Jump to content

Build Theme!
  •  
  • Infected?

big grin WE'RE SURE THAT YOU'LL LOVE US!

We invite you to ask questions, share experiences, and learn. It's 100% free. Did we mention that it's free. It is. It's free. Join 91517 other members! Anybody can ask, anybody can answer. Consistently helpful members with best answers are invited to staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Virus/Trojan - Can't install Antivirus or open Text document.. jus


  • This topic is locked This topic is locked
11 replies to this topic

#1 bacman

bacman

    New Member

  • Authentic Member
  • Pip
  • 7 posts

Posted 06 July 2014 - 11:46 PM

Hi,

Before 2 days i installed suspicius software(.exe + .dll) from some link.

And before the download & the installation i must Disable the Anti-virus because AV show some "THREAT" but some guy tell me that "threat" is FALSE POSITIVE, (but those was a hacker, he trick me), and i disable it!

And when i install that SOFT(.EXE) and second FILE (.EXE -to install missing .DLL) , suddenly PC Restarted !!!

And after Restart, when Windows Run it Not start-up with Anti-Virus, and

i see that's something wrong & i go to program files and want to start AV Manually but it Not gave me the "Access the folder ESET"(NOD32), after that  i go to "Add Remove Programs" and see that NOD32 IS NOT Uninstalled ...

After that i UNINSTAL the ESET-Nod32 ( I DID IT BECAUSE I WANT TO REINSTALL and FIX the PROBLEM)...

Then,

i go to TASK MENAGER & noticed that my CPU was 100%(constantly) with NO PROGRAM RUNNING.. than i Disconnect the Internet and CPU came to 0%, but when i connect again , again CPU come to 100%.

The other things i noticed was when i want to install again Eset-Nod32-AV (i have the soft. setup in my  soft. collection folder) it tells me that: "I HAVEN'T SOME PRIVILEGES". After that i download setup(Nod32-AV) from internet & same again ... Than i noticed that i cant install Software"i HAVENT SOME PRIVILEGES"... Than i search on internet some online scanners, and can't install it, then i open TaskManager and i find strange 2 files:"IsYKPdaSMMg.exe"(in Administrator) and "Regsvcs.exe"(in Administrator).

When i close "Regsvcs.exe" & he start again & again & again & -||-, and i can't close it.. 

Than i want to close the other suspicius file "IsYKPdaSMMg.exe" and when i close (end Process) it came BLUE SCREEN WITH WHITE CHARACTERS NUMBERS.. Than i Reset (from button), and the PC start normally, but same things, same files...

The those 2 files didnt give me to close them, and i do again same steps to CLOSE THEM, and no progress! After some time after some Resets(from button) i realised that i CAN'T : TURN OFF, RESTART, SWITCH USERS,.... NOTHING, because when i click some of those BLUE SCREEN came up & i can just RESET from Button....

And then i search on internet & found "RogueKiller.exe" and MAGICLY he start without problems LOL...

And i start SCAN & found many "BAD" things in Registry and in other places, and find just one .exe suspicius  "dgen.exe".

I Don't remember what i click on that RogueKiller software, but Magicly PC RESTARTed after SCAN. After Restart, the two files "Regsvcs.exe" and  "IsYKPdaSMMg.exe" is no more there, but dgen.exe was there and again my CPU was 100% and i have "NO Privileges" and it was some release for me because i now can TURN OFF , RESTART and Swich users, but other things left same, 1. Still "no privileges", 2. Cant install softs, But NOW CAN OPEN AND SAVE TEXT DOCs, i now can send you logs  from RogueKiller(i EDIT This POST & ADDED the REPORT from RogueKiller).. But forgot to tell that i discover that i CAN MANUALLY CLOSE "dgen.exe" FILE, and my CPU go to 0%... That is good & can make TEXT Documents and Save (GREAT), but still no privileges, still cant install nothing...   Everytime when i TURN ON the PC or Restart, i must Manually CLOSE "dgen.exe" from TaskMenager... 

PLEASE HELP ME TO GET BACK MY PC IN MY HANDS(Privileges to install everything), to install ESET NOD32 again, to clean that dgen.exe file and every suspicius files, and be like before..? will be my life saver and i

I will DONATE to you & your web too(to be fair)...

Please HELP ME? 

 

- HERE ARE THE LOGs (from RogueKiller):

 

RogueKiller V9.1.0.0 [Jun 23 2014] by Adlice Software
 
Operating System : Windows XP (5.1.2600 Service Pack 2) 32 bits version
Started in : Normal mode
User : Administrator [Admin rights]
Mode : Scan -- Date : 07/07/2014  09:35:38
 
¤¤¤ Bad processes : 1 ¤¤¤
[Suspicious.Path] dgen.exe -- C:\WINDOWS\Temp\dgen.exe[-] -> KILLED [TermProc]
 
¤¤¤ Registry Entries : 16 ¤¤¤
[Suspicious.Path] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | BigDog305 : C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)  -> FOUND
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\PBDOWNFORCE_SERVICE -> FOUND
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\vtany -> FOUND
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\xhunter1 -> FOUND
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PBDOWNFORCE_SERVICE -> FOUND
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vtany -> FOUND
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xhunter1 -> FOUND
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PBDOWNFORCE_SERVICE -> FOUND
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\vtany -> FOUND
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\xhunter1 -> FOUND
[PUM.Proxy] HKEY_USERS\S-1-5-21-329068152-1957994488-839522115-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=;ftp=;https=;  -> FOUND
[PUM.Policies] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0  -> FOUND
[PUM.Policies] HKEY_USERS\S-1-5-21-329068152-1957994488-839522115-500\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0  -> FOUND
[PUM.SysRestore] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\SystemRestore | DisableSR : 1  -> FOUND
[PUM.SecurityCenter] HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center | UpdatesDisableNotify : 1  -> FOUND
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ HOSTS File : 1 ¤¤¤
[C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1 gsin256345.elasticbeanstalk.com
 
¤¤¤ Antirootkit : 2 ¤¤¤
[SSDT:Inl] NtRequestPort[199] : Unknown @ 0xb84aa480
[SSDT:Inl] NtRequestWaitReplyPort[200] : Unknown @ 0xb84aa520
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Hitachi HDS721050CLA362 +++++
--- User ---
[MBR] 56ba1b66eaf4677568165da57d40f758
[BSP] b7cb42b22dc882131a6a6f85b63be1e5 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 376931 MB
1 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 771955380 | Size: 99998 MB
User = LL1 ... OK
User = LL2 ... OK
 
 
============================================
RKreport_DEL_07062014_083710.log - RKreport_SCN_07062014_082547.log - RKreport_SCN_07072014_071646.log

Edited by bacman, 08 July 2014 - 03:28 AM.

    Advertisements

Register to Remove


#2 ----------------

----------------

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 1,095 posts

Posted 07 July 2014 - 03:42 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 
 
 
 
 
HijackThis is not the preferred initial scanning tool in this forum. With today's malware, a more comprehensive set of logs is required to determine the presence of malware.
 
 
 
 
Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)
 
  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.

 
 
 
 
 Scan with aswMBR

Please download aswMBR ( 4.5MB ) to your desktop.
  • Double click the aswMBR.exe icon, and click Run.
  • There will be a short delay before the next dialog box comes up. Please just wait a minute or two.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Typically this is about a 100MB download so depending on your connection speed it can take a short while to download and become ready.
  • Click the Scan button to start the scan once the update has finished downloading
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.

Note: There will also be a file on your desktop named MBR.dat do not delete this for now. It is an actual backup of the MBR (master boot record).


Proud Member of UNITE & TB
 

#3 bacman

bacman

    New Member

  • Authentic Member
  • Pip
  • 7 posts

Posted 07 July 2014 - 07:00 AM

At first i forgot to ask, IF I DO THIS STEPS Does has a chance to LOOSE MY DATA... Now i can SAFE my data have to BURN DVDs 20 cds to burn to save my data.. but if its no chance to loose my files than to begin withSTEPS ?



#4 ----------------

----------------

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 1,095 posts

Posted 07 July 2014 - 07:02 AM

Running my scans will not harm your data.


Proud Member of UNITE & TB
 

#5 bacman

bacman

    New Member

  • Authentic Member
  • Pip
  • 7 posts

Posted 07 July 2014 - 07:54 AM

FRST:  I Finished with SCAN ! 

I just did the SCAN like you tell me.. I Dont Click FIX button,  just SCAN...

 

HERE ARE THE 2 LOGs (from FRST) "Frst.txt & Addition.txt":

FRST.txt:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:05-07-2014 01

Ran by Administrator (administrator) on XXX on 07-07-2014 15:46:21
Running from C:\Documents and Settings\Administrator\Desktop
Platform: Microsoft Windows XP Professional Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 7
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Elex do Brasil Participações Ltda) C:\Program Files\iSafe\iSafeSvc.exe
(Elex do Brasil Participações Ltda) C:\Program Files\iSafe\iSafeSvc2.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(VIA Technologies, Inc.) C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Applian Technologies, Inc.) C:\Program Files\Freecorder\FLVSrvc.exe
(Creative Technology Ltd.) C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Nalpeiron Ltd.) C:\WINDOWS\system32\ASTSRV.EXE
(Apple Computer, Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(FileZilla Project) C:\Program Files\FileZilla Server\FileZilla server.exe
(ClanServers Hosting LLC) D:\Igri\GameTracker\GSInGameService.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe
(Nero AG) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Skype Technologies S.A.) C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corporation) C:\WINDOWS\system32\taskmgr.exe
() C:\WINDOWS\Temp\dgen.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
() C:\Program Files\iSafe\ipcdl.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [NvCplDaemon] => C:\WINDOWS\system32\NvCpl.dll [16744256 2011-10-08] (NVIDIA Corporation)
HKLM\...\Run: [TNOD UP] => "C:\Program Files\TNod User & Password Finder\TNODUP.exe" /i
HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [153136 2007-03-01] (Nero AG)
HKLM\...\Run: [NBKeyScan] => C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [1836328 2007-09-20] (Nero AG)
HKLM\...\Run: [HDAudDeck] => C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe [33714176 2010-01-18] (VIA Technologies, Inc.)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM\...\Run: [Freecorder FLV Service] => C:\Program Files\Freecorder\FLVSrvc.exe [167936 2010-06-26] (Applian Technologies, Inc.)
HKLM\...\Run: [facemoods] => "C:\Program Files\facemoods.com\facemoods\1.4.17.7\facemoodssrv.exe" /md I
HKLM\...\Run: [KeyScrambler] => C:\Program Files\KeyScrambler\keyscrambler.exe /a
HKLM\...\Run: [BigDog305] => C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
HKLM\...\Run: [LogitechQuickCamRibbon] => "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
HKLM\...\Run: [AVFX Engine] => C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe [24576 2006-06-09] (Creative Technology Ltd.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [NvMediaCenter] => C:\WINDOWS\system32\NvMCTray.dll [203072 2011-10-08] (NVIDIA Corporation)
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [1632360 2011-10-08] ()
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [0 ] (ESET)
HKLM\...\Run: [avast5] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [2837864 2010-06-28] (AVAST Software)
HKU\.DEFAULT\...\RunOnce: [ShowDeskFix] - regsvr32 /s /n /i:u shell32
HKU\S-1-5-19\...\RunOnce: [ShowDeskFix] - regsvr32 /s /n /i:u shell32
HKU\S-1-5-20\...\RunOnce: [ShowDeskFix] - regsvr32 /s /n /i:u shell32
HKU\S-1-5-21-329068152-1957994488-839522115-1003\...\RunOnce: [ShowDeskFix] - regsvr32 /s /n /i:u shell32
HKU\S-1-5-21-329068152-1957994488-839522115-1003\...\RunOnce: [IE7-10] - rundll32 advpack.dll,LaunchINFSectionEx NR_IE7en.inf,AfterUserStart,,4,N
HKU\S-1-5-21-329068152-1957994488-839522115-500\...\Policies\system: [EnableLUA] 0
HKU\S-1-5-21-329068152-1957994488-839522115-500\...\Policies\Explorer: [NoFolderOptions] 1
HKU\S-1-5-21-329068152-1957994488-839522115-500\...\MountPoints2: {42a7ce7f-a7f1-11e1-844f-4487fcefd61f} - F:\setup.exe
HKU\S-1-5-21-329068152-1957994488-839522115-500\...\MountPoints2: {af5a2ccd-6be6-11e0-8176-4487fcefd61f} - G:\setup.exe
HKU\S-1-5-21-329068152-1957994488-839522115-500\...\Winlogon: [Shell] explorer.exe,"C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe" <==== ATTENTION 
IFEO\AvastSvc.exe: [Debugger] nqij.exe
IFEO\AvastUI.exe: [Debugger] nqij.exe
IFEO\avcenter.exe: [Debugger] nqij.exe
IFEO\avconfig.exe: [Debugger] nqij.exe
IFEO\avgcsrvx.exe: [Debugger] nqij.exe
IFEO\avgidsagent.exe: [Debugger] nqij.exe
IFEO\avgnt.exe: [Debugger] nqij.exe
IFEO\avgrsx.exe: [Debugger] nqij.exe
IFEO\avguard.exe: [Debugger] nqij.exe
IFEO\avgui.exe: [Debugger] nqij.exe
IFEO\avgwdsvc.exe: [Debugger] nqij.exe
IFEO\avp.exe: [Debugger] nqij.exe
IFEO\avscan.exe: [Debugger] nqij.exe
IFEO\bdagent.exe: [Debugger] nqij.exe
IFEO\blindman.exe: [Debugger] nqij.exe
IFEO\ccuac.exe: [Debugger] nqij.exe
IFEO\ComboFix.exe: [Debugger] nqij.exe
IFEO\egui.exe: [Debugger] nqij.exe
IFEO\ekrn.exe: [Debugger] nqij.exe
IFEO\hijackthis.exe: [Debugger] nqij.exe
IFEO\instup.exe: [Debugger] nqij.exe
IFEO\keyscrambler.exe: [Debugger] nqij.exe
IFEO\mbam.exe: [Debugger] nqij.exe
IFEO\mbamgui.exe: [Debugger] nqij.exe
IFEO\mbampt.exe: [Debugger] nqij.exe
IFEO\mbamscheduler.exe: [Debugger] nqij.exe
IFEO\mbamservice.exe: [Debugger] nqij.exe
IFEO\MpCmdRun.exe: [Debugger] nqij.exe
IFEO\MSASCui.exe: [Debugger] nqij.exe
IFEO\MsMpEng.exe: [Debugger] nqij.exe
IFEO\msseces.exe: [Debugger] nqij.exe
IFEO\rstrui.exe: [Debugger] nqij.exe
IFEO\SDFiles.exe: [Debugger] nqij.exe
IFEO\SDMain.exe: [Debugger] nqij.exe
IFEO\SDWinSec.exe: [Debugger] nqij.exe
IFEO\spybotsd.exe: [Debugger] nqij.exe
IFEO\wireshark.exe: [Debugger] nqij.exe
IFEO\zlclient.exe: [Debugger] nqij.exe
Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
ShortcutTarget: ERUNT AutoBackup.lnk -> C:\Program Files\ERUNT\AUTOBACK.EXE ()
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
ShortcutTarget: Adobe Reader Speed Launch.lnk -> C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-A70001000000}\SC_Reader.exe ()
 
==================== Internet (Whitelisted) ====================
 
ProxyServer: http=;ftp=;https=;
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search.as...o=102869&gct=hp
HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www.claro-sea...00074ea3ace0ee7
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://searchab.com/...70-74ea3ace0ee7
SearchScopes: HKLM - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = ${SEARCH_URL}{searchTerms}
SearchScopes: HKCU - DefaultScope {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://websearch.ask...B0-F7684CF6C545
SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - {0D7562AE-8EF6-416d-A838-AB665251703A} URL = http://start.facemoo...earchTerms}&f=4
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://searchab.com/...q={searchTerms}
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://websearch.ask...B0-F7684CF6C545
SearchScopes: HKCU - {C306FB0A-403F-44FA-B36E-DDA64DA7432A} URL = http://www.claro-sea...00074ea3ace0ee7
BHO: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.co...iaSmartScan.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} https://battlefield....er_1.0.96.0.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [94208] (Apple Computer, Inc.)
Hosts: 127.0.0.1 gsin256345.elasticbeanstalk.com
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
 
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\fj5zir92.default
FF DefaultSearchEngine: Ask.com
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Ask.com
FF Plugin: @3gstudios.com/webmediaclient,version=1.0 - C:\Program Files\3G Studios\Web Media Client\npWebMediaClient.dll No File
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin: @bittorrent.com/BitTorrentDNA - C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @idsoftware.com/QuakeLive - C:\Documents and Settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @virtools.com/3DviaPlayer - C:\Program Files\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
FF Plugin: @vizzed.com/VizzedRGR - C:\Program Files\Vizzed\Vizzed Retro Game Room\NpVizzedRgr.dll (Vizzed.com)
FF Plugin HKCU: @coreonline.com/run3d,version=1.0 - C:\Documents and Settings\Administrator\Local Settings\Application Data\Square Enix\nprun3d.dll (Square Enix)
FF Plugin HKCU: @eximion.com/KalydoPlayer - C:\Documents and Settings\Administrator\Application Data\Kalydo\KalydoPlayer\bin2\npkalydo.dll (Eximion B.V.)
FF Plugin HKCU: @gnometech.com/ZworldoWebPlugin12 - C:\Documents and Settings\Administrator\Local Settings\Application Data\Zworldo\player\NP Zworldo Plugin12.dll (Gnometech Inc)
FF Plugin HKCU: @powerchallenge.com/PowerLoader - C:\DOCUME~1\ADMINI~1\APPLIC~1\POWERC~1\nppowerloader.dll (Power Challenge Sweden AB)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Documents and Settings\Administrator\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @TrianglePlayer - C:\Documents and Settings\Administrator\Application Data\TrianglePlayer\NPTrianglePlayer.dll ()
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Documents and Settings\Administrator\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\fj5zir92.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\fj5zir92.default\searchplugins\duckduckgo.xml
FF SearchPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\fj5zir92.default\searchplugins\Searchab.xml
FF SearchPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\fj5zir92.default\searchplugins\softonic.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\babylon.xml
FF Extension: Battlefield Play4Free - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\fj5zir92.default\Extensions\battlefieldplay4free@ea.com [2014-02-05]
FF Extension: arcadeox - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\fj5zir92.default\Extensions\nparcadeox@nparcadeox.com [2013-12-01]
FF Extension: Super Hide IP - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\fj5zir92.default\Extensions\support@super-hide-ip.com [2011-08-29]
FF Extension: Tilt - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\fj5zir92.default\Extensions\tilt@mozilla.com [2012-06-17]
FF Extension: Freecorder  - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\fj5zir92.default\Extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612} [2014-07-05]
FF Extension: Live HTTP Headers - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\fj5zir92.default\Extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} [2014-03-27]
FF Extension: flashget3 Extension - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\fj5zir92.default\Extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A} [2011-12-01]
FF Extension: Edit Cookies - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\fj5zir92.default\Extensions\{ea2b95c2-9be8-48ed-bdd1-5fcd2ad0ff99} [2011-05-14]
FF Extension: anonymoX - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\fj5zir92.default\Extensions\client@anonymox.net.xpi [2012-09-08]
FF Extension: Cookie Exporter - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\fj5zir92.default\Extensions\cookieexporter@krk.xpi [2012-12-24]
FF Extension: Cookie Importer - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\fj5zir92.default\Extensions\cookieimporter@krk.xpi [2012-12-24]
FF Extension: Ghostery - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\fj5zir92.default\Extensions\firefox@ghostery.com.xpi [2013-10-10]
FF Extension: Session Manager - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\fj5zir92.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2013-10-12]
FF Extension: FlashGot - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\fj5zir92.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2014-06-28]
FF Extension: Tamper Data - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\fj5zir92.default\Extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}.xpi [2013-02-11]
FF Extension: Facebook Downloader Videos - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\fj5zir92.default\Extensions\{a3a5c777-f583-4fef-9380-ab4add1bc2e8}.xpi [2014-04-26]
FF Extension: Download YouTube Videos as MP4 - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\fj5zir92.default\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2014-03-01]
FF Extension: Fast Video Download - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\fj5zir92.default\Extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}.xpi [2012-06-28]
FF Extension: Greasemonkey - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\fj5zir92.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2014-02-13]
FF Extension: User Agent Switcher - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\fj5zir92.default\Extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi [2012-11-11]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2011-11-14]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2011-05-03]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-06-10]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-03-05]
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2012-04-18]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF HKCU\...\Firefox\Extensions: [{58bd07eb-0ee0-4df0-8121-dc9b693373df}] - C:\Documents and Settings\All Users\Application Data\Browser Manager\2.5.976.107\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension
FF Extension: Browser Manager - C:\Documents and Settings\All Users\Application Data\Browser Manager\2.5.976.107\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension [2012-12-07]
 
Chrome: 
=======
CHR HomePage: hxxp://www.search.ask.com/?l=dis&o=102869cr&gct=hp
CHR StartupUrls: "hxxp://www.google.com/"
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\34.0.1847.131\pdf.dll No File
CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\34.0.1847.131\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Skype Toolbars) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 6 U31) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Power Challenge Loader) - C:\DOCUME~1\ADMINI~1\APPLIC~1\POWERC~1\nppowerloader.dll (Power Challenge Sweden AB)
CHR Plugin: (Google Update) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Unity Player) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (QUAKE LIVE) - C:\Documents and Settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
CHR Plugin: (DNA Plug-in) - C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Pando Web Plugin) - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll No File
CHR Extension: (YouTube) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-17]
CHR Extension: (Google Search) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-17]
CHR Extension: (Arcane Legends) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ibmlkgieigeddcedpbijnpojheoddido [2013-08-05]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-07]
CHR Extension: (Gmail) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-17]
CHR HKLM\...\Chrome\Extension: [egnimkioipookhfihpljiedpgjffibpa] - C:\Program Files (x86)\MyBrowserCash\MBC_chrome.crx [2011-12-17]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-09-16]
CHR HKLM\...\Chrome\Extension: [mhgkogmomehdgfcheknganbgdaaoemop] - C:\Program Files\3G Studios\Web Media Client\WebMediaClient.crx [2013-09-16]
CHR HKLM\...\Chrome\Extension: [pgafcinpmmpklohkojmllohdhomoefph] - C:\Documents and Settings\All Users\Application Data\Browser Manager\2.5.976.107\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.crx [2012-12-07]
CHR StartMenuInternet: Google Chrome - c:\documents and settings\administrator\local settings\application data\google\chrome\application\chrome.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
========================== Services (Whitelisted) =================
 
R2 astcc; C:\WINDOWS\system32\astsrv.exe [57344 2007-02-16] (Nalpeiron Ltd.) [File not signed]
S2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [40384 2010-06-28] (AVAST Software)
S3 avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [40384 2010-06-28] (AVAST Software)
S3 avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [40384 2010-06-28] (AVAST Software)
R2 Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed]
S3 CGVPNCliSrvc; C:\Program Files\S.A.D\CyberGhost VPN\CGVPNCliService.exe [2421384 2011-03-22] (mobile concepts GmbH)
S3 EasyAntiCheat; C:\WINDOWS\system32\EasyAntiCheat.exe [93048 2014-02-28] (EasyAntiCheat Ltd)
R2 FileZilla Server; C:\Program Files\FileZilla Server\FileZilla Server.exe [742912 2010-10-17] (FileZilla Project) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2011-03-08] (Macrovision Europe Ltd.) [File not signed]
R2 GS In-Game Service; D:\Igri\GameTracker\GSInGameService.exe [1677096 2010-11-09] (ClanServers Hosting LLC)
R2 iSafeService; C:\Program Files\iSafe\iSafeSvc.exe [118048 2014-06-27] (Elex do Brasil Participações Ltda)
R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [153376 2012-04-18] (Sun Microsystems, Inc.)
S3 Macromedia Licensing Service; C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [69632 2011-04-09] (Macromedia) [File not signed]
S3 npggsvc; C:\WINDOWS\system32\GameMon.des [4726616 2012-01-03] (INCA Internet Co., Ltd.)
R2 nvUpdatusService; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2253120 2011-10-08] (NVIDIA Corporation)
S2 ProtectMonitor; C:\Program Files\PCDApp\StartHelp.exe [65846 2014-06-28] () [File not signed]
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [131272 2014-01-17] (Sandboxie Holdings, LLC)
R2 Skype C2C Service; C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3273088 2013-09-16] (Skype Technologies S.A.)
S3 TunngleService; C:\Program Files\Tunngle\TnglCtrl.exe [758224 2013-11-06] (Tunngle.net GmbH)
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]
 
==================== Drivers (Whitelisted) ====================
 
R1 Aavmker4; C:\WINDOWS\system32\Drivers\Aavmker4.sys [28880 2010-06-28] (ALWIL Software)
S3 AKSUP; C:\WINDOWS\System32\drivers\aksup.sys [32472 2004-11-30] (Aladdin Knowledge Systems, Ltd.)
R3 AR5416; C:\WINDOWS\System32\DRIVERS\athw.sys [1599136 2010-06-11] (Atheros Communications, Inc.)
R2 aswFsBlk; C:\WINDOWS\system32\Drivers\aswFsBlk.sys [17744 2010-06-28] (ALWIL Software)
R2 aswMon2; C:\WINDOWS\system32\Drivers\aswMon2.sys [100176 2010-06-28] (ALWIL Software)
S3 aswRdr; C:\WINDOWS\system32\Drivers\aswRdr.sys [23376 2010-06-28] (ALWIL Software)
R1 aswSP; C:\WINDOWS\system32\Drivers\aswSP.sys [165456 2010-06-28] (ALWIL Software)
R1 aswTdi; C:\WINDOWS\system32\Drivers\aswTdi.sys [46672 2010-06-28] (ALWIL Software)
R2 atksgt; C:\WINDOWS\System32\DRIVERS\atksgt.sys [281760 2014-02-22] ()
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2004-08-03] (Microsoft Corporation)
R1 iSafeKrnl; C:\Program Files\iSafe\iSafeKrnl.sys [213888 2014-06-27] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlKit; C:\Program Files\iSafe\iSafeKrnlKit.sys [64512 2014-06-27] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlR3; C:\Program Files\iSafe\iSafeKrnlR3.sys [36992 2014-06-27] (Elex do Brasil Participações Ltda)
R1 iSafeNetFilter; C:\Program Files\iSafe\iSafeNetFilter.sys [52056 2014-06-03] (Elex do Brasil Participações Ltda)
R3 KeyScrambler; C:\WINDOWS\System32\drivers\keyscrambler.sys [114952 2010-02-11] (QFX Software Corporation)
R2 lirsgt; C:\WINDOWS\System32\DRIVERS\lirsgt.sys [25888 2014-02-22] ()
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2004-08-03] (Microsoft Corporation)
R1 nethfdrv; C:\WINDOWS\system32\drivers\nethfdrv.sys [49152 2014-06-15] () [File not signed]
R2 NPF; C:\WINDOWS\System32\drivers\npf.sys [35088 2010-06-25] (CACE Technologies, Inc.)
R3 NVHDA; C:\WINDOWS\System32\drivers\nvhda32.sys [119656 2011-07-08] (NVIDIA Corporation)
S3 qcusbser; C:\WINDOWS\System32\DRIVERS\ZTEusbser.sys [99584 2007-03-08] (ZTE Incorporated)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [161888 2014-01-17] (Sandboxie Holdings, LLC)
R3 SCREAMINGBDRIVER; C:\WINDOWS\System32\drivers\ScreamingBAudio.sys [34896 2010-07-01] (Screaming Bee LLC)
R2 Secdrv; C:\WINDOWS\System32\DRIVERS\secdrv.sys [163644 2007-07-22] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed]
S3 SNCP106; C:\WINDOWS\System32\DRIVERS\sncp106.sys [243712 2002-12-27] ()
R0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [466008 2013-12-09] (Duplex Secure Ltd.)
R3 tap0901; C:\WINDOWS\System32\DRIVERS\tap0901.sys [25216 2010-02-25] (The OpenVPN Project) [File not signed]
R3 tap0901t; C:\WINDOWS\System32\DRIVERS\tap0901t.sys [27136 2009-09-16] (Tunngle.net) [File not signed]
R1 Tcpip; C:\WINDOWS\System32\DRIVERS\tcpip.sys [360704 2007-07-22] (Microsoft Corporation) [File not signed]
S3 teamviewervpn; C:\WINDOWS\System32\DRIVERS\teamviewervpn.sys [25088 2011-03-30] (TeamViewer GmbH)
R0 TPkd; C:\WINDOWS\system32\Drivers\TPkd.sys [90472 2009-05-21] (PACE Anti-Piracy, Inc.) [File not signed]
S3 V0090VID; C:\WINDOWS\System32\DRIVERS\V0090Vid.sys [138112 2005-04-14] (PixArt Imaging Inc.)
R3 VIAHdAudAddService; C:\WINDOWS\System32\drivers\viahduaa.sys [2106880 2010-01-11] (VIA Technologies, Inc.)
U3 arl343oy; C:\WINDOWS\system32\Drivers\arl343oy.sys [0 ] (Microsoft Corporation)
S3 EagleXNt; \??\C:\WINDOWS\system32\drivers\EagleXNt.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 GGSAFERDriver; \??\D:\Igri\Garena\safedrv.sys [X]
S4 IntelIde; No ImagePath
S3 iSafeKrnlBoot; \??\system32\DRIVERS\iSafeKrnlBoot.sys [X]
S3 PBDOWNFORCE_SERVICE; \??\C:\Documents and Settings\Administrator\Desktop\!!! UnBan for GAMES\1\PBDownforce.sys [X]
S3 PID_0928; system32\DRIVERS\LV561AV.SYS [X]
U5 Sdbus; C:\Windows\System32\Drivers\Sdbus.sys [78720 2007-07-22] (Microsoft Corporation)
S3 vtany; \??\C:\WINDOWS\vtany.sys [X]
S3 XDva386; \??\C:\WINDOWS\system32\XDva386.sys [X]
S3 xhunter1; \??\C:\WINDOWS\xhunter1.sys [X]
S3 ZSMC0305; System32\Drivers\usbVM305.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-07-07 15:44 - 2014-07-07 15:46 - 00035610 _____ () C:\Documents and Settings\Administrator\Desktop\FRST.txt
2014-07-07 15:43 - 2014-07-07 15:43 - 00000020 ___SH () C:\Documents and Settings\UpdatusUser\ntuser.ini
2014-07-07 15:43 - 2011-03-08 00:27 - 00000000 ____D () C:\Documents and Settings\UpdatusUser\Application Data\Macromedia
2014-07-07 15:43 - 2011-03-05 22:21 - 00000000 ____D () C:\Documents and Settings\UpdatusUser\Local Settings\Temp
2014-07-07 15:43 - 2011-03-05 21:33 - 00001599 _____ () C:\Documents and Settings\UpdatusUser\Start Menu\Programs\Remote Assistance.lnk
2014-07-07 15:43 - 2011-03-05 21:33 - 00000788 _____ () C:\Documents and Settings\UpdatusUser\Start Menu\Programs\Windows Media Player.lnk
2014-07-07 15:43 - 2011-03-05 21:33 - 00000000 ___RD () C:\Documents and Settings\UpdatusUser\Start Menu\Programs\Accessories
2014-07-07 15:39 - 2014-07-07 15:37 - 05185536 _____ (AVAST Software) C:\Documents and Settings\Administrator\Desktop\aswmbr.exe
2014-07-07 15:36 - 2014-07-07 15:46 - 00000000 ____D () C:\FRST
2014-07-07 15:36 - 2014-07-07 15:37 - 05185536 _____ (AVAST Software) C:\Documents and Settings\Administrator\My Documents\aswmbr.exe
2014-07-07 15:35 - 2014-07-07 15:34 - 01074688 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\FRST.exe
2014-07-07 15:34 - 2014-07-07 15:34 - 01074688 _____ (Farbar) C:\Documents and Settings\Administrator\My Documents\FRST.exe
2014-07-07 09:36 - 2014-07-07 09:36 - 00003315 _____ () C:\Documents and Settings\Administrator\Desktop\RKreport_SCN_07072014_093538.log
2014-07-07 07:04 - 2014-07-07 07:04 - 04721240 _____ () C:\Documents and Settings\Administrator\My Documents\RogueKiller-1.exe
2014-07-06 11:46 - 2014-07-06 11:46 - 00000000 ____D () C:\WINDOWS\CSC
2014-07-06 11:42 - 2014-07-06 11:42 - 00000000 ____D () C:\Program Files\Alwil Software
2014-07-06 11:42 - 2014-07-06 11:42 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
2014-07-06 11:42 - 2014-07-06 11:42 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Alwil Software
2014-07-06 11:42 - 2010-06-28 22:57 - 00165032 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2014-07-06 11:42 - 2010-06-28 22:57 - 00038848 _____ (ALWIL Software) C:\WINDOWS\avastSS.scr
2014-07-06 11:42 - 2010-06-28 22:37 - 00165456 _____ (ALWIL Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2014-07-06 11:42 - 2010-06-28 22:37 - 00046672 _____ (ALWIL Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2014-07-06 11:42 - 2010-06-28 22:33 - 00023376 _____ (ALWIL Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2014-07-06 11:42 - 2010-06-28 22:32 - 00100176 _____ (ALWIL Software) C:\WINDOWS\system32\Drivers\aswmon2.sys
2014-07-06 11:42 - 2010-06-28 22:32 - 00094544 _____ (ALWIL Software) C:\WINDOWS\system32\Drivers\aswmon.sys
2014-07-06 11:42 - 2010-06-28 22:32 - 00028880 _____ (ALWIL Software) C:\WINDOWS\system32\Drivers\aavmker4.sys
2014-07-06 11:42 - 2010-06-28 22:32 - 00017744 _____ (ALWIL Software) C:\WINDOWS\system32\Drivers\aswFsBlk.sys
2014-07-06 09:28 - 2014-07-06 11:07 - 00002711 _____ () C:\Documents and Settings\Administrator\My Documents\reset.cmd
2014-07-06 09:28 - 2014-07-06 09:28 - 00000004 _____ () C:\Documents and Settings\Administrator\reset.cmd
2014-07-06 09:26 - 2014-07-06 09:26 - 00000000 ____D () C:\Program Files\Windows Resource Kits
2014-07-06 09:23 - 2014-07-06 09:23 - 00379392 _____ () C:\Documents and Settings\Administrator\My Documents\subinacl.msi
2014-07-06 08:22 - 2014-07-07 09:31 - 00035152 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2014-07-06 08:22 - 2014-07-06 08:22 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RogueKiller
2014-07-06 08:19 - 2014-07-07 15:43 - 00000000 ____D () C:\Program Files\iSafe
2014-07-06 08:19 - 2014-07-06 08:20 - 00001455 _____ () C:\Documents and Settings\All Users\Start Menu\YAC.lnk
2014-07-06 08:19 - 2014-07-06 08:20 - 00001455 _____ () C:\Documents and Settings\All Users\Desktop\YAC.lnk
2014-07-06 08:19 - 2014-07-06 08:19 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\YAC
2014-07-06 08:19 - 2014-07-06 08:19 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\iSafe
2014-07-06 08:19 - 2014-06-27 11:54 - 00040064 _____ (Elex do Brasil Participações Ltda) C:\WINDOWS\system32\Drivers\iSafeKrnlBoot.sys
2014-07-06 08:10 - 2014-07-06 08:10 - 00000687 _____ () C:\awh17.tmp
2014-07-06 08:01 - 2014-07-06 08:01 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-07-06 07:56 - 2014-07-06 07:58 - 17292760 _____ (Malwarebytes Corporation ) C:\Documents and Settings\Administrator\My Documents\mbam-setup-2.0.2.1012.exe
2014-07-06 07:16 - 2014-07-06 07:16 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-07-06 07:14 - 2014-07-06 07:15 - 04181856 _____ (Kaspersky Lab ZAO) C:\Documents and Settings\Administrator\My Documents\tdsskiller.exe
2014-07-06 07:13 - 2014-07-06 07:13 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-07-06 07:12 - 2014-07-06 10:57 - 00000000 ____D () C:\WINDOWS\455F074C814E4520B69B5584BD90400C.TMP
2014-07-06 07:09 - 2014-07-06 07:09 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Documents and Settings\Administrator\My Documents\SpyHunter-Installer.exe
2014-07-06 00:46 - 2014-07-06 00:46 - 00000000 ____D () C:\Program Files\AVG
2014-07-06 00:39 - 2014-07-06 00:44 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData
2014-07-06 00:39 - 2014-07-06 00:39 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\MFAData
2014-07-06 00:39 - 2014-07-06 00:39 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Avg2014
2014-07-06 00:02 - 2014-07-06 08:41 - 00046252 _____ () C:\Documents and Settings\Administrator\Application Data\msconfig.ini
2014-07-06 00:01 - 2014-07-06 08:42 - 00000000 __SHD () C:\Documents and Settings\Administrator\odUhcnSV
2014-07-06 00:01 - 2014-07-06 08:39 - 00000000 __SHD () C:\WINDOWS\system32\Windows Services
2014-07-06 00:01 - 2014-07-06 00:01 - 00000000 ___SH () C:\Documents and Settings\Administrator\ytSuu.txt
2014-07-05 23:45 - 2014-07-07 15:44 - 00000000 ____D () C:\Program Files\PCDApp
2014-07-05 23:44 - 2014-07-05 23:44 - 00000687 _____ () C:\awh6409.tmp
2014-07-05 23:40 - 2014-07-06 10:54 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\21805
2014-07-05 17:59 - 2014-07-05 18:06 - 91909180 _____ () C:\Documents and Settings\Administrator\My Documents\Lana Del Rey - Shades Of Cool.mp4
2014-07-05 17:18 - 2014-07-06 09:25 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\for RUST
2014-07-05 16:27 - 2014-07-05 16:28 - 17334447 _____ () C:\Documents and Settings\Administrator\My Documents\9_11 Incontrovertible Proof the Government is Lying.mp4
2014-07-05 16:23 - 2014-07-05 16:23 - 05228610 _____ () C:\Documents and Settings\Administrator\My Documents\Donald Rumsfeld 2.3 Trillion Dollars Just Gone.mp4
2014-07-05 16:11 - 2014-07-05 16:13 - 46545635 _____ () C:\Documents and Settings\Administrator\My Documents\Piers Morgan Gets OWNED By Ben Shapiro.mp4
2014-07-05 16:09 - 2014-07-05 16:14 - 71570800 _____ () C:\Documents and Settings\Administrator\My Documents\Black Budget US govt clueless about missing Pentagon $trillions.mp4
2014-07-05 15:19 - 2014-07-05 15:22 - 41034332 _____ () C:\Documents and Settings\Administrator\My Documents\Truth in Media 100 Years of the Federal Reserve.mp4
2014-07-05 15:12 - 2014-07-05 15:31 - 273059935 _____ () C:\Documents and Settings\Administrator\My Documents\SANDY HOOK HOAX - GUN CONTROL AGENDA SCAM.mp4
2014-07-05 14:56 - 2014-07-05 15:00 - 44465919 _____ () C:\Documents and Settings\Administrator\My Documents\The Sandy Hook Actors PART 2.mp4
2014-07-05 14:51 - 2014-07-05 14:52 - 28565326 _____ () C:\Documents and Settings\Administrator\My Documents\Absolute Proof Sandy Hook was Staged.mp4
2014-07-05 14:33 - 2014-07-05 14:34 - 36725290 _____ () C:\Documents and Settings\Administrator\My Documents\The Sandy Hook Actors PART 1.mp4
2014-07-05 13:40 - 2014-07-05 13:40 - 03946207 _____ () C:\Documents and Settings\Administrator\My Documents\SANDY HOOK KID SPILLS THE BEANS.mp4
2014-07-05 12:56 - 2014-07-05 13:00 - 113756728 _____ () C:\Documents and Settings\Administrator\My Documents\REAL PROOF! SANDY HOOK SHOOTING WAS FAKE!!! TOTALLY STAGED!!!.mp4
2014-07-05 11:47 - 2014-07-05 11:47 - 00841485 _____ () C:\Documents and Settings\Administrator\My Documents\Gigantic_insect_lands_on_James_Rodriguez_shortly_after_scoring.mp4
2014-07-05 10:06 - 2014-07-05 10:11 - 78739206 _____ () C:\Documents and Settings\Administrator\My Documents\Living Without Laws Slab City, USA.mp4
2014-07-05 10:05 - 2014-07-05 10:16 - 177358501 _____ () C:\Documents and Settings\Administrator\My Documents\The Mexican Mormon War (Drug Cartels vs. Mormons Full Length).mp4
2014-07-05 10:03 - 2014-07-05 10:22 - 374896851 _____ () C:\Documents and Settings\Administrator\My Documents\This Is What Winning Looks Like (Full Length)(1).mp4
2014-07-04 09:24 - 2014-07-04 09:24 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\KONAMI
2014-07-04 09:11 - 2014-07-04 09:11 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\KONAMI
2014-07-04 09:09 - 2014-07-04 09:09 - 00000218 _____ () C:\Documents and Settings\Administrator\.recently-used.xbel
2014-07-03 07:30 - 2014-07-03 07:36 - 78869933 _____ () C:\Documents and Settings\Administrator\My Documents\ISON Coming in the clouds with great Glory!! A must see!.mp4
2014-07-03 06:53 - 2014-07-03 06:53 - 05164160 _____ () C:\Documents and Settings\Administrator\My Documents\The Carbonaro Effect - Amazing Self-Tying Shoelaces.mp4
2014-07-03 06:51 - 2014-07-03 06:52 - 04647326 _____ () C:\Documents and Settings\Administrator\My Documents\The Carbonaro Effect - How To Mail A Bowling Ball.mp4
2014-07-03 06:48 - 2014-07-03 06:49 - 29423359 _____ () C:\Documents and Settings\Administrator\My Documents\The carbonaro effect - BRIEFCASE PRANK.mp4
2014-07-03 06:43 - 2014-07-03 06:46 - 78361742 _____ () C:\Documents and Settings\Administrator\My Documents\Ghosts Caught In Lincoln Civil War Museum.mp4
2014-07-03 06:32 - 2014-07-03 06:37 - 126726417 _____ () C:\Documents and Settings\Administrator\My Documents\Satan's Hollow - The Tunnel To Hell.mp4
2014-07-03 05:44 - 2014-07-03 05:45 - 25325877 _____ () C:\Documents and Settings\Administrator\My Documents\Life is hard.mp4
2014-07-03 05:19 - 2014-07-03 05:20 - 10439202 _____ () C:\Documents and Settings\Administrator\My Documents\The Carbonaro Effect - Grown Ups Freak Out In A Toy Store.mp4
2014-07-03 03:36 - 2014-07-03 03:36 - 09283147 _____ () C:\Documents and Settings\Administrator\My Documents\The Carbonaro Effect - Family Pet Chiropractor.mp4
2014-07-03 02:18 - 2014-07-03 02:19 - 06208615 _____ () C:\Documents and Settings\Administrator\My Documents\Cross at the Destiny line in your hand is an indication of ultimate success.mp4
2014-07-03 01:51 - 2014-07-03 01:52 - 16420691 _____ () C:\Documents and Settings\Administrator\My Documents\Michael Jackson. Palmistry. Analysis of the hand.mp4
2014-07-03 01:41 - 2014-07-03 01:45 - 37331470 _____ () C:\Documents and Settings\Administrator\My Documents\WILL I HAVE MONEY - UNBELIEVABLE ANSWER 16 Q_A.mp4
2014-07-03 01:36 - 2014-07-03 01:37 - 18023383 _____ () C:\Documents and Settings\Administrator\My Documents\PARANORMAL WATCH DOGS - UNBELIEVABLE EVIDENCE - 20 Q_A.mp4
2014-07-03 01:19 - 2014-07-03 02:39 - 1081440121 _____ () C:\Documents and Settings\Administrator\My Documents\Восточные Сказки - RUSSIA The Rise and Fall of the Oligarchs.mp4
2014-07-03 01:08 - 2014-07-03 01:10 - 17118696 _____ () C:\Documents and Settings\Administrator\My Documents\5 Hidden Secrets in your Hands.mp4
2014-06-30 17:52 - 2014-06-30 17:54 - 14323565 _____ () C:\Documents and Settings\Administrator\My Documents\HOW TO Get your SteamID for Cracked RUST Servers __ XpliCitMods.mp4
2014-06-30 15:56 - 2014-06-30 16:42 - 00000000 __SHD () C:\WINDOWS\system32\MSDCSC
2014-06-30 09:16 - 2014-06-30 09:26 - 192128051 _____ () C:\Documents and Settings\Administrator\My Documents\Truffles The Most Expensive Food in the World.mp4
2014-06-29 11:15 - 2014-06-29 11:15 - 01195358 _____ () C:\Documents and Settings\Administrator\Desktop\Katy Perry COVER YT.psd
2014-06-29 09:05 - 2014-06-29 09:05 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-06-29 07:52 - 2014-06-29 07:52 - 10136013 _____ () C:\Documents and Settings\Administrator\My Documents\Evil SpongeBob Toy Prank!.mp4
2014-06-29 07:51 - 2014-06-29 07:53 - 18922925 _____ () C:\Documents and Settings\Administrator\My Documents\World's Best Stink Prank!.mp4
2014-06-28 08:37 - 2014-06-28 08:50 - 319799298 _____ () C:\Documents and Settings\Administrator\My Documents\Military Remote Viewing Psychic Training Course - FULL DVD ON YOUTUBE.mp4
2014-06-28 05:44 - 2014-06-28 05:52 - 136561443 _____ () C:\Documents and Settings\Administrator\My Documents\Ninjas  Secret History of the Ninja Uncovered (Full Documentary).mp4
2014-06-28 05:03 - 2014-06-28 05:08 - 86726440 _____ () C:\Documents and Settings\Administrator\My Documents\Pitbull ft. Jennifer Lopez - We Are One (Ole Ola) [2014 World Cup Song] PARODY.mp4
2014-06-28 04:52 - 2014-06-28 04:53 - 09334184 _____ () C:\Documents and Settings\Administrator\My Documents\MILEY CYRUS SELLS OUT TO ILLUMINATI.mp4
2014-06-28 04:09 - 2014-06-28 04:55 - 596133205 _____ () C:\Documents and Settings\Administrator\My Documents\Dagger - ArmA 3 SEALs Co-op Gameplay - OAW 3.mp4
2014-06-28 03:02 - 2014-06-28 03:04 - 41380441 _____ () C:\Documents and Settings\Administrator\My Documents\Ariana Grande - Problem ft. Iggy Azalea.mp4
2014-06-28 02:38 - 2014-06-28 02:43 - 57627331 _____ () C:\Documents and Settings\Administrator\My Documents\Wide Awake - Katy Perry (Lyrics) Official Video HD.mp4
2014-06-28 02:33 - 2014-06-28 02:35 - 39556009 _____ () C:\Documents and Settings\Administrator\My Documents\IS KATY OUT OF THE ILLUMINANTI WIDE AWAKE EXAMINED.mp4
2014-06-28 01:34 - 2014-06-28 01:34 - 13681250 _____ () C:\Documents and Settings\Administrator\My Documents\Time Travel Tunnel Discovered in China.mp4
2014-06-18 17:44 - 2014-06-18 17:46 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\4GB Patch 1.0.0.1 (Run 32Bit SOFTs, GAMEs & OTHER on 64bit OS)
2014-06-15 08:46 - 2014-06-15 08:46 - 00108544 _____ () C:\WINDOWS\system32\installd.exe
2014-06-15 08:46 - 2014-06-15 08:46 - 00049152 _____ () C:\WINDOWS\system32\Drivers\nethfdrv.sys
2014-06-15 08:45 - 2014-06-15 08:45 - 00246784 _____ () C:\WINDOWS\system32\hfpapi.dll
2014-06-15 08:45 - 2014-06-15 08:45 - 00108544 _____ () C:\WINDOWS\system32\hfnapi.dll
2014-06-14 19:12 - 2014-06-14 19:12 - 00000000 ____D () C:\Program Files\Realtek
2014-06-14 19:12 - 2010-07-27 07:54 - 01251944 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\RtlExUpd.dll
2014-06-12 12:06 - 2014-06-12 12:06 - 00000000 ____D () C:\Documents and Settings\Administrator\My Documents\CAPCOM
2014-06-12 11:03 - 2014-06-12 11:03 - 00000000 ____D () C:\WINDOWS\system32\xlive
2014-06-12 11:03 - 2014-06-12 11:03 - 00000000 ____D () C:\Program Files\Microsoft Games for Windows - LIVE
2014-06-12 11:03 - 2014-06-12 11:03 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Games for Windows - LIVE
2014-06-08 05:46 - 2014-06-08 05:46 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\Game DECOMPILERs (To Edit-MOD Games)
2014-06-07 12:49 - 2014-06-07 12:49 - 00000000 ____D () C:\WINDOWS\system32\QuickTime
2014-06-07 12:49 - 2014-06-07 12:49 - 00000000 ____D () C:\Program Files\Common Files\TechSmith Shared
2014-06-07 12:49 - 2014-06-07 12:49 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Camtasia Studio 7
2014-06-07 12:49 - 2014-06-07 12:49 - 00000000 ____D () C:\Documents and Settings\Administrator\My Documents\Camtasia Studio
2014-06-07 12:48 - 2014-06-07 12:49 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\TechSmith
2014-06-07 12:48 - 2014-06-07 12:48 - 00000000 ____D () C:\Program Files\TechSmith
 
==================== One Month Modified Files and Folders =======
 
2014-07-07 15:46 - 2014-07-07 15:44 - 00035610 _____ () C:\Documents and Settings\Administrator\Desktop\FRST.txt
2014-07-07 15:46 - 2014-07-07 15:36 - 00000000 ____D () C:\FRST
2014-07-07 15:46 - 2011-03-05 21:39 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Temp
2014-07-07 15:44 - 2014-07-05 23:45 - 00000000 ____D () C:\Program Files\PCDApp
2014-07-07 15:44 - 2011-03-05 22:20 - 01573984 _____ () C:\WINDOWS\setupapi.log
2014-07-07 15:43 - 2014-07-07 15:43 - 00000020 ___SH () C:\Documents and Settings\UpdatusUser\ntuser.ini
2014-07-07 15:43 - 2014-07-06 08:19 - 00000000 ____D () C:\Program Files\iSafe
2014-07-07 15:43 - 2011-03-21 16:35 - 00000000 ____D () C:\Documents and Settings\LocalService\Application Data\GameTracker
2014-07-07 15:43 - 2011-03-05 22:23 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-07-07 15:43 - 2011-03-05 22:23 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-07-07 15:43 - 2011-03-05 21:32 - 01711956 _____ () C:\WINDOWS\WindowsUpdate.log
2014-07-07 15:42 - 2011-03-05 21:39 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2014-07-07 15:41 - 2011-03-05 21:39 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-07-07 15:37 - 2014-07-07 15:39 - 05185536 _____ (AVAST Software) C:\Documents and Settings\Administrator\Desktop\aswmbr.exe
2014-07-07 15:37 - 2014-07-07 15:36 - 05185536 _____ (AVAST Software) C:\Documents and Settings\Administrator\My Documents\aswmbr.exe
2014-07-07 15:34 - 2014-07-07 15:35 - 01074688 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\FRST.exe
2014-07-07 15:34 - 2014-07-07 15:34 - 01074688 _____ (Farbar) C:\Documents and Settings\Administrator\My Documents\FRST.exe
2014-07-07 12:32 - 2011-03-05 22:01 - 00000132 _____ () C:\WINDOWS\winamp.ini
2014-07-07 09:36 - 2014-07-07 09:36 - 00003315 _____ () C:\Documents and Settings\Administrator\Desktop\RKreport_SCN_07072014_093538.log
2014-07-07 09:31 - 2014-07-06 08:22 - 00035152 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2014-07-07 07:04 - 2014-07-07 07:04 - 04721240 _____ () C:\Documents and Settings\Administrator\My Documents\RogueKiller-1.exe
2014-07-06 21:14 - 2011-03-05 22:20 - 02615472 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-07-06 11:46 - 2014-07-06 11:46 - 00000000 ____D () C:\WINDOWS\CSC
2014-07-06 11:42 - 2014-07-06 11:42 - 00000000 ____D () C:\Program Files\Alwil Software
2014-07-06 11:42 - 2014-07-06 11:42 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
2014-07-06 11:42 - 2014-07-06 11:42 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Alwil Software
2014-07-06 11:42 - 2011-03-05 21:33 - 00002626 _____ () C:\WINDOWS\system32\CONFIG.NT
2014-07-06 11:07 - 2014-07-06 09:28 - 00002711 _____ () C:\Documents and Settings\Administrator\My Documents\reset.cmd
2014-07-06 10:57 - 2014-07-06 07:12 - 00000000 ____D () C:\WINDOWS\455F074C814E4520B69B5584BD90400C.TMP
2014-07-06 10:54 - 2014-07-05 23:40 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\21805
2014-07-06 09:28 - 2014-07-06 09:28 - 00000004 _____ () C:\Documents and Settings\Administrator\reset.cmd
2014-07-06 09:26 - 2014-07-06 09:26 - 00000000 ____D () C:\Program Files\Windows Resource Kits
2014-07-06 09:25 - 2014-07-05 17:18 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\for RUST
2014-07-06 09:23 - 2014-07-06 09:23 - 00379392 _____ () C:\Documents and Settings\Administrator\My Documents\subinacl.msi
2014-07-06 09:13 - 2011-12-16 04:49 - 00000000 ____D () C:\WINDOWS\Minidump
2014-07-06 08:55 - 2011-03-05 22:19 - 00000211 ___SH () C:\boot.ini
2014-07-06 08:55 - 2001-08-23 16:00 - 00000856 _____ () C:\WINDOWS\win.ini
2014-07-06 08:55 - 2001-08-23 16:00 - 00000227 _____ () C:\WINDOWS\system.ini
2014-07-06 08:42 - 2014-07-06 00:01 - 00000000 __SHD () C:\Documents and Settings\Administrator\odUhcnSV
2014-07-06 08:41 - 2014-07-06 00:02 - 00046252 _____ () C:\Documents and Settings\Administrator\Application Data\msconfig.ini
2014-07-06 08:39 - 2014-07-06 00:01 - 00000000 __SHD () C:\WINDOWS\system32\Windows Services
2014-07-06 08:22 - 2014-07-06 08:22 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RogueKiller
2014-07-06 08:20 - 2014-07-06 08:19 - 00001455 _____ () C:\Documents and Settings\All Users\Start Menu\YAC.lnk
2014-07-06 08:20 - 2014-07-06 08:19 - 00001455 _____ () C:\Documents and Settings\All Users\Desktop\YAC.lnk
2014-07-06 08:19 - 2014-07-06 08:19 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\YAC
2014-07-06 08:19 - 2014-07-06 08:19 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\iSafe
2014-07-06 08:10 - 2014-07-06 08:10 - 00000687 _____ () C:\awh17.tmp
2014-07-06 08:01 - 2014-07-06 08:01 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-07-06 07:58 - 2014-07-06 07:56 - 17292760 _____ (Malwarebytes Corporation ) C:\Documents and Settings\Administrator\My Documents\mbam-setup-2.0.2.1012.exe
2014-07-06 07:44 - 2014-04-30 14:46 - 00000646 _____ () C:\Documents and Settings\Administrator\Desktop\! ! ! BILKITE na Baba RADA - 2 ! ! !.lnk
2014-07-06 07:16 - 2014-07-06 07:16 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-07-06 07:15 - 2014-07-06 07:14 - 04181856 _____ (Kaspersky Lab ZAO) C:\Documents and Settings\Administrator\My Documents\tdsskiller.exe
2014-07-06 07:13 - 2014-07-06 07:13 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-07-06 07:12 - 2011-03-09 08:18 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard
2014-07-06 07:09 - 2014-07-06 07:09 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Documents and Settings\Administrator\My Documents\SpyHunter-Installer.exe
2014-07-06 00:46 - 2014-07-06 00:46 - 00000000 ____D () C:\Program Files\AVG
2014-07-06 00:44 - 2014-07-06 00:39 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData
2014-07-06 00:39 - 2014-07-06 00:39 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\MFAData
2014-07-06 00:39 - 2014-07-06 00:39 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Avg2014
2014-07-06 00:15 - 2012-12-07 13:40 - 00000308 _____ () C:\WINDOWS\Tasks\Browser Manager.job
2014-07-06 00:15 - 2011-07-15 16:42 - 00000900 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-06 00:15 - 2001-08-23 16:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-07-06 00:13 - 2011-12-01 04:39 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\DNA
2014-07-06 00:09 - 2011-06-22 12:31 - 00001010 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-1957994488-839522115-500UA.job
2014-07-06 00:01 - 2014-07-06 00:01 - 00000000 ___SH () C:\Documents and Settings\Administrator\ytSuu.txt
2014-07-05 23:44 - 2014-07-05 23:44 - 00000687 _____ () C:\awh6409.tmp
2014-07-05 23:37 - 2013-02-10 15:56 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-07-05 23:28 - 2011-03-05 21:38 - 00032586 _____ () C:\WINDOWS\SchedLgU.Txt
2014-07-05 22:29 - 2011-03-06 15:39 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\FLVService
2014-07-05 22:16 - 2013-06-30 13:08 - 00001030 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-329068152-1957994488-839522115-500UA.job
2014-07-05 20:09 - 2011-06-22 12:31 - 00000958 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-1957994488-839522115-500Core.job
2014-07-05 18:06 - 2014-07-05 17:59 - 91909180 _____ () C:\Documents and Settings\Administrator\My Documents\Lana Del Rey - Shades Of Cool.mp4
2014-07-05 16:28 - 2014-07-05 16:27 - 17334447 _____ () C:\Documents and Settings\Administrator\My Documents\9_11 Incontrovertible Proof the Government is Lying.mp4
2014-07-05 16:23 - 2014-07-05 16:23 - 05228610 _____ () C:\Documents and Settings\Administrator\My Documents\Donald Rumsfeld 2.3 Trillion Dollars Just Gone.mp4
2014-07-05 16:14 - 2014-07-05 16:09 - 71570800 _____ () C:\Documents and Settings\Administrator\My Documents\Black Budget US govt clueless about missing Pentagon $trillions.mp4
2014-07-05 16:13 - 2014-07-05 16:11 - 46545635 _____ () C:\Documents and Settings\Administrator\My Documents\Piers Morgan Gets OWNED By Ben Shapiro.mp4
2014-07-05 15:31 - 2014-07-05 15:12 - 273059935 _____ () C:\Documents and Settings\Administrator\My Documents\SANDY HOOK HOAX - GUN CONTROL AGENDA SCAM.mp4
2014-07-05 15:22 - 2014-07-05 15:19 - 41034332 _____ () C:\Documents and Settings\Administrator\My Documents\Truth in Media 100 Years of the Federal Reserve.mp4
2014-07-05 15:00 - 2014-07-05 14:56 - 44465919 _____ () C:\Documents and Settings\Administrator\My Documents\The Sandy Hook Actors PART 2.mp4
2014-07-05 14:52 - 2014-07-05 14:51 - 28565326 _____ () C:\Documents and Settings\Administrator\My Documents\Absolute Proof Sandy Hook was Staged.mp4
2014-07-05 14:34 - 2014-07-05 14:33 - 36725290 _____ () C:\Documents and Settings\Administrator\My Documents\The Sandy Hook Actors PART 1.mp4
2014-07-05 13:40 - 2014-07-05 13:40 - 03946207 _____ () C:\Documents and Settings\Administrator\My Documents\SANDY HOOK KID SPILLS THE BEANS.mp4
2014-07-05 13:16 - 2013-06-30 13:08 - 00001008 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-329068152-1957994488-839522115-500Core.job
2014-07-05 13:00 - 2014-07-05 12:56 - 113756728 _____ () C:\Documents and Settings\Administrator\My Documents\REAL PROOF! SANDY HOOK SHOOTING WAS FAKE!!! TOTALLY STAGED!!!.mp4
2014-07-05 11:47 - 2014-07-05 11:47 - 00841485 _____ () C:\Documents and Settings\Administrator\My Documents\Gigantic_insect_lands_on_James_Rodriguez_shortly_after_scoring.mp4
2014-07-05 11:47 - 2011-03-08 08:31 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\vlc
2014-07-05 10:22 - 2014-07-05 10:03 - 374896851 _____ () C:\Documents and Settings\Administrator\My Documents\This Is What Winning Looks Like (Full Length)(1).mp4
2014-07-05 10:16 - 2014-07-05 10:05 - 177358501 _____ () C:\Documents and Settings\Administrator\My Documents\The Mexican Mormon War (Drug Cartels vs. Mormons Full Length).mp4
2014-07-05 10:11 - 2014-07-05 10:06 - 78739206 _____ () C:\Documents and Settings\Administrator\My Documents\Living Without Laws Slab City, USA.mp4
2014-07-05 05:15 - 2011-07-15 16:42 - 00000896 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-04 10:12 - 2011-03-14 00:56 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\Za DL
2014-07-04 09:32 - 2013-09-09 13:49 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\Games
2014-07-04 09:27 - 2011-03-22 18:20 - 00000000 ____D () C:\Documents and Settings\Administrator\My Documents\KONAMI
2014-07-04 09:24 - 2014-07-04 09:24 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\KONAMI
2014-07-04 09:11 - 2014-07-04 09:11 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\KONAMI
2014-07-04 09:11 - 2013-12-09 15:08 - 00000000 ____D () C:\Program Files\IGRI
2014-07-04 09:09 - 2014-07-04 09:09 - 00000218 _____ () C:\Documents and Settings\Administrator\.recently-used.xbel
2014-07-04 09:09 - 2011-03-17 16:54 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\BitLord
2014-07-03 17:31 - 2011-12-01 04:39 - 00000000 ____D () C:\Program Files\DNA
2014-07-03 17:31 - 2011-03-18 12:43 - 00000000 ____D () C:\Program Files\Steam
2014-07-03 17:31 - 2011-03-05 21:38 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-07-03 07:36 - 2014-07-03 07:30 - 78869933 _____ () C:\Documents and Settings\Administrator\My Documents\ISON Coming in the clouds with great Glory!! A must see!.mp4
2014-07-03 06:53 - 2014-07-03 06:53 - 05164160 _____ () C:\Documents and Settings\Administrator\My Documents\The Carbonaro Effect - Amazing Self-Tying Shoelaces.mp4
2014-07-03 06:52 - 2014-07-03 06:51 - 04647326 _____ () C:\Documents and Settings\Administrator\My Documents\The Carbonaro Effect - How To Mail A Bowling Ball.mp4
2014-07-03 06:49 - 2014-07-03 06:48 - 29423359 _____ () C:\Documents and Settings\Administrator\My Documents\The carbonaro effect - BRIEFCASE PRANK.mp4
2014-07-03 06:46 - 2014-07-03 06:43 - 78361742 _____ () C:\Documents and Settings\Administrator\My Documents\Ghosts Caught In Lincoln Civil War Museum.mp4
2014-07-03 06:37 - 2014-07-03 06:32 - 126726417 _____ () C:\Documents and Settings\Administrator\My Documents\Satan's Hollow - The Tunnel To Hell.mp4
2014-07-03 05:45 - 2014-07-03 05:44 - 25325877 _____ () C:\Documents and Settings\Administrator\My Documents\Life is hard.mp4
2014-07-03 05:20 - 2014-07-03 05:19 - 10439202 _____ () C:\Documents and Settings\Administrator\My Documents\The Carbonaro Effect - Grown Ups Freak Out In A Toy Store.mp4
2014-07-03 04:41 - 2011-03-06 14:45 - 00000069 _____ () C:\WINDOWS\NeroDigital.ini
2014-07-03 03:36 - 2014-07-03 03:36 - 09283147 _____ () C:\Documents and Settings\Administrator\My Documents\The Carbonaro Effect - Family Pet Chiropractor.mp4
2014-07-03 02:39 - 2014-07-03 01:19 - 1081440121 _____ () C:\Documents and Settings\Administrator\My Documents\Восточные Сказки - RUSSIA The Rise and Fall of the Oligarchs.mp4
2014-07-03 02:19 - 2014-07-03 02:18 - 06208615 _____ () C:\Documents and Settings\Administrator\My Documents\Cross at the Destiny line in your hand is an indication of ultimate success.mp4
2014-07-03 01:52 - 2014-07-03 01:51 - 16420691 _____ () C:\Documents and Settings\Administrator\My Documents\Michael Jackson. Palmistry. Analysis of the hand.mp4
2014-07-03 01:45 - 2014-07-03 01:41 - 37331470 _____ () C:\Documents and Settings\Administrator\My Documents\WILL I HAVE MONEY - UNBELIEVABLE ANSWER 16 Q_A.mp4
2014-07-03 01:37 - 2014-07-03 01:36 - 18023383 _____ () C:\Documents and Settings\Administrator\My Documents\PARANORMAL WATCH DOGS - UNBELIEVABLE EVIDENCE - 20 Q_A.mp4
2014-07-03 01:10 - 2014-07-03 01:08 - 17118696 _____ () C:\Documents and Settings\Administrator\My Documents\5 Hidden Secrets in your Hands.mp4
2014-07-02 13:58 - 2014-05-25 11:42 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\ZA SREDUVANJE
2014-07-02 10:51 - 2013-05-21 18:59 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\TechSmith
2014-07-02 06:51 - 2011-11-08 21:39 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\za !!!.....!!!
2014-06-30 17:54 - 2014-06-30 17:52 - 14323565 _____ () C:\Documents and Settings\Administrator\My Documents\HOW TO Get your SteamID for Cracked RUST Servers __ XpliCitMods.mp4
2014-06-30 16:42 - 2014-06-30 15:56 - 00000000 __SHD () C:\WINDOWS\system32\MSDCSC
2014-06-30 09:26 - 2014-06-30 09:16 - 192128051 _____ () C:\Documents and Settings\Administrator\My Documents\Truffles The Most Expensive Food in the World.mp4
2014-06-29 11:15 - 2014-06-29 11:15 - 01195358 _____ () C:\Documents and Settings\Administrator\Desktop\Katy Perry COVER YT.psd
2014-06-29 09:22 - 2011-03-13 13:15 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Skype
2014-06-29 09:05 - 2014-06-29 09:05 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-06-29 09:05 - 2011-03-13 13:15 - 00000000 ___RD () C:\Program Files\Skype
2014-06-29 09:05 - 2011-03-13 13:15 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Skype
2014-06-29 07:53 - 2014-06-29 07:51 - 18922925 _____ () C:\Documents and Settings\Administrator\My Documents\World's Best Stink Prank!.mp4
2014-06-29 07:52 - 2014-06-29 07:52 - 10136013 _____ () C:\Documents and Settings\Administrator\My Documents\Evil SpongeBob Toy Prank!.mp4
2014-06-28 08:50 - 2014-06-28 08:37 - 319799298 _____ () C:\Documents and Settings\Administrator\My Documents\Military Remote Viewing Psychic Training Course - FULL DVD ON YOUTUBE.mp4
2014-06-28 05:52 - 2014-06-28 05:44 - 136561443 _____ () C:\Documents and Settings\Administrator\My Documents\Ninjas  Secret History of the Ninja Uncovered (Full Documentary).mp4
2014-06-28 05:08 - 2014-06-28 05:03 - 86726440 _____ () C:\Documents and Settings\Administrator\My Documents\Pitbull ft. Jennifer Lopez - We Are One (Ole Ola) [2014 World Cup Song] PARODY.mp4
2014-06-28 04:55 - 2014-06-28 04:09 - 596133205 _____ () C:\Documents and Settings\Administrator\My Documents\Dagger - ArmA 3 SEALs Co-op Gameplay - OAW 3.mp4
2014-06-28 04:53 - 2014-06-28 04:52 - 09334184 _____ () C:\Documents and Settings\Administrator\My Documents\MILEY CYRUS SELLS OUT TO ILLUMINATI.mp4
2014-06-28 03:04 - 2014-06-28 03:02 - 41380441 _____ () C:\Documents and Settings\Administrator\My Documents\Ariana Grande - Problem ft. Iggy Azalea.mp4
2014-06-28 02:43 - 2014-06-28 02:38 - 57627331 _____ () C:\Documents and Settings\Administrator\My Documents\Wide Awake - Katy Perry (Lyrics) Official Video HD.mp4
2014-06-28 02:35 - 2014-06-28 02:33 - 39556009 _____ () C:\Documents and Settings\Administrator\My Documents\IS KATY OUT OF THE ILLUMINANTI WIDE AWAKE EXAMINED.mp4
2014-06-28 01:34 - 2014-06-28 01:34 - 13681250 _____ () C:\Documents and Settings\Administrator\My Documents\Time Travel Tunnel Discovered in China.mp4
2014-06-27 11:54 - 2014-07-06 08:19 - 00040064 _____ (Elex do Brasil Participações Ltda) C:\WINDOWS\system32\Drivers\iSafeKrnlBoot.sys
2014-06-27 11:37 - 2014-05-31 13:02 - 00000000 ____D () C:\2
2014-06-27 11:04 - 2014-04-06 12:13 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\MONEY MAKER (Project) BAC
2014-06-25 09:05 - 2011-11-08 13:56 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\WEBs BAC (Nov 2011)
2014-06-25 00:20 - 2014-04-24 17:41 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\!!! SHOP (Bac)
2014-06-22 05:52 - 2011-03-05 22:10 - 00001984 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-06-20 10:54 - 2012-11-25 16:46 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\Saved Firefox Session
2014-06-20 10:17 - 2011-03-05 21:57 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\BAC Music (Nov 2011)
2014-06-19 09:48 - 2014-02-23 13:09 - 00004707 _____ () C:\Documents and Settings\Administrator\Desktop\za da GI PREGLEDAM.txt
2014-06-18 17:46 - 2014-06-18 17:44 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\4GB Patch 1.0.0.1 (Run 32Bit SOFTs, GAMEs & OTHER on 64bit OS)
2014-06-17 22:04 - 2014-05-01 18:52 - 00001031 _____ () C:\Documents and Settings\Administrator\Desktop\! ! ! ! RUST - Design a BASE that none can get in (USTAV).lnk
2014-06-17 13:10 - 2011-03-08 10:48 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\Za INSTALL
2014-06-15 08:46 - 2014-06-15 08:46 - 00108544 _____ () C:\WINDOWS\system32\installd.exe
2014-06-15 08:46 - 2014-06-15 08:46 - 00049152 _____ () C:\WINDOWS\system32\Drivers\nethfdrv.sys
2014-06-15 08:45 - 2014-06-15 08:45 - 00246784 _____ () C:\WINDOWS\system32\hfpapi.dll
2014-06-15 08:45 - 2014-06-15 08:45 - 00108544 _____ () C:\WINDOWS\system32\hfnapi.dll
2014-06-14 19:12 - 2014-06-14 19:12 - 00000000 ____D () C:\Program Files\Realtek
2014-06-14 19:12 - 2011-03-05 21:52 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-06-13 11:12 - 2011-06-22 12:32 - 00002344 _____ () C:\Documents and Settings\Administrator\Desktop\Google Chrome.lnk
2014-06-12 12:06 - 2014-06-12 12:06 - 00000000 ____D () C:\Documents and Settings\Administrator\My Documents\CAPCOM
2014-06-12 11:05 - 2011-03-05 21:32 - 00000000 ____D () C:\WINDOWS\system32\DirectX
2014-06-12 11:03 - 2014-06-12 11:03 - 00000000 ____D () C:\WINDOWS\system32\xlive
2014-06-12 11:03 - 2014-06-12 11:03 - 00000000 ____D () C:\Program Files\Microsoft Games for Windows - LIVE
2014-06-12 11:03 - 2014-06-12 11:03 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Games for Windows - LIVE
2014-06-12 11:03 - 2011-03-21 17:19 - 00265696 _____ () C:\WINDOWS\DirectX.log
2014-06-09 15:05 - 2013-10-09 12:00 - 00000000 ____D () C:\Program Files\Full Tilt Poker
2014-06-08 05:46 - 2014-06-08 05:46 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\Game DECOMPILERs (To Edit-MOD Games)
2014-06-08 04:23 - 2014-05-26 19:14 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\DDoS & BANNED - RUST Server
2014-06-07 12:52 - 2011-03-05 22:16 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\Programi
2014-06-07 12:49 - 2014-06-07 12:49 - 00000000 ____D () C:\WINDOWS\system32\QuickTime
2014-06-07 12:49 - 2014-06-07 12:49 - 00000000 ____D () C:\Program Files\Common Files\TechSmith Shared
2014-06-07 12:49 - 2014-06-07 12:49 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Camtasia Studio 7
2014-06-07 12:49 - 2014-06-07 12:49 - 00000000 ____D () C:\Documents and Settings\Administrator\My Documents\Camtasia Studio
2014-06-07 12:49 - 2014-06-07 12:48 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\TechSmith
2014-06-07 12:48 - 2014-06-07 12:48 - 00000000 ____D () C:\Program Files\TechSmith
2014-06-07 12:48 - 2011-03-05 21:29 - 00008044 _____ () C:\WINDOWS\wmsetup.log
2014-06-07 12:36 - 2011-03-13 12:49 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Sony
 
Files to move or delete:
====================
C:\Documents and Settings\Administrator\awt43abr.exe
C:\Documents and Settings\Administrator\Application Data\msconfig.ini
C:\Documents and Settings\All Users\hash.dat
 
 
Some content of TEMP:
====================
C:\Documents and Settings\Administrator\Local Settings\Temp\3852.tmpcrt.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\3853.tmpcrt.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\app_d.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\app_e.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\AutoRun.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\AutoRunGUI.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\bassmod.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\bb13ed4e1f0f5a5b9debae6996774abf.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\comver.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\Core.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\crpt.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\CTOSChk.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\dbghelp.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\dgen.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\drm_dyndata_7400009.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\EAInstall.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\eauninstall.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\Engine.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\firefoxjre_exe.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\FP_PL_PFS_INSTALLER.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\Freeze.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\gface_swap.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\gtapi_signed.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\GUR2.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\htmlayout.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\IFC23.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\ildownloader_install.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\inethnfd-setup.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\JACKED LOADER.EXE
C:\Documents and Settings\Administrator\Local Settings\Temp\jre-7u13-windows-i586-iftw.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\jshortcut-3778555169403432658.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\kpinstaller.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\libcurl.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\LOOP.EXE
C:\Documents and Settings\Administrator\Local Settings\Temp\LOTR The Return of the King tm_uninst.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\mgxfonts.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\MSVCR71.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\ogg.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\pthreadGC2.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\Second Life Setup.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\Second_Life_3-0-3-240895_Setup.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\Shockwave_Installer_FF.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\SHSetup.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\SIntf16.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\SIntf32.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\SIntfNT.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\SkypeSetup.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\starter.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\swt-win32-3349.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\tmp2D.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\tmp30.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\tmp5114.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\tmp511F.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\tmp7D6.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\tmp7DC.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\tmp7F6B.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\tmp7F71.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\tmpC551.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\tmpC557.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\tmpC76B.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\tmpFCF9.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\tmpFCFF.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\ubertmp.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\uninst1.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\Uninstall.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\UNINSTALLER-1908.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\UNINSTALLER-3864.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\Uninstaller-4000.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\UNINSTALLER-4060.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\Uninstaller-6672.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\unwise.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\Updater.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\vc2008SP1_redist_x86.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\vlc-2.0.8-win32.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\vlc-2.1.2-win32.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\vorbis.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\vorbisfile.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\vty_install_0231.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\Window.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\_is1574.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\_is1577.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\_is157F.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\_tmpdgp.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\{68AAAE55-D39E-4016-A5DB-FADDFA9899D1}.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End Of Log ============================
 
 
ADDITION.txt:
Additional scan result of Farbar Recovery Scan Tool (x86) Version:05-07-2014 01
Ran by Administrator at 2014-07-07 15:48:01
Running from C:\Documents and Settings\Administrator\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
 
==================== Installed Programs ======================
 
3DVIA player 5.0.0.20 (HKLM\...\{F06365EC-061E-48C3-B761-E1816658D618}) (Version: 5.0.20 - 3DVIA)
AAA Logo 2009 Business Edition 3.0 (HKLM\...\AAA Logo 2009 Business_is1) (Version:  - SWGSoft.com)
AdfBotPro 3.3.1 Final (HKLM\...\{E24F9D84-DF31-44A0-BC30-A97C42C99282}) (Version: 3.3.1 - Wss Ltd)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)
Adobe AIR (Version: 1.5.3.9120 - Adobe Systems Inc.) Hidden
Adobe Anchor Service CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Asset Services CS3 (Version: 3 - Adobe Systems Incorporated) Hidden
Adobe Bridge CS3 (Version: 2 - Adobe Systems Incorporated) Hidden
Adobe Bridge Start Meeting (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Camera Raw 4.0 (Version: 4.0 - Adobe Systems Incorporated) Hidden
Adobe CMaps (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color - Photoshop Specific (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color Common Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color EU Extra Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color JA Extra Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color NA Recommended Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Default Language CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Device Central CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Dreamweaver CS3 (HKLM\...\Adobe_435a6af7459cb02a9c1138113a26e93) (Version: 9.0 - Adobe Systems Incorporated)
Adobe Dreamweaver CS3 (Version: 9 - Adobe Systems Incorporated) Hidden
Adobe ExtendScript Toolkit 2 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Extension Manager CS3 (Version: 1.8 - Adobe Systems Incorporated) Hidden
Adobe Fireworks CS3 (HKLM\...\Adobe_bbef028176efa5abf0233d3e1747be8) (Version: 9.0 - Adobe Systems Incorporated)
Adobe Fireworks CS3 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Fonts All (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Help Viewer CS3 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS3 (Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Media Player (Version: 1.8 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files (Version: 8.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS3 (HKLM\...\Adobe_2ac78060bc5856b0c1cf873bb919b58) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Photoshop CS3 (Version: 10 - Adobe Systems Incorporated) Hidden
Adobe Reader 7.0 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A70001000000}) (Version: 7.9.0 - Adobe Systems Incorporated)
Adobe Setup (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)
Adobe Stock Photos CS3 (Version: 1.5 - Adobe Systems Incorporated) Hidden
Adobe Type Support (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Update Manager CS3 (Version: 5.1.0 - Adobe Systems Incorporated) Hidden
Adobe Version Cue CS3 Client (Version: 3 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe XMP Panels CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
AdultTV (HKLM\...\AdultTV) (Version:  - )
Advanced Video FX Engine (HKLM\...\Advanced Video FX Engine) (Version:  - )
AGEIA GAME System Software 2.8.0 (HKLM\...\{5C9530C0-957F-4CC4-ADA9-A7195BD9394C}) (Version: 2.8.0 - AGEIA Technologies, Inc.)
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
Alien303 (HKLM\...\Alien303) (Version:  - )
AMCap (HKLM\...\AMCap) (Version: 9.20.132.2 - Noлl Danjou)
Analog Factory HipHop 2.2.1 (HKLM\...\Analog Factory HipHop_is1) (Version:  - Arturia)
Ancient Weapon Sounds (HKLM\...\{D91802D9-6A42-4563-BC37-B3E2D04DC95B}) (Version: 2.1.0 - Screaming Bee)
Antares Auto-Tune Evo VST (HKLM\...\{FFF74EC9-1FF4-4456-99E3-4F05129F4FAB}) (Version: 6.00.0009 - Antares Audio Technologies)
AnyToISO (HKLM\...\AnyToISO_is1) (Version: 3.4 - CrystalIdea Software, Inc.)
Apex Video to MP3 WMA WAV Converter Free 4.52 (HKLM\...\Apex Video to MP3 WMA WAV Converter Free_is1) (Version: V4.52 - Apex Corporation)
Apple Application Support (HKLM\...\{EE6097DD-05F4-4178-9719-D3170BF098E8}) (Version: 1.4.1 - Apple Inc.)
Audio Damage Digitalis Discord VST v1.5 (HKLM\...\Audio Damage Digitalis Discord VST v1.5) (Version:  - )
AudioRealism Bass Line 2 (remove only) (HKLM\...\AudioRealism) (Version:  - )
AutoPlay Media Studio 8 (HKLM\...\AutoPlay Media Studio 8) (Version: 8.0.4.0 - Indigo Rose Corporation)
avast! Free Antivirus (HKLM\...\avast5) (Version: 5.0.594.0 - Alwil Software)
BitLord 1.2 (HKLM\...\BitLord) (Version:  - House of Life)
Blue Satin Skin (HKLM\...\{B0C00181-ECF5-4124-A6DE-14EA663D4799}) (Version: 2.2.0 - Screaming Bee)
Browser Manager (HKLM\...\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}) (Version:  - Bit89 Inc)
Camtasia Studio 7 (HKLM\...\{37B03AA0-B125-4649-900C-F26E1081F163}) (Version: 7.0.1 - TechSmith Corporation)
CDex extraction audio (HKLM\...\CDex) (Version:  - )
Cheat Engine 6.2 (HKLM\...\Cheat Engine 6.2_is1) (Version:  - Dark Byte)
Comic Sound Pack (HKLM\...\{79A743FA-FF99-42DF-8C35-BA40EAEA6668}) (Version: 2.1.0 - Screaming Bee)
Corel Graphics - Windows Shell Extension (HKLM\...\_{51DD370C-6690-424E-9674-5F14468B323F}) (Version: 15.0.0.487 - Corel Corporation)
Corel Graphics - Windows Shell Extension (Version: 15.0.487 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Capture (Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Common (Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Connect (Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Custom Data (Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Draw (Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - EN (Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Filters (Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - FontNav (Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - IPM (Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - PHOTO-PAINT (Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Photozoom Plugin (Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Redist (Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Setup Files (Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - VBA (Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - VideoBrowser (Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - VSTA (Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - WT (Version: 15.0 -  Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 (Version: 15.0 - Corel Corporation) Hidden
CorelDRAW® Graphics Suite X5 (HKLM\...\_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}) (Version: 15.0.0.486 - Corel Corporation)
Corporate Identity Designer 4.0 (HKLM\...\Corporate Identity Designer 4.0) (Version: 4.0 - Corporate Identity Designer)
CPUID CPU-Z 1.68 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
Creative Live! Cam Center (HKLM\...\Creative Live! Cam Center) (Version:  - )
Creative WebCam Vista Plus Driver (1.02.02.0414) (HKLM\...\Creative VF0090) (Version:  - )
Creatures of Darkness (HKLM\...\{5B616A3F-43D9-4F0B-9F49-D39342A98592}) (Version: 3.3.0 - Screaming Bee LLC)
CyberGhost VPN (HKLM\...\CyberGhost VPN_is1) (Version:  - S.A.D. GmbH)
DAEMON Tools Pro (HKLM\...\DAEMON Tools Pro) (Version: 5.2.0.0348 - DT Soft Ltd)
Dafa Poker (HKLM\...\Dafa Poker) (Version:  - )
Deep Space Voices (HKLM\...\{336E1A2D-E3EB-4846-B7D0-BD75BBBBC0A4}) (Version: 3.3.0 - Screaming Bee)
discoDSP Discovery v2.3 (HKLM\...\discoDSP Discovery v2.3_is1) (Version: 2.3 - discoDSP)
DivX Converter (HKLM\...\{13F3917B56CD4C25848BDC69916971BB}) (Version: 7.1.0 - DivX, Inc.)
DivX Converter (HKLM\...\{B13A7C41581B411290FBC0395694E2A9}) (Version: 7.1.0 - DivX, Inc.)
DivX Plus DirectShow Filters (HKLM\...\DivX Plus DirectShow Filters) (Version:  - DivX, Inc.)
DivX Setup (HKLM\...\DivX Setup) (Version: 2.6.0.34 - DivX, LLC)
DivX Version Checker (HKLM\...\{3FC7CBBC4C1E11DCA1A752EA55D89593}) (Version: 7.1.0.9 - DivX, Inc.)
DNA (HKCU\...\BitTorrent DNA) (Version: 2.2.2 (13666) - BitTorrent Inc.)
Dragon UnPACKer 5 (HKLM\...\DragonUnPACKer5_is1) (Version: 5.6.2 Exedra Chac - Alexandre Devilliers (aka Elbereth))
Driver Checker v2.7.5 (HKLM\...\Driver Checker_is1) (Version: 2.7.5 - driverchecker.com, Inc.)
Driver Magician 3.5 (HKLM\...\Driver Magician_is1) (Version:  - GoldSolution Software, Inc.)
Dynamic-Photo HDR 4.8 (HKLM\...\Dynamic-Photo HDR 4_is1) (Version:  - Mediachance)
Easy GIF Animator Pro 5.1 (HKLM\...\{F4995503-86AA-432F-BF3C-0A613D444A27}) (Version: 5.1.0.44 - LeeGTs Software)
Elektronski Recnik Makedonski i Angliski verzija Voyager (HKLM\...\{710DDC8F-EDF5-44D5-906C-CAB1F9ED245F}) (Version: 1.1 - Turni Dooel)
ERUNT 1.1j (HKLM\...\ERUNT_is1) (Version:  - Lars Hederer)
EximiousSoft Logo Designer V2.58 (HKLM\...\EximiousSoft Logo Designer_is1) (Version:  - EximiousSoft)
Facebook Video Calling 2.0.0.447 (HKLM\...\{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}) (Version: 2.0.447 - Skype Limited)
Fake Voice 1.0.8 (HKLM\...\Fake Voice_is1) (Version:  - Web Solution Mart)
Fantasy Sound Pack (HKLM\...\{06ACD0D6-537A-4831-9608-AA74A5795698}) (Version: 1.1.0 - Screaming Bee)
Fantasy Voice Pack (HKLM\...\{8061C2C9-C2A3-4550-A3FC-585B646840CB}) (Version: 1.3.0 - Screaming Bee)
Farm Animal Sounds (HKLM\...\{20052CA0-FF43-4901-8261-E6DBF0A09ED1}) (Version: 1.1.0 - Screaming Bee)
FBP - Facebook Blaster Pro (HKLM\...\{2C72AE8A-932F-4AF8-92DD-60B84AA30BDE}) (Version: 9.0.0 - Digital Media Group)
Female Voice Pack (HKLM\...\{71F8C486-8A13-468E-8B73-06051075556A}) (Version: 3.3.1 - Screaming Bee)
FileZilla Server (remove only) (HKLM\...\FileZilla Server) (Version:  - )
FL Studio 10 (HKLM\...\FL Studio 10) (Version:  - Image-Line)
FL Studio 7 (HKLM\...\FL Studio 7) (Version:  - Image-Line bvba)
FL Studio 9 (HKLM\...\FL Studio 9) (Version:  - Image-Line)
FLAC 1.2.1b (remove only) (HKLM\...\FLAC) (Version: 1.2.1b - Xiph.org)
FLUID 1.0 (HKLM\...\Tubeohm FLUID_is1) (Version:  - )
Fraps (remove only) (HKLM\...\Fraps) (Version:  - )
Freecorder (HKLM\...\Freecorder4.1) (Version: 4.1 - Applian Technologies Inc.)
FreeZ Online TV v1.43 (HKLM\...\{884BCE6D-0C47-4688-A335-4CE0C829643D}_is1) (Version:  - FreezSoft.com)
Furry Voices for Second Life (HKLM\...\{0DB44859-4112-4946-BE5E-A4275B3FFB5E}) (Version: 1.3.0 - Screaming Bee)
Galactic Voices (HKLM\...\{DF3FE308-58F2-45E2-9BB0-6A993794AD5C}) (Version: 1.3.0 - Screaming Bee)
GameRanger (HKCU\...\GameRanger) (Version:  - GameRanger Technologies)
GameSpy Arcade (HKLM\...\GameSpy Arcade) (Version:  - )
Gif To Swf Converter 2.3 (HKLM\...\{3D3CB8A8-67B7-4FCB-B727-C3448D6A731F}_is1) (Version:  - 789soft, Inc.)
Google Chrome (HKCU\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Half-Life (HKLM\...\Half-Life) (Version:  - )
Hardcore (HKLM\...\Hardcore) (Version:  - Image-Line)
Hercules Webcam (HKLM\...\{A250D351-A07F-4D5D-AB6C-693C69B9BFAF}) (Version:  - )
Hide-IP-Browser 1.5 (HKLM\...\{7402084F-A3DA-4DDB-9689-8E8D2319D1B7}_is1) (Version:  - Hide-IP-Browser)
HxD Hex Editor version 1.7.7.0 (HKLM\...\HxD Hex Editor_is1) (Version: 1.7.7.0 - Maлl Hцrz)
IL Download Manager (HKLM\...\IL Download Manager) (Version:  - Image-Line)
IL Gross Beat (HKLM\...\IL Gross Beat) (Version:  - Image-Line)
IL Harmless (HKLM\...\IL Harmless) (Version:  - Image-Line)
IL Harmor (HKLM\...\IL Harmor) (Version:  - Image-Line)
Inkscape 0.48.1  (HKLM\...\Inkscape) (Version: 0.48.1 - )
Intel® Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.10.5248 - Intel Corporation)
Interlok driver setup x32 (HKLM\...\{25613C10-27D2-410B-942B-D922D5C3A7BE}) (Version: 5.8.10 - PACE Anti-Piracy)
ISOBuddy (HKLM\...\ISOBuddy) (Version:  - )
Java Auto Updater (Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216031FF}) (Version: 6.0.310 - Oracle)
JLC's Internet TV (HKLM\...\JLC's Internet TV) (Version:  - )
Join ME (HKLM\...\{72FD5F2E-1F7A-4E9B-8838-29E842E178CD}) (Version: 2.0.3.0 -    )
Jump, Bobo! Jump! (HKLM\...\Jump, Bobo! Jump!v1.0.0.0) (Version: v1.0.0.0 - IP Kapustin A.S.)
Kalydo Player 4.11.01 (HKCU\...\KalydoPlayer) (Version: 4.11.01 - Eximion B.V.)
KeyScrambler (HKLM\...\KeyScrambler) (Version:  - QFX Software Corporation)
Kongregate Client version 1.0.0.0 (HKCU\...\{BE4BF7C1-AFE6-49B2-926E-FB63F7F56817}_is1) (Version: 1.0.0.0 - Kongregate)
Lennar Digital Sylenth VSTi v1.2.1 (HKLM\...\Lennar Digital Sylenth VSTi v1.2.1) (Version:  - )
LogoMaker 3.0 (HKLM\...\LogoMaker_is1) (Version:  - Studio V5)
Lux Delux 6.22 (HKLM\...\Lux Delux_is1) (Version:  - Sillysoft Games)
Macromedia Extension Manager (HKLM\...\{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}) (Version: 1.7.240 - Macromedia, Inc.)
Macromedia Flash 8 Video Encoder (HKLM\...\{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}) (Version: 1.00.0000 - Macromedia)
Macromedia Flash MX 2004 (HKLM\...\{2F353D44-73BB-4971-B31D-F7642E9E9531}) (Version: 7.2 - Macromedia)
Macromedia Flash Player 8 (HKLM\...\{885A63EA-382B-4DD4-A755-14809B8557D6}) (Version: 8.0.22.0 - Macromedia)
Magic Flare 1.0 (HKLM\...\MagicFlare_1.0) (Version:  - )
Magic ISO Maker v5.4 (build 0251) (HKLM\...\Magic ISO Maker v5.4 (build 0251)) (Version:  - )
MAGIX 3D Maker Download version 6.0.0.4 (US) (HKLM\...\MAGIX 3D Maker Download version US) (Version: 6.0.0.4 - MAGIX AG)
Male Voice Pack (HKLM\...\{45BF4F8E-7BE7-4384-94C6-60AC70C401C6}) (Version: 1.3.0 - Screaming Bee)
Man1aCSSv59tov60 patcher + Updater 2.0 (HKLM\...\Man1aCSSv59tov60 patcher + Updater 2.0) (Version:  - )
ManyCam 2.6.30 (remove only) (HKLM\...\ManyCam) (Version: 2.6.30 - ManyCam LLC)
Microsoft .NET Framework 1.1 (HKLM\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Age of Empires II (HKLM\...\Age of Empires 2.0) (Version:  - )
Microsoft Age of Empires II: The Conquerors Expansion (HKLM\...\Age of Empires II: The Conquerors Expansion 1.0) (Version:  - )
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE  (HKLM\...\{4D243BA7-9AC4-46D1-90E5-EEB88974F501}) (Version: 2.0.687.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM\...\{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}) (Version: 2.0.687.0 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft Software Update for Web Folders  (English) 12 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Windows Media Video 9 VCM (HKLM\...\WMV9_VCM) (Version:  - )
Microsoft_VC80_CRT_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (Version: 1.00.0000 - Adobe) Hidden
Migo Digital Rescue 4 Premium (HKLM\...\Digital Rescue 4 Premium4) (Version: 4 - Migo Software Inc. )
Minecraft1.7.2 (HKLM\...\Minecraft1.7.2) (Version:  - )
Minecraft1.7.8 (HKLM\...\Minecraft1.7.8) (Version:  - )
Minecraft1.7.9 (HKLM\...\Minecraft1.7.9) (Version:  - )
MorphVOX Pro (HKLM\...\{DE289787-7ECA-4BED-9D8C-99FAC407E3D6}) (Version: 4.3.13 - Screaming Bee)
Mozilla Firefox 24.0 (x86 en-US) (HKLM\...\Mozilla Firefox 24.0 (x86 en-US)) (Version: 24.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 24.0 - Mozilla)
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 6.0 Parser (HKLM\...\{AEB9948B-4FF2-47C9-990E-47014492A0FE}) (Version: 6.00.3883.8 - Microsoft Corporation)
MusicLab RealGuitar 2.0 (HKLM\...\{1864B4F0-7777-4A57-9930-C2B307597966}) (Version:  - MusicLab, Inc.)
My Screen Recorder Pro 2.67 (HKLM\...\My Screen Recorder Pro_is1) (Version:  - Deskshare Inc.)
Native Instruments Absynth 4 (HKLM\...\Native Instruments Absynth 4) (Version:  - )
Native Instruments Absynth 5 (HKLM\...\Native Instruments Absynth 5) (Version:  - Native Instruments)
Native Instruments Absynth 5 (Version: 5.0.0.829 - Native Instruments) Hidden
Native Instruments FM8 v1.0.1.002 VSTi DXi RTAS (HKLM\...\Native Instruments FM8 v1.0.1.002 VSTi DXi RTAS) (Version:  - )
Native Instruments Reaktor 5 (HKLM\...\Native Instruments Reaktor 5) (Version:  - )
Native Instruments Service Center (HKLM\...\Native Instruments Service Center) (Version:  - Native Instruments)
Native Instruments Service Center (Version: 2.2.0.367 - Native Instruments) Hidden
Need for Speed™ Carbon (HKLM\...\{259C0ABB-A3B2-4D70-008F-BF7EE491B70B}) (Version:  - )
Nero 8 (HKLM\...\{B944FA21-81AF-4A77-8328-CE4F4CC5D805}) (Version: 8.10.21 - Nero AG)
neroxml (Version: 1.0.0 - Nero AG) Hidden
Nettv Player 3.1.2 (HKLM\...\Nettv Player) (Version: 3.1.2 - Nettv)
Network System Driver (HKLM\...\inethnfd) (Version: 1.0.0.3001 - ) <==== ATTENTION
NVIDIA Control Panel 285.58 (Version: 285.58 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 285.58 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 285.58 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.2.24.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.2.24.0 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.46.235 - NVIDIA Corporation) Hidden
NVIDIA nView 135.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 135.95 - NVIDIA Corporation)
NVIDIA PhysX (Version: 9.11.0621 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.11.0621 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.11.0621 - NVIDIA Corporation)
NVIDIA Update 1.5.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.5.20 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.5.20 - NVIDIA Corporation) Hidden
OpenAL (HKLM\...\OpenAL) (Version:  - )
Oxy (HKCU\...\{9AAF2503-6CD5-414A-B5BA-37639B76C91F}) (Version:  - FINEDREAM INVEST LTD) <==== ATTENTION
Pando Media Booster (HKLM\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.1 - Pando Networks Inc.)
PC Camera (6009 CIF) (HKLM\...\{A5B3028F-6845-48A6-A46E-77A716B57537}) (Version: 2.10.0.0 - )
PC Data App (HKLM\...\PCData App) (Version:  - ) <==== ATTENTION
PCHand Screen Recorder 1.8.5.4 (HKLM\...\PCHand Screen Recorder_is1) (Version:  - )
PDF Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
PE Explorer 1.99 R6 (HKLM\...\PE Explorer_is1) (Version: 1.99.6 - Heaventools Software)
Personality Voices (HKLM\...\{29C042AB-059B-414C-840E-94775E3F24A8}) (Version: 1.0.0 - Screaming Bee)
Platform (Version: 1.34 - VIA Technologies, Inc.) Hidden
PoiZone (HKLM\...\PoiZone) (Version:  - Image-Line)
PokerStars (HKLM\...\PokerStars) (Version:  - PokerStars)
Power Challenge Game Plugin (HKCU\...\Power Loader) (Version:  - )
Pro Evolution Soccer 2013 (HKLM\...\{C2523AE6-F335-4D0B-BC15-1C07E4ACE629}) (Version: 1.00.0000 - KONAMI)
Pro-sounds.Virus.Dream.Bank1 (HKLM\...\Pro-sounds.Virus.Dream.Bank1) (Version:  - )
Quake Live Mozilla Plugin (HKLM\...\{FA66CFD7-0977-4C45-AACD-A8BB994B1A05}) (Version: 1.0.520 - id Software)
QuickTime (HKLM\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.6167 - Realtek Semiconductor Corp.)
reFX Nexus 1.4.0 (HKLM\...\reFX Nexus 1.4.0_is1) (Version:  - )
reFX Trasher 2 VST v1.1 (HKLM\...\reFX Trasher 2 VST v1.1) (Version:  - )
ReFX Vanguard VSTi v1.04 (HKLM\...\ReFX Vanguard VSTi v1.04) (Version:  - )
requiemkongregate (HKCU\...\Kalydo App requiemkongregate) (Version: 0.00.01.100 - )
rgc:audio z3ta+ 1.5 (HKLM\...\z3ta+_x86_is1) (Version: 1.5 - Cakewalk Music Software)
Right Click Image Converter (HKLM\...\Kristanix Right Click Image Converter) (Version:  - )
Rob Papen Albino 3 (HKLM\...\Rob Papen Albino 3) (Version:  - )
RSO Vocal Magic Pro VST (HKLM\...\RSO Vocal Magic Pro VST) (Version:  - )
Safari (HKLM\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Samplelord VSTi v1.0 (HKLM\...\Samplelord_is1) (Version:  - )
Sandboxie 4.08 (32-bit) (HKLM\...\Sandboxie) (Version: 4.08 - Sandboxie Holdings, LLC)
Sawer (HKLM\...\Sawer) (Version:  - Image-Line)
Sci-Fi 2 Sound Pack (HKLM\...\{E7E76513-335F-4995-86CF-A85B77D8D975}) (Version: 1.3.0 - Screaming Bee)
Sci-Fi Sound Pack (HKLM\...\{D13F2D95-1CE0-4147-846F-89ECB2E9A5CD}) (Version: 1.1.0 - Screaming Bee)
Sci-Fi Voice Pack (HKLM\...\{216E21F4-0489-4311-92D6-20D1FB950FCE}) (Version: 1.3.0 - Screaming Bee)
Segoe UI (Version: 14.0.4327.805 - Microsoft Corp) Hidden
Shockwave (HKLM\...\Shockwave) (Version:  - )
Sierra Utilities (HKLM\...\Sierra Utilities) (Version:  - )
Simple Search-Replace (HKLM\...\{04D645A0-18D5-4C33-8D2A-7E93944982DB}) (Version: 1.03.0000 - RJL Software, Inc.)
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.12.13601 - Skype Technologies S.A.)
Skype™ 6.16 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
SOE Web Installer (HKCU\...\SOE Web Installer) (Version: 1.0.3.171 - Sony Online Entertainment)
Software Update for Web Folders (Version: 9.60.6715.0 - Microsoft Corporation) Hidden
Soldat 1.5.0 (HKLM\...\Soldat_is1) (Version:  - Michal Marcinkowski)
Soldat 1.6.0 (HKLM\...\Soldat patch 1.5.0-1.6.0_is1) (Version: 1.6.0 - Michal Marcinkowski)
Sonalksis Bundle (HKLM\...\Sonalksis Bundle1.0) (Version: 1.0 - Team Audio Pirate)
Sonic Charge Synplant 1.0 (HKLM\...\Sonic Charge Synplant_is1) (Version:  - )
Sonik Synth 2 Free (HKLM\...\Sonik Synth 2 Free) (Version:  - )
Sony Noise Reduction Plug-In 2.0e (HKLM\...\{D533C9D4-ED96-4191-B9C3-279C0DD6BABA}) (Version: 2.0.444 - Sony)
Sony Sound Forge 9.0 (HKLM\...\{6842DCCB-2840-4E46-8AF3-BEA9CFF3455B}) (Version: 9.0.297 - Sony)
SoulseekQt (HKLM\...\SoulseekQt) (Version:  - )
Speccy (HKLM\...\Speccy) (Version: 1.16 - Piriform)
Spooky Sounds (HKLM\...\{D813EF9B-69CF-4996-893C-B400AE7292FA}) (Version: 2.1.0 - Screaming Bee)
Square Enix Secure Launcher (HKCU\...\Square Enix Secure Launcher) (Version: 1.0.0.108 - Square Enix)
Station LaunchPad (HKLM\...\{D7447B32-518C-442F-A8E4-DCF12D8A6D75}) (Version: 1.00.000 - )
Steam (HKLM\...\Steam) (Version:  - Valve Corporation)
Super Hide IP (HKLM\...\SuperHideIP) (Version: 3.1.9.6 - )
Super Internet TV v8.0 (Premium Edition) (HKLM\...\Super Internet TV (Premium Edition)_is1) (Version:  - Ahusoft)
SWF-AVI-GIF Converter 1.0 (HKLM\...\SWF-AVI-GIF Converter_is1) (Version:  - IwantSoft, Inc.)
SWiSHmax (HKLM\...\SWiSHmax) (Version:  - )
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synthation Vanguard Essentials Soundbank (HKLM\...\Synthation Vanguard Essentials Soundbank) (Version:  - )
TechPowerUp GPU-Z (HKLM\...\TechPowerUp GPU-Z) (Version:  - TechPowerUp)
Teleport Pro (HKLM\...\Teleport Pro) (Version: 1.63 - Tennyson Maxwell Information Systems, Inc.)
Tiffen Dfx v1.0 (HKLM\...\Tiffen Dfx v1.0) (Version:  - )
TNod User & Password Finder (HKLM\...\TNod) (Version: 1.4.2.3 - Tukero[X]Team)
Toxic Biohazard (HKLM\...\Toxic Biohazard) (Version:  - Image-Line)
T-RackS 3 Deluxe (HKLM\...\{423C4130-EBC3-410A-B3A0-37BBF9D607D5}) (Version: 3.1.2 - IK Multimedia)
Translator Fun Voice Pack (HKLM\...\{602A1471-063B-4E03-9DCE-0210B914EFF5}) (Version: 1.5.0 - Screaming Bee)
TruePianos 1.5.0 (HKLM\...\TruePianos_is1) (Version:  - 4Front Technologies)
Truster (HKLM\...\ST5UNST #1) (Version:  - )
Tunngle beta (HKLM\...\Tunngle beta_is1) (Version:  - Tunngle.net GmbH)
Ulead Photo Express 3.0 SE (HKLM\...\Ulead Photo Express 3.0 SE) (Version:  - )
Uninstall TrianglePlayer (HKLM\...\TrianglePlayer_is1) (Version: 2012 - Fuzhou Zhuo Yue Wu Xian Software Development Company Limited)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update for Windows XP (KB932823-v3) (HKLM\...\KB932823-v3) (Version: 3 - Microsoft Corporation)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
VCRedistSetup (Version: 1.0.0 - Nero AG) Hidden
Vector Magic (HKLM\...\Vector Magic) (Version: 1.08 - Vector Magic, Inc.)
VIA Platform Device Manager (HKLM\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
Virtual DJ Pro Full - Atomix Productions (HKLM\...\Virtual DJ Pro Full - Atomix Productions) (Version:  - )
Visual Basic for Applications ® Core - English (Version: 6.4.99.69 - Microsoft Corporation) Hidden
Visual Basic for Applications ® Core (Version: 6.4.99.69 - Microsoft Corporation) Hidden
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Vizzed Retro Game Room (HKLM\...\{6D9F35D2-1D6F-4E17-A79F-991A7BD24AAD}) (Version: 2.0.0 - Vizzed)
VLC media player 2.1.2 (HKLM\...\VLC media player) (Version: 2.1.2 - VideoLAN)
vLite (HKLM\...\vLite_is1) (Version: 1.2 - Dino Nuhagic (nuhi))
Warface Launcher (Beta) (HKLM\...\{28D1723C-31C4-4A83-9799-DFFB3739026D}) (Version: 1.0.0 - Crytek GmbH)
Web Media Client (HKLM\...\{55DD6846-EF8B-45AD-8C14-21DAFF204C77}) (Version: 1.1.14 - 3G Studios)
Webcam Simulator 6.3 (HKLM\...\Webcam Simulator_is1) (Version:  - Web Solution Mart)
Winamp (remove only) (HKLM\...\Winamp) (Version:  - )
Windows Imaging Component (HKLM\...\WIC) (Version: 3.0.0.0 - Microsoft Corporation)
Windows Live Call (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Sign-in Assistant (HKLM\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Resource Kit Tools - SubInAcl.exe (HKLM\...\{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}) (Version: 5.2.3790.1164 - Microsoft Corporation)
WinHTTrack Website Copier 3.46-1 (HKLM\...\WinHTTrack Website Copier_is1) (Version: 3.46.1 - HTTrack)
WinPcap 4.1.2 (HKLM\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
WinZip 15.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BE}) (Version: 15.0.9302 - WinZip Computing, S.L. )
Wireshark 1.4.6 (HKLM\...\Wireshark) (Version: 1.4.6 - The Wireshark developer community, http://www.wireshark.org)
Wisdom-soft Set up ASR 3.1 Pro (HKLM\...\Wisdom-soft Set up ASR 3.1 Pro) (Version:  - Wisdom Software Inc.)
Xfire (remove only) (HKLM\...\Xfire) (Version:  - )
Xilisoft Video Converter Ultimate 6 (HKLM\...\Xilisoft Video Converter Ultimate) (Version: 6.0.3.0528 - Xilisoft)
Xvid 1.2.2 final uninstall (HKLM\...\Xvid_is1) (Version: 1.2 - Xvid team (Koepi))
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version:  - )
Yet Another Cleaner! (HKLM\...\iSafe) (Version:  - ELEX DO BRASIL PARTICIPAÇÕES LTDA)
Zworldo (remove only) (HKCU\...\Zworldo) (Version:  - )
 
==================== Restore Points  =========================
 
12-05-2014 07:09:24 System Checkpoint
13-05-2014 08:23:03 System Checkpoint
16-05-2014 10:59:48 System Checkpoint
19-05-2014 05:06:19 System Checkpoint
20-05-2014 18:28:26 System Checkpoint
22-05-2014 19:41:54 System Checkpoint
24-05-2014 14:14:15 System Checkpoint
27-05-2014 08:47:09 System Checkpoint
28-05-2014 11:34:26 System Checkpoint
29-05-2014 14:42:38 System Checkpoint
31-05-2014 07:44:28 System Checkpoint
31-05-2014 12:04:38 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
31-05-2014 12:10:01 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
31-05-2014 12:10:17 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
01-06-2014 07:39:10 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
02-06-2014 11:19:39 System Checkpoint
03-06-2014 19:29:07 System Checkpoint
05-06-2014 07:52:24 System Checkpoint
06-06-2014 10:15:06 System Checkpoint
07-06-2014 10:48:51 Installed Camtasia Studio 7
08-06-2014 23:16:39 System Checkpoint
09-06-2014 13:02:02 Removed DayZ Commander
11-06-2014 10:29:36 System Checkpoint
12-06-2014 09:03:37 Installed DirectX
12-06-2014 09:04:13 RESIDENT EVIL 5 ‚рѓCѓ“ѓXѓgЃ[ѓ‹‚µ‚Ь‚µ‚ЅЃB
12-06-2014 11:09:35 RESIDENT EVIL 5 ‚рЌнЏњ‚µ‚Ь‚µ‚ЅЃB
14-06-2014 04:44:46 System Checkpoint
14-06-2014 17:12:26 Installed Realtek High Definition Audio Driver
14-06-2014 17:23:43 Unsigned driver install
16-06-2014 06:58:54 System Checkpoint
17-06-2014 09:08:52 System Checkpoint
18-06-2014 15:38:45 System Checkpoint
19-06-2014 20:50:35 System Checkpoint
22-06-2014 09:48:01 System Checkpoint
24-06-2014 18:57:38 System Checkpoint
26-06-2014 04:31:26 System Checkpoint
27-06-2014 07:15:11 System Checkpoint
27-06-2014 09:23:23 Removed Java 7 Update 21
28-06-2014 11:52:29 System Checkpoint
01-07-2014 05:51:07 System Checkpoint
03-07-2014 06:47:31 System Checkpoint
04-07-2014 07:11:03 Installed Pro Evolution Soccer 2013.
 
==================== Hosts content: ==========================
 
2001-08-23 16:00 - 2014-02-27 19:05 - 00000865 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 gsin256345.elasticbeanstalk.com
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Browser Manager.job => C:\WINDOWS\system32\sc.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-329068152-1957994488-839522115-500Core.job => C:\Documents and Settings\Administrator\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-329068152-1957994488-839522115-500UA.job => C:\Documents and Settings\Administrator\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-1957994488-839522115-500Core.job => C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-1957994488-839522115-500UA.job => C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-07-06 08:19 - 2014-06-27 11:53 - 00065696 _____ () C:\Program Files\iSafe\zlib1.dll
2014-07-06 08:19 - 2014-06-27 11:52 - 00092320 _____ () C:\Program Files\iSafe\curlpp.dll
2014-07-06 08:19 - 2014-06-27 11:53 - 00162464 _____ () C:\Program Files\iSafe\isafeupbiz.dll
2014-07-06 08:19 - 2014-06-27 11:52 - 00427168 _____ () C:\Program Files\iSafe\ipcproxy.dll
2014-07-06 08:19 - 2014-06-03 05:50 - 00176976 _____ () C:\Program Files\iSafe\tws\unrar.dll
2014-07-06 08:19 - 2014-06-03 05:50 - 00068432 _____ () C:\Program Files\iSafe\tws\zlib1.dll
2014-07-06 08:19 - 2014-06-03 05:50 - 00087744 _____ () C:\Program Files\iSafe\tws\unacev2.dll
2011-03-05 22:02 - 2006-09-14 00:20 - 00126464 _____ () C:\Program Files\WinRAR\rarext.dll
2012-06-01 13:53 - 2006-06-09 16:48 - 00253952 ____N () C:\Program Files\Creative\Creative Live! Cam\VideoFX\EyeCatcherEx.dll
2014-07-06 00:16 - 2014-07-07 15:44 - 00327589 _____ () C:\WINDOWS\Temp\dgen.exe
2014-07-06 08:19 - 2014-06-27 11:51 - 02228896 _____ () C:\Program Files\iSafe\ipcdl.exe
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\WINDOWS:AstInfo
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:9810590D
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\14006199.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\14006199.sys => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Ulead Photo Express 3.0 SE Calendar Checker.lnk => C:\WINDOWS\pss\Ulead Photo Express 3.0 SE Calendar Checker.lnkCommon Startup
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: SpyHunter Security Suite => C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
MSCONFIG\startupreg: Vidalia => "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe"
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/07/2014 09:45:01 AM) (Source: MsiInstaller) (EventID: 11317) (User: XXX)
Description: Product: ESET NOD32 Antivirus -- Error 1317. An error occurred while attempting to create the directory: C:\Program Files\ESET\ESET NOD32 Antivirus
 
Error: (07/07/2014 09:35:07 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application firefox.exe, version 24.0.0.5001, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (07/06/2014 00:18:16 PM) (Source: MsiInstaller) (EventID: 1008) (User: XXX)
Description: The installation of C:\Documents and Settings\Administrator\Desktop\za !!!.....!!!\!!! OSNOVNI PROGRAMI (Jan 2013)\!!! Antiviruses & Other\NOD32 v4 (x32 & x64) + Fix\0\NOD32 v4\0\NOD32 v4 Antivirus - BAC\eav_nt32_4.0.424.msi is not permitted due to an error in software restriction policy processing. The object cannot be trusted.
 
Error: (07/06/2014 00:18:02 PM) (Source: MsiInstaller) (EventID: 1008) (User: XXX)
Description: The installation of C:\Documents and Settings\Administrator\Desktop\za !!!.....!!!\!!! OSNOVNI PROGRAMI (Jan 2013)\!!! Antiviruses & Other\NOD32 v4 (x32 & x64) + Fix\0\NOD32 v4\0\NOD32 v4 Antivirus - BAC\eav_nt32_4.0.424.msi is not permitted due to an error in software restriction policy processing. The object cannot be trusted.
 
Error: (07/06/2014 11:42:07 AM) (Source: MsiInstaller) (EventID: 10005) (User: XXX)
Description: Product: ESET NOD32 Antivirus -- Error 5001. The computer has not been restarted after a program uninstallation. Please restart the computer and run the installer again.
 
Error: (07/06/2014 11:41:07 AM) (Source: MsiInstaller) (EventID: 11317) (User: XXX)
Description: Product: ESET NOD32 Antivirus -- Error 1317. An error occurred while attempting to create the directory: C:\Program Files\ESET\ESET NOD32 Antivirus
 
Error: (07/06/2014 10:59:58 AM) (Source: MsiInstaller) (EventID: 11920) (User: XXX)
Description: Product: ESET NOD32 Antivirus -- Error 1920. Service 'ESET Service' (ekrn) failed to start.  Verify that you have sufficient privileges to start system services.
 
Error: (07/06/2014 10:23:18 AM) (Source: MsiInstaller) (EventID: 11317) (User: XXX)
Description: Product: ESET NOD32 Antivirus -- Error 1317. An error occurred while attempting to create the directory: C:\Program Files\ESET\ESET NOD32 Antivirus
 
Error: (07/06/2014 10:18:25 AM) (Source: MsiInstaller) (EventID: 10005) (User: XXX)
Description: Product: ESET NOD32 Antivirus -- Error 5001. The computer has not been restarted after a program uninstallation. Please restart the computer and run the installer again.
 
Error: (07/06/2014 10:17:18 AM) (Source: MsiInstaller) (EventID: 11317) (User: XXX)
Description: Product: ESET NOD32 Antivirus -- Error 1317. An error occurred while attempting to create the directory: C:\Program Files\ESET\ESET NOD32 Antivirus
 
 
System errors:
=============
Error: (07/07/2014 03:44:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Protect Monitor service failed to start due to the following error: 
%%1053
 
Error: (07/07/2014 03:44:45 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Protect Monitor service to connect.
 
Error: (07/07/2014 03:44:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The avast! Antivirus service failed to start due to the following error: 
%%2
 
Error: (07/07/2014 09:42:35 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Yahoo! Updater service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (07/07/2014 09:42:20 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Update Service Daemon service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (07/07/2014 09:30:01 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Protect Monitor service failed to start due to the following error: 
%%1053
 
Error: (07/07/2014 09:30:01 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Protect Monitor service to connect.
 
Error: (07/07/2014 09:30:01 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The avast! Antivirus service failed to start due to the following error: 
%%2
 
Error: (07/07/2014 07:01:48 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Update Service Daemon service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (07/07/2014 07:01:00 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Yahoo! Updater service terminated unexpectedly.  It has done this 1 time(s).
 
 
Microsoft Office Sessions:
=========================
Error: (01/20/2013 00:41:52 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 0 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (01/20/2013 00:41:43 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 0 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (01/20/2013 00:41:07 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (01/20/2013 00:40:49 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 0 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (01/20/2013 00:37:21 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (01/20/2013 00:16:05 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 0 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (01/20/2013 00:15:53 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 0 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (01/19/2013 06:47:45 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 0 seconds with 0 seconds of active time.  This session ended with a crash.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 17%
Total physical RAM: 3071.17 MB
Available physical RAM: 2533.8 MB
Total Pagefile: 7010.09 MB
Available Pagefile: 6668.46 MB
Total Virtual: 2047.88 MB
Available Virtual: 1927.27 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:368.1 GB) (Free:19.23 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: () (Fixed) (Total:97.65 GB) (Free:2.77 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 466 GB) (Disk ID: 97BE5B6A)
Partition 1: (Active) - (Size=368 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=98 GB) - (Type=OF Extended)
 
==================== End Of Log ============================

Edited by bacman, 08 July 2014 - 03:40 AM.


#6 ----------------

----------------

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 1,095 posts

Posted 07 July 2014 - 08:02 AM

Yes, please scan without the virus definitions


Proud Member of UNITE & TB
 

#7 bacman

bacman

    New Member

  • Authentic Member
  • Pip
  • 7 posts

Posted 07 July 2014 - 08:14 AM

I EDITED This post ...

I ADDed  two(2) LOGS from "FRST" (Logs are added one POST before this post  / UP)

And LOG from "aswMBR" (2nd post/down from this post)!


Edited by bacman, 08 July 2014 - 08:45 AM.


#8 bacman

bacman

    New Member

  • Authentic Member
  • Pip
  • 7 posts

Posted 07 July 2014 - 08:29 AM

WRONG POST


Edited by bacman, 08 July 2014 - 08:44 AM.


#9 bacman

bacman

    New Member

  • Authentic Member
  • Pip
  • 7 posts

Posted 08 July 2014 - 02:04 AM

I make a SCAN"Quick" complete ("aswMBR").

HERE is the LOG from "aswMBR":

 

aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software

Run date: 2014-07-08 09:51:44
-----------------------------
09:51:44.765    OS Version: Windows 5.1.2600 Service Pack 2
09:51:44.765    Number of processors: 2 586 0x170A
09:51:44.765    ComputerName: XXX  UserName: 
09:51:47.156    Initialize success
09:51:47.250    VM: driver load error: 2
09:51:48.093    AVAST engine defs: 10071200
09:52:23.968    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-5
09:52:23.968    Disk 0 Vendor: Hitachi_HDS721050CLA362 JP2OA3MA Size: 476940MB BusType: 3
09:52:23.984    Disk 0 MBR read successfully
09:52:23.984    Disk 0 MBR scan
09:52:24.265    Disk 0 Windows XP default MBR code
09:52:24.281    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       376931 MB offset 63
09:52:24.312    Disk 0 default boot code
09:52:24.468    Disk 0 Partition - 00     0F Extended LBA             99998 MB offset 771955380
09:52:24.500    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        99998 MB offset 771955443
09:52:24.515    Disk 0 scanning sectors +976752000
09:52:24.828    Disk 0 scanning C:\WINDOWS\system32\drivers
09:52:38.437    Service scanning
09:52:58.171    Modules scanning
09:53:06.687    Disk 0 trace - called modules:
09:53:06.703    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8abc41f8]<<
09:53:06.703    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ab1dab8]
09:53:06.703    3 CLASSPNP.SYS[f7637fcf] -> nt!IofCallDriver -> \Device\0000007d[0x8ab10f18]
09:53:06.703    5 ACPI.sys[f7497620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-5[0x8ab0fd98]
09:53:06.703    \Driver\atapi[0x8ac18430] -> IRP_MJ_CREATE -> 0x8abc41f8
09:53:08.250    AVAST engine scan C:\WINDOWS
09:53:16.093    AVAST engine scan C:\WINDOWS\system32
09:56:05.765    AVAST engine scan C:\WINDOWS\system32\drivers
09:56:40.375    AVAST engine scan C:\Documents and Settings\Administrator
11:30:40.390    File: C:\Documents and Settings\Administrator\Desktop\STARI RABOTI\!!! xakkkkkkkkkk\!!!!! PHISHING - FULL !!!!!!\!! BAC Phish PROJECT 2009\RAZNO ALATKI\Convert .exe vo .jpg\Exe2any - pcmaster.ir.exe  **INFECTED** Win32:Malware-gen
13:13:04.250    File: C:\Documents and Settings\Administrator\Desktop\Za INSTALL\!!!! Adobe CS4 Illustrator\Keygen\Keygen.exe  **INFECTED** Win32:Malware-gen
15:51:10.375    AVAST engine scan C:\Documents and Settings\All Users
15:55:52.187    Scan finished successfully
16:34:13.343    Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\MBR.dat"
16:34:13.359    The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\aswMBR.txt"

Edited by bacman, 08 July 2014 - 08:38 AM.


#10 ----------------

----------------

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 1,095 posts

Posted 08 July 2014 - 10:23 AM

Your logs show obvious signs of having cracked software on your system. This is the main reason your computer is infected. Visiting cracksites/warezsites - and other questionable/illegal sites is always a risk.

Even a single click on the site can drop multiple forms of very serious malware, many of which disable your onboard protection, and System Restore.

If you install the cracked software, you are running executable files from these dubious, unknown sources. You are in effect giving these sources access to information on your hard disk, and potential control over the operation of your computer.

Additionally, cracked programs are illegal. Referring to the Forum Rules which you should have read at the time of Registering at this forum, this forum does not support illegal activity. As such, be advised that any request for assistance in removing malware may go unanswered, or may be discontinued, if the cracked (illegal) software is still present on the machine

Having said that we can help you clean your machine this time BUT this would be a ONCE ONLY offer on the understanding that all cracks are removed. This would apply not only here but at many other Malware Support forums if you were to appear again with cracks onboard, as many of us analysts work at multiple support sites. Please remove all cracked software and illegally obtained copyrighted material you have on the system so we may continue with the clean up.


Proud Member of UNITE & TB
 

#11 bacman

bacman

    New Member

  • Authentic Member
  • Pip
  • 7 posts

Posted 09 July 2014 - 12:43 AM

NO, my computer was ok with those CRACKED SOFTWARE because i work on it with my company almost 4 years.. and before 4 days i DOWNLOAD INFECTED FILE & I EXPLAIN YOU in my FIRST POST? Are you READ ALL POST ? and problem come after that file!? 

..Please Understand my point of view and HELP ME... In my country Rep. of MACEDONIA when you BUY PC, they give you some WINDOWS ORIGINAL LICENSE for 1 year, and WARRANTY 1 YEAR, after that when you FORMAT your PC they ADD you PIRATED VERSION of Windows but i tell to THEM to add me LICENSED, and now my WINDOWS is Licensed but some software isnt.

WHAT CAN I DO ABOUT IT.. Next time i will buy only SOFTWARE that i need LEGALLY, but please help me to RUN MY PC again and do my job ..please help me to remove the trojan... !!??????? tell me ? pls ? i have work in my company i have 27 years old.. 2 kids please make my pc work and to continue my job... PLS because i will format but i have many installed files and other integrated files & must work just only 3 months before winter, than i will FORMAT and BUY only SOFTWARES that i use... ?pls? 


Edited by bacman, 09 July 2014 - 12:47 AM.


#12 ----------------

----------------

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 1,095 posts

Posted 09 July 2014 - 03:06 PM

Due to the fact you reject our instructions to remove the pirated software, this topic is closed now.


Proud Member of UNITE & TB
 

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users