Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Connection timeout, router, Skype and Dropbox online- DNS hijack?


  • This topic is locked This topic is locked
26 replies to this topic

#1 Codeplayer

Codeplayer

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tallinn, Estonia
  • Local time:12:37 AM

Posted 25 March 2013 - 11:24 AM

Hi!
 
I am fighting with Internet connection timeouts. If I connect to wireless, the connection works about 30 seconds to a minute. After that I can only use Skype, Dropbox is syncing files and i can connect to my router (192.168.1.1) Anything I try from browser- I get connection timeout.
 
ping www.bleepingcomputer.com gets me following results:

Pinging www.bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

If I then Turn off my hardware wireless button, disable the wireless connection, turn on again the wireless hardware button and enable wireless connection, I get another minute or so fully working internet and then the timeout messages start comeing again.
 
I had this problem before, and I ended up breaking my system with Combofix. I then reinstalled Windows to another partition (I always like to try anything else but that) and got by some months with everything working. Then the problem started again. I scanned the computer with all kinds of antivirus software, I could find and opened up my laptop to last bit to clean it and put it back together. Affter that, everything worked for a month or so. Now it started again. I know, its not hardware fault, because I can see my routers html-page and navigate there, while connected to wifi. Also the same thing happens while I am using cable connection. So I conclude- this must be some kind of malware, some sort of DNS hijacker perhaps? I consider myself quite advanced, when it comes to computers and I usually help all my friends with computers, hardware and software. I help also with getting rid of malware and viruses. But this is a tough one. Please help me.
 

dds-txt:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16470  BrowserJavaVersion: 10.15.2
Run by Vallo at 17:59:37 on 2013-03-25
Microsoft Windows 7 Home Premium   6.1.7601.1.1257.372.1033.18.16316.7538 [GMT 2:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\EZBackitup\EZBkuptray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe
C:\Users\Vallo\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\Winamp\winampa.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Program Files (x86)\Mozilla Thunderbird\plugin-container.exe
C:\Windows\explorer.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
R:\Program Files\Autodesk\AutoCAD 2012 - English\acad.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
C:\Program Files\Common Files\Autodesk Shared\WSCommCntr3\lib\WSCommCntr3.exe
C:\Program Files (x86)\ReluxSuite\obj\reluxPro.exe
C:\Program Files (x86)\ReluxSuite\obj\RlxProductSelector.exe
C:\Program Files (x86)\ReluxSuite\obj\reluxPro.exe
R:\Program Files\Autodesk\AutoCAD 2012 - English\acad.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Users\Vallo\Desktop\RogueKiller.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uProxyOverride = <local>
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: EstEIDIEPluginBHO Class: {2A4E94A4-B275-491A-9E32-CD7A26FC7C3B} - C:\Program Files (x86)\Estonian ID Card\esteid-plugin-ie.dll
BHO: DIALux 3.1 ULDBrowserHelper Class: {69AB812A-8CE4-4BF3-B49B-3B60A9F31FB2} - C:\Program Files (x86)\DIALux\DLXShellExtension.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [EZBack-it-up Tray Scheduler] C:\Program Files (x86)\EZBackitup\EZBkuptray.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRun: [Bonus.SSR.FR10] "C:\Program Files (x86)\ABBYY FineReader 10\Bonus.ScreenshotReader.exe" /autorun
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
StartupFolder: C:\Users\Vallo\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Vallo\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Vallo\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
StartupFolder: C:\Users\Vallo\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CODEME~1.LNK - C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Evernote 4 - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
Trusted Zone: dell.com
TCP: NameServer = 192.168.2.1 192.168.1.1
TCP: Interfaces\{D02A4523-1E33-4F0F-BFC3-5C5BA8CE6DDE} : DHCPNameServer = 192.168.2.1 192.168.1.1
TCP: Interfaces\{E758E892-0109-4300-9DCB-842C76AE04C4} : DHCPNameServer = 192.168.2.1 192.168.1.1
TCP: Interfaces\{E758E892-0109-4300-9DCB-842C76AE04C4}\3596C6675627 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{E758E892-0109-4300-9DCB-842C76AE04C4}\675627F6E616 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{E758E892-0109-4300-9DCB-842C76AE04C4}\8497462716 : DHCPNameServer = 8.8.8.8 8.8.4.4 192.168.0.1
TCP: Interfaces\{E758E892-0109-4300-9DCB-842C76AE04C4}\94D656C696B6 : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: dialux - {8352FA4C-39C6-11D3-ADBA-00A0244FB1A2} - C:\Program Files (x86)\DIALux\DLXToolBox.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: EstEIDIEPluginBHO Class: {2A4E94A4-B275-491A-9E32-CD7A26FC7C3B} - C:\Program Files\Estonian ID Card\esteid-plugin-ie.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX3
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
x64-Run: [IntelPROSet] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PROSet/Wireless
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: dialux - {8352FA4C-39C6-11D3-ADBA-00A0244FB1A2} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Vallo\AppData\Roaming\Mozilla\Firefox\Profiles\0hyhc3bi.default\
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Estonian ID Card\npesteid-firefox-plugin.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Vallo\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-01-30 13:13; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - ExtSQL: 2013-03-15 11:11; {a1109c2a-1187-4027-901d-13097b755625}; C:\Users\Vallo\AppData\Roaming\Mozilla\Firefox\Profiles\0hyhc3bi.default\extensions\{a1109c2a-1187-4027-901d-13097b755625}.xpi
FF - ExtSQL: 2013-03-15 17:42; launchy@gemal.dk; C:\Users\Vallo\AppData\Roaming\Mozilla\Firefox\Profiles\0hyhc3bi.default\extensions\launchy@gemal.dk.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
R0 SscRdBus;Virtual bus device (SuperSpeed LLC);C:\Windows\System32\drivers\SscRdBus.sys [2009-6-18 72216]
R0 SscRdCls;RAM Disk (SuperSpeed LLC);C:\Windows\System32\drivers\SscRdCls.sys [2007-11-16 37376]
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\System32\drivers\stdcfltn.sys [2012-11-20 21616]
R2 ABBYY.Licensing.FineReader.Professional.10.0;ABBYY FineReader 10 PE Licensing Service;C:\Program Files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe [2010-7-22 814344]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2012-11-20 98208]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-7-18 659472]
R2 Autodesk Content Service;Autodesk Content Service;C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2011-2-2 18656]
R2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-8-23 135984]
R2 CodeMeter.exe;CodeMeter Runtime Server;C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe [2012-11-21 2571704]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-12-10 2465712]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-11-20 13336]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-11-20 398184]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-11-20 682344]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-1-20 130008]
R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-3-31 80896]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-1-31 3289208]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-2 382824]
R2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2012-8-23 3342640]
R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2012-12-7 3560288]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2009-11-2 13784]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-11-20 2533400]
R3 Acceler;Accelerometer Service;C:\Windows\System32\drivers\Accelern.sys [2012-11-20 27760]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;C:\Windows\System32\drivers\AmpPal.sys [2012-7-18 198144]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-11-20 1431888]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-9-17 56344]
R3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-11-1 33736]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-11-20 24176]
R3 MonitorFunction;Driver for Monitor;C:\Windows\System32\drivers\TVMonitor.sys [2012-12-4 16376]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-2-10 82432]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-2-10 181760]
R3 qicflt;upper Device Filter Driver;C:\Windows\System32\drivers\qicflt.sys [2010-7-2 29288]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
R3 teamviewervpn;TeamViewer VPN Adapter;C:\Windows\System32\drivers\teamviewervpn.sys [2012-12-17 35112]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;C:\Windows\System32\drivers\AmpPal.sys [2012-7-18 198144]
S3 atrfiltr;atrfiltr;C:\Windows\System32\drivers\atrfiltr.sys [2012-4-2 16184]
S3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;C:\Program Files\BitComet\tools\BitCometService.exe -service --> C:\Program Files\BitComet\tools\BitCometService.exe -service [?]
S3 cxbu0x64;OMNIKEY 1021;C:\Windows\System32\drivers\cxbu0x64.sys [2011-9-6 177920]
S3 DialComService;DIAL Communication Service;C:\Program Files (x86)\DIAL GmbH\DIAL Communication Framework\DialComService.exe [2012-4-5 1685808]
S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\System32\drivers\htcnprot.sys [2010-6-25 36928]
S3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2012-11-20 160880]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2012-8-23 272688]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-22 19456]
S3 SmartCardRemoval;Smart Card Removal;C:\Program Files\Estonian ID Card\SmartCardRemoval.exe [2013-2-4 322832]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-22 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-11-22 30208]
S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-11-2 126352]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-11-21 1255736]
.
=============== File Associations ===============
.
FileExt: .scr: AutoCADScriptFile=C:\Windows\System32\notepad.exe "%1"
.
=============== Created Last 30 ================
.
2013-03-25 14:28:56    388096    ----a-r-    C:\Users\Vallo\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-03-24 23:42:05    76232    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C458D283-CB47-4A6B-85F7-9AD36B4A05C5}\offreg.dll
2013-03-24 23:41:24    9311288    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C458D283-CB47-4A6B-85F7-9AD36B4A05C5}\mpengine.dll
2013-03-24 17:24:34    9311288    ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-03-21 01:32:39    972264    ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B024C719-4AB0-49F2-8A16-0E7AF462C3AF}\gapaengine.dll
2013-03-18 19:58:22    --------    d-----w-    C:\Users\Vallo\AppData\Local\TransMac
2013-03-18 19:58:17    --------    d-----w-    C:\Program Files (x86)\TransMac
2013-03-15 07:27:55    19968    ----a-w-    C:\Windows\System32\drivers\usb8023.sys
2013-03-14 12:42:46    --------    d-----w-    C:\Program Files (x86)\Spirent Communications
2013-03-14 12:42:40    --------    d-----w-    C:\Program Files (x86)\HTC
2013-03-14 12:05:58    --------    d-----w-    C:\Users\Vallo\.android
2013-03-14 12:05:22    --------    d-----w-    C:\Users\Vallo\AppData\Roaming\MyPhoneExplorer
2013-03-14 12:05:03    --------    d-----w-    C:\Program Files (x86)\MyPhoneExplorer
2013-03-13 16:18:11    --------    d-----w-    C:\Program Files\Estonian ID Card
2013-03-13 13:43:34    --------    d-----w-    C:\Program Files (x86)\JustCloud
2013-03-12 21:21:11    16486616    ----a-w-    C:\Windows\SysWow64\FlashPlayerInstaller.exe
2013-03-12 17:53:13    --------    d-----w-    C:\Guzzini
2013-03-12 11:54:14    972264    ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-03-06 16:56:48    --------    d-----w-    C:\Windows\rescache
2013-02-27 12:40:29    --------    d-----w-    C:\Program Files (x86)\SpeedFan
2013-02-26 07:42:04    --------    d-----w-    C:\Program Files (x86)\Microsoft Security Client
2013-02-26 07:42:02    --------    d-----w-    C:\Program Files\Microsoft Security Client
2013-02-26 07:35:10    --------    d-----w-    C:\Program Files (x86)\ESET
2013-02-25 18:50:46    --------    d-----w-    C:\Program Files (x86)\Trend Micro
2013-02-25 18:01:16    282    ----a-w-    C:\cc_20130225_200114.reg
2013-02-25 18:00:55    17244    ----a-w-    C:\cc_20130225_200053.reg
2013-02-25 18:00:35    171110    ----a-w-    C:\cc_20130225_200028.reg
2013-02-25 14:32:47    --------    d-----w-    C:\Program Files\CCleaner
2013-02-25 11:26:44    108448    ----a-w-    C:\Windows\System32\WindowsAccessBridge-64.dll
2013-02-25 11:26:03    95648    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
.
==================== Find3M  ====================
.
2013-03-12 21:21:39    73432    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-12 21:21:39    693976    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-02-25 11:26:39    963488    ----a-w-    C:\Windows\System32\deployJava1.dll
2013-02-25 11:26:39    1085344    ----a-w-    C:\Windows\System32\npDeployJava1.dll
2013-02-25 11:25:56    861088    ----a-w-    C:\Windows\SysWow64\npDeployJava1.dll
2013-02-25 11:25:56    782240    ----a-w-    C:\Windows\SysWow64\deployJava1.dll
2013-02-12 05:45:24    135168    ----a-w-    C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45:22    350208    ----a-w-    C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45:22    308736    ----a-w-    C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45:22    111104    ----a-w-    C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48:31    474112    ----a-w-    C:\Windows\apppatch\AcSpecfc.dll
2013-02-12 04:48:26    2176512    ----a-w-    C:\Windows\apppatch\AcGenral.dll
2013-02-03 22:09:22    1598976    ----a-w-    C:\Windows\SysWow64\opensc-pkcs11.dll
2013-02-03 22:09:22    1598976    ----a-w-    C:\Windows\SysWow64\onepin-opensc-pkcs11.dll
2013-02-03 22:09:22    1598976    ----a-w-    C:\Windows\SysWow64\esteid-pkcs11.dll
2013-02-03 22:09:22    1488896    ----a-w-    C:\Windows\SysWow64\opensc.dll
2013-02-03 02:03:22    424720    ----a-w-    C:\Windows\System32\esteidcm64.dll
2013-02-03 02:02:46    349968    ----a-w-    C:\Windows\SysWow64\esteidcm.dll
2013-02-02 06:57:02    2312704    ----a-w-    C:\Windows\System32\jscript9.dll
2013-02-02 06:47:24    1494528    ----a-w-    C:\Windows\System32\inetcpl.cpl
2013-02-02 06:47:19    1392128    ----a-w-    C:\Windows\System32\wininet.dll
2013-02-02 06:42:18    173056    ----a-w-    C:\Windows\System32\ieUnatt.exe
2013-02-02 06:41:51    599040    ----a-w-    C:\Windows\System32\vbscript.dll
2013-02-02 06:38:01    2382848    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-02-02 03:38:35    1800704    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-02-02 03:30:32    1427968    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2013-02-02 03:30:21    1129472    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-02-02 03:26:47    142848    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2013-02-02 03:26:21    420864    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2013-02-02 03:23:28    2382848    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-01-30 10:53:22    273840    ------w-    C:\Windows\System32\MpSigStub.exe
2013-01-20 13:59:04    230320    ----a-w-    C:\Windows\System32\drivers\MpFilter.sys
2013-01-20 13:59:04    130008    ----a-w-    C:\Windows\System32\drivers\NisDrvWFP.sys
2013-01-13 21:17:03    9728    ---ha-w-    C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 21:17:02    2560    ---ha-w-    C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 21:16:42    10752    ---ha-w-    C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 21:12:46    3584    ---ha-w-    C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 21:11:21    4096    ---ha-w-    C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 21:11:08    5632    ---ha-w-    C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 21:11:07    5632    ---ha-w-    C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 21:11:07    3072    ---ha-w-    C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 21:11:07    3072    ---ha-w-    C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:35:31    9728    ---ha-w-    C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 20:35:31    2560    ---ha-w-    C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 20:35:18    10752    ---ha-w-    C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 20:32:07    3584    ---ha-w-    C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 20:31:48    4096    ---ha-w-    C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 20:31:41    5632    ---ha-w-    C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 20:31:40    5632    ---ha-w-    C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 20:31:40    3072    ---ha-w-    C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 20:31:40    3072    ---ha-w-    C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:31:00    1247744    ----a-w-    C:\Windows\SysWow64\DWrite.dll
2013-01-13 20:22:22    1988096    ----a-w-    C:\Windows\SysWow64\d3d10warp.dll
2013-01-13 20:20:31    293376    ----a-w-    C:\Windows\SysWow64\dxgi.dll
2013-01-13 20:09:00    249856    ----a-w-    C:\Windows\SysWow64\d3d10_1core.dll
2013-01-13 20:08:43    220160    ----a-w-    C:\Windows\SysWow64\d3d10core.dll
2013-01-13 20:08:35    1504768    ----a-w-    C:\Windows\SysWow64\d3d11.dll
2013-01-13 19:59:04    1643520    ----a-w-    C:\Windows\System32\DWrite.dll
2013-01-13 19:58:28    1175552    ----a-w-    C:\Windows\System32\FntCache.dll
2013-01-13 19:54:01    604160    ----a-w-    C:\Windows\SysWow64\d3d10level9.dll
2013-01-13 19:53:58    207872    ----a-w-    C:\Windows\SysWow64\WindowsCodecsExt.dll
2013-01-13 19:53:14    187392    ----a-w-    C:\Windows\SysWow64\UIAnimation.dll
2013-01-13 19:51:30    2565120    ----a-w-    C:\Windows\System32\d3d10warp.dll
2013-01-13 19:49:17    363008    ----a-w-    C:\Windows\System32\dxgi.dll
2013-01-13 19:48:47    161792    ----a-w-    C:\Windows\SysWow64\d3d10_1.dll
2013-01-13 19:46:25    1080832    ----a-w-    C:\Windows\SysWow64\d3d10.dll
2013-01-13 19:43:21    1230336    ----a-w-    C:\Windows\SysWow64\WindowsCodecs.dll
2013-01-13 19:38:39    333312    ----a-w-    C:\Windows\System32\d3d10_1core.dll
2013-01-13 19:38:32    1887232    ----a-w-    C:\Windows\System32\d3d11.dll
2013-01-13 19:38:21    296960    ----a-w-    C:\Windows\System32\d3d10core.dll
2013-01-13 19:37:57    3419136    ----a-w-    C:\Windows\SysWow64\d2d1.dll
2013-01-13 19:25:04    245248    ----a-w-    C:\Windows\System32\WindowsCodecsExt.dll
2013-01-13 19:24:33    648192    ----a-w-    C:\Windows\System32\d3d10level9.dll
2013-01-13 19:24:30    221184    ----a-w-    C:\Windows\System32\UIAnimation.dll
2013-01-13 19:20:42    194560    ----a-w-    C:\Windows\System32\d3d10_1.dll
2013-01-13 19:20:04    1238528    ----a-w-    C:\Windows\System32\d3d10.dll
2013-01-13 19:15:40    1424384    ----a-w-    C:\Windows\System32\WindowsCodecs.dll
2013-01-13 19:10:36    3928064    ----a-w-    C:\Windows\System32\d2d1.dll
2013-01-13 19:02:06    417792    ----a-w-    C:\Windows\SysWow64\WMPhoto.dll
2013-01-13 18:34:58    364544    ----a-w-    C:\Windows\SysWow64\XpsGdiConverter.dll
2013-01-13 18:32:43    465920    ----a-w-    C:\Windows\System32\WMPhoto.dll
2013-01-13 18:09:52    522752    ----a-w-    C:\Windows\System32\XpsGdiConverter.dll
2013-01-13 17:26:42    1158144    ----a-w-    C:\Windows\SysWow64\XpsPrint.dll
2013-01-13 17:05:09    1682432    ----a-w-    C:\Windows\System32\XpsPrint.dll
2013-01-05 05:53:43    5553512    ----a-w-    C:\Windows\System32\ntoskrnl.exe
2013-01-05 05:00:15    3967848    ----a-w-    C:\Windows\SysWow64\ntkrnlpa.exe
2013-01-05 05:00:11    3913064    ----a-w-    C:\Windows\SysWow64\ntoskrnl.exe
2013-01-04 06:11:21    2284544    ----a-w-    C:\Windows\SysWow64\msmpeg2vdec.dll
2013-01-04 06:11:13    2776576    ----a-w-    C:\Windows\System32\msmpeg2vdec.dll
2013-01-04 05:46:09    215040    ----a-w-    C:\Windows\System32\winsrv.dll
2013-01-04 04:51:16    5120    ----a-w-    C:\Windows\SysWow64\wow32.dll
2013-01-04 04:43:21    44032    ----a-w-    C:\Windows\apppatch\acwow64.dll
2013-01-04 03:26:48    3153408    ----a-w-    C:\Windows\System32\win32k.sys
2013-01-04 02:47:35    25600    ----a-w-    C:\Windows\SysWow64\setup16.exe
2013-01-04 02:47:34    7680    ----a-w-    C:\Windows\SysWow64\instnm.exe
2013-01-04 02:47:34    2048    ----a-w-    C:\Windows\SysWow64\user.exe
2013-01-04 02:47:33    14336    ----a-w-    C:\Windows\SysWow64\ntvdm64.dll
2013-01-03 06:00:54    1913192    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
2013-01-03 06:00:42    288088    ----a-w-    C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-12-22 06:13:42    2174976    ----a-w-    C:\Program Files (x86)\Common Files\atimpenc.dll
.
============= FINISH: 18:00:05,47 ===============



 
 



BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:37 PM

Posted 27 March 2013 - 08:55 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.
  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.
  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 Codeplayer

Codeplayer
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tallinn, Estonia
  • Local time:12:37 AM

Posted 28 March 2013 - 02:49 AM

Hi!

 

- I have subscribed, this is how i discovered you replying.

- I have installed MiniTool Partition Wizard Home Edition 7.8 in the mean time on 26th of march

- I am here, although with busy schedule at work answering might take some hours.

 

Thank you for helping me (:



#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:37 PM

Posted 29 March 2013 - 08:19 PM

Okay, let's start with a rootkit check

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Posted Image
m0le is a proud member of UNITE

#5 Codeplayer

Codeplayer
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tallinn, Estonia
  • Local time:12:37 AM

Posted 02 April 2013 - 09:50 AM

aswMBR.txt:

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-04-02 14:24:23
-----------------------------
14:24:23.590    OS Version: Windows x64 6.1.7601 Service Pack 1
14:24:23.590    Number of processors: 8 586 0x1E05
14:24:23.591    ComputerName: VALLO-XPS  UserName: Vallo
14:24:25.112    Initialize success
14:25:20.803    AVAST engine defs: 13040200
16:56:43.287    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:56:43.292    Disk 0 Vendor: ST950042 D005 Size: 476940MB BusType: 3
16:56:43.296    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
16:56:43.299    Disk 1 Vendor: WDC_WD16 11.0 Size: 152627MB BusType: 3
16:56:43.304    Disk 2  \Device\Harddisk2\DR2 -> \Device\00000075
16:56:43.308    Disk 2 Vendor: SuperSpeed_LLC 9.0 Size: 4094MB BusType: 0
16:56:43.543    Disk 0 MBR read successfully
16:56:43.548    Disk 0 MBR scan
16:56:43.584    Disk 0 Windows 7 default MBR code
16:56:43.589    Disk 0 Partition 1 00     DE Dell Utility Dell 8.0       39 MB offset 63
16:56:43.621    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS        15000 MB offset 80325
16:56:43.655    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       461899 MB offset 30800325
16:56:43.714    Disk 0 scanning C:\Windows\system32\drivers
16:57:00.264    Service scanning
16:57:53.911    Modules scanning
16:57:53.922    Disk 0 trace - called modules:
16:57:53.942    ntoskrnl.exe CLASSPNP.SYS disk.sys stdcfltn.sys iaStor.sys hal.dll 
16:57:53.950    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800fdfb790]
16:57:53.956    3 CLASSPNP.SYS[fffff8800107543f] -> nt!IofCallDriver -> [0xfffffa800ded04a0]
16:57:53.964    5 stdcfltn.sys[fffff880019ccc52] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800db35050]
16:57:56.980    AVAST engine scan C:\Windows
16:58:01.353    AVAST engine scan C:\Windows\system32
17:04:11.943    AVAST engine scan C:\Windows\system32\drivers
17:04:38.725    AVAST engine scan C:\Users\Vallo
17:48:50.731    Disk 0 MBR has been saved successfully to "C:\Users\Vallo\Desktop\MBR.dat"
17:48:50.823    The log file has been saved successfully to "C:\Users\Vallo\Desktop\aswMBR.txt"





#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:37 PM

Posted 02 April 2013 - 05:37 PM

Clear. Let's run OTL and see if there's any sign of DNS hijacking

 

 

  • Please download OTL

  • Save it to your desktop.

  • Double click on the otlicon.png icon on your desktop.

  • Click the "Scan All Users" checkbox.

  • Push the runscan.png button.

  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

 


Posted Image
m0le is a proud member of UNITE

#7 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:37 PM

Posted 06 April 2013 - 05:25 PM

Hi,

I have not had a reply from you for 4 days.
Can you please tell me if you still need help with your computer as I am unable to help other members with their problems while I have your topic still open. The time taken between posts can also change the situation with your PC making it more difficult to help you.

If you like you can PM me.

Thanks,

m0le
Posted Image
m0le is a proud member of UNITE

#8 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:37 PM

Posted 07 April 2013 - 07:55 PM

Hi,

 

I will be helping you out while m0le is away.  My name is Jeff.  :)

 

Do you still need help?


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#9 Codeplayer

Codeplayer
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tallinn, Estonia
  • Local time:12:37 AM

Posted 08 April 2013 - 02:03 AM

Hi, Jeff and m0le!

 

Thanks for your reply!

 

I am sorry for not answering in a while. I got too busy working.

 

The strange thing is, that there malfunction has not appeared after I ran aswMBR.

 

Still, I ran it before also, but the problem came back haunting me.

 

Thats why I think, i still need help, but

 

Here are the two logs m0le asked for:

OTL.txt:

HOTL logfile created on: 8.04.2013 9:39:19 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Vallo\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000425 | Country: Eesti | Language: ETI | Date Format: d.MM.yyyy
 
15,93 Gb Total Physical Memory | 7,30 Gb Available Physical Memory | 45,83% Memory free
21,27 Gb Paging File | 12,44 Gb Available in Paging File | 58,50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451,07 Gb Total Space | 14,11 Gb Free Space | 3,13% Space Free | Partition Type: NTFS
Drive D: | 141,05 Gb Total Space | 1,00 Gb Free Space | 0,71% Space Free | Partition Type: NTFS
Drive F: | 14,65 Gb Total Space | 7,79 Gb Free Space | 53,19% Space Free | Partition Type: NTFS
Drive R: | 4,00 Gb Total Space | 1,24 Gb Free Space | 31,10% Space Free | Partition Type: NTFS
 
Computer Name: VALLO-XPS | User Name: Vallo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2013.04.08 09:38:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Vallo\Desktop\OTL.exe
PRC - [2013.04.03 15:34:06 | 000,017,304 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Thunderbird\plugin-container.exe
PRC - [2013.04.03 15:34:05 | 000,389,016 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
PRC - [2013.03.19 22:26:44 | 003,289,208 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013.03.13 00:21:39 | 001,822,424 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
PRC - [2013.03.12 10:05:50 | 029,106,336 | ---- | M] (Dropbox, Inc.) -- C:\Users\Vallo\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013.03.09 14:18:23 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013.03.07 17:31:48 | 019,357,112 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
PRC - [2013.03.06 18:30:43 | 010,220,896 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
PRC - [2013.03.06 18:30:43 | 003,560,288 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2013.03.06 18:22:26 | 000,185,696 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
PRC - [2013.02.06 02:43:42 | 000,213,384 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler.exe
PRC - [2013.01.29 23:32:58 | 001,078,624 | ---- | M] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) -- C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
PRC - [2012.12.19 17:38:50 | 000,360,176 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
PRC - [2012.12.14 17:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.12.14 17:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.12.14 17:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.12.10 18:29:46 | 002,254,768 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2012.11.21 05:50:00 | 008,443,832 | ---- | M] (WIBU-SYSTEMS AG) -- C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe
PRC - [2012.11.21 05:50:00 | 002,571,704 | ---- | M] (WIBU-SYSTEMS AG) -- C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
PRC - [2012.10.03 01:21:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012.10.02 14:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.06.28 18:40:52 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe
PRC - [2011.03.31 17:08:14 | 000,080,896 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2011.02.02 15:08:16 | 000,018,656 | ---- | M] () -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
PRC - [2010.12.28 11:00:34 | 001,296,728 | ---- | M] (www.BitComet.com) -- C:\Program Files\BitComet\tools\BitCometService.exe
PRC - [2010.11.17 10:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010.09.24 11:21:20 | 000,727,664 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
PRC - [2010.09.09 20:59:26 | 000,920,888 | ---- | M] (Aignesberger Software GmbH) -- C:\PSMenu\psmenu.exe
PRC - [2010.07.22 19:07:05 | 000,814,344 | ---- | M] (ABBYY) -- C:\Program Files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe
PRC - [2010.07.01 13:10:26 | 002,533,400 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.07.01 13:10:22 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.03.03 21:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010.03.03 21:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2004.06.03 18:30:34 | 000,631,808 | ---- | M] (Rob Decker) -- C:\Program Files (x86)\EZBackitup\EZBkuptray.exe
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
MOD - [2013.04.03 16:23:55 | 000,128,512 | ---- | M] () -- C:\Users\Vallo\AppData\Local\Temp\_MEI46242\_elementtree.pyd
MOD - [2013.04.03 16:23:55 | 000,098,816 | ---- | M] () -- C:\Users\Vallo\AppData\Local\Temp\_MEI46242\win32api.pyd
MOD - [2013.04.03 16:23:55 | 000,044,032 | ---- | M] () -- C:\Users\Vallo\AppData\Local\Temp\_MEI46242\_socket.pyd
MOD - [2013.04.03 16:23:54 | 000,557,056 | ---- | M] () -- C:\Users\Vallo\AppData\Local\Temp\_MEI46242\pysqlite2._sqlite.pyd
MOD - [2013.04.03 16:23:54 | 000,022,528 | ---- | M] () -- C:\Users\Vallo\AppData\Local\Temp\_MEI46242\win32ts.pyd
MOD - [2013.04.03 16:23:53 | 000,320,512 | ---- | M] () -- C:\Users\Vallo\AppData\Local\Temp\_MEI46242\win32com.shell.shell.pyd
MOD - [2013.04.03 16:23:53 | 000,070,656 | ---- | M] () -- C:\Users\Vallo\AppData\Local\Temp\_MEI46242\wx._html2.pyd
MOD - [2013.04.03 16:23:53 | 000,011,264 | ---- | M] () -- C:\Users\Vallo\AppData\Local\Temp\_MEI46242\win32crypt.pyd
MOD - [2013.04.03 16:23:52 | 000,805,888 | ---- | M] () -- C:\Users\Vallo\AppData\Local\Temp\_MEI46242\wx._gdi_.pyd
MOD - [2013.04.03 16:23:50 | 001,022,416 | ---- | M] () -- C:\Users\Vallo\AppData\Local\Temp\_MEI46242\windows._cacheinvalidation.pyd
MOD - [2013.04.03 16:23:50 | 000,017,408 | ---- | M] () -- C:\Users\Vallo\AppData\Local\Temp\_MEI46242\win32profile.pyd
MOD - [2013.04.03 16:23:48 | 000,735,232 | ---- | M] () -- C:\Users\Vallo\AppData\Local\Temp\_MEI46242\wx._misc_.pyd
MOD - [2013.04.03 16:23:48 | 000,364,544 | ---- | M] () -- C:\Users\Vallo\AppData\Local\Temp\_MEI46242\pythoncom27.dll
MOD - [2013.04.03 16:23:48 | 000,110,080 | ---- | M] () -- C:\Users\Vallo\AppData\Local\Temp\_MEI46242\PyWinTypes27.dll
MOD - [2013.04.03 16:23:48 | 000,108,544 | ---- | M] () -- C:\Users\Vallo\AppData\Local\Temp\_MEI46242\win32security.pyd
MOD - [2013.04.03 16:23:48 | 000,087,040 | ---- | M] () -- C:\Users\Vallo\AppData\Local\Temp\_MEI46242\_ctypes.pyd
MOD - [2013.04.03 16:23:47 | 001,175,040 | ---- | M] () -- C:\Users\Vallo\AppData\Local\Temp\_MEI46242\wx._core_.pyd
MOD - [2013.04.03 16:23:47 | 001,153,024 | ---- | M] () -- C:\Users\Vallo\AppData\Local\Temp\_MEI46242\_ssl.pyd
MOD - [2013.04.03 16:23:47 | 000,811,008 | ---- | M] () -- C:\Users\Vallo\AppData\Local\Temp\_MEI46242\wx._windows_.pyd
MOD - [2013.04.03 16:23:47 | 000,711,680 | ---- | M] () -- C:\Users\Vallo\AppData\Local\Temp\_MEI46242\_hashlib.pyd
MOD - [2013.04.03 16:23:47 | 000,122,368 | ---- | M] () -- C:\Users\Vallo\AppData\Local\Temp\_MEI46242\wx._wizard.pyd
MOD - [2013.04.03 16:23:47 | 000,119,808 | ---- | M] () -- C:\Users\Vallo\AppData\Local\Temp\_MEI46242\win32file.pyd
MOD - [2013.04.03 16:23:47 | 000,038,912 | ---- | M] () -- C:\Users\Vallo\AppData\Local\Temp\_MEI46242\win32inet.pyd
MOD - [2013.04.03 16:23:47 | 000,035,840 | ---- | M] () -- C:\Users\Vallo\AppData\Local\Temp\_MEI46242\win32process.pyd
MOD - [2013.04.03 16:23:47 | 000,025,600 | ---- | M] () -- C:\Users\Vallo\AppData\Local\Temp\_MEI46242\win32pdh.pyd
MOD - [2013.04.03 16:23:46 | 001,062,400 | ---- | M] () -- C:\Users\Vallo\AppData\Local\Temp\_MEI46242\wx._controls_.pyd
MOD - [2013.04.03 16:23:45 | 000,686,080 | ---- | M] () -- C:\Users\Vallo\AppData\Local\Temp\_MEI46242\unicodedata.pyd
MOD - [2013.04.03 16:23:45 | 000,127,488 | ---- | M] () -- C:\Users\Vallo\AppData\Local\Temp\_MEI46242\pyexpat.pyd
MOD - [2013.04.03 16:23:45 | 000,018,432 | ---- | M] () -- C:\Users\Vallo\AppData\Local\Temp\_MEI46242\win32event.pyd
MOD - [2013.04.03 16:23:45 | 000,010,240 | ---- | M] () -- C:\Users\Vallo\AppData\Local\Temp\_MEI46242\select.pyd
MOD - [2013.04.03 15:34:07 | 002,243,480 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
MOD - [2013.04.03 15:34:06 | 000,158,104 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\nsldap32v60.dll
MOD - [2013.04.03 15:34:06 | 000,022,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\nsldappr32v60.dll
MOD - [2013.03.13 00:21:38 | 014,717,144 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
MOD - [2013.03.09 14:18:06 | 003,069,848 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013.02.14 04:34:50 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll
MOD - [2013.02.04 01:09:22 | 001,598,976 | ---- | M] () -- C:\Windows\SysWOW64\onepin-opensc-pkcs11.dll
MOD - [2013.01.09 04:44:43 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\f7cb3ae5de64f8cbde3ccc57c780743a\IAStorUtil.ni.dll
MOD - [2013.01.09 04:33:02 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\e90dee4f938f7223c05de89a3221b760\System.Runtime.Remoting.ni.dll
MOD - [2013.01.09 04:32:29 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013.01.09 04:32:23 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013.01.09 04:24:23 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013.01.09 04:24:21 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll
MOD - [2013.01.09 04:24:17 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013.01.09 04:24:11 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2012.11.30 00:59:32 | 000,093,696 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
MOD - [2012.09.08 13:16:30 | 000,433,664 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
MOD - [2012.09.08 13:16:20 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
MOD - [2012.01.04 01:59:52 | 007,471,104 | ---- | M] () -- c:\Program Files (x86)\Adobe\Reader 9.0\Reader\RdLang32.ETI
MOD - [2011.03.17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010.10.20 16:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010.09.24 11:21:20 | 000,727,664 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
MOD - [2009.10.03 02:50:50 | 000,102,400 | ---- | M] () -- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\EScript.ETI
MOD - [2009.10.03 02:47:34 | 000,011,776 | ---- | M] () -- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Updater.ETI
MOD - [2009.02.27 20:39:16 | 001,671,168 | ---- | M] () -- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annots.ETI
MOD - [2009.02.27 13:52:56 | 000,258,048 | ---- | M] () -- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\sqlite.dll
 
 
[color=#E56717]========== Services (SafeList) ==========[/color]
 
SRV:[b]64bit:[/b] - [2013.02.04 01:23:18 | 000,322,832 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Estonian ID Card\SmartCardRemoval.exe -- (SmartCardRemoval)
SRV:[b]64bit:[/b] - [2013.01.27 12:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:[b]64bit:[/b] - [2013.01.27 12:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:[b]64bit:[/b] - [2012.11.20 23:55:37 | 001,431,888 | ---- | M] (Flexera Software, Inc.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:[b]64bit:[/b] - [2012.08.23 17:05:12 | 003,342,640 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService)
SRV:[b]64bit:[/b] - [2012.08.23 17:04:28 | 000,272,688 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:[b]64bit:[/b] - [2012.08.23 17:04:00 | 000,629,040 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:[b]64bit:[/b] - [2012.08.23 17:03:14 | 000,149,296 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:[b]64bit:[/b] - [2012.08.23 14:39:38 | 000,135,984 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV:[b]64bit:[/b] - [2012.07.18 01:52:16 | 000,659,472 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV:[b]64bit:[/b] - [2010.12.28 11:00:34 | 001,296,728 | ---- | M] (www.BitComet.com) [On_Demand | Running] -- C:\Program Files\BitComet\tools\BitCometService.exe -- (BITCOMET_HELPER_SERVICE)
SRV:[b]64bit:[/b] - [2009.11.17 19:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:[b]64bit:[/b] - [2009.11.02 13:48:18 | 000,126,352 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:[b]64bit:[/b] - [2009.07.14 04:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013.03.19 22:26:44 | 003,289,208 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013.03.13 00:21:39 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.03.09 14:18:22 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.03.06 18:30:43 | 003,560,288 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2013.01.08 13:53:48 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.12.14 17:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.12.14 17:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.12.10 18:29:46 | 002,465,712 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012.11.21 05:50:00 | 002,571,704 | ---- | M] (WIBU-SYSTEMS AG) [Auto | Running] -- C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe -- (CodeMeter.exe)
SRV - [2012.10.03 01:21:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.10.02 14:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.07.09 01:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012.04.05 15:42:12 | 001,685,808 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\DIAL GmbH\DIAL Communication Framework\DialComService.exe -- (DialComService)
SRV - [2011.03.31 17:08:14 | 000,080,896 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2011.02.02 15:08:16 | 000,018,656 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe -- (Autodesk Content Service)
SRV - [2010.07.22 19:07:05 | 000,814,344 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Professional.10.0)
SRV - [2010.07.01 13:10:26 | 002,533,400 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010.07.01 13:10:22 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010.03.03 21:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2009.06.11 00:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV:[b]64bit:[/b] - [2013.03.07 14:37:54 | 000,019,032 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdrvio.sys -- (pwdrvio)
DRV:[b]64bit:[/b] - [2013.03.07 14:37:32 | 000,009,584 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdspio.sys -- (pwdspio)
DRV:[b]64bit:[/b] - [2013.01.20 16:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:[b]64bit:[/b] - [2012.12.14 17:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:[b]64bit:[/b] - [2012.11.28 20:49:00 | 000,035,112 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV:[b]64bit:[/b] - [2012.09.30 12:24:08 | 011,523,072 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Netwsw00.sys -- (NETwNs64)
DRV:[b]64bit:[/b] - [2012.09.12 14:36:44 | 000,016,376 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TVMonitor.sys -- (MonitorFunction)
DRV:[b]64bit:[/b] - [2012.08.23 17:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:[b]64bit:[/b] - [2012.08.23 17:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:[b]64bit:[/b] - [2012.08.23 17:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:[b]64bit:[/b] - [2012.07.18 01:49:00 | 000,198,144 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP)
DRV:[b]64bit:[/b] - [2012.07.18 01:49:00 | 000,198,144 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
DRV:[b]64bit:[/b] - [2012.07.03 18:25:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:[b]64bit:[/b] - [2012.04.03 00:26:56 | 000,016,184 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atrfiltr.sys -- (atrfiltr)
DRV:[b]64bit:[/b] - [2012.03.01 09:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:[b]64bit:[/b] - [2011.09.06 12:10:28 | 000,177,920 | ---- | M] (HID Global Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cxbu0x64.sys -- (cxbu0x64)
DRV:[b]64bit:[/b] - [2011.06.10 07:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:[b]64bit:[/b] - [2011.03.11 09:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2011.03.11 09:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2011.02.10 15:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:[b]64bit:[/b] - [2011.02.10 15:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:[b]64bit:[/b] - [2010.11.21 06:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2010.08.20 12:05:18 | 000,027,760 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelern.sys -- (Acceler)
DRV:[b]64bit:[/b] - [2010.08.20 12:05:12 | 000,021,616 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdcfltn.sys -- (stdcfltn)
DRV:[b]64bit:[/b] - [2010.07.15 18:54:20 | 001,381,936 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:[b]64bit:[/b] - [2010.07.02 02:46:58 | 000,029,288 | ---- | M] (Quanta Computer) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\qicflt.sys -- (qicflt)
DRV:[b]64bit:[/b] - [2010.06.25 17:08:10 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)
DRV:[b]64bit:[/b] - [2010.03.26 16:03:20 | 000,160,880 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:[b]64bit:[/b] - [2010.03.03 20:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:[b]64bit:[/b] - [2009.11.02 13:48:02 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:[b]64bit:[/b] - [2009.11.01 20:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:[b]64bit:[/b] - [2009.09.17 20:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:[b]64bit:[/b] - [2009.07.14 04:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2009.07.14 04:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2009.07.14 04:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2009.06.18 09:24:08 | 000,072,216 | ---- | M] (SuperSpeed LLC) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SscRdBus.sys -- (SscRdBus)
DRV:[b]64bit:[/b] - [2009.06.10 23:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2009.06.10 23:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2009.06.10 23:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:[b]64bit:[/b] - [2009.06.10 23:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:[b]64bit:[/b] - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:[b]64bit:[/b] - [2007.11.16 16:59:10 | 000,037,376 | ---- | M] (SuperSpeed LLC) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SscRdCls.sys -- (SscRdCls)
DRV:[b]64bit:[/b] - [2007.01.12 17:54:44 | 000,461,824 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emBDA64.sys -- (USB28xxBGA)
DRV:[b]64bit:[/b] - [2006.12.21 14:14:16 | 000,040,704 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emOEM64.sys -- (USB28xxOEM)
DRV - [2009.07.14 04:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3563282532-2694745272-1366953449-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3563282532-2694745272-1366953449-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3563282532-2694745272-1366953449-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3563282532-2694745272-1366953449-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..extensions.enabledAddons: sendtophone%40martinezdelizarrondo.com:1.2.4
FF - prefs.js..extensions.enabledAddons: copylinkurl%40bluelightdev.com:1.5
FF - prefs.js..extensions.enabledAddons: %7B966762eb-7132-4081-ac70-20d20161ad96%7D:4.3
FF - prefs.js..extensions.enabledAddons: %7Baa84ce40-4253-a00a-8cd6-0800200f9a66%7D:3.7.0.877
FF - prefs.js..extensions.enabledAddons: %7Ba1109c2a-1187-4027-901d-13097b755625%7D:0.83
FF - prefs.js..extensions.enabledAddons: launchy%40gemal.dk:4.4.0
FF - prefs.js..extensions.enabledAddons: flashfirebug%40o-minds.com:4.67
FF - prefs.js..extensions.enabledAddons: %7B82AF8DCA-6DE9-405D-BD5E-43525BDAD38A%7D:6.7.0.12055
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..searchreset.backup.browser.search.defaultenginename: ""
FF - user.js - File not found
 
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@RIA/esteid-firefox-plugin: C:\Program Files (x86)\Estonian ID Card\npesteid-firefox-plugin.dll (RIA)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Vallo\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{aa84ce40-4253-a00a-8cd6-0800200f9a66}: C:\Program Files (x86)\Estonian ID Card\Firefox PKCS11 Loader\ [2013.03.13 19:18:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.09 14:18:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.04.03 15:34:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.09 14:18:23 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.04.03 15:34:01 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2012.11.21 16:12:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vallo\AppData\Roaming\Mozilla\Extensions
[2013.03.22 17:24:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vallo\AppData\Roaming\Mozilla\Firefox\Profiles\0hyhc3bi.default\extensions
[2013.03.22 17:24:41 | 000,000,000 | ---D | M] (FlashFirebug) -- C:\Users\Vallo\AppData\Roaming\Mozilla\Firefox\Profiles\0hyhc3bi.default\extensions\flashfirebug@o-minds.com
[2012.11.27 21:26:02 | 000,012,941 | ---- | M] () (No name found) -- C:\Users\Vallo\AppData\Roaming\Mozilla\Firefox\Profiles\0hyhc3bi.default\extensions\copylinkurl@bluelightdev.com.xpi
[2013.03.15 18:42:42 | 000,025,884 | ---- | M] () (No name found) -- C:\Users\Vallo\AppData\Roaming\Mozilla\Firefox\Profiles\0hyhc3bi.default\extensions\launchy@gemal.dk.xpi
[2012.11.27 13:50:32 | 000,090,822 | ---- | M] () (No name found) -- C:\Users\Vallo\AppData\Roaming\Mozilla\Firefox\Profiles\0hyhc3bi.default\extensions\sendtophone@martinezdelizarrondo.com.xpi
[2013.03.09 14:18:27 | 000,093,464 | ---- | M] () (No name found) -- C:\Users\Vallo\AppData\Roaming\Mozilla\Firefox\Profiles\0hyhc3bi.default\extensions\{966762eb-7132-4081-ac70-20d20161ad96}.xpi
[2013.03.15 12:11:09 | 000,086,058 | ---- | M] () (No name found) -- C:\Users\Vallo\AppData\Roaming\Mozilla\Firefox\Profiles\0hyhc3bi.default\extensions\{a1109c2a-1187-4027-901d-13097b755625}.xpi
[2013.02.20 01:34:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013.04.05 16:23:39 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013.03.13 19:18:12 | 000,000,000 | ---D | M] (Estonian ID Card PKCS11 module loader) -- C:\PROGRAM FILES (X86)\ESTONIAN ID CARD\FIREFOX PKCS11 LOADER
[2013.03.09 14:18:23 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.11.20 12:13:24 | 000,001,372 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eki-ee.xml
[2012.11.20 12:13:24 | 000,002,173 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\neti-ee.xml
[2012.11.20 12:13:24 | 000,001,117 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\osta-ee.xml
[2012.11.20 12:13:24 | 000,001,384 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-et.xml
 
[color=#E56717]========== Chrome  ==========[/color]
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: 
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - Extension: Google Translate = C:\Users\Vallo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\1.2.4_0\
CHR - Extension: Magic Actions for YouTube™ = C:\Users\Vallo\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif\5.8.3.1_0\
CHR - Extension: Google Drive = C:\Users\Vallo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: QR-Code Tag Extension = C:\Users\Vallo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcfddoencoiedfjgepnlhcpfikgaogdg\0.7.9_0\
CHR - Extension: YouTube = C:\Users\Vallo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Cache = C:\Users\Vallo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnmfcdcicagaffaokphooddegagehcin\1.2_0\
CHR - Extension: Adblock Plus = C:\Users\Vallo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.4_0\
CHR - Extension: Web Cache = C:\Users\Vallo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coblegoildgpecccijneplifmeghcgip\0.4_0\
CHR - Extension: Google'i otsing = C:\Users\Vallo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Flag for Chrome = C:\Users\Vallo\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbpojpfdiliekbbiplijcphappgcgjfn\0.4.1_0\
CHR - Extension: BlockIt = C:\Users\Vallo\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfjfhdfdeogiplgepcbfjcpiianmeoed\0.5.1_0\
CHR - Extension: AdBlock = C:\Users\Vallo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.61_0\
CHR - Extension: Wolfram Alpha = C:\Users\Vallo\AppData\Local\Google\Chrome\User Data\Default\Extensions\idggmlekajlpkppfjdadikipagekmfdn\6.2_0\
CHR - Extension: BugMeNot Lite = C:\Users\Vallo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lackfehpdclhclidcbbfcemcpolgdgnb\0.3.10_0\
CHR - Extension: Skype Click to Call = C:\Users\Vallo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.6.0.11664_0\
CHR - Extension: Ghostery = C:\Users\Vallo\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\4.1.0_0\
CHR - Extension: QR-ome = C:\Users\Vallo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkhgpliefpgnkmoeidcfchbbkmnpbmeh\0.6_0\
CHR - Extension: Better Pop Up Blocker = C:\Users\Vallo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpeeekfhbmikbdhlpjbfmnpgcbeggic\2.1.6_0\
CHR - Extension: Docsi PDF-i/PowerPointi vaatur (Google'ilt) = C:\Users\Vallo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbmlagghjjcbdhgmkedmbmedengocbn\3.10_0\
CHR - Extension: Google Chrome to Phone Extension = C:\Users\Vallo\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco\2.3.1_0\
CHR - Extension: Google Calendar Checker (Google) = C:\Users\Vallo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ookhcbgokankfmjafalglpofmolfopek\1.2.2_0\
CHR - Extension: Greyscale = C:\Users\Vallo\AppData\Local\Google\Chrome\User Data\Default\Extensions\penkfbldfkaelnnhblmfmajlggdielfm\1.0_0\
CHR - Extension: SiteBlock = C:\Users\Vallo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfglnpdpgmecffbejlfgpnebopinlclj\0.2.3_0\
CHR - Extension: Gmail = C:\Users\Vallo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Google Translate = C:\Users\Vallo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\1.2.4_0\
CHR - Extension: Magic Actions for YouTube™ = C:\Users\Vallo\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif\5.8.3.1_0\
CHR - Extension: Google Drive = C:\Users\Vallo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: QR-Code Tag Extension = C:\Users\Vallo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcfddoencoiedfjgepnlhcpfikgaogdg\0.7.9_0\
CHR - Extension: YouTube = C:\Users\Vallo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Cache = C:\Users\Vallo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnmfcdcicagaffaokphooddegagehcin\1.2_0\
CHR - Extension: Adblock Plus = C:\Users\Vallo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.4_0\
CHR - Extension: Web Cache = C:\Users\Vallo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coblegoildgpecccijneplifmeghcgip\0.4_0\
CHR - Extension: Google'i otsing = C:\Users\Vallo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Flag for Chrome = C:\Users\Vallo\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbpojpfdiliekbbiplijcphappgcgjfn\0.4.1_0\
CHR - Extension: BlockIt = C:\Users\Vallo\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfjfhdfdeogiplgepcbfjcpiianmeoed\0.5.1_0\
CHR - Extension: AdBlock = C:\Users\Vallo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.61_0\
CHR - Extension: Wolfram Alpha = C:\Users\Vallo\AppData\Local\Google\Chrome\User Data\Default\Extensions\idggmlekajlpkppfjdadikipagekmfdn\6.2_0\
CHR - Extension: BugMeNot Lite = C:\Users\Vallo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lackfehpdclhclidcbbfcemcpolgdgnb\0.3.10_0\
CHR - Extension: Skype Click to Call = C:\Users\Vallo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.6.0.11664_0\
CHR - Extension: Ghostery = C:\Users\Vallo\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\4.1.0_0\
CHR - Extension: QR-ome = C:\Users\Vallo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkhgpliefpgnkmoeidcfchbbkmnpbmeh\0.6_0\
CHR - Extension: Better Pop Up Blocker = C:\Users\Vallo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpeeekfhbmikbdhlpjbfmnpgcbeggic\2.1.6_0\
CHR - Extension: Docsi PDF-i/PowerPointi vaatur (Google'ilt) = C:\Users\Vallo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbmlagghjjcbdhgmkedmbmedengocbn\3.10_0\
CHR - Extension: Google Chrome to Phone Extension = C:\Users\Vallo\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco\2.3.1_0\
CHR - Extension: Google Calendar Checker (Google) = C:\Users\Vallo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ookhcbgokankfmjafalglpofmolfopek\1.2.2_0\
CHR - Extension: Greyscale = C:\Users\Vallo\AppData\Local\Google\Chrome\User Data\Default\Extensions\penkfbldfkaelnnhblmfmajlggdielfm\1.0_0\
CHR - Extension: SiteBlock = C:\Users\Vallo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfglnpdpgmecffbejlfgpnebopinlclj\0.2.3_0\
CHR - Extension: Gmail = C:\Users\Vallo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.11 00:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:[b]64bit:[/b] - BHO: (EstEIDIEPluginBHO Class) - {2A4E94A4-B275-491A-9E32-CD7A26FC7C3B} - C:\Program Files\Estonian ID Card\esteid-plugin-ie.dll (RIA)
O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:[b]64bit:[/b] - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (EstEIDIEPluginBHO Class) - {2A4E94A4-B275-491A-9E32-CD7A26FC7C3B} - C:\Program Files (x86)\Estonian ID Card\esteid-plugin-ie.dll (RIA)
O2 - BHO: (DIALux 3.1 ULDBrowserHelper Class) - {69AB812A-8CE4-4BF3-B49B-3B60A9F31FB2} - C:\Program Files (x86)\DIALux\DLXShellExtension.dll (DIAL GmbH, Germany)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Evernote extension) - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
O4:[b]64bit:[/b] - HKLM..\Run: [IntelPROSet] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:[b]64bit:[/b] - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Bonus.SSR.FR10] C:\Program Files (x86)\ABBYY FineReader 10\Bonus.ScreenshotReader.exe (ABBYY.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3563282532-2694745272-1366953449-1000..\Run: [EZBack-it-up Tray Scheduler] C:\Program Files (x86)\EZBackitup\EZBkuptray.exe (Rob Decker)
O4 - HKU\S-1-5-21-3563282532-2694745272-1366953449-1000..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKU\S-1-5-21-3563282532-2694745272-1366953449-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-3563282532-2694745272-1366953449-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Vallo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Vallo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Vallo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
O4 - Startup: C:\Users\Vallo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:[b]64bit:[/b] - Extra context menu item: Add to Evernote 4 - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html ()
O8:[b]64bit:[/b] - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:[b]64bit:[/b] - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8:[b]64bit:[/b] - Extra context menu item: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html ()
O8 - Extra context menu item: Add to Evernote 4 - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html ()
O9:[b]64bit:[/b] - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3563282532-2694745272-1366953449-1000\..Trusted Domains: dell.com ([]* in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D02A4523-1E33-4F0F-BFC3-5C5BA8CE6DDE}: DhcpNameServer = 192.168.2.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E758E892-0109-4300-9DCB-842C76AE04C4}: DhcpNameServer = 192.168.2.1 192.168.1.1
O18:[b]64bit:[/b] - Protocol\Handler\dialux - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\livecall - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msnim - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:[b]64bit:[/b] - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dialux {8352FA4C-39C6-11D3-ADBA-00A0244FB1A2} - C:\Program Files (x86)\DIALux\DLXToolBox.dll (DIAL GmbH, Germany)
O18 - Protocol\Handler\livecall - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\msnim - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) -  File not found
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.11.26 21:29:56 | 000,000,000 | R--D | M] - C:\Autocad Macros -- [ NTFS ]
O32 - AutoRun File - [2012.02.15 14:30:20 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2009.02.28 16:25:44 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2013.04.06 12:23:31 | 000,000,000 | R--D | M] - R:\Autocad Macros -- [ NTFS ]
O33 - MountPoints2\{8b8ef4dc-33cf-11e2-bd55-f04da2633f59}\Shell - "" = AutoRun
O33 - MountPoints2\{8b8ef4dc-33cf-11e2-bd55-f04da2633f59}\Shell\AutoRun\command - "" = G:\.\applauncher.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2013.04.08 09:38:50 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Vallo\Desktop\OTL.exe
[2013.04.03 15:34:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2013.04.02 22:57:51 | 000,000,000 | ---D | C] -- C:\Users\Vallo\Desktop\Tomtomtom
[2013.04.02 22:37:21 | 000,000,000 | ---D | C] -- C:\Users\Vallo\AppData\Roaming\WinRAR
[2013.04.02 20:01:25 | 000,000,000 | ---D | C] -- C:\Users\Vallo\AppData\Local\Adobe
[2013.04.02 11:07:00 | 000,000,000 | ---D | C] -- C:\PSMenu
[2013.04.02 10:55:24 | 000,000,000 | --SD | C] -- C:\PortableApps
[2013.04.01 20:28:53 | 000,000,000 | -HSD | C] -- C:\Windows\ftpcache
[2013.04.01 20:28:33 | 000,000,000 | ---D | C] -- C:\Users\Vallo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ACC Color Map CD
[2013.04.01 20:28:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ACC Color Map CD
[2013.04.01 20:28:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ACC Color Map CD
[2013.03.30 14:52:21 | 000,000,000 | ---D | C] -- C:\Users\Vallo\AppData\Roaming\GPX Editor
[2013.03.30 13:13:27 | 000,000,000 | ---D | C] -- C:\Program Files\PlayReady
[2013.03.30 11:36:45 | 000,000,000 | --SD | C] -- C:\Users\Vallo\Google Drive
[2013.03.28 13:21:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Philips Lighting
[2013.03.28 13:20:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Philips Lighting
[2013.03.28 13:20:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Philips Lighting
[2013.03.26 22:32:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiniTool Partition Wizard Home Edition 7.8
[2013.03.26 22:32:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MiniTool Partition Wizard Home Edition 7.8
[2013.03.18 22:58:22 | 000,000,000 | ---D | C] -- C:\Users\Vallo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TransMac
[2013.03.18 22:58:22 | 000,000,000 | ---D | C] -- C:\Users\Vallo\AppData\Local\TransMac
[2013.03.18 22:58:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TransMac
[2013.03.15 10:27:55 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys
[2013.03.15 04:03:31 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.03.15 04:03:30 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.03.15 04:03:30 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.03.15 04:03:29 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.03.15 04:03:29 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.03.15 04:03:29 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.03.15 04:03:29 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.03.15 04:03:29 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.03.15 04:03:28 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.03.15 04:03:28 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.03.15 04:03:28 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.03.15 04:03:27 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.03.15 04:03:25 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.03.15 04:03:25 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.03.15 04:03:25 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.03.14 15:42:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC
[2013.03.14 15:42:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spirent Communications
[2013.03.14 15:42:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HTC
[2013.03.14 15:05:58 | 000,000,000 | ---D | C] -- C:\Users\Vallo\.android
[2013.03.14 15:05:22 | 000,000,000 | ---D | C] -- C:\Users\Vallo\AppData\Roaming\MyPhoneExplorer
[2013.03.14 15:05:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer
[2013.03.14 15:05:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyPhoneExplorer
[2013.03.13 19:18:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ID-kaart
[2013.03.13 19:18:11 | 000,000,000 | ---D | C] -- C:\Program Files\Estonian ID Card
[2013.03.13 16:43:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JustCloud
[2013.03.13 16:35:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
[2013.03.13 00:21:11 | 016,486,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2013.03.12 20:53:13 | 000,000,000 | ---D | C] -- C:\Guzzini
[2012.12.22 09:13:42 | 002,174,976 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Program Files (x86)\Common Files\atimpenc.dll
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2013.04.08 09:38:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Vallo\Desktop\OTL.exe
[2013.04.08 09:33:01 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3563282532-2694745272-1366953449-1000UA.job
[2013.04.08 09:21:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.08 09:12:00 | 000,000,266 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2013.04.08 08:48:00 | 000,000,946 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.04.08 03:33:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3563282532-2694745272-1366953449-1000Core.job
[2013.04.08 01:55:02 | 000,000,942 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.04.07 23:25:01 | 621,283,886 | ---- | M] () -- C:\Users\Vallo\Desktop\Hirens.BootCD.15.2.zip
[2013.04.07 16:37:51 | 000,028,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.07 16:37:51 | 000,028,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.05 12:56:53 | 000,000,066 | ---- | M] () -- C:\Windows\rlxApi_x64.INI
[2013.04.05 09:38:39 | 000,176,356 | ---- | M] () -- C:\Users\Vallo\Desktop\Umbsaare-A.pdf
[2013.04.04 19:27:22 | 000,780,436 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.04.04 19:27:22 | 000,653,200 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.04.04 19:27:22 | 000,121,602 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.04.04 14:08:13 | 000,040,600 | ---- | M] () -- C:\Users\Vallo\Desktop\Ballast.PNG
[2013.04.04 13:45:03 | 000,001,268 | ---- | M] () -- C:\Users\Vallo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2013.04.03 16:31:21 | 000,002,116 | ---- | M] () -- C:\Users\Vallo\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2013.04.03 16:23:02 | 000,000,000 | -H-- | M] () -- C:\ProgramData\cm-lock
[2013.04.03 16:21:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.03 16:20:29 | 4241,784,830 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.03 16:18:30 | 4181,106,688 | -H-- | M] () -- C:\SsRd0001.cif
[2013.03.26 14:21:27 | 000,001,054 | ---- | M] () -- C:\Users\Vallo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.03.25 18:46:15 | 000,006,201 | ---- | M] () -- C:\WirelessDiagLog.csv
[2013.03.13 00:21:39 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.03.13 00:21:39 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.03.13 00:21:11 | 016,486,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2013.03.12 21:08:19 | 000,000,236 | ---- | M] () -- C:\Windows\ODBC.INI
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2013.04.07 23:18:14 | 621,283,886 | ---- | C] () -- C:\Users\Vallo\Desktop\Hirens.BootCD.15.2.zip
[2013.04.05 09:38:22 | 000,176,356 | ---- | C] () -- C:\Users\Vallo\Desktop\Umbsaare-A.pdf
[2013.04.04 14:08:13 | 000,040,600 | ---- | C] () -- C:\Users\Vallo\Desktop\Ballast.PNG
[2013.04.03 16:23:02 | 000,000,000 | -H-- | C] () -- C:\ProgramData\cm-lock
[2013.03.26 22:33:02 | 003,074,240 | ---- | C] () -- C:\Windows\SysNative\pwNative.exe
[2013.03.26 22:33:02 | 000,019,032 | ---- | C] () -- C:\Windows\SysNative\pwdrvio.sys
[2013.03.26 22:33:02 | 000,009,584 | ---- | C] () -- C:\Windows\SysNative\pwdspio.sys
[2013.03.25 18:45:46 | 000,006,201 | ---- | C] () -- C:\WirelessDiagLog.csv
[2013.03.12 21:02:09 | 000,000,236 | ---- | C] () -- C:\Windows\ODBC.INI
[2013.02.07 18:43:39 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2013.02.07 18:43:39 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2013.02.04 01:09:22 | 001,598,976 | ---- | C] () -- C:\Windows\SysWow64\opensc-pkcs11.dll
[2013.02.04 01:09:22 | 001,598,976 | ---- | C] () -- C:\Windows\SysWow64\onepin-opensc-pkcs11.dll
[2013.02.04 01:09:22 | 001,598,976 | ---- | C] () -- C:\Windows\SysWow64\esteid-pkcs11.dll
[2013.02.04 01:09:22 | 001,488,896 | ---- | C] () -- C:\Windows\SysWow64\opensc.dll
[2013.02.03 05:02:46 | 000,349,968 | ---- | C] () -- C:\Windows\SysWow64\esteidcm.dll
[2012.12.07 15:39:47 | 000,000,000 | ---- | C] () -- C:\Users\Vallo\mm_backup.cfg
[2012.12.04 19:28:32 | 000,000,066 | ---- | C] () -- C:\Windows\rlxApi_x64.INI
[2012.11.22 14:00:51 | 000,000,102 | ---- | C] () -- C:\Windows\Dialux.ini
[2012.11.20 23:58:12 | 000,000,153 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2012.11.20 23:28:27 | 000,764,746 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
 
[color=#E56717]========== ZeroAccess Check ==========[/color]
 
[2009.07.14 07:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 08:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 07:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 04:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 06:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 04:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

Extras.Txt

 

OTL Extras logfile created on: 8.04.2013 9:39:19 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Vallo\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000425 | Country: Eesti | Language: ETI | Date Format: d.MM.yyyy
 
15,93 Gb Total Physical Memory | 7,30 Gb Available Physical Memory | 45,83% Memory free
21,27 Gb Paging File | 12,44 Gb Available in Paging File | 58,50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451,07 Gb Total Space | 14,11 Gb Free Space | 3,13% Space Free | Partition Type: NTFS
Drive D: | 141,05 Gb Total Space | 1,00 Gb Free Space | 0,71% Space Free | Partition Type: NTFS
Drive F: | 14,65 Gb Total Space | 7,79 Gb Free Space | 53,19% Space Free | Partition Type: NTFS
Drive R: | 4,00 Gb Total Space | 1,24 Gb Free Space | 31,10% Space Free | Partition Type: NTFS
 
Computer Name: VALLO-XPS | User Name: Vallo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-3563282532-2694745272-1366953449-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [mplayerc.enqueue] -- "C:\Program Files (x86)\Combined Community Codec Pack\MPC\mpc-hc.exe" /add "%1" (MPC-HC Team)
Directory [mplayerc.play] -- "C:\Program Files (x86)\Combined Community Codec Pack\MPC\mpc-hc.exe" "%1" (MPC-HC Team)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [mplayerc.enqueue] -- "C:\Program Files (x86)\Combined Community Codec Pack\MPC\mpc-hc.exe" /add "%1" (MPC-HC Team)
Directory [mplayerc.play] -- "C:\Program Files (x86)\Combined Community Codec Pack\MPC\mpc-hc.exe" "%1" (MPC-HC Team)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
[color=#E56717]========== Firewall Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe" = C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe:*:Enabled:CodeMeter Runtime Server -- (WIBU-SYSTEMS AG)
"C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe" = C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe:*:Enabled:CodeMeter Runtime Server -- (WIBU-SYSTEMS AG)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe" = C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe:*:Enabled:CodeMeter Runtime Server -- (WIBU-SYSTEMS AG)
"C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe" = C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe:*:Enabled:CodeMeter Runtime Server -- (WIBU-SYSTEMS AG)
 
 
[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0422CB52-AB12-4376-9727-C20B088EDAA9}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{0C7678AE-A820-4C40-B210-1942C3CA85AB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{113BD36F-850B-4464-BDD1-D590607003DC}" = lport=139 | protocol=6 | dir=in | app=system | 
"{16BDD6FA-73DC-4084-87C5-B9DCCA922116}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{1EE837C6-08CE-4533-8E37-4A4E3CFB8D26}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{274F023F-C524-4721-8FE4-1C7F4DE7F172}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{3A284298-4CF8-4536-A5BA-4B67514AA7DC}" = lport=3702 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft visual studio 11.0\common7\ide\wdexpress.exe | 
"{43EBF703-5A50-448C-9D07-163C1B5A272B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{51A7051A-4C8C-4953-9D42-36E9435F9634}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5ED2AD13-ED35-4044-9448-7D239C6088E0}" = lport=137 | protocol=17 | dir=in | app=system | 
"{68FD37C9-8E8D-43F0-B892-61A9546D958B}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{70DE3D07-11F4-4AD9-854E-E07670707076}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{754D8F19-6838-464C-A6EC-993C8D2AECF4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7EF75041-8EF1-47BB-96D9-04D97AC41A6A}" = lport=21423 | protocol=17 | dir=in | name=bitcomet 21423 udp | 
"{9A4DAF7A-7C74-480E-A45D-C747D3C74234}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{9F0BC466-F7A9-4C8A-91F5-7F9CA845440B}" = rport=137 | protocol=17 | dir=out | app=system | 
"{A224A8AF-41DC-4E3A-9A05-A71E4CAB058D}" = lport=138 | protocol=17 | dir=in | app=system | 
"{A288BA84-7765-4496-A988-CEFA8D7F0748}" = lport=21423 | protocol=6 | dir=in | name=bitcomet 21423 tcp | 
"{B30A16CA-072A-481C-82AB-1BDA8394C41F}" = rport=138 | protocol=17 | dir=out | app=system | 
"{B52542ED-D079-490E-BE3A-6922E022F260}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{B87A8C33-2EF2-413D-9371-AE07DF8F4B9B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{BDE4F50C-804B-4320-AFCD-88B2170D84B4}" = rport=139 | protocol=6 | dir=out | app=system | 
"{C75A3D29-0674-4A59-8AB7-2A32EEC7C12F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{CCCB63A2-A3C5-4740-99E8-77F507D6EB3E}" = rport=445 | protocol=6 | dir=out | app=system | 
"{D1AB764D-A3D6-45A4-A9AE-C98DE92D649A}" = lport=445 | protocol=6 | dir=in | app=system | 
"{DB0BDC6D-4656-48DE-B7A3-6B216FAF2A3E}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | 
"{ECCE5E67-F8BF-4CE7-8714-A8B69C67FA7C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
[color=#E56717]========== Vista Active Application Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01852DEA-3F96-495A-B93C-AA5F554D9D5E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{0CEE7AAE-DB66-497F-B797-3E6BA29B93AC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{14F25E0F-FF86-4BF4-841D-1DFC4AC7EDB6}" = dir=in | app=c:\users\vallo\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"{25309055-CA7C-4310-9628-C5957F635773}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{294C9C4B-21F5-404C-B038-61B7384CC086}" = protocol=17 | dir=in | app=c:\program files (x86)\codemeter\runtime\bin\codemeter.exe | 
"{33134C0E-10C9-4E0F-A140-8AB3711D254F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{3453D221-34E2-42D9-A12D-AE313AA9C545}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{35E999E4-3203-4C33-930E-045D4DC67C62}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{3C9E8A0F-A90A-49EB-8A21-C479D274E2FC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4542F7A7-2EAE-42C1-BE93-CDBA5506FE80}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{499A634C-BFE1-48E2-BAD5-3431F89BE429}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{4C19F68E-DA24-43BC-A47B-95A3B5E8CBB2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{50B7F420-AB4A-4FFF-B91D-CA5E948A07A5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{567CE60B-87C0-416F-A86E-65C44D9A9093}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{57316171-A3CD-4752-90F2-01DD9C1B4C1B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{5AF7764A-8F28-409E-BFC6-ADE75A779DEF}" = protocol=6 | dir=in | app=c:\users\vallo\appdata\roaming\dropbox\bin\dropbox.exe | 
"{5D389844-8DB9-4A6A-9E7E-64904429C58F}" = protocol=58 | dir=in | app=system | 
"{5F8F82E8-645F-408C-B660-DCC4EEE3CC3B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{6EFE4574-6A3B-49B7-AC9B-98F69673AEC1}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
"{6F530E29-A686-47A2-AF34-2FDD0AD6A9FB}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | 
"{6FD94111-7354-4CFE-A40A-E820C888BFDB}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | 
"{72699E3F-7552-41B9-A91A-92D315F64B16}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{746CB437-4B6F-4598-B696-4D11B46F4554}" = protocol=17 | dir=in | app=c:\program files (x86)\codemeter\runtime\bin\codemeter.exe | 
"{838C16BA-1571-4A60-B973-5279E8ACA995}" = protocol=6 | dir=in | app=c:\program files (x86)\codemeter\runtime\bin\codemeter.exe | 
"{842042C0-BC3F-4B8B-AB1A-48A1FAD52C7A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{84C8302B-7C58-48B7-BEB2-2D7EC9F224FB}" = protocol=6 | dir=in | app=c:\program files (x86)\codemeter\runtime\bin\codemeter.exe | 
"{91E5B398-98B4-45EC-B3B2-9A83E671C9A5}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | 
"{9BD309DA-DC74-40A2-BB39-4A729D855327}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{A0241003-368A-4ED1-A2D2-B7E141515E4C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A56910CE-9915-45C7-8B64-7AE78F81DC84}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
"{A8060BDB-6124-49ED-A8F9-8D321B3455A8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B25C7055-1154-4954-8594-583646017A6D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{B33115D4-61F7-42D6-9908-9BC87266C167}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{B74F3A39-AF1D-4B31-B331-55DEC5C87DE9}" = protocol=6 | dir=out | app=system | 
"{B965AC7E-43EC-4CF0-AEDF-3AE8F78F5C29}" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe | 
"{BFFBC79B-DFD8-491C-AA9D-E421ACBBFE01}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | 
"{C00D094F-4054-4111-B161-9D3782DD6008}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | 
"{C158C12C-4652-4D65-ADC6-EAFBDF87D7CC}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | 
"{C9F70801-3CAC-4527-834E-8C2DA962FE82}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{CE7F4513-C8B4-4BB8-9B84-DA5838550C85}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | 
"{DAEF2D1D-9DBF-4D90-B63B-EF87C76FA13A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E52C375B-D9DE-404D-9148-0D140772477D}" = protocol=17 | dir=in | app=c:\users\vallo\appdata\roaming\dropbox\bin\dropbox.exe | 
"{E8785774-CA3C-4710-89B3-EF3EF93EA13C}" = dir=in | app=c:\users\vallo\appdata\local\microsoft\skydrive\skydrive.exe | 
"{EFCADB36-9890-461D-8CB3-3F5B7D727DDD}" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe | 
"{F6A92C3D-B100-4F38-A10C-862E6D6B97ED}" = dir=in | app=c:\program files (x86)\codemeter\runtime\bin\codemeter.exe | 
"{FA05C74C-8616-4AB4-9B93-A5C5A468CDF2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{FD1D77F8-F4BA-46C1-9898-1A449CA03482}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | 
"TCP Query User{1EC98CE2-7586-48F7-BA60-C2AAC3A8B3A4}C:\program files (x86)\google\google sketchup 8\sketchup.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google sketchup 8\sketchup.exe | 
"TCP Query User{39A9F1EA-FA63-4FB1-89E5-DC89F11451CE}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"TCP Query User{A43758DA-81CC-471F-8B5B-03194F8FE3A0}C:\users\vallo\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\vallo\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{A927A1F3-28E3-41F9-98CC-2CB047460E90}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=6 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe | 
"TCP Query User{C0EA8FE4-34AD-4F2F-8E75-63B0C674311D}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\myphoneexplorer\myphoneexplorer.exe | 
"TCP Query User{C9759515-EB01-48E4-8113-0B109366D8EB}C:\users\vallo\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\vallo\appdata\local\akamai\netsession_win.exe | 
"TCP Query User{CF588C5F-C394-4D9A-9D11-1052F1D786CC}C:\program files (x86)\cooper controls\icansoft\icanlink.exe" = protocol=6 | dir=in | app=c:\program files (x86)\cooper controls\icansoft\icanlink.exe | 
"TCP Query User{F2B91743-CDD5-49A2-990F-B3A362AC0056}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{F2EA9FF0-3F86-43F1-963D-AD2E9F1BADE8}C:\program files (x86)\foxit software\pdf editor\pdfedit.exe" = protocol=6 | dir=in | app=c:\program files (x86)\foxit software\pdf editor\pdfedit.exe | 
"UDP Query User{027D97BA-0A53-4581-8D0D-3D5963BBB4A5}C:\program files (x86)\cooper controls\icansoft\icanlink.exe" = protocol=17 | dir=in | app=c:\program files (x86)\cooper controls\icansoft\icanlink.exe | 
"UDP Query User{3A6D7C4F-65AD-4B93-8679-A8A446FFCDC6}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=17 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe | 
"UDP Query User{4F3104E2-787F-4086-AE14-4B49618A27A6}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\myphoneexplorer\myphoneexplorer.exe | 
"UDP Query User{542D5567-388E-4540-8689-3C3B7456B640}C:\users\vallo\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\vallo\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{5F1136CA-143F-42D3-9D47-E4F5F0B90DCD}C:\users\vallo\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\vallo\appdata\local\akamai\netsession_win.exe | 
"UDP Query User{5F36AD9B-D2C4-45C4-852E-3C7C5D334D84}C:\program files (x86)\google\google sketchup 8\sketchup.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google sketchup 8\sketchup.exe | 
"UDP Query User{6CCC3694-F09B-4276-9411-381BDECB4ED5}C:\program files (x86)\foxit software\pdf editor\pdfedit.exe" = protocol=17 | dir=in | app=c:\program files (x86)\foxit software\pdf editor\pdfedit.exe | 
"UDP Query User{9E3C12A4-715E-421D-AFDF-3FC0D3DE73A7}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{F7BEDA51-E671-4170-B8A7-3E3845BE103B}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E8670B8-3965-4930-ADA6-570348B67153}" = Microsoft SQL Server 2012 Transact-SQL ScriptDom 
"{13D558FE-A863-402C-B115-160007277033}" = Microsoft SQL Server 2012 Express LocalDB 
"{1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1}" = Microsoft .NET Framework 4.5
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417015FF}" = Java 7 Update 15 (64-bit)
"{27EF252D-800C-ED42-9904-459FE0046225}" = Windows Software Development Kit for Windows Store Apps DirectX x64 Remote
"{289AA3E1-3650-47D4-A42E-50A73111D8D7}" = Eesti ID-kaardi tarkvara 3.7.0.1124 (64 bit)
"{2B997E80-3BEC-3222-9114-98DBE1182B2E}" = Microsoft Visual C++ 2012 x64 Debug Runtime - 11.0.50727
"{30B7A7A6-D519-3332-BEB3-D105EFC7389A}" = Microsoft Visual Studio 2012 Express Prerequisites x64 - ENU
"{36E619BC-A234-4EC3-849B-779A7C865A45}" = Microsoft SQL Server 2012 Data-Tier App Framework 
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel(R) Turbo Boost Technology Monitor
"{49D665A2-4C2A-476E-9AB8-FCC425F526FC}" = Microsoft SQL Server 2012 Native Client 
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5783F2D7-A001-0409-0102-0060B0CE6BBA}" = AutoCAD 2012 - English
"{5783F2D7-A001-0409-1102-0060B0CE6BBA}" = AutoCAD 2012 Language Pack - English
"{5FB4C443-6BD6-1514-2717-3827D65AE6FB}" = Windows Software Development Kit DirectX x64 Remote
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{68A48EF1-DF03-394F-AF40-1E4FE42BB8DD}" = Microsoft Visual Studio Team Foundation Server 2012 Object Model Language Pack - ENU
"{6F07A6C2-9068-3673-A120-DC10012468C6}" = Microsoft Visual Studio Team Foundation Server 2012 Object Model
"{78909610-D229-459C-A936-25D92283D3FD}" = Microsoft SQL Server Compact 4.0 SP1 x64 ENU
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.PRJPRO_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.PRJPRO_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUS_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.PRJPRO_{1779650B-2E44-4A19-8DF6-3866D645764A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.PROPLUS_{1779650B-2E44-4A19-8DF6-3866D645764A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-1000-0000000FF1CE}_Office14.PROPLUS_{270CA0B9-9881-44DB-BC3B-37C7E66A044A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003B-0000-1000-0000000FF1CE}" = Microsoft Office Project Professional 2010
"{90140000-003B-0000-1000-0000000FF1CE}_Office14.PRJPRO_{E6F88893-86F0-4CFB-B7E0-733575D1DEB4}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.PRJPRO_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
"{90140000-0043-0409-1000-0000000FF1CE}_Office14.PROPLUS_{FCD1C311-8B02-4DBD-BA46-1079C629577E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-1000-0000000FF1CE}_Office14.PRJPRO_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-1000-0000000FF1CE}_Office14.PROPLUS_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00B4-0409-1000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2010
"{90140000-00B4-0409-1000-0000000FF1CE}_Office14.PRJPRO_{316A864B-0547-40CE-B136-B02B4D18BF09}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-1000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-1000-0000000FF1CE}_Office14.PROPLUS_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90F00673-A276-4A58-B675-B426D39D1E09}" = Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}" = Microsoft SQL Server 2012 Command Line Utilities 
"{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
"{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0604
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{BEB0F91E-F2EA-48A1-B938-7857ABF2A93D}" = Microsoft SQL Server 2012 Transact-SQL Compiler Service 
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{D2ABD3EE-94BD-48BB-A6C6-E4FFDA64001E}" = CodeMeter Runtime Kit v4.50c
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{D96E4F13-2635-4CBD-9308-F99228929C41}" = RamDisk Plus 10.0
"{E552C39C-C70E-464F-9733-8311331BDD90}" = Autodesk Inventor Fusion plug-in language pack for AutoCAD 2012
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{EAB3AC1A-68FF-486B-9C6B-E48EBB4B05CC}" = Autodesk Inventor Fusion plug-in for AutoCAD 2012
"{ECE5B218-A086-4E18-A362-D11181681457}" = Intel® PROSet/Wireless WiFi Software
"{F1949145-EB64-4DE7-9D81-E6D27937146C}" = Microsoft System CLR Types for SQL Server 2012 (x64)
"{FA0A244E-F3C2-4589-B42A-3D522DE79A42}" = Microsoft SQL Server 2012 Management Objects  (x64)
"{FFF5619F-6669-4EC5-A85E-9994F70A9E5D}" = Autodesk Inventor Fusion 2012
"{FFF7F80F-929E-497F-A112-B070DE816128}" = Autodesk Inventor Fusion 2012 Language Pack
"AutoCAD 2012 - English" = AutoCAD 2012 - English
"Autodesk Inventor Fusion 2012" = Autodesk Inventor Fusion 2012
"Autodesk Inventor Fusion plug-in for AutoCAD 2012" = Autodesk Inventor Fusion plug-in for AutoCAD 2012
"CCleaner" = CCleaner
"CutePDF Writer Installation" = CutePDF Writer 3.0
"Defraggler" = Defraggler
"Microsoft Security Client" = Microsoft Security Essentials
"Office14.PRJPRO" = Microsoft Project Professional 2010
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"PDF-XChange 3_is1" = PDF-XChange 3
"ProInst" = Intel PROSet Wireless
"Recuva" = Recuva
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{034BEE25-A986-455F-BA79-48CF3A47B221}" = Windows Live UX Platform Language Pack
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1" = MiniTool Partition Wizard Home Edition 7.8
"{086F9A69-CD39-4893-A9FB-D3A0634CE3F7}" = Autodesk Content Service
"{09412B73-6159-40D6-B0B9-C11B30A7531E}" = Microsoft Visual Studio 2012 Preparation
"{0ABBF310-94E4-4AE8-A6BD-10345A3F6439}" = Google Drive
"{0ABCA8CB-3931-4119-99C1-D98FF2964488}" = IntraConstructorsPro
"{0E7F6041-B122-48FC-B0F6-412BA7488D40}" = LEDS-C4 catalogue 04 / 2012
"{0F3C9093-6C13-484D-8385-93AA21BEC025}" = Microsoft Visual C++ 2012 32bit Compilers - ENU Resources
"{106B4413-ACBB-4CDE-8707-587DB9BD77EC}" = LogMeIn Hamachi
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{18272881-CFC0-434D-A975-E5BE44206AA0}" = Windows Live UX Platform Language Pack
"{1948E039-EC79-4591-951D-9867A8C14C90}" = Microsoft .NET Framework 4.5 SDK
"{1B9BBB23-65CB-3AEE-BFC6-633E7CA299FD}" = Microsoft Visual Studio Team Foundation Server 2012 Team Explorer Language Pack - ENU
"{1BE2AFE6-209E-3862-AE45-DA9D3D21BD65}" = Microsoft Visual Studio Express 2012 for Windows Desktop
"{1C163D33-33B3-33EB-A617-0D4D852BE8E1}" = Microsoft Visual C++ 2012 x86 Debug Runtime - 11.0.50727
"{1EA7C505-E6DA-4B85-9432-EBD3C70D510D}" = Windows Live Messenger
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{222C5507-AC43-388F-808E-2266EC57E043}" = Microsoft Visual Studio Express 2012 for Windows Desktop - ENU
"{23176E97-26CB-C72A-19EB-BFB21AC1D15A}" = Windows Software Development Kit DirectX x86 Remote
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83217015FF}" = Java 7 Update 15
"{2C0CC01A-DDBC-3AED-AF18-E741242FD727}" = Microsoft Visual Studio Ultimate 2012 XAML UI Designer enu Resources
"{2F73A7B2-E50E-39A6-9ABC-EF89E4C62E36}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
"{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{32136776-FE3F-453D-80DA-CDD993BDB2A3}" = Entity Framework Designer for Visual Studio 2012 - enu
"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
"{38FC6E9A-F719-431A-A83D-4C86D5FD6555}" = Microsoft Visual Studio 2012 Shell (Minimum) Resources
"{3D6B5B20-7783-4984-948F-5EC6D94711D4}" = IESviewer 2.99n
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{42F61556-29ED-8122-F39E-6F04EA5FF279}" = Windows Software Development Kit for Windows Store Apps DirectX x86 Remote
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{49402ED1-A795-4435-A745-1B781BE621A6}" = Microsoft NuGet - Visual Studio Express 2012 for Windows Desktop
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{4F2B8233-35EE-4197-8C3B-EACCBF712029}" = Microsoft SQL Server Data Tools - enu (11.1.20828.01)
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{562D0D31-FBAF-4505-8B27-4EC92EEA91D6}" = DIAL Communication Framework
"{5BABDA39-61CF-41EE-992D-4054B6649A9B}" = Movie Maker
"{5CBFF3F3-2D40-34EE-BCA5-A95BC19E400D}" = Microsoft .NET Framework 4.5 Multi-Targeting Pack
"{60D5EF2A-4E0C-2C30-38F6-59C26E134F4A}" = Windows Software Development Kit
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{62FF5AAC-013B-42EB-9A06-81914AB132D5}" = Photo Common
"{63B1E33F-F243-4656-A600-125D6963B43A}" = Movie Maker
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65420DC9-306E-4371-905F-F4DC3B418E52}" = Autodesk Material Library Base Resolution Image Library 2012
"{68F2F9E5-1F0F-4DE6-9AED-638B741952E3}" = iCANsoft
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{6D6D43E5-218C-4B05-92D3-2240810F4760}" = Microsoft SQL Server 2012 T-SQL Language Service 
"{6DAB46E3-D017-3E2B-85D8-F57A230384C0}" = Microsoft Visual Studio Team Foundation Server 2012 Team Explorer
"{6DB745FD-8416-441E-9A26-3ACDD54E1CF4}" = ES-System catalogue 04 / 2010
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{800F484E-9D69-492D-B656-7BAA32586142}" = Microsoft Visual Studio 2012 Shell (Minimum)
"{81AD9228-21AC-4DBD-AE33-98146A88BAA8}" = Philips Product Selector 5.2.7.0
"{820C677A-41B2-48C3-8136-FEE35A052E73}" = Microsoft Visual Studio 2012 Shell (Minimum) Interop Assemblies
"{87434D51-51DB-4109-B68F-A829ECDCF380}" = AccelerometerP11
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8F0837C2-EE09-4903-88F3-1976FE7FFF4E}" = Autodesk Material Library 2012
"{9169C939-ED01-446A-BD0C-29873BAF4E48}" = Prerequisites for SSDT 
"{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}" = FARO LS 1.1.406.58
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9BEF1364-2C06-427E-BA8A-39357D5DDB45}" = Windows Live Messenger
"{A1785BD4-3486-4E7E-8074-E3FC61B8F315}" = Microsoft Visual C++ 2012 x86-x64 Compilers
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1061-7B44-A95000000001}" = Adobe Reader 9.5.4 - Estonian
"{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9
"{ACE848B7-145C-4230-9B95-BA9C98A51AA6}" = Fotogalerii
"{B362A397-B38A-3A23-A190-611F9C7EB4F9}" = Microsoft Visual C++ 2012 Core Libraries
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{BC2DE3DD-F2AC-4190-9A56-BC111C25204A}" = Measure Schmeasure
"{C034A6F9-6569-491B-B3BF-F5D15221A708}" = Windows Live Essentials
"{C1BE4600-7D15-3D1E-8AA2-B3241DB1D063}" = Microsoft Visual Studio Ultimate 2012 XAML UI Designer Core
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D11F66FF-82B3-DDB8-1146-525370552BE1}" = Windows Software Development Kit for Windows Store Apps
"{D888F114-7537-4D48-AF03-5DA9C82D7540}" = Photo Common
"{DA1C1761-5F4F-4332-AB9D-29EDF3F8EA0A}" = Microsoft SQL Server 2012 Management Objects 
"{DCA963D4-6AA2-11E2-80AA-984BE15F174E}" = Evernote v. 4.6.2
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0A160F1-127B-43AC-AF96-EBB6319B01C7}" = Google SketchUp Pro 8
"{e0efdce9-a486-4676-8aa5-65bb08cbf34c}" = Microsoft Visual Studio Express 2012 for Windows Desktop - ENU
"{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}" = Microsoft System CLR Types for SQL Server 2012
"{E670CC9A-7CD2-4BB8-9485-6324EFAC137C}" = PhotoLux
"{E818AE7C-244B-4A50-9C86-C0E4A8B69159}" = Microsoft Visual Studio 2012 Tools for SQL Server Compact 4.0 SP1 ENU
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F1000000-0001-0000-0000-074957833700}" = ABBYY FineReader 10 Professional Edition
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2235E5E-7881-4293-9B6F-04B2609FBFF0}" = Windows Live Messenger
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FAE0523E-08A4-4717-8E8E-6EC6F32CBE88}" = Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20828.01)
"{FBA6F90E-36EC-4FC9-9B25-3834E3BD46A8}" = Microsoft SQL Server 2012 Data-Tier App Framework 
"{FC6C7107-7D72-41A1-A031-3CE751159BAB}" = Photo Gallery
"{FC78A8EE-2C7F-44A7-A2D8-9676577F9CE2}" = Windows Live Essentials
"{FDB30193-FDA0-3DAA-ACCA-A75EEFE53607}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"{FEB375AB-6EEC-3929-8FAF-188ED81DD8B5}" = Microsoft Help Viewer 2.0
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"5513-1208-7298-9440" = JDownloader 0.9
"ACC Color Map CD" = ACC Color Map CD 1.0
"Acoustica CD/DVD Label Maker" = Acoustica CD/DVD Label Maker
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Aide PDF to DXF Converter_is1" = Aide PDF to DXF Converter 6.5
"AutoHotkey" = AutoHotkey 1.1.09.02
"BitComet_x64" = BitComet 1.34 64-bit
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2011-11-11
"DIALux" = DIALux 4.10
"ESET Online Scanner" = ESET Online Scanner v3
"EZBack-it-up_is1" = EZBack-it-up 2.0.1
"FileZilla Client" = FileZilla Client 3.6.0.2
"Google Chrome" = Google Chrome
"HandBrake" = HandBrake 0.9.8
"IcoFX 2_is1" = IcoFX 2.2.1
"ImgBurn" = ImgBurn
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{81AD9228-21AC-4DBD-AE33-98146A88BAA8}" = Philips Product Selector 5.2.7.0
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versioon 1.70.0.1100.
"Microsoft Help Viewer 2.0" = Microsoft Help Viewer 2.0
"Mozilla Firefox 19.0.2 (x86 et)" = Mozilla Firefox 19.0.2 (x86 et)
"Mozilla Thunderbird 17.0.5 (x86 et)" = Mozilla Thunderbird 17.0.5 (x86 et)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MPE" = MyPhoneExplorer
"Notepad++" = Notepad++
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Picasa 3" = Picasa 3
"POV-Ray for Windows v3.6" = POV-Ray for Windows v3.6.0
"PPS max plugin_is1" = PPS max plugin 1.7.0
"QLumEdit" = QLumEdit 1.0.1
"SciTE4AutoHotkey" = SciTE4AutoHotkey v3.0.01.01
"SpeedFan" = SpeedFan (remove only)
"TeamViewer 8" = TeamViewer 8
"TransMac_is1" = TransMac version 10.4
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"Xilisoft DVD Ripper Ultimate" = Xilisoft DVD Ripper Ultimate
"Xilisoft HD Video Converter" = Xilisoft HD Video Converter
"Xvid_is1" = Xvid 1.2.2 final uninstall
 
[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]
 
[HKEY_USERS\S-1-5-21-3563282532-2694745272-1366953449-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"9204f5692a8faf3b" = Dell System Detect
"Dropbox" = Dropbox
"JDownloader Packages" = JDownloader Packages
"SkyDriveSetup.exe" = Microsoft SkyDrive
"Winamp Detect" = Winamp Detector Plug-in
 
[color=#E56717]========== Last 20 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 2.04.2013 8:48:24 | Computer Name = Vallo-XPS | Source = Application Error | ID = 1000
Description = Faulting application name: Photoshop.exe, version: 0.0.0.0, time stamp:
 0x48d3882e  Faulting module name: Photoshop.exe, version: 0.0.0.0, time stamp: 0x48d3882e
Exception
 code: 0xc0000005  Fault offset: 0x00d4e0aa  Faulting process id: 0x3394  Faulting application
 start time: 0x01ce2fa05d32d573  Faulting application path: V:\PortableApps\Photoshop
 CS4\App\Photoshop\Photoshop.exe  Faulting module path: V:\PortableApps\Photoshop 
CS4\App\Photoshop\Photoshop.exe  Report Id: 9ae7fb9c-9b93-11e2-a6e2-f04da2633f59
 
Error - 2.04.2013 8:48:38 | Computer Name = Vallo-XPS | Source = Application Error | ID = 1000
Description = Faulting application name: Photoshop.exe, version: 0.0.0.0, time stamp:
 0x48d3882e  Faulting module name: Photoshop.exe, version: 0.0.0.0, time stamp: 0x48d3882e
Exception
 code: 0xc0000005  Fault offset: 0x00d4e0aa  Faulting process id: 0x2a3c  Faulting application
 start time: 0x01ce2fa06564bb6a  Faulting application path: V:\PortableApps\Photoshop
 CS4\App\Photoshop\Photoshop.exe  Faulting module path: V:\PortableApps\Photoshop 
CS4\App\Photoshop\Photoshop.exe  Report Id: a31ca0be-9b93-11e2-a6e2-f04da2633f59
 
Error - 2.04.2013 8:51:13 | Computer Name = Vallo-XPS | Source = Application Error | ID = 1000
Description = Faulting application name: Photoshop.exe, version: 0.0.0.0, time stamp:
 0x48d3882e  Faulting module name: Photoshop.exe, version: 0.0.0.0, time stamp: 0x48d3882e
Exception
 code: 0xc0000005  Fault offset: 0x00d4e0aa  Faulting process id: 0x26fc  Faulting application
 start time: 0x01ce2fa0c0eed79c  Faulting application path: V:\PortableApps\Photoshop
 CS4\App\Photoshop\Photoshop.exe  Faulting module path: V:\PortableApps\Photoshop 
CS4\App\Photoshop\Photoshop.exe  Report Id: ff4cc35e-9b93-11e2-a6e2-f04da2633f59
 
Error - 2.04.2013 9:28:30 | Computer Name = Vallo-XPS | Source = Application Error | ID = 1000
Description = Faulting application name: mspaint.exe, version: 6.1.7600.16385, time
 stamp: 0x4a5bca29  Faulting module name: mspaint.exe, version: 6.1.7600.16385, time
 stamp: 0x4a5bca29  Exception code: 0xc0000005  Fault offset: 0x000000000003d792  Faulting
 process id: 0x2db0  Faulting application start time: 0x01ce2fa5c9fef2e7  Faulting application
 path: C:\Windows\system32\mspaint.exe  Faulting module path: C:\Windows\system32\mspaint.exe
Report
 Id: 34ad3525-9b99-11e2-a6e2-f04da2633f59
 
Error - 2.04.2013 10:55:10 | Computer Name = Vallo-XPS | Source = Application Error | ID = 1000
Description = Faulting application name: aswMBR.exe, version: 0.9.9.1771, time stamp:
 0x5147644e  Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp:
 0x4ec49b8f  Exception code: 0xc0000005  Fault offset: 0x0002e41b  Faulting process id:
 0x293c  Faulting application start time: 0x01ce2f94a08abc99  Faulting application path:
 C:\Users\Vallo\Desktop\aswMBR.exe  Faulting module path: C:\Windows\SysWOW64\ntdll.dll
Report
 Id: 5033d1cb-9ba5-11e2-a6e2-f04da2633f59
 
Error - 2.04.2013 13:01:33 | Computer Name = Vallo-XPS | Source = Application Error | ID = 1000
Description = Faulting application name: gimp-2.8.exe, version: 2.8.4.0, time stamp:
 0x5112cea5  Faulting module name: libgobject-2.0-0.dll, version: 2.32.3.0, time stamp:
 0x4ff5a971  Exception code: 0xc0000005  Fault offset: 0x00026ced  Faulting process id:
 0x14e0  Faulting application start time: 0x01ce2fb0ae732f25  Faulting application path:
 V:\PortableApps\GIMPPortable\App\gimp\bin\gimp-2.8.exe  Faulting module path: V:\PortableApps\GIMPPortable\App\gimp\bin\libgobject-2.0-0.dll
Report
 Id: f7ed2f0b-9bb6-11e2-a6e2-f04da2633f59
 
Error - 2.04.2013 18:10:20 | Computer Name = Vallo-XPS | Source = Application Error | ID = 1000
Description = Faulting application name: rundll32.exe_aepdu.dll, version: 6.1.7600.16385,
 time stamp: 0x4a5bc9e0  Faulting module name: aeinv.dll, version: 6.1.7601.17514,
 time stamp: 0x4ce7c45b  Exception code: 0xc0000006  Fault offset: 0x0000000000051811
Faulting
 process id: 0x1780  Faulting application start time: 0x01ce2fee461d423d  Faulting application
 path: C:\Windows\system32\rundll32.exe  Faulting module path: C:\Windows\system32\aeinv.dll
Report
 Id: 1ae4cccf-9be2-11e2-a6e2-f04da2633f59
 
Error - 2.04.2013 18:10:20 | Computer Name = Vallo-XPS | Source = Application Error | ID = 1005
Description = Windows cannot access the file V:\PortableApps\GIMPPortable\App\gimp\lib\gimp\2.0\plug-ins\align-layers.exe
 for one of the following reasons:  there is a problem with the network connection,
 the disk that the file is stored on, or the storage  drivers installed on this computer;
 or the disk is missing.  Windows closed the program Windows host process (Rundll32)
 because of this error.    Program: Windows host process (Rundll32)  File: V:\PortableApps\GIMPPortable\App\gimp\lib\gimp\2.0\plug-ins\align-layers.exe

The
 error value is listed in the Additional Data section.  User Action  1. Open the file
 again.  This situation might be a temporary problem that corrects itself when the
 program runs again.  2.  If the file still cannot be accessed and   - It is on the network,
your
 network administrator should verify that there is not a problem with the network
 and that the server can be contacted.   - It is on a removable disk, for example, 
a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3.
 Check and repair the file system by running CHKDSK. To run CHKDSK, click Start,
 click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, 
and then press ENTER.  4. If the problem persists, restore the file from a backup 
copy.  5. Determine whether other files on the same disk can be opened. If not, the
 disk might be damaged. If it is a hard disk, contact your administrator or computer
 hardware vendor for  further assistance.    Additional Data  Error value: C000026E  Disk 
type: 3
 
Error - 2.04.2013 19:12:34 | Computer Name = Vallo-XPS | Source = Microsoft-Windows-Defrag | ID = 257
Description = 
 
Error - 3.04.2013 9:23:13 | Computer Name = Vallo-XPS | Source = WinMgmt | ID = 10
Description = 
 
Error - 3.04.2013 10:22:57 | Computer Name = Vallo-XPS | Source = Application Hang | ID = 1002
Description = The program acad.exe version 24.2.51.0 stopped interacting with Windows
 and was closed. To see if more information about the problem is available, check
 the problem history in the Action Center control panel.    Process ID: 14ec    Start Time:
 01ce306fee913f73    Termination Time: 31    Application Path: R:\Program Files\Autodesk\AutoCAD
 2012 - English\acad.exe    Report Id: d95f161f-9c69-11e2-a152-f04da2633f59  
 
[ System Events ]
Error - 3.04.2013 6:37:05 | Computer Name = Vallo-XPS | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk4\DR44.
 
Error - 3.04.2013 6:37:06 | Computer Name = Vallo-XPS | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk4\DR44.
 
Error - 3.04.2013 6:37:06 | Computer Name = Vallo-XPS | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk4\DR44.
 
Error - 3.04.2013 6:37:07 | Computer Name = Vallo-XPS | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk4\DR44.
 
Error - 3.04.2013 9:17:57 | Computer Name = Vallo-XPS | Source = Ntfs | ID = 262281
Description = The default transaction resource manager on volume V: encountered 
a non-retryable error and could not start.  The data contains the error code.
 
Error - 3.04.2013 9:22:26 | Computer Name = Vallo-XPS | Source = SCardSvr | ID = 602
Description = 
 
Error - 3.04.2013 9:22:26 | Computer Name = Vallo-XPS | Source = SCardSvr | ID = 602
Description = 
 
Error - 3.04.2013 9:22:26 | Computer Name = Vallo-XPS | Source = SCardSvr | ID = 602
Description = 
 
Error - 3.04.2013 13:10:29 | Computer Name = Vallo-XPS | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
 storage could not grow due to a user imposed limit.
 
Error - 5.04.2013 12:43:07 | Computer Name = Vallo-XPS | Source = DCOM | ID = 10010
Description = 
 
 
< End of report >



#10 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:37 PM

Posted 08 April 2013 - 10:30 AM

I am sorry for not answering in a while. I got too busy working.

No problem at all.   :)
 
 
adwcleaner.jpgAdwCleaner
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#11 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:37 PM

Posted 10 April 2013 - 06:50 AM

 Still here?  


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#12 Codeplayer

Codeplayer
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tallinn, Estonia
  • Local time:12:37 AM

Posted 10 April 2013 - 07:00 AM

Yes, I am. I have been working from seven in morning till one at night lately. Today I'll have a chance to close all programs and scan. Thanks for the help :)



#13 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:37 PM

Posted 10 April 2013 - 09:12 AM

No problem.  Just wanted to check.  :)


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#14 Codeplayer

Codeplayer
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tallinn, Estonia
  • Local time:12:37 AM

Posted 11 April 2013 - 01:56 AM

Ok, now I've run the deletion and it did delete something, I didn't know that I had some Sweetim leftovers and stuff like that. I am very careful installing and also very experienced whilst removing such adware. Still somehow they appear in the deletion list. Great little app (:

 

Anywyas, here's the AdwCleaner[S1].txt file:

# AdwCleaner v2.200 - Logfile created 04/10/2013 at 17:30:27
# Updated 02/04/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Vallo - VALLO-XPS
# Boot Mode : Normal
# Running from : C:\Users\Vallo\Desktop\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16476

[OK] Registry is clean.

-\\ Mozilla Firefox v19.0.2 (et)

File : C:\Users\Vallo\AppData\Roaming\Mozilla\Firefox\Profiles\0hyhc3bi.default\prefs.js

[OK] File is clean.

File : C:\Users\Tahan netti\AppData\Roaming\Mozilla\Firefox\Profiles\36qyfo9h.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v26.0.1410.43

File : C:\Users\Vallo\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\Tahan netti\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [1754 octets] - [10/04/2013 17:30:27]

########## EOF - C:\AdwCleaner[S1].txt - [1814 octets] ##########



#15 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:37 PM

Posted 11 April 2013 - 06:52 AM

Hi,

 

Good job.  Yes AdwCleaner is a good tool for sure.  :)

 

Since it has been a few days since we were really able to work on your system, please run a fresh scan with OTL and post the log that is created.  You should only get the OTL.txt this time but that is not a problem....just post that log.  :)


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users