKLM\...\{6D9F35D2-1D6F-4E17-A79F-991A7BD24AAD}) (Version: 2.0.0 - Vizzed)

VLC media player 2.1.2 (HKLM\...\VLC media player) (Version: 2.1.2 - VideoLAN)

vLite (HKLM\...\vLite_is1) (Version: 1.2 - Dino Nuhagic (nuhi))

Warface Launcher (Beta) (HKLM\...\{28D1723C-31C4-4A83-9799-DFFB3739026D}) (Version: 1.0.0 - Crytek GmbH)

Web Media Client (HKLM\...\{55DD6846-EF8B-45AD-8C14-21DAFF204C77}) (Version: 1.1.14 - 3G Studios)

Webcam Simulator 6.3 (HKLM\...\Webcam Simulator_is1) (Version: - Web Solution Mart)

Winamp (remove only) (HKLM\...\Winamp) (Version: - )

Windows Imaging Component (HKLM\...\WIC) (Version: 3.0.0.0 - Microsoft Corporation)

Windows Live Call (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden

Windows Live Communications Platform (Version: 14.0.8117.416 - Microsoft Corporation) Hidden

Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)

Windows Live Essentials (Version: 14.0.8117.416 - Microsoft Corporation) Hidden

Windows Live Messenger (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden

Windows Live Sign-in Assistant (HKLM\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)

Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)

Windows Resource Kit Tools - SubInAcl.exe (HKLM\...\{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}) (Version: 5.2.3790.1164 - Microsoft Corporation)

WinHTTrack Website Copier 3.46-1 (HKLM\...\WinHTTrack Website Copier_is1) (Version: 3.46.1 - HTTrack)

WinPcap 4.1.2 (HKLM\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)

WinRAR archiver (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)

WinZip 15.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BE}) (Version: 15.0.9302 - WinZip Computing, S.L. )

Wireshark 1.4.6 (HKLM\...\Wireshark) (Version: 1.4.6 - The Wireshark developer community, http://www.wireshark.org)

Wisdom-soft Set up ASR 3.1 Pro (HKLM\...\Wisdom-soft Set up ASR 3.1 Pro) (Version: - Wisdom Software Inc.)

Xfire (remove only) (HKLM\...\Xfire) (Version: - )

Xilisoft Video Converter Ultimate 6 (HKLM\...\Xilisoft Video Converter Ultimate) (Version: 6.0.3.0528 - Xilisoft)

Xvid 1.2.2 final uninstall (HKLM\...\Xvid_is1) (Version: 1.2 - Xvid team (Koepi))

Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)

Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version: - )

Yet Another Cleaner! (HKLM\...\iSafe) (Version: - ELEX DO BRASIL PARTICIPAÇÕES LTDA)

Zworldo (remove only) (HKCU\...\Zworldo) (Version: - )

==================== Restore Points =========================

12-05-2014 07:09:24 System Checkpoint

13-05-2014 08:23:03 System Checkpoint

16-05-2014 10:59:48 System Checkpoint

19-05-2014 05:06:19 System Checkpoint

20-05-2014 18:28:26 System Checkpoint

22-05-2014 19:41:54 System Checkpoint

24-05-2014 14:14:15 System Checkpoint

27-05-2014 08:47:09 System Checkpoint

28-05-2014 11:34:26 System Checkpoint

29-05-2014 14:42:38 System Checkpoint

31-05-2014 07:44:28 System Checkpoint

31-05-2014 12:04:38 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005

31-05-2014 12:10:01 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005

31-05-2014 12:10:17 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005

01-06-2014 07:39:10 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610

02-06-2014 11:19:39 System Checkpoint

03-06-2014 19:29:07 System Checkpoint

05-06-2014 07:52:24 System Checkpoint

06-06-2014 10:15:06 System Checkpoint

07-06-2014 10:48:51 Installed Camtasia Studio 7

08-06-2014 23:16:39 System Checkpoint

09-06-2014 13:02:02 Removed DayZ Commander

11-06-2014 10:29:36 System Checkpoint

12-06-2014 09:03:37 Installed DirectX

12-06-2014 09:04:13 RESIDENT EVIL 5 ‚рѓCѓ“ѓXѓgЃ[ѓ‹‚µ‚Ь‚µ‚ЅЃB

12-06-2014 11:09:35 RESIDENT EVIL 5 ‚рЌнЏњ‚µ‚Ь‚µ‚ЅЃB

14-06-2014 04:44:46 System Checkpoint

14-06-2014 17:12:26 Installed Realtek High Definition Audio Driver

14-06-2014 17:23:43 Unsigned driver install

16-06-2014 06:58:54 System Checkpoint

17-06-2014 09:08:52 System Checkpoint

18-06-2014 15:38:45 System Checkpoint

19-06-2014 20:50:35 System Checkpoint

22-06-2014 09:48:01 System Checkpoint

24-06-2014 18:57:38 System Checkpoint

26-06-2014 04:31:26 System Checkpoint

27-06-2014 07:15:11 System Checkpoint

27-06-2014 09:23:23 Removed Java 7 Update 21

28-06-2014 11:52:29 System Checkpoint

01-07-2014 05:51:07 System Checkpoint

03-07-2014 06:47:31 System Checkpoint

04-07-2014 07:11:03 Installed Pro Evolution Soccer 2013.

==================== Hosts content: ==========================

2001-08-23 16:00 - 2014-02-27 19:05 - 00000865 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 gsin256345.elasticbeanstalk.com

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\WINDOWS\Tasks\Browser Manager.job => C:\WINDOWS\system32\sc.exe

Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-329068152-1957994488-839522115-500Core.job => C:\Documents and Settings\Administrator\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe

Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-329068152-1957994488-839522115-500UA.job => C:\Documents and Settings\Administrator\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-1957994488-839522115-500Core.job => C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-1957994488-839522115-500UA.job => C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-07-06 08:19 - 2014-06-27 11:53 - 00065696 _____ () C:\Program Files\iSafe\zlib1.dll

2014-07-06 08:19 - 2014-06-27 11:52 - 00092320 _____ () C:\Program Files\iSafe\curlpp.dll

2014-07-06 08:19 - 2014-06-27 11:53 - 00162464 _____ () C:\Program Files\iSafe\isafeupbiz.dll

2014-07-06 08:19 - 2014-06-27 11:52 - 00427168 _____ () C:\Program Files\iSafe\ipcproxy.dll

2014-07-06 08:19 - 2014-06-03 05:50 - 00176976 _____ () C:\Program Files\iSafe\tws\unrar.dll

2014-07-06 08:19 - 2014-06-03 05:50 - 00068432 _____ () C:\Program Files\iSafe\tws\zlib1.dll

2014-07-06 08:19 - 2014-06-03 05:50 - 00087744 _____ () C:\Program Files\iSafe\tws\unacev2.dll

2011-03-05 22:02 - 2006-09-14 00:20 - 00126464 _____ () C:\Program Files\WinRAR\rarext.dll

2012-06-01 13:53 - 2006-06-09 16:48 - 00253952 ____N () C:\Program Files\Creative\Creative Live! Cam\VideoFX\EyeCatcherEx.dll

2014-07-06 00:16 - 2014-07-07 15:44 - 00327589 _____ () C:\WINDOWS\Temp\dgen.exe

2014-07-06 08:19 - 2014-06-27 11:51 - 02228896 _____ () C:\Program Files\iSafe\ipcdl.exe

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\WINDOWS:AstInfo

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:9810590D

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\14006199.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\14006199.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

==================== MSCONFIG/TASK MANAGER disabled items =========

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Ulead Photo Express 3.0 SE Calendar Checker.lnk => C:\WINDOWS\pss\Ulead Photo Express 3.0 SE Calendar Checker.lnkCommon Startup

MSCONFIG\startupreg: DivXUpdate => "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

MSCONFIG\startupreg: SpyHunter Security Suite => C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe

MSCONFIG\startupreg: Vidalia => "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe"

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:

==================

Error: (07/07/2014 09:45:01 AM) (Source: MsiInstaller) (EventID: 11317) (User: XXX)

Description: Product: ESET NOD32 Antivirus -- Error 1317. An error occurred while attempting to create the directory: C:\Program Files\ESET\ESET NOD32 Antivirus

Error: (07/07/2014 09:35:07 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: Hanging application firefox.exe, version 24.0.0.5001, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (07/06/2014 00:18:16 PM) (Source: MsiInstaller) (EventID: 1008) (User: XXX)

Description: The installation of C:\Documents and Settings\Administrator\Desktop\za !!!.....!!!\!!! OSNOVNI PROGRAMI (Jan 2013)\!!! Antiviruses & Other\NOD32 v4 (x32 & x64) + Fix\0\NOD32 v4\0\NOD32 v4 Antivirus - BAC\eav_nt32_4.0.424.msi is not permitted due to an error in software restriction policy processing. The object cannot be trusted.

Error: (07/06/2014 00:18:02 PM) (Source: MsiInstaller) (EventID: 1008) (User: XXX)

Error: (07/06/2014 11:42:07 AM) (Source: MsiInstaller) (EventID: 10005) (User: XXX)

Description: Product: ESET NOD32 Antivirus -- Error 5001. The computer has not been restarted after a program uninstallation. Please restart the computer and run the installer again.

Error: (07/06/2014 11:41:07 AM) (Source: MsiInstaller) (EventID: 11317) (User: XXX)

Description: Product: ESET NOD32 Antivirus -- Error 1317. An error occurred while attempting to create the directory: C:\Program Files\ESET\ESET NOD32 Antivirus

Error: (07/06/2014 10:59:58 AM) (Source: MsiInstaller) (EventID: 11920) (User: XXX)

Description: Product: ESET NOD32 Antivirus -- Error 1920. Service 'ESET Service' (ekrn) failed to start. Verify that you have sufficient privileges to start system services.

Error: (07/06/2014 10:23:18 AM) (Source: MsiInstaller) (EventID: 11317) (User: XXX)

Description: Product: ESET NOD32 Antivirus -- Error 1317. An error occurred while attempting to create the directory: C:\Program Files\ESET\ESET NOD32 Antivirus

Error: (07/06/2014 10:18:25 AM) (Source: MsiInstaller) (EventID: 10005) (User: XXX)

Description: Product: ESET NOD32 Antivirus -- Error 5001. The computer has not been restarted after a program uninstallation. Please restart the computer and run the installer again.

Error: (07/06/2014 10:17:18 AM) (Source: MsiInstaller) (EventID: 11317) (User: XXX)

Description: Product: ESET NOD32 Antivirus -- Error 1317. An error occurred while attempting to create the directory: C:\Program Files\ESET\ESET NOD32 Antivirus

System errors:

=============

Error: (07/07/2014 03:44:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Protect Monitor service failed to start due to the following error:

%%1053

Error: (07/07/2014 03:44:45 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: Timeout (30000 milliseconds) waiting for the Protect Monitor service to connect.

Error: (07/07/2014 03:44:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The avast! Antivirus service failed to start due to the following error:

%%2

Error: (07/07/2014 09:42:35 AM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The Yahoo! Updater service terminated unexpectedly. It has done this 1 time(s).

Error: (07/07/2014 09:42:20 AM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The NVIDIA Update Service Daemon service terminated unexpectedly. It has done this 1 time(s).

Error: (07/07/2014 09:30:01 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Protect Monitor service failed to start due to the following error:

%%1053

Error: (07/07/2014 09:30:01 AM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: Timeout (30000 milliseconds) waiting for the Protect Monitor service to connect.

Error: (07/07/2014 09:30:01 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The avast! Antivirus service failed to start due to the following error:

%%2

Error: (07/07/2014 07:01:48 AM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The NVIDIA Update Service Daemon service terminated unexpectedly. It has done this 1 time(s).

Error: (07/07/2014 07:01:00 AM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The Yahoo! Updater service terminated unexpectedly. It has done this 1 time(s).

Microsoft Office Sessions:

=========================

Error: (01/20/2013 00:41:52 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 0 seconds with 0 seconds of active time. This session ended with a crash.

Error: (01/20/2013 00:41:43 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Error: (01/20/2013 00:41:07 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1 seconds with 0 seconds of active time. This session ended with a crash.

Error: (01/20/2013 00:40:49 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Error: (01/20/2013 00:37:21 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Error: (01/20/2013 00:16:05 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Error: (01/20/2013 00:15:53 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Error: (01/19/2013 06:47:45 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

==================== Memory info ===========================

Percentage of memory in use: 17%

Total physical RAM: 3071.17 MB

Available physical RAM: 2533.8 MB

Total Pagefile: 7010.09 MB

Available Pagefile: 6668.46 MB

Total Virtual: 2047.88 MB

Available Virtual: 1927.27 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:368.1 GB) (Free:19.23 GB) NTFS ==>[Drive with boot components (Windows XP)]

Drive d: () (Fixed) (Total:97.65 GB) (Free:2.77 GB) NTFS

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows XP) (Size: 466 GB) (Disk ID: 97BE5B6A)

Partition 1: (Active) - (Size=368 GB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=98 GB) - (Type=OF Extended)

==================== End Of Log ============================

Edited by bacman, 08 July 2014 - 03:40 AM.

#6 ----------------

SuperMember

Authentic Member
1,095 posts

Posted 07 July 2014 - 08:02 AM

Yes, please scan without the virus definitions

Proud Member of UNITE & TB

#7 bacman

New Member

Authentic Member
7 posts

Posted 07 July 2014 - 08:14 AM

I EDITED This post ...

I ADDed two(2) LOGS from "FRST" (Logs are added one POST before this post / UP)

And LOG from "aswMBR" (2nd post/down from this post)!

Edited by bacman, 08 July 2014 - 08:45 AM.

#8 bacman

New Member

Authentic Member
7 posts

Posted 07 July 2014 - 08:29 AM

WRONG POST

Edited by bacman, 08 July 2014 - 08:44 AM.

#9 bacman

New Member

Authentic Member
7 posts

Posted 08 July 2014 - 02:04 AM

I make a SCAN"Quick" complete ("aswMBR").

HERE is the LOG from "aswMBR":

Run date: 2014-07-08 09:51:44

-----------------------------

09:51:44.765 OS Version: Windows 5.1.2600 Service Pack 2

09:51:44.765 Number of processors: 2 586 0x170A

09:51:44.765 ComputerName: XXX UserName:

09:51:47.156 Initialize success

09:51:47.250 VM: driver load error: 2

09:51:48.093 AVAST engine defs: 10071200

09:52:23.968 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-5

09:52:23.968 Disk 0 Vendor: Hitachi_HDS721050CLA362 JP2OA3MA Size: 476940MB BusType: 3

09:52:23.984 Disk 0 MBR read successfully

09:52:23.984 Disk 0 MBR scan

09:52:24.265 Disk 0 Windows XP default MBR code

09:52:24.281 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 376931 MB offset 63

09:52:24.312 Disk 0 default boot code

09:52:24.468 Disk 0 Partition - 00 0F Extended LBA 99998 MB offset 771955380

09:52:24.500 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 99998 MB offset 771955443

09:52:24.515 Disk 0 scanning sectors +976752000

09:52:24.828 Disk 0 scanning C:\WINDOWS\system32\drivers

09:52:38.437 Service scanning

09:52:58.171 Modules scanning

09:53:06.687 Disk 0 trace - called modules:

09:53:06.703 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8abc41f8]<<

09:53:06.703 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ab1dab8]

09:53:06.703 3 CLASSPNP.SYS[f7637fcf] -> nt!IofCallDriver -> \Device\0000007d[0x8ab10f18]

09:53:06.703 5 ACPI.sys[f7497620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-5[0x8ab0fd98]

09:53:06.703 \Driver\atapi[0x8ac18430] -> IRP_MJ_CREATE -> 0x8abc41f8

09:53:08.250 AVAST engine scan C:\WINDOWS

09:53:16.093 AVAST engine scan C:\WINDOWS\system32

09:56:05.765 AVAST engine scan C:\WINDOWS\system32\drivers

09:56:40.375 AVAST engine scan C:\Documents and Settings\Administrator

11:30:40.390 File: C:\Documents and Settings\Administrator\Desktop\STARI RABOTI\!!! xakkkkkkkkkk\!!!!! PHISHING - FULL !!!!!!\!! BAC Phish PROJECT 2009\RAZNO ALATKI\Convert .exe vo .jpg\Exe2any - pcmaster.ir.exe **INFECTED** Win32:Malware-gen

13:13:04.250 File: C:\Documents and Settings\Administrator\Desktop\Za INSTALL\!!!! Adobe CS4 Illustrator\Keygen\Keygen.exe **INFECTED** Win32:Malware-gen

15:51:10.375 AVAST engine scan C:\Documents and Settings\All Users

15:55:52.187 Scan finished successfully

16:34:13.343 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\MBR.dat"

16:34:13.359 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\aswMBR.txt"

Edited by bacman, 08 July 2014 - 08:38 AM.

#10 ----------------

SuperMember

Authentic Member
1,095 posts

Posted 08 July 2014 - 10:23 AM

Your logs show obvious signs of having cracked software on your system. This is the main reason your computer is infected. Visiting cracksites/warezsites - and other questionable/illegal sites is always a risk.

Even a single click on the site can drop multiple forms of very serious malware, many of which disable your onboard protection, and System Restore.

If you install the cracked software, you are running executable files from these dubious, unknown sources. You are in effect giving these sources access to information on your hard disk, and potential control over the operation of your computer.

Additionally, cracked programs are illegal. Referring to the Forum Rules which you should have read at the time of Registering at this forum, this forum does not support illegal activity. As such, be advised that any request for assistance in removing malware may go unanswered, or may be discontinued, if the cracked (illegal) software is still present on the machine

Having said that we can help you clean your machine this time BUT this would be a ONCE ONLY offer on the understanding that all cracks are removed. This would apply not only here but at many other Malware Support forums if you were to appear again with cracks onboard, as many of us analysts work at multiple support sites. Please remove all cracked software and illegally obtained copyrighted material you have on the system so we may continue with the clean up.

Proud Member of UNITE & TB

#11 bacman

New Member

Authentic Member
7 posts

Posted 09 July 2014 - 12:43 AM

NO, my computer was ok with those CRACKED SOFTWARE because i work on it with my company almost 4 years.. and before 4 days i DOWNLOAD INFECTED FILE & I EXPLAIN YOU in my FIRST POST? Are you READ ALL POST ? and problem come after that file!?

..Please Understand my point of view and HELP ME... In my country Rep. of MACEDONIA when you BUY PC, they give you some WINDOWS ORIGINAL LICENSE for 1 year, and WARRANTY 1 YEAR, after that when you FORMAT your PC they ADD you PIRATED VERSION of Windows but i tell to THEM to add me LICENSED, and now my WINDOWS is Licensed but some software isnt.

WHAT CAN I DO ABOUT IT.. Next time i will buy only SOFTWARE that i need LEGALLY, but please help me to RUN MY PC again and do my job ..please help me to remove the trojan... !!??????? tell me ? pls ? i have work in my company i have 27 years old.. 2 kids please make my pc work and to continue my job... PLS because i will format but i have many installed files and other integrated files & must work just only 3 months before winter, than i will FORMAT and BUY only SOFTWARES that i use... ?pls?

Edited by bacman, 09 July 2014 - 12:47 AM.

#12 ----------------

SuperMember

Authentic Member
1,095 posts

Posted 09 July 2014 - 03:06 PM

Due to the fact you reject our instructions to remove the pirated software, this topic is closed now.

Proud Member of UNITE & TB

Body Background

skin color theme

Virus/Trojan - Can't install Antivirus or open Text document.. jus

#1 bacman

Advertisements

Register to Remove

#2 ----------------

#3 bacman

#4 ----------------

#5 bacman

#6 ----------------

#7 bacman

#8 bacman

#9 bacman

#10 ----------------

#11 bacman

#12 ----------------

Related Topics

0 user(s) are reading this topic

About What the Tech

Follow Us

Body Background

skin color theme

Virus/Trojan - Can't install Antivirus or open Text document.. jus

#1 bacman

Advertisements Register to Remove

#2 ----------------

#3 bacman

#4 ----------------

#5 bacman

#6 ----------------

#7 bacman

#8 bacman

#9 bacman

#10 ----------------

#11 bacman

#12 ----------------

Related Topics

0 user(s) are reading this topic

About What the Tech

Follow Us

Sign In

Advertisements

Register to Remove