Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

New Request. White Screen after login win32/noonlight.b - Kriptik?


  • This topic is locked This topic is locked
22 replies to this topic

#1 TechNoHelpYes

TechNoHelpYes

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:15 AM

Posted 17 June 2014 - 01:17 AM

I get a white screen after login. I have to use ctrl+alt+del to open task and then run-explorer

 

He went to Hku something in registry to put in explorer.exe, but I still got a white screen.

 

Did online scans with eset mal/virus online scanner

Then he used my paid eset programme both in safemode and normal.

Then he used malwarebytes-antimalware

then he went to comand prompt thing on startup...

 

I had lots of infections and those got rid of it, today, I got more (24)

Win32/noonlight.b

I'm sure I have the kriptik one, not sure.

 

Still getting the white screen. sigh. Still using ctrl+alt+del to get out of white screen.

 

Op specs

OS Name Microsoft Windows 7 Home Premium
Version 6.1.7601 Service Pack 1 Build 7601
Other OS Description Not Available
OS Manufacturer Microsoft Corporation
System Name MAFI-PC
System Manufacturer HP-Pavilion
System Model VT573AA-ABG s5380a
System Type x64-based PC
Processor Intel® Core™ i3 CPU         530  @ 2.93GHz, 2933 Mhz, 2 Core(s), 4 Logical Processor(s)
BIOS Version/Date American Megatrends Inc. 5.07, 21/12/2009
SMBIOS Version 2.6
Windows Directory C:\Windows
System Directory C:\Windows\system32
Boot Device \Device\HarddiskVolume1
Locale ---------------------------------------
Hardware Abstraction Layer Version = "6.1.7601.17514"
User Name ----------------------
Time Zone ----------------------------
Installed Physical Memory (RAM) 4.00 GB
Total Physical Memory 3.87 GB
Available Physical Memory 2.21 GB
Total Virtual Memory 7.73 GB
Available Virtual Memory 5.83 GB
Page File Space 3.87 GB
Page File C:\pagefile.sys

Attached Files


Edited by TechNoHelpYes, 17 June 2014 - 01:20 AM.


BC AdBot (Login to Remove)

 


m

#2 TechNoHelpYes

TechNoHelpYes
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:15 AM

Posted 21 June 2014 - 02:04 AM

Soz, I had no reply to post over 5 days, so I tried to do a few things during the wait. I used 

 

TDSSKiller

 

ok I did all the steps here except for the last one step.

http://www.malwareexperts.com/how-to-remove-white-screen-virus/. Running eset online virus scanner now. 

Malwarebytes didnt find anything, bythe way I am in safemode.

 

Updated:-Still got white screen after login.


Edited by TechNoHelpYes, 21 June 2014 - 04:05 AM.


#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,271 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:15 PM

Posted 21 June 2014 - 06:02 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

--RogueKiller--
  • Download & SAVE to your Desktop For 32bit system or For 64bit system
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
=======

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the correct version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.

Let me know what problem persists.

#4 TechNoHelpYes

TechNoHelpYes
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:15 AM

Posted 21 June 2014 - 06:10 AM

k gonna do that now, was just running this...http://www.microsoft.com/security/scanner/en-us/default.aspx

 

 

ok I stopped that, gonna do your steps  :bananas:

 

awww I see red  :smash:

 

RogueKiller V9.0.3.0 (x64) [Jun 17 2014] by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Mafi [Admin rights]
Mode : Scan -- Date : 06/21/2014  23:19:14
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 8 ¤¤¤
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
[Hj.RegVal] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SafeBoot | AlternateShell : 884054312640l.exe  -> FOUND
[Hj.RegVal] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Control\SafeBoot | AlternateShell : 884054312640l.exe  -> FOUND
[Hj.RegVal] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Control\SafeBoot | AlternateShell : 884054312640l.exe  -> FOUND
[Hj.RegVal] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Control\SafeBoot | AlternateShell : 884054312640l.exe  -> FOUND
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ HOSTS File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Hitachi HDT721050SLA360 +++++
--- User ---
[MBR] 1d26da3989c3d7af49985348ec9c4c42
[BSP] 2552a5e72f9d5798f4d5efc56a0f9f9c : Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 465588 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 953731072 | Size: 11250 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: Multi Flash Reader USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
 
 
-------------------------------------------------------------------------------------------------------------------------------
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-06-2014 01
Ran by Mafi (administrator) on MAFI-PC on 21-06-2014 23:28:22
Running from C:\Users\Mafi\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
() C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Opera Software) C:\Program Files (x86)\Opera\22.0.1471.70\opera.exe
() C:\Program Files (x86)\Opera\22.0.1471.70\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\22.0.1471.70\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\22.0.1471.70\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\22.0.1471.70\opera.exe
(Farbar) C:\Users\Mafi\Downloads\FRST64 (1).exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5581888 2014-02-24] (ESET)
HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [610360 2009-09-14] ()
HKLM\...\Run: [PC-Doctor for Windows localizer] => C:\Program Files\PC-Doctor for Windows\localizer.exe [95728 2009-09-17] (PC-Doctor, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-03-10] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SSDMonitor] => C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe [104408 2010-08-05] (PC Tools)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [724576 2012-07-27] (Sony Corporation)
HKLM-x32\...\Run: [Monitor] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [298376 2012-09-28] (LeapFrog Enterprises, Inc.)
HKLM-x32\...\Run: [LaunchHPOSIAPP] => C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe [385024 2009-04-03] (Hewlett-Packard)
HKLM-x32\...\Run: [iTunesHelper] => "G:\iTunes\iTunesHelper.exe"
HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Remote Solution] => C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe [656896 2009-08-25] (Hewlett-Packard)
HKLM-x32\...\Run: [BATINDICATOR] => C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe [2068992 2009-05-08] (Hewlett-Packard)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-04-23] (Apple Inc.)
HKLM-x32\...\Run: [AppleSyncNotifier] => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [47904 2010-09-21] (Apple Inc.)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [402432 2010-07-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-22] (Adobe Systems Incorporated)
HKLM\...\RunOnce: [NCPluginUpdater] - "c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\NCPluginUpdater.exe" Update [21720 2014-06-10] (Hewlett-Packard)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] - "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe" "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware" [54072 2014-05-12] (Malwarebytes Corporation)
HKU\.DEFAULT\...\RunOnce: [] - [X]
HKU\S-1-5-19\...\RunOnce: [] - [X]
HKU\S-1-5-20\...\RunOnce: [] - [X]
HKU\S-1-5-21-2661574004-630529994-1827076542-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2661574004-630529994-1827076542-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-08-12] (Google Inc.)
HKU\S-1-5-21-2661574004-630529994-1827076542-1000\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [466144 2014-04-01] (Sony)
HKU\S-1-5-21-2661574004-630529994-1827076542-1000\...\Run: [RegistryBooster] => "C:\Program Files (x86)\Uniblue\RegistryBooster\launcher.exe" delay 20000 
HKU\S-1-5-21-2661574004-630529994-1827076542-1000\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4280184 2012-03-08] (Microsoft Corporation)
HKU\S-1-5-21-2661574004-630529994-1827076542-1000\...\Run: [HPADVISOR] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1685048 2009-09-29] (Hewlett-Packard)
HKU\S-1-5-21-2661574004-630529994-1827076542-1000\...\Run: [Facebook Update] => C:\Users\Mafi\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-12] (Facebook Inc.)
HKU\S-1-5-21-2661574004-630529994-1827076542-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Mafi\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2661574004-630529994-1827076542-1000\...\MountPoints2: {0dacaee0-f119-11e0-ba5f-406186974ee3} - F:\unlock.exe autoplay=true
HKU\S-1-5-21-2661574004-630529994-1827076542-1000\...\MountPoints2: {0dacaf2e-f119-11e0-ba5f-406186974ee3} - F:\iStudio.exe
HKU\S-1-5-21-2661574004-630529994-1827076542-1000\...\MountPoints2: {1b29fd9f-144e-11e0-85d6-406186974ee3} - F:\PcOptions.exe
HKU\S-1-5-21-2661574004-630529994-1827076542-1000\...\MountPoints2: {1b29fdb1-144e-11e0-85d6-406186974ee3} - F:\PcOptions.exe
HKU\S-1-5-21-2661574004-630529994-1827076542-1000\...\MountPoints2: {4f0b5da1-7287-11df-909c-406186974ee3} - "G:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-2661574004-630529994-1827076542-1000\...\MountPoints2: {6b44668b-cb80-11e0-b666-406186974ee3} - F:\Startme.exe
HKU\S-1-5-21-2661574004-630529994-1827076542-1000\...\MountPoints2: {9d538edf-f612-11e1-b205-406186974ee3} - F:\Startme.exe
HKU\S-1-5-21-2661574004-630529994-1827076542-1000\...\MountPoints2: {a8e99795-a9f7-11e0-bcd7-406186974ee3} - F:\PcOptions.exe
AppInit_DLLs: C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\IEBHO.dll => C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\IEBHO.dll File Not Found
AppInit_DLLs-x32: C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\datamngr.dll => "C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\datamngr.dll" File Not Found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk
ShortcutTarget: WDDMStatus.lnk -> C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (Western Digital Technologies, Inc.)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/HPALL/15
URLSearchHook: HKLM-x32 - (No Name) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No File
URLSearchHook: HKCU - (No Name) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No File
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://www.searchqu.com/web?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://www.searchqu.com/web?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://www.searchqu.com/web?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://www.searchqu.com/web?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59} URL = http://search.imesh.com/web?src=ieb&systemid=1&q={searchTerms}
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
SearchScopes: HKCU - DefaultScope {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://websearch.ask.com/redirect?client=ie&tb=LMW2&o=16054&src=crm&q={searchTerms}&locale=en_US
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://websearch.ask.com/redirect?client=ie&tb=LMW2&o=16054&src=crm&q={searchTerms}&locale=en_US
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://www.searchqu.com/web?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59} URL = http://search.imesh.com/web?src=ieb&systemid=1&q={searchTerms}
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: No Name - {0974BA1E-64EC-11DE-B2A5-E43756D89593} -  No File
BHO-x32: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO-x32: No Name - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -  No File
BHO-x32: No Name - {872b5b88-9db5-4310-bdd0-ac189557e5f5} -  No File
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: No Name - {DBC80044-A445-435b-BC74-9C25C1C588A9} -  No File
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - No Name - {872b5b88-9db5-4310-bdd0-ac189557e5f5} -  No File
Toolbar: HKLM-x32 - No Name - {0974BA1E-64EC-11DE-B2A5-E43756D89593} -  No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} -  No File
DPF: HKLM-x32 {138E6DC9-722B-4F4B-B09D-95D191869696} http://www.bebo.com/files/BeboUploader.5.8.05.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - G:\iTunes\Mozilla Plugins\npitunes.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_32 - C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @playstation.com/PsndlCheck,version=1.00 - C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 - C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Mafi\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Mafi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: electronicarts.com/GameFacePlugin - C:\Users\Mafi\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll (Electronic Arts)
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2014-06-16]
 
Chrome: 
=======
CHR HomePage: hxxp://www.glenavon.school.nz/
CHR DefaultSearchKeyword: google.co.nz
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 6 U32) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.320.5) - C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (WildTangent Games App Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\8\NP_wtapp.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Mafi\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Extension: (Call of Duty: Ghosts) - C:\Users\Mafi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ageenndacpokmijpjccdhjlaoeikfcjj [2014-04-24]
CHR Extension: (BeGone Guerra Online) - C:\Users\Mafi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahcchnfnladlkddlceegencfccjcfnjp [2014-04-24]
CHR Extension: (Angry Birds) - C:\Users\Mafi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2014-04-24]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Mafi\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-05]
CHR Extension: (Combat Arms) - C:\Users\Mafi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blfedjmgkhbbckibfcbgdepdlkoopeja [2014-04-24]
CHR Extension: (Despicable Me Fire Me to the Moon) - C:\Users\Mafi\AppData\Local\Google\Chrome\User Data\Default\Extensions\cabamdepphkegakknjhbeiehcmfgjoaa [2014-04-24]
CHR Extension: (Tanki Online) - C:\Users\Mafi\AppData\Local\Google\Chrome\User Data\Default\Extensions\chnamgoimgnbgkabfjkikldbfdhhfhdo [2014-04-24]
CHR Extension: (Gun Bros) - C:\Users\Mafi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciamkmigckbgfajcieiflmkedohjjohh [2014-04-24]
CHR Extension: (Counter Strike Online ) - C:\Users\Mafi\AppData\Local\Google\Chrome\User Data\Default\Extensions\cncdkbmmchnoimmppdghpfeoojomhcik [2014-04-24]
CHR Extension: (Google Search) - C:\Users\Mafi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-16]
CHR Extension: (Gun Blood) - C:\Users\Mafi\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpbkahmbgcfjocgliikbkfiieemcjkoj [2014-04-24]
CHR Extension: (Pou) - C:\Users\Mafi\AppData\Local\Google\Chrome\User Data\Default\Extensions\daoagnalhaodihlmeodmkingndenjnoj [2014-04-24]
CHR Extension: (Earn to Die 2012) - C:\Users\Mafi\AppData\Local\Google\Chrome\User Data\Default\Extensions\djbdmikmfollbpobnjknaokpgbpdlbhm [2014-04-24]
CHR Extension: (Ultimate Flash Sonic Smash Brothers) - C:\Users\Mafi\AppData\Local\Google\Chrome\User Data\Default\Extensions\doldmgjebloaondlfkambkkofpnfgmfk [2014-04-24]
CHR Extension: (Lego City) - C:\Users\Mafi\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpjhdledpnjgmkdkdlafibgoghphdhfh [2014-04-24]
CHR Extension: (Street Sesh Skate 3) - C:\Users\Mafi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ebiljmfmjdngknnmghmifgnfggffioci [2014-04-24]
CHR Extension: (Rush Team) - C:\Users\Mafi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecdnoeebfjlplfkljdedokbcmebojbpb [2014-04-24]
CHR Extension: (Despicable Me 2 - Mission Impopsible) - C:\Users\Mafi\AppData\Local\Google\Chrome\User Data\Default\Extensions\egcldgpekkbhbdelknamfcahbimgnhji [2014-04-24]
CHR Extension: (Earn to Die 2012 Part 2) - C:\Users\Mafi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjjaocdfepokdflcjalfoebmhganjae [2014-04-24]
CHR Extension: (Papa Louie 2 When Burgers Attack) - C:\Users\Mafi\AppData\Local\Google\Chrome\User Data\Default\Extensions\elkkolldhkjpgdfjjbjmilnmhhihgkef [2014-04-24]
CHR Extension: (Freefall Tournament) - C:\Users\Mafi\AppData\Local\Google\Chrome\User Data\Default\Extensions\encjogopgacdjlkmpdknhlfnanoihodh [2014-04-24]
CHR Extension: (Mario And Sonic Games) - C:\Users\Mafi\AppData\Local\Google\Chrome\User Data\Default\Extensions\eobkehpafdgknonghebbbcdjfljdejgg [2014-04-24]
CHR Extension: (Shooting Games) - C:\Users\Mafi\AppData\Local\Google\Chrome\User Data\Default\Extensions\epcfajenmoooeaoojmimalidfmdgmbfe [2014-04-24]
CHR Extension: (Earn To Die 2012) - C:\Users\Mafi\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfknippagcjnkkbhcjppcdhciiphfha [2014-04-24]
CHR Extension: (Subway Surfers) - C:\Users\Mafi\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpkmkeliojoecjfmpojnglooeihdgkec [2014-04-24]
CHR Extension: (Despicable Me 2) - C:\Users\Mafi\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcghmnlcomdgahdlnjmhnfamdppdkdob [2014-04-24]
CHR Extension: (Sniper Team) - C:\Users\Mafi\AppData\Local\Google\Chrome\User Data\Default\Extensions\hclgbbaloijjnkpigapgmocdpoblnlec [2014-04-24]
CHR Extension: (Cargo Bridge: Armor Games Edition) - C:\Users\Mafi\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlpiaibleklmjieibbnmkignbggodmmj [2014-04-24]
CHR Extension: (Papa's Anthology) - C:\Users\Mafi\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdbdlnjdjegklpfoffcpjmepcacdknpd [2014-04-24]
CHR Extension: (Command & Conquer Tiberium Alliances) - C:\Users\Mafi\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgaeopgjojikeoiidmfaejkifhgjoooe [2014-04-24]
CHR Extension: (Star Wars™: The Old Republic™) - C:\Users\Mafi\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjiilfceogcmeegaomjeobpjfdfdkgef [2014-04-24]
CHR Extension: (BeGone: Guerra) - C:\Users\Mafi\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkkjdpmaanpdeccbbmogememgigcgocb [2014-04-24]
CHR Extension: (Fast And Furious Fast Five 3D) - C:\Users\Mafi\AppData\Local\Google\Chrome\User Data\Default\Extensions\jobkhjnkljmjibcglfbpbceamjcladal [2014-04-24]
CHR Extension: (SpongeBob Super Brawl 2) - C:\Users\Mafi\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbhbbkffljiemjcpkgpfkbcmplcfblje [2014-04-24]
CHR Extension: (Wheres My Duck Special Version) - C:\Users\Mafi\AppData\Local\Google\Chrome\User Data\Default\Extensions\kecibifcdeaeilhdenhpcjilebanophh [2014-04-24]
CHR Extension: (Cargo Bridge) - C:\Users\Mafi\AppData\Local\Google\Chrome\User Data\Default\Extensions\keembkgclppcbilkekfgpobhldjjhpmn [2014-04-24]
CHR Extension: (The Amazing SpiderMan 2) - C:\Users\Mafi\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfjnapmplkiblpfcdlipimelnimoepao [2014-06-08]
CHR Extension: (Truck Loader - Stress your Physics Skills!) - C:\Users\Mafi\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjjeglknmjaihhkgbedkmmhebngnlana [2014-04-24]
CHR Extension: (Dragon Ball Z mmorpg game !) - C:\Users\Mafi\AppData\Local\Google\Chrome\User Data\Default\Extensions\kljhjkncoceojjbadalclgdinmijjien [2014-04-24]
CHR Extension: (Iron Man 3D) - C:\Users\Mafi\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmdbnncbgjijaggoknnajagdhpogbndi [2014-04-24]
CHR Extension: (Sniper Team Reloaded) - C:\Users\Mafi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfdiklenhddhkckbiaofckaijlnepiab [2014-04-24]
CHR Extension: (Iron Man 3D) - C:\Users\Mafi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhobdaldnmencdbamljgjflclihfoihl [2014-04-24]
CHR Extension: (Call Of Duty 4) - C:\Users\Mafi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lilifnmoehaiobbldofodlgdhigmpcgh [2014-04-24]
CHR Extension: (Red Crucible 2) - C:\Users\Mafi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lleakndogeihjpkbelmjobojkaoknkga [2014-04-24]
CHR Extension: (3D Action Games) - C:\Users\Mafi\AppData\Local\Google\Chrome\User Data\Default\Extensions\loaciifbegkjbeddmolhfdmpmicbkadm [2014-04-24]
CHR Extension: (Motor Wars) - C:\Users\Mafi\AppData\Local\Google\Chrome\User Data\Default\Extensions\makbmncmboemglecnhfmhobkgdcnonhe [2014-04-24]
CHR Extension: (3D Ferrari F458) - C:\Users\Mafi\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdfjnhanfponogkaieppfaelmojggamo [2014-04-24]
CHR Extension: (Plants vs Zombies) - C:\Users\Mafi\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina [2014-04-24]
CHR Extension: (Need for Speed World) - C:\Users\Mafi\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnnelgnkomjdakpkjpkfehdipjifjmbk [2014-04-24]
CHR Extension: (Sonic the Hedgehog) - C:\Users\Mafi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbdhbpmojeedfmgelekgjhdejdmfpikn [2014-04-24]
CHR Extension: (Call Of Duty : Black Ops 2) - C:\Users\Mafi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbhaldaflkekoncenciiopmbegagkfhi [2014-04-24]
CHR Extension: (Cargo Bridge: Xmas level pack) - C:\Users\Mafi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdcclndkdgngndhjfccoabooegcgamk [2014-04-24]
CHR Extension: (Google Wallet) - C:\Users\Mafi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-30]
CHR Extension: (Battlefield Play4Free) - C:\Users\Mafi\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiokahphinmbmakkehgelkmpolmnbkdh [2013-12-26]
CHR Extension: (GTA 5 Mode) - C:\Users\Mafi\AppData\Local\Google\Chrome\User Data\Default\Extensions\oljnpeabfgbdfhimegfpcfbchbjignog [2014-04-24]
CHR Extension: (Gta San Andreas Powerful Mode Mod) - C:\Users\Mafi\AppData\Local\Google\Chrome\User Data\Default\Extensions\onhgjgnjfieoahaeodpjemojngbikbmi [2014-04-24]
CHR Extension: (Where's My Water?) - C:\Users\Mafi\AppData\Local\Google\Chrome\User Data\Default\Extensions\onhpbpcgnoglkojnigjlpjcblljfkakc [2014-04-24]
CHR Extension: (Sniper Games) - C:\Users\Mafi\AppData\Local\Google\Chrome\User Data\Default\Extensions\onjdoagkpggaokhecdopkkffjigjhgjp [2014-04-24]
CHR Extension: (Truck Loader 4) - C:\Users\Mafi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pagalbcapbngjlhopbddaepeoncomlad [2014-04-24]
CHR Extension: (Gmail) - C:\Users\Mafi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-16]
CHR Extension: (Cargo Bridge 2) - C:\Users\Mafi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmphjijgcdpmmnfjbemolkdiidinogml [2014-04-24]
CHR Extension: (Minion Rush) - C:\Users\Mafi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppkemlfakcdjjmjeicefhidcabaopdnc [2014-04-24]
 
==================== Services (Whitelisted) =================
 
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1343408 2014-02-24] (ESET)
R4 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]
S4 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-10-16] (Hewlett-Packard Company) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
S4 PCToolsSSDMonitorSvc; C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [583640 2010-08-05] (PC Tools)
S4 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [474208 2012-07-27] (Sony Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-12-26] ()
S0 SharedAccess; C:\Windows\System32\ipnathlp.dll [359424 2009-07-14] (Microsoft Corporation)
S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S4 VodafoneConnectorService; C:\Program Files (x86)\Vodafone\Via The Phone\VodafoneConnectorService.exe [233472 2010-05-14] (Vodafone Group) [File not signed]
S4 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [288256 2010-09-08] (WDC) [File not signed]
S4 WDFME; C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe [1034752 2010-09-08] () [File not signed]
S4 WDSC; C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDSC.exe [485376 2010-09-08] () [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
S3 androidusb; C:\Windows\System32\Drivers\smhwadb.sys [31744 2010-07-13] (Google Inc)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50464 2014-04-30] (AVG Technologies)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [239320 2013-09-17] (ESET)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [239296 2013-09-17] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [168256 2013-09-17] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [157432 2013-09-17] (ESET)
S3 ESETOlmarikOlmascoCleaner; C:\Windows\system32\Drivers\ESETOlmarikOlmascoCleaner.sys [156360 2014-06-16] ()
R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [91352 2014-05-12] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-21] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
S3 nmwcdcx64; C:\Windows\System32\drivers\nmwcdcx64.sys [12288 2007-06-28] (Nokia)
S3 nmwcdx64; C:\Windows\System32\drivers\nmwcdx64.sys [173056 2007-06-28] (Nokia)
S3 smhwdev; C:\Windows\System32\DRIVERS\smhwdev.sys [114432 2010-07-13] (Huawei Technologies Co., Ltd.)
S3 smhwser; C:\Windows\System32\DRIVERS\smhwser.sys [122624 2010-07-13] (QUALCOMM Incorporated)
S3 upperdev; C:\Windows\System32\DRIVERS\usbser_lowerfltx64.sys [8704 2008-05-02] (Windows ® Codename Longhorn DDK provider)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [51712 2011-05-10] (Apple, Inc.) [File not signed]
S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2010-01-21] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [33280 2010-01-21] (LG Electronics Inc.)
S3 UsbserFilt; C:\Windows\System32\DRIVERS\usbser_lowerfltx64j.sys [8704 2008-05-02] (Windows ® Codename Longhorn DDK provider)
S3 efavdrv; \??\C:\Windows\system32\drivers\efavdrv.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-06-21 23:28 - 2014-06-21 23:28 - 00034427 _____ () C:\Users\Mafi\Downloads\FRST.txt
2014-06-21 23:27 - 2014-06-21 23:27 - 00002557 _____ () C:\Users\Mafi\Downloads\RKreport_SCN_06212014_231914.log
2014-06-21 23:25 - 2014-06-21 23:28 - 00000000 ____D () C:\FRST
2014-06-21 23:24 - 2014-06-21 23:24 - 02083328 _____ (Farbar) C:\Users\Mafi\Downloads\FRST64 (1).exe
2014-06-21 23:21 - 2014-06-21 23:21 - 00002557 _____ () C:\Users\Mafi\Desktop\RKreport_SCN_06212014_231914.log
2014-06-21 23:13 - 2014-06-21 23:13 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-06-21 23:12 - 2014-06-21 23:12 - 05268992 _____ () C:\Users\Mafi\Downloads\RogueKillerX64.exe
2014-06-21 23:07 - 2014-06-21 23:08 - 107576056 _____ (Microsoft Corporation) C:\Users\Mafi\Downloads\msert (2).exe
2014-06-21 23:06 - 2014-06-21 23:06 - 02097152 _____ () C:\Users\Mafi\Downloads\msert (1).exe
2014-06-21 21:09 - 2014-06-21 21:09 - 02991832 _____ (ESET) C:\Users\Mafi\Downloads\ERARemover_x64.exe
2014-06-21 21:03 - 2014-06-21 22:24 - 00000112 _____ () C:\Windows\setupact.log
2014-06-21 21:03 - 2014-06-21 21:03 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-21 19:55 - 2014-06-21 19:55 - 02347384 _____ (ESET) C:\Users\Mafi\Downloads\esetsmartinstaller_enu (4).exe
2014-06-21 19:42 - 2014-06-21 19:43 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\Mafi\Downloads\rkill.com
2014-06-21 19:37 - 2014-06-21 19:37 - 00000000 __SHD () C:\Users\Mafi\AppData\Local\EmieUserList
2014-06-21 19:37 - 2014-06-21 19:37 - 00000000 __SHD () C:\Users\Mafi\AppData\Local\EmieSiteList
2014-06-21 19:35 - 2014-06-21 19:35 - 04999176 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-06-21 19:08 - 2014-06-21 19:09 - 02083328 _____ (Farbar) C:\Users\Mafi\Downloads\FRST64.exe
2014-06-21 18:57 - 2014-06-21 18:57 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Mafi\Downloads\tdsskiller.exe
2014-06-21 18:34 - 2014-06-21 18:34 - 00117632 _____ () C:\Users\Mafi\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-21 14:48 - 2014-06-21 14:48 - 00003814 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1403318883
2014-06-21 14:48 - 2014-06-21 14:48 - 00001091 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2014-06-21 14:48 - 2014-06-21 14:48 - 00000000 ____D () C:\Users\Mafi\AppData\Roaming\Opera Software
2014-06-21 14:48 - 2014-06-21 14:48 - 00000000 ____D () C:\Users\Mafi\AppData\Local\Opera Software
2014-06-21 14:48 - 2014-06-21 14:48 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-06-21 14:46 - 2014-06-21 14:47 - 27641968 _____ (Opera Software ASA) C:\Users\Mafi\Downloads\Opera_22.0.1471.70_Setup.exe
2014-06-21 13:51 - 2014-06-21 13:52 - 00018374 _____ () C:\Users\Mafi\Downloads\attach (1).txt
2014-06-21 13:19 - 2014-06-21 13:19 - 00071621 _____ () C:\Users\Mafi\Downloads\produkey-x64.zip
2014-06-20 19:33 - 2014-06-20 19:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClipGrab
2014-06-20 19:33 - 2014-06-20 19:33 - 00000000 ____D () C:\Program Files (x86)\ClipGrab
2014-06-20 17:11 - 2014-03-31 09:35 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-06-17 18:21 - 2014-06-17 18:21 - 00018374 _____ () C:\Users\Mafi\Downloads\attach.txt
2014-06-17 16:47 - 2014-06-17 18:16 - 00020597 _____ () C:\Users\Mafi\Desktop\dds.txt
2014-06-17 16:47 - 2014-06-17 18:15 - 00018374 _____ () C:\Users\Mafi\Desktop\attach.txt
2014-06-17 16:44 - 2014-06-17 16:45 - 00688992 ____R (Swearware) C:\Users\Mafi\Downloads\dds.com
2014-06-17 16:23 - 2014-06-17 16:23 - 00000000 ____D () C:\Users\Mafi\AppData\Local\ESET
2014-06-17 09:29 - 2014-06-17 09:29 - 00180000 _____ (Kaspersky Lab) C:\Users\Mafi\Downloads\kss12.0.1.117EN_RU_DE_FR_2926.exe
2014-06-17 01:49 - 2014-06-17 01:49 - 00252091 _____ () C:\Users\Mafi\AppData\Local\census.cache
2014-06-17 01:49 - 2014-06-17 01:49 - 00113792 _____ () C:\Users\Mafi\AppData\Local\ars.cache
2014-06-17 01:26 - 2014-06-17 01:26 - 02406064 _____ (Trend Micro Inc.) C:\Users\Mafi\Downloads\HousecallLauncher64.exe
2014-06-17 01:26 - 2014-06-17 01:26 - 00000036 _____ () C:\Users\Mafi\AppData\Local\housecall.guid.cache
2014-06-16 15:41 - 2014-06-16 15:41 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-06-16 15:41 - 2014-06-16 15:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-06-16 15:41 - 2014-06-16 15:41 - 00000000 ____D () C:\Program Files\CCleaner
2014-06-16 15:22 - 2014-06-21 21:11 - 00000000 ____D () C:\ProgramData\ESET
2014-06-16 15:22 - 2014-06-16 15:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2014-06-16 15:22 - 2014-06-16 15:22 - 00000000 ____D () C:\Program Files\ESET
2014-06-16 15:20 - 2014-06-16 15:20 - 00511782 _____ () C:\Users\Mafi\Downloads\Autoruns.zip
2014-06-16 15:12 - 2014-06-16 15:19 - 70873088 _____ () C:\Users\Mafi\Downloads\eav_nt64_enu.msi
2014-06-16 14:37 - 2014-06-16 16:47 - 00000000 ____D () C:\Users\Mafi\AppData\Local\LogMeIn Rescue Applet
2014-06-16 14:37 - 2014-06-16 14:37 - 01528640 _____ (LogMeIn, Inc.) C:\Users\Mafi\Downloads\Support-LogMeInRescue.exe
2014-06-16 14:37 - 2014-05-30 22:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-16 14:37 - 2014-05-30 22:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-16 14:37 - 2014-05-30 21:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-16 14:37 - 2014-05-30 21:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-16 14:37 - 2014-05-30 21:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-16 14:37 - 2014-05-30 21:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-16 14:37 - 2014-05-30 21:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-16 14:37 - 2014-05-30 21:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-16 14:37 - 2014-05-30 21:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-16 14:37 - 2014-05-30 21:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-16 14:37 - 2014-05-30 21:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-16 14:37 - 2014-05-30 21:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-16 14:37 - 2014-05-30 20:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-16 14:37 - 2014-05-30 20:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-16 14:37 - 2014-05-30 20:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-16 14:37 - 2014-05-30 20:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-16 14:37 - 2014-05-30 20:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-16 14:37 - 2014-05-30 20:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-16 14:37 - 2014-05-30 20:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-16 14:37 - 2014-05-30 20:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-16 14:37 - 2014-05-30 20:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-16 14:37 - 2014-05-30 20:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-16 14:37 - 2014-05-30 20:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-16 14:37 - 2014-05-30 20:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-16 14:37 - 2014-05-30 20:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-16 14:37 - 2014-05-30 20:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-16 14:37 - 2014-05-30 20:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-16 14:37 - 2014-05-30 20:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-16 14:37 - 2014-05-30 20:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-16 14:37 - 2014-05-30 20:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-16 14:37 - 2014-05-30 20:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-16 14:37 - 2014-05-30 19:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-16 14:37 - 2014-05-30 19:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-16 14:37 - 2014-05-30 19:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-16 14:37 - 2014-05-30 19:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-16 14:37 - 2014-05-30 19:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-16 14:37 - 2014-05-30 19:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-16 14:37 - 2014-05-30 19:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-16 14:37 - 2014-05-30 19:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-16 14:37 - 2014-05-30 19:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-16 14:37 - 2014-05-30 19:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-16 14:37 - 2014-04-25 14:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-16 14:37 - 2014-04-25 14:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-16 14:37 - 2014-04-05 14:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-16 14:37 - 2014-04-05 14:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-16 14:37 - 2014-03-27 02:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-16 14:37 - 2014-03-27 02:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-16 14:37 - 2014-03-27 02:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-16 14:37 - 2014-03-27 02:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-16 14:37 - 2014-03-27 02:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-16 14:37 - 2014-03-27 02:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-16 14:37 - 2014-03-27 02:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-16 14:37 - 2014-03-27 02:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-16 14:36 - 2014-05-30 22:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-16 14:36 - 2014-05-30 21:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-16 14:36 - 2014-05-30 21:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-16 14:36 - 2014-05-30 21:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-16 14:36 - 2014-05-30 21:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-16 14:36 - 2014-05-30 21:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-16 14:36 - 2014-05-30 20:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-16 14:36 - 2014-05-30 20:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-16 14:36 - 2014-05-30 20:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-16 14:36 - 2014-05-30 19:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-16 14:36 - 2014-05-30 19:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-16 14:33 - 2014-06-08 21:13 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-16 14:33 - 2014-06-08 21:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-16 14:22 - 2014-06-21 22:42 - 00000000 ____D () C:\Windows\pss
2014-06-16 13:26 - 2014-06-16 13:26 - 00002243 _____ () C:\Windows\epplauncher.mif
2014-06-16 13:25 - 2014-06-16 13:25 - 13829304 _____ (Microsoft Corporation) C:\Users\Mafi\Downloads\MSEInstall.exe
2014-06-16 13:20 - 2014-06-16 13:20 - 01048576 _____ () C:\Users\Mafi\Downloads\msert.exe
2014-06-16 13:10 - 2014-06-16 13:11 - 06170208 _____ (SpeedMaxPc) C:\Users\Mafi\Downloads\SpeedMaxpc_installer.exe
2014-06-16 12:30 - 2014-06-16 12:31 - 02347384 _____ (ESET) C:\Users\Mafi\Downloads\esetsmartinstaller_enu (3).exe
2014-06-16 12:24 - 2014-06-16 12:24 - 01695680 _____ (ESET) C:\Users\Mafi\Downloads\eset_nod32_antivirus_live_installer_ (4).exe
2014-06-16 12:23 - 2014-06-16 12:23 - 00368992 _____ (ESET) C:\Users\Mafi\Downloads\ESETSirefefCleaner.exe
2014-06-16 12:23 - 2014-06-16 12:23 - 00004376 _____ () C:\Users\Mafi\Downloads\ESETSirefefCleaner.exe_20140616.122310.1392.log
2014-06-16 11:50 - 2014-06-21 22:24 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-16 11:50 - 2014-06-16 11:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-16 11:50 - 2014-06-16 11:50 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-16 11:50 - 2014-06-16 11:50 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-16 11:50 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-16 11:50 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-16 11:50 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-16 11:49 - 2014-06-16 11:50 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Mafi\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-16 05:32 - 2014-06-16 05:32 - 02347384 _____ (ESET) C:\Users\Mafi\Downloads\esetsmartinstaller_enu (2).exe
2014-06-16 00:36 - 2014-06-16 00:36 - 01695680 _____ (ESET) C:\Users\Mafi\Downloads\eset_nod32_antivirus_live_installer_ (3).exe
2014-06-16 00:36 - 2014-06-16 00:36 - 01695680 _____ (ESET) C:\Users\Mafi\Downloads\eset_nod32_antivirus_live_installer_ (2).exe
2014-06-15 23:19 - 2014-06-15 23:19 - 02347384 _____ (ESET) C:\Users\Mafi\Downloads\esetsmartinstaller_enu (1).exe
2014-06-15 22:58 - 2014-06-15 22:58 - 01695680 _____ (ESET) C:\Users\Mafi\Downloads\eset_nod32_antivirus_live_installer_ (1).exe
2014-06-15 22:44 - 2014-06-15 22:44 - 02347384 _____ (ESET) C:\Users\Mafi\Downloads\esetsmartinstaller_enu.exe
2014-06-15 22:42 - 2014-06-16 12:29 - 00156360 _____ () C:\Windows\system32\Drivers\ESETOlmarikOlmascoCleaner.sys
2014-06-15 22:42 - 2014-06-16 12:29 - 00000000 ____D () C:\Users\Mafi\Downloads\Speclean
2014-06-15 22:29 - 2014-06-15 22:29 - 01695680 _____ (ESET) C:\Users\Mafi\Downloads\eset_nod32_antivirus_live_installer_.exe
2014-06-15 20:50 - 2014-06-16 15:31 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-15 20:46 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2014-06-15 20:25 - 2014-06-15 20:25 - 00000000 ____D () C:\Users\Mafi\AppData\Local\{A0EA0E81-E149-40D0-847A-EB6AC2ED4306}
2014-06-09 05:22 - 2014-06-09 05:22 - 00000000 ____D () C:\ProgramData\Recovery
2014-06-08 14:01 - 2014-06-08 14:02 - 09611504 _____ (Viacom) C:\Users\Mafi\Downloads\InstallMonkeyQuest.exe
2014-06-08 09:25 - 2014-06-08 09:25 - 00000000 ____D () C:\Users\Mafi\AppData\Local\{67394A1A-DC6D-455D-BD71-EAAA6C333D58}
2014-06-07 18:46 - 2014-06-07 18:46 - 00000000 ____D () C:\Users\Mafi\AppData\Local\{BBE7BCB5-3C6A-4CF4-BDBF-73C823E37EC2}
2014-06-06 14:42 - 2014-06-06 14:42 - 00000000 ____D () C:\Users\Mafi\AppData\Local\{874FC19F-E10F-4882-AA19-0F80037D7729}
2014-06-05 07:54 - 2014-06-05 07:54 - 00000000 ____D () C:\Users\Mafi\AppData\Local\{2F2D1665-D0E1-4BBF-BDAE-340CB3897C8D}
2014-06-04 20:23 - 2014-06-04 20:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-06-04 20:23 - 2014-06-04 20:23 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-06-04 20:21 - 2014-06-04 20:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2014-06-04 20:20 - 2014-06-21 14:20 - 00003180 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForMafi
2014-06-04 20:20 - 2014-06-21 14:20 - 00000328 _____ () C:\Windows\Tasks\HPCeeScheduleForMafi.job
2014-06-04 20:19 - 2014-06-04 20:19 - 00000000 ____D () C:\Program Files\Bonjour
2014-06-04 20:19 - 2014-06-04 20:19 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-06-04 19:28 - 2014-06-04 19:28 - 17938608 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-06-04 18:32 - 2014-06-20 18:19 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-06-04 18:25 - 2012-05-29 15:53 - 00027456 _____ (Windows ® Codename Longhorn DDK provider) C:\Windows\system32\Drivers\cpqdfw.sys
2014-06-04 18:24 - 2014-06-04 18:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2014-06-04 18:22 - 2014-06-04 18:22 - 00000000 ____D () C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
2014-06-04 18:16 - 2014-04-12 14:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-06-04 18:16 - 2014-03-25 14:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-06-04 18:16 - 2014-03-25 14:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-06-04 18:16 - 2014-03-04 21:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-06-04 18:16 - 2014-03-04 21:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-06-04 18:16 - 2014-03-04 21:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-06-04 18:16 - 2014-03-04 21:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-06-04 18:16 - 2014-03-04 21:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-06-04 18:16 - 2014-03-04 21:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-06-04 18:16 - 2014-03-04 21:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-06-04 18:16 - 2014-03-04 21:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-06-04 18:16 - 2014-03-04 21:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-06-04 18:16 - 2014-03-04 21:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-06-04 18:16 - 2014-03-04 21:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-06-04 18:15 - 2014-04-12 14:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-06-04 18:15 - 2014-04-12 14:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-06-04 18:15 - 2014-04-12 14:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-06-04 18:15 - 2014-04-12 14:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-06-04 18:15 - 2014-04-12 14:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-06-04 18:15 - 2014-04-12 14:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-06-04 18:15 - 2014-04-12 14:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-06-04 18:15 - 2014-04-12 14:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-06-04 18:15 - 2014-03-04 21:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-06-04 18:15 - 2014-03-04 21:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-06-04 18:15 - 2014-03-04 21:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-06-04 18:15 - 2014-03-04 21:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-06-04 18:15 - 2014-03-04 21:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-06-04 18:15 - 2014-03-04 21:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-06-04 18:15 - 2014-03-04 21:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-06-04 18:15 - 2014-03-04 21:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-06-04 18:15 - 2014-03-04 21:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-06-04 18:15 - 2014-03-04 21:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-06-04 18:15 - 2014-03-04 21:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-06-04 18:15 - 2014-03-04 21:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-06-04 18:15 - 2014-03-04 21:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-06-04 18:15 - 2014-03-04 21:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-06-04 18:15 - 2014-03-04 21:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-06-04 18:15 - 2014-03-04 21:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-06-04 18:15 - 2014-03-04 21:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-06-04 18:15 - 2014-03-04 21:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-06-04 18:15 - 2014-03-04 21:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-06-04 18:15 - 2014-03-04 21:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-06-04 18:15 - 2014-03-04 21:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-06-04 17:51 - 2014-06-04 17:51 - 00000000 ____D () C:\Users\Mafi\AppData\Local\{9D9E62DF-711E-41BB-BF93-60964770D853}
 
==================== One Month Modified Files and Folders =======
 
2014-06-21 23:28 - 2014-06-21 23:28 - 00034427 _____ () C:\Users\Mafi\Downloads\FRST.txt
2014-06-21 23:28 - 2014-06-21 23:25 - 00000000 ____D () C:\FRST
2014-06-21 23:28 - 2012-09-08 08:55 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-21 23:27 - 2014-06-21 23:27 - 00002557 _____ () C:\Users\Mafi\Downloads\RKreport_SCN_06212014_231914.log
2014-06-21 23:27 - 2010-01-21 21:24 - 00000000 ____D () C:\ProgramData\Temp
2014-06-21 23:24 - 2014-06-21 23:24 - 02083328 _____ (Farbar) C:\Users\Mafi\Downloads\FRST64 (1).exe
2014-06-21 23:24 - 2010-08-12 22:34 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-21 23:21 - 2014-06-21 23:21 - 00002557 _____ () C:\Users\Mafi\Desktop\RKreport_SCN_06212014_231914.log
2014-06-21 23:13 - 2014-06-21 23:13 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-06-21 23:12 - 2014-06-21 23:12 - 05268992 _____ () C:\Users\Mafi\Downloads\RogueKillerX64.exe
2014-06-21 23:08 - 2014-06-21 23:07 - 107576056 _____ (Microsoft Corporation) C:\Users\Mafi\Downloads\msert (2).exe
2014-06-21 23:08 - 2009-07-14 16:45 - 00020112 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-21 23:08 - 2009-07-14 16:45 - 00020112 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-21 23:06 - 2014-06-21 23:06 - 02097152 _____ () C:\Users\Mafi\Downloads\msert (1).exe
2014-06-21 22:42 - 2014-06-16 14:22 - 00000000 ____D () C:\Windows\pss
2014-06-21 22:26 - 2010-02-12 18:27 - 01974611 _____ () C:\Windows\WindowsUpdate.log
2014-06-21 22:24 - 2014-06-21 21:03 - 00000112 _____ () C:\Windows\setupact.log
2014-06-21 22:24 - 2014-06-16 11:50 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-21 22:24 - 2010-08-12 22:34 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-21 22:24 - 2009-07-14 17:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-21 21:11 - 2014-06-16 15:22 - 00000000 ____D () C:\ProgramData\ESET
2014-06-21 21:09 - 2014-06-21 21:09 - 02991832 _____ (ESET) C:\Users\Mafi\Downloads\ERARemover_x64.exe
2014-06-21 21:03 - 2014-06-21 21:03 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-21 19:55 - 2014-06-21 19:55 - 02347384 _____ (ESET) C:\Users\Mafi\Downloads\esetsmartinstaller_enu (4).exe
2014-06-21 19:43 - 2014-06-21 19:42 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\Mafi\Downloads\rkill.com
2014-06-21 19:37 - 2014-06-21 19:37 - 00000000 __SHD () C:\Users\Mafi\AppData\Local\EmieUserList
2014-06-21 19:37 - 2014-06-21 19:37 - 00000000 __SHD () C:\Users\Mafi\AppData\Local\EmieSiteList
2014-06-21 19:35 - 2014-06-21 19:35 - 04999176 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-06-21 19:09 - 2014-06-21 19:08 - 02083328 _____ (Farbar) C:\Users\Mafi\Downloads\FRST64.exe
2014-06-21 19:01 - 2011-02-05 20:27 - 00000264 _____ () C:\Windows\Tasks\RMSchedule.job
2014-06-21 18:57 - 2014-06-21 18:57 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Mafi\Downloads\tdsskiller.exe
2014-06-21 18:49 - 2011-12-01 18:07 - 00000924 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2661574004-630529994-1827076542-1000UA.job
2014-06-21 18:34 - 2014-06-21 18:34 - 00117632 _____ () C:\Users\Mafi\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-21 18:11 - 2010-06-18 10:34 - 00000000 ____D () C:\Users\Mafi\AppData\Local\CrashDumps
2014-06-21 18:11 - 2010-06-07 23:18 - 00000000 ____D () C:\Users\Mafi\Tracing
2014-06-21 18:11 - 2010-01-22 16:10 - 00000000 ____D () C:\Windows\Panther
2014-06-21 15:04 - 2010-06-16 17:59 - 00000000 ____D () C:\Users\Mafi\AppData\Roaming\Apple Computer
2014-06-21 14:48 - 2014-06-21 14:48 - 00003814 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1403318883
2014-06-21 14:48 - 2014-06-21 14:48 - 00001091 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2014-06-21 14:48 - 2014-06-21 14:48 - 00000000 ____D () C:\Users\Mafi\AppData\Roaming\Opera Software
2014-06-21 14:48 - 2014-06-21 14:48 - 00000000 ____D () C:\Users\Mafi\AppData\Local\Opera Software
2014-06-21 14:48 - 2014-06-21 14:48 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-06-21 14:47 - 2014-06-21 14:46 - 27641968 _____ (Opera Software ASA) C:\Users\Mafi\Downloads\Opera_22.0.1471.70_Setup.exe
2014-06-21 14:20 - 2014-06-04 20:20 - 00003180 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForMafi
2014-06-21 14:20 - 2014-06-04 20:20 - 00000328 _____ () C:\Windows\Tasks\HPCeeScheduleForMafi.job
2014-06-21 13:52 - 2014-06-21 13:51 - 00018374 _____ () C:\Users\Mafi\Downloads\attach (1).txt
2014-06-21 13:19 - 2014-06-21 13:19 - 00071621 _____ () C:\Users\Mafi\Downloads\produkey-x64.zip
2014-06-20 19:33 - 2014-06-20 19:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClipGrab
2014-06-20 19:33 - 2014-06-20 19:33 - 00000000 ____D () C:\Program Files (x86)\ClipGrab
2014-06-20 19:28 - 2009-07-14 17:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-20 18:19 - 2014-06-04 18:32 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-06-20 18:19 - 2010-06-29 16:23 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-06-20 18:17 - 2010-07-06 19:06 - 00000000 ____D () C:\Users\Mafi\AppData\Roaming\HpUpdate
2014-06-20 18:17 - 2010-07-06 19:06 - 00000000 ____D () C:\Users\Mafi\AppData\Roaming\HP Support Assistant
2014-06-20 17:19 - 2010-08-12 22:34 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-20 17:19 - 2010-08-12 22:34 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-17 18:21 - 2014-06-17 18:21 - 00018374 _____ () C:\Users\Mafi\Downloads\attach.txt
2014-06-17 18:16 - 2014-06-17 16:47 - 00020597 _____ () C:\Users\Mafi\Desktop\dds.txt
2014-06-17 18:15 - 2014-06-17 16:47 - 00018374 _____ () C:\Users\Mafi\Desktop\attach.txt
2014-06-17 16:45 - 2014-06-17 16:44 - 00688992 ____R (Swearware) C:\Users\Mafi\Downloads\dds.com
2014-06-17 16:23 - 2014-06-17 16:23 - 00000000 ____D () C:\Users\Mafi\AppData\Local\ESET
2014-06-17 13:13 - 2009-07-14 15:20 - 00000000 ____D () C:\Windows\rescache
2014-06-17 12:49 - 2011-12-01 18:07 - 00000902 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2661574004-630529994-1827076542-1000Core.job
2014-06-17 09:29 - 2014-06-17 09:29 - 00180000 _____ (Kaspersky Lab) C:\Users\Mafi\Downloads\kss12.0.1.117EN_RU_DE_FR_2926.exe
2014-06-17 01:49 - 2014-06-17 01:49 - 00252091 _____ () C:\Users\Mafi\AppData\Local\census.cache
2014-06-17 01:49 - 2014-06-17 01:49 - 00113792 _____ () C:\Users\Mafi\AppData\Local\ars.cache
2014-06-17 01:26 - 2014-06-17 01:26 - 02406064 _____ (Trend Micro Inc.) C:\Users\Mafi\Downloads\HousecallLauncher64.exe
2014-06-17 01:26 - 2014-06-17 01:26 - 00000036 _____ () C:\Users\Mafi\AppData\Local\housecall.guid.cache
2014-06-16 16:47 - 2014-06-16 14:37 - 00000000 ____D () C:\Users\Mafi\AppData\Local\LogMeIn Rescue Applet
2014-06-16 16:44 - 2009-07-14 15:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-06-16 16:43 - 2010-11-20 07:52 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoftTB
2014-06-16 16:31 - 2011-08-16 16:53 - 00000000 ____D () C:\Windows\SysWOW64\X50234go
2014-06-16 16:22 - 2011-08-16 16:53 - 00000000 _RSHD () C:\Windows\M35728
2014-06-16 16:21 - 2010-12-03 18:05 - 00000000 ____D () C:\Windows\Downloaded Installations
2014-06-16 16:12 - 2009-07-14 15:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-06-16 15:41 - 2014-06-16 15:41 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-06-16 15:41 - 2014-06-16 15:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-06-16 15:41 - 2014-06-16 15:41 - 00000000 ____D () C:\Program Files\CCleaner
2014-06-16 15:37 - 2013-08-17 03:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-16 15:36 - 2010-06-07 20:04 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-06-16 15:34 - 2010-06-14 14:08 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-16 15:32 - 2010-01-21 21:32 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-16 15:31 - 2014-06-15 20:50 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-16 15:22 - 2014-06-16 15:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2014-06-16 15:22 - 2014-06-16 15:22 - 00000000 ____D () C:\Program Files\ESET
2014-06-16 15:20 - 2014-06-16 15:20 - 00511782 _____ () C:\Users\Mafi\Downloads\Autoruns.zip
2014-06-16 15:19 - 2014-06-16 15:12 - 70873088 _____ () C:\Users\Mafi\Downloads\eav_nt64_enu.msi
2014-06-16 14:37 - 2014-06-16 14:37 - 01528640 _____ (LogMeIn, Inc.) C:\Users\Mafi\Downloads\Support-LogMeInRescue.exe
2014-06-16 14:30 - 2013-07-27 18:20 - 00001415 _____ () C:\Users\Mafi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-06-16 14:30 - 2009-07-14 17:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-06-16 14:14 - 2010-12-31 16:20 - 00001039 _____ () C:\ProgramData\VodafoneConnectorService.log
2014-06-16 13:26 - 2014-06-16 13:26 - 00002243 _____ () C:\Windows\epplauncher.mif
2014-06-16 13:25 - 2014-06-16 13:25 - 13829304 _____ (Microsoft Corporation) C:\Users\Mafi\Downloads\MSEInstall.exe
2014-06-16 13:20 - 2014-06-16 13:20 - 01048576 _____ () C:\Users\Mafi\Downloads\msert.exe
2014-06-16 13:11 - 2014-06-16 13:10 - 06170208 _____ (SpeedMaxPc) C:\Users\Mafi\Downloads\SpeedMaxpc_installer.exe
2014-06-16 12:31 - 2014-06-16 12:30 - 02347384 _____ (ESET) C:\Users\Mafi\Downloads\esetsmartinstaller_enu (3).exe
2014-06-16 12:29 - 2014-06-15 22:42 - 00156360 _____ () C:\Windows\system32\Drivers\ESETOlmarikOlmascoCleaner.sys
2014-06-16 12:29 - 2014-06-15 22:42 - 00000000 ____D () C:\Users\Mafi\Downloads\Speclean
2014-06-16 12:24 - 2014-06-16 12:24 - 01695680 _____ (ESET) C:\Users\Mafi\Downloads\eset_nod32_antivirus_live_installer_ (4).exe
2014-06-16 12:23 - 2014-06-16 12:23 - 00368992 _____ (ESET) C:\Users\Mafi\Downloads\ESETSirefefCleaner.exe
2014-06-16 12:23 - 2014-06-16 12:23 - 00004376 _____ () C:\Users\Mafi\Downloads\ESETSirefefCleaner.exe_20140616.122310.1392.log
2014-06-16 12:04 - 2009-07-14 15:20 - 00000000 ____D () C:\Windows\TAPI
2014-06-16 12:03 - 2012-09-08 08:55 - 00000000 ____D () C:\Users\Mafi\AppData\Local\Downloaded Installations
2014-06-16 12:03 - 2011-02-15 14:46 - 00000000 ____D () C:\Program Files (x86)\iMesh Applications
2014-06-16 12:03 - 2010-11-20 07:57 - 00000000 ____D () C:\Users\Mafi\AppData\Local\BearShare
2014-06-16 11:50 - 2014-06-16 11:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-16 11:50 - 2014-06-16 11:50 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-16 11:50 - 2014-06-16 11:50 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-16 11:50 - 2014-06-16 11:49 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Mafi\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-16 06:32 - 2009-07-14 15:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-06-16 05:32 - 2014-06-16 05:32 - 02347384 _____ (ESET) C:\Users\Mafi\Downloads\esetsmartinstaller_enu (2).exe
2014-06-16 00:36 - 2014-06-16 00:36 - 01695680 _____ (ESET) C:\Users\Mafi\Downloads\eset_nod32_antivirus_live_installer_ (3).exe
2014-06-16 00:36 - 2014-06-16 00:36 - 01695680 _____ (ESET) C:\Users\Mafi\Downloads\eset_nod32_antivirus_live_installer_ (2).exe
2014-06-15 23:19 - 2014-06-15 23:19 - 02347384 _____ (ESET) C:\Users\Mafi\Downloads\esetsmartinstaller_enu (1).exe
2014-06-15 22:58 - 2014-06-15 22:58 - 01695680 _____ (ESET) C:\Users\Mafi\Downloads\eset_nod32_antivirus_live_installer_ (1).exe
2014-06-15 22:44 - 2014-06-15 22:44 - 02347384 _____ (ESET) C:\Users\Mafi\Downloads\esetsmartinstaller_enu.exe
2014-06-15 22:29 - 2014-06-15 22:29 - 01695680 _____ (ESET) C:\Users\Mafi\Downloads\eset_nod32_antivirus_live_installer_.exe
2014-06-15 20:25 - 2014-06-15 20:25 - 00000000 ____D () C:\Users\Mafi\AppData\Local\{A0EA0E81-E149-40D0-847A-EB6AC2ED4306}
2014-06-15 20:22 - 2011-10-04 19:13 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-06-09 05:22 - 2014-06-09 05:22 - 00000000 ____D () C:\ProgramData\Recovery
2014-06-08 21:13 - 2014-06-16 14:33 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-08 21:08 - 2014-06-16 14:33 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-08 14:02 - 2014-06-08 14:01 - 09611504 _____ (Viacom) C:\Users\Mafi\Downloads\InstallMonkeyQuest.exe
2014-06-08 09:25 - 2014-06-08 09:25 - 00000000 ____D () C:\Users\Mafi\AppData\Local\{67394A1A-DC6D-455D-BD71-EAAA6C333D58}
2014-06-08 09:24 - 2010-06-07 19:55 - 00000000 ____D () C:\Users\Mafi
2014-06-07 18:46 - 2014-06-07 18:46 - 00000000 ____D () C:\Users\Mafi\AppData\Local\{BBE7BCB5-3C6A-4CF4-BDBF-73C823E37EC2}
2014-06-06 14:47 - 2012-12-12 20:28 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-06-06 14:42 - 2014-06-06 14:42 - 00000000 ____D () C:\Users\Mafi\AppData\Local\{874FC19F-E10F-4882-AA19-0F80037D7729}
2014-06-05 07:54 - 2014-06-05 07:54 - 00000000 ____D () C:\Users\Mafi\AppData\Local\{2F2D1665-D0E1-4BBF-BDAE-340CB3897C8D}
2014-06-04 20:27 - 2010-06-16 17:54 - 00000000 ____D () C:\ProgramData\Apple
2014-06-04 20:25 - 2010-01-21 21:48 - 00000000 ____D () C:\ProgramData\WildTangent
2014-06-04 20:25 - 2010-01-21 21:48 - 00000000 ____D () C:\Program Files (x86)\HP Games
2014-06-04 20:25 - 2009-07-14 17:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-06-04 20:23 - 2014-06-04 20:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-06-04 20:23 - 2014-06-04 20:23 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-06-04 20:21 - 2014-06-04 20:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2014-06-04 20:21 - 2010-06-21 08:04 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-06-04 20:20 - 2010-06-07 19:56 - 00000000 ____D () C:\Users\Mafi\AppData\Local\Hewlett-Packard
2014-06-04 20:19 - 2014-06-04 20:19 - 00000000 ____D () C:\Program Files\Bonjour
2014-06-04 20:19 - 2014-06-04 20:19 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-06-04 20:19 - 2010-10-10 18:45 - 00002503 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk
2014-06-04 20:19 - 2010-10-10 18:45 - 00000000 ____D () C:\Program Files (x86)\Safari
2014-06-04 19:28 - 2014-06-04 19:28 - 17938608 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-06-04 19:28 - 2012-09-08 08:55 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-06-04 19:28 - 2012-09-08 08:55 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-06-04 19:28 - 2011-05-14 08:02 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-04 18:29 - 2010-01-21 21:20 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-06-04 18:29 - 2009-07-14 15:20 - 00000000 ____D () C:\Windows\Help
2014-06-04 18:24 - 2014-06-04 18:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2014-06-04 18:23 - 2010-01-21 21:18 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2014-06-04 18:22 - 2014-06-04 18:22 - 00000000 ____D () C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
2014-06-04 18:22 - 2010-07-20 14:52 - 00000000 ____D () C:\Users\Mafi\AppData\Roaming\hpqLog
2014-06-04 18:21 - 2010-01-21 21:29 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-06-04 17:59 - 2012-03-09 21:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2014-06-04 17:51 - 2014-06-04 17:51 - 00000000 ____D () C:\Users\Mafi\AppData\Local\{9D9E62DF-711E-41BB-BF93-60964770D853}
2014-05-30 22:21 - 2014-06-16 14:36 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-30 22:02 - 2014-06-16 14:37 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-30 22:02 - 2014-06-16 14:37 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-30 21:45 - 2014-06-16 14:37 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-30 21:39 - 2014-06-16 14:37 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-30 21:39 - 2014-06-16 14:36 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-30 21:38 - 2014-06-16 14:37 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-30 21:28 - 2014-06-16 14:37 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-30 21:27 - 2014-06-16 14:37 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-30 21:24 - 2014-06-16 14:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-30 21:21 - 2014-06-16 14:37 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-30 21:21 - 2014-06-16 14:36 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-30 21:20 - 2014-06-16 14:36 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-30 21:18 - 2014-06-16 14:37 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-30 21:11 - 2014-06-16 14:36 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-30 21:08 - 2014-06-16 14:36 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-30 21:06 - 2014-06-16 14:37 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-30 21:02 - 2014-06-16 14:37 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-30 20:55 - 2014-06-16 14:37 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-30 20:49 - 2014-06-16 14:36 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-30 20:46 - 2014-06-16 14:36 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-30 20:44 - 2014-06-16 14:37 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-30 20:44 - 2014-06-16 14:37 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-30 20:43 - 2014-06-16 14:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-30 20:42 - 2014-06-16 14:37 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-30 20:38 - 2014-06-16 14:37 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-30 20:35 - 2014-06-16 14:37 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-30 20:34 - 2014-06-16 14:37 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-30 20:33 - 2014-06-16 14:37 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-30 20:30 - 2014-06-16 14:37 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-30 20:29 - 2014-06-16 14:37 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-30 20:28 - 2014-06-16 14:37 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-30 20:27 - 2014-06-16 14:37 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-30 20:24 - 2014-06-16 14:36 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-30 20:23 - 2014-06-16 14:37 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-30 20:16 - 2014-06-16 14:37 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-30 20:10 - 2014-06-16 14:37 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-30 20:06 - 2014-06-16 14:37 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-30 20:04 - 2014-06-16 14:37 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-30 20:02 - 2014-06-16 14:37 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-30 19:56 - 2014-06-16 14:37 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-30 19:56 - 2014-06-16 14:36 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-30 19:54 - 2014-06-16 14:37 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-30 19:50 - 2014-06-16 14:37 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-05-30 19:49 - 2014-06-16 14:37 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-30 19:43 - 2014-06-16 14:37 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-30 19:40 - 2014-06-16 14:37 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-30 19:30 - 2014-06-16 14:37 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-30 19:21 - 2014-06-16 14:37 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-30 19:15 - 2014-06-16 14:37 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-30 19:13 - 2014-06-16 14:37 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-05-30 19:13 - 2014-06-16 14:36 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
 
Files to move or delete:
====================
C:\Users\Mafi\HTH264VD.dll
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-06-20 17:42
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-06-2014 01
Ran by Mafi at 2014-06-21 23:29:06
Running from C:\Users\Mafi\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: ESET NOD32 Antivirus 7.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET NOD32 Antivirus 7.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
 
==================== Installed Programs ======================
 
64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden
Activation Assistant for the 2007 Microsoft Office suites (HKLM-x32\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (x32 Version: 1.0.1 - Microsoft Corporation) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.3.9120 - Adobe Systems Inc.) Hidden
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Community Help (x32 Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Media Player (x32 Version: 1.8 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS5 (HKLM-x32\...\{15FEDA5F-141C-4127-8D7E-B962D1742728}) (Version: 12.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.9.615 - Adobe Systems, Inc.)
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{F9F4430E-80DE-EC0F-BF8E-476352C8F954}) (Version: 3.0.765.0 - ATI Technologies, Inc.)
Battlefield Play4Free (HKLM-x32\...\{87686C21-8A15-4b4d-A3F1-11141D9BE094}) (Version:  - EA Digital illusions)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (x32 Version: 2010.0310.1824.32984 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (x32 Version: 2010.0310.1824.32984 - ATI) Hidden
Catalyst Control Center Graphics Full New (x32 Version: 2010.0310.1824.32984 - ATI) Hidden
Catalyst Control Center Graphics Light (x32 Version: 2010.0310.1824.32984 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2010.0310.1824.32984 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0310.1824.32984 - ATI) Hidden
Catalyst Control Center HydraVision Full (x32 Version: 2010.0310.1824.32984 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2009.0908.2225.38429 - ATI Technologies, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2010.0310.1824.32984 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2010.0310.1824.32984 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2010.0310.1823.32984 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2010.0310.1823.32984 - ATI) Hidden
CCC Help Czech (x32 Version: 2010.0310.1823.32984 - ATI) Hidden
CCC Help Danish (x32 Version: 2010.0310.1823.32984 - ATI) Hidden
CCC Help Dutch (x32 Version: 2010.0310.1823.32984 - ATI) Hidden
CCC Help English (x32 Version: 2010.0310.1823.32984 - ATI) Hidden
CCC Help Finnish (x32 Version: 2010.0310.1823.32984 - ATI) Hidden
CCC Help French (x32 Version: 2010.0310.1823.32984 - ATI) Hidden
CCC Help German (x32 Version: 2010.0310.1823.32984 - ATI) Hidden
CCC Help Greek (x32 Version: 2010.0310.1823.32984 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2010.0310.1823.32984 - ATI) Hidden
CCC Help Italian (x32 Version: 2010.0310.1823.32984 - ATI) Hidden
CCC Help Japanese (x32 Version: 2010.0310.1823.32984 - ATI) Hidden
CCC Help Korean (x32 Version: 2010.0310.1823.32984 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2010.0310.1823.32984 - ATI) Hidden
CCC Help Polish (x32 Version: 2010.0310.1823.32984 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2010.0310.1823.32984 - ATI) Hidden
CCC Help Russian (x32 Version: 2010.0310.1823.32984 - ATI) Hidden
CCC Help Spanish (x32 Version: 2010.0310.1823.32984 - ATI) Hidden
CCC Help Swedish (x32 Version: 2010.0310.1823.32984 - ATI) Hidden
CCC Help Thai (x32 Version: 2010.0310.1823.32984 - ATI) Hidden
CCC Help Turkish (x32 Version: 2010.0310.1823.32984 - ATI) Hidden
ccc-core-static (x32 Version: 2010.0310.1824.32984 - ATI) Hidden
ccc-utility64 (Version: 2010.0310.1824.32984 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
ClipGrab 3.4.4 (HKLM-x32\...\{8A1033B0-EF33-4FB5-97A1-C47A7DCDD7E6}_is1) (Version:  - Philipp Schmieder Medien)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.2115 - CyberLink Corp.)
CyberLink DVD Suite Deluxe (x32 Version: 7.0.2115 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{CA75CBF9-B078-47CB-ABA3-74EFD4FC9A43}) (Version:  - Microsoft)
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 3.1.3224 - Hewlett-Packard)
DVD Menu Pack for HP MediaSmart Video (x32 Version: 3.1.3224 - Hewlett-Packard) Hidden
DVDVideoSoftTB Toolbar (HKLM-x32\...\DVDVideoSoftTB Toolbar) (Version:  - )
EA SPORTS Game Face Browser Plugin 1.5.3.0 (HKCU\...\EA SPORTS Game Face Browser Plugin) (Version: 1.5.3.0 - Electronic Arts)
ESET NOD32 Antivirus (HKLM\...\{FBC0F617-1AA0-4483-8153-3FD97FE01D9E}) (Version: 7.0.317.4 - ESET, spol s r. o.)
Facebook Video Calling 2.0.0.447 (HKLM-x32\...\{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}) (Version: 2.0.447 - Skype Limited)
Free Audio CD Burner version 1.4 (HKLM-x32\...\Free Audio CD Burner_is1) (Version:  - DVDVideoSoft Limited.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Hardware Diagnostic Tools (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5247.34 - PC-Doctor, Inc.)
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.3.9512.3162 - Hewlett-Packard)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
HP MAINSTREAM KEYBOARD (HKLM-x32\...\{B40D7926-AE5F-41EA-8AC6-56C0E2F00E9D}) (Version: 1.4.3.0 - Hewlett-Packard)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 3.1.3317 - Hewlett-Packard)
HP MediaSmart DVD (x32 Version: 3.1.3317 - Hewlett-Packard) Hidden
HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 3.1.3601 - Hewlett-Packard)
HP MediaSmart Music/Photo/Video (x32 Version: 3.1.3601 - Hewlett-Packard) Hidden
HP MediaSmart SmartMenu (HKLM\...\{88E60521-1E4E-4785-B9F1-1798A4BD0C30}) (Version: 3.1.0.1 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Product Detection (HKLM-x32\...\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}) (Version: 10.7.9.0 - Hewlett-Packard Company)
HP Remote Solution (HKLM-x32\...\HP Remote Solution) (Version: 1.1.11.0 - Hewlett-Packard)
HP Remote Solution (x32 Version: 1.1.12.0 - Hewlett-Packard) Hidden
HP Setup (HKLM-x32\...\{17B4760F-334B-475D-829F-1A3E94A6A4E6}) (Version: 1.2.3560.3170 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard)
HP Update (HKLM-x32\...\{D46D081B-F60E-467E-A7C4-117B70D76731}) (Version: 5.001.000.014 - Hewlett-Packard)
HydraVision (x32 Version: 4.2.162.0 - ATI Technologies Inc.) Hidden
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
iTunes (HKLM\...\{997C9EC4-B53D-479D-81B7-0AEC8D174BA1}) (Version: 10.4.1.10 - Apple Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2017 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.2017 - CyberLink Corp.) Hidden
LeapFrog Connect (HKLM-x32\...\UPCShell) (Version: 4.2.9.15649 - LeapFrog)
LeapFrog Connect (x32 Version: 4.2.9.15649 - LeapFrog) Hidden
LeapFrog MyOwnLeaptop Plugin (x32 Version: 4.2.9.15649 - LeapFrog) Hidden
LightScribe System Software (HKLM-x32\...\{10CCF16B-F1C9-4B24-9570-B4CCEE42392D}) (Version: 1.18.9.1 - LightScribe)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Media Go (HKLM-x32\...\{2BF9702B-52EE-4841-83C4-B5E640B6C97A}) (Version: 2.2.223 - Sony)
Media Go Video Playback Engine 1.92.169.06150 (HKLM-x32\...\{A4F094CE-9B05-FB0C-DD73-A85DE5D8D283}) (Version: 1.92.169.06150 - Sony)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Search Enhancement Pack (x32 Version: 3.0.133.0 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
MobileMe Control Panel (HKLM\...\{56F26668-13DA-497A-883F-61434A10CBAB}) (Version: 3.1.5.0 - Apple Inc.)
Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 3.1.3310 - Hewlett-Packard)
Movie Theme Pack for HP MediaSmart Video (x32 Version: 3.1.3310 - Hewlett-Packard) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nokia Connectivity Cable Driver (HKLM\...\{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}) (Version: 6.84.0.0 - )
Opera Stable 22.0.1471.70 (HKLM-x32\...\Opera 22.0.1471.70) (Version: 22.0.1471.70 - Opera Software ASA)
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
PlayMemories Home (HKLM-x32\...\{10DD6128-A810-4A90-9523-475D573FBB37}) (Version: 6.3.02.07270 - Sony Corporation)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayStation®Network Downloader (HKLM-x32\...\{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}) (Version: 2.07.00849 - Sony Computer Entertainment Inc.)
PlayStation®Store (HKLM-x32\...\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}) (Version: 4.9.4.14625 - Sony Computer Entertainment Inc.)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3304 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.3304 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3503 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.3503 - CyberLink Corp.) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.990 - Even Balance, Inc.)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5938 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.2216 - CyberLink Corp.) Hidden
Registry Mechanic 10.0 (HKLM-x32\...\Registry Mechanic_is1) (Version: 10.0 - PC Tools)
Safari (HKLM-x32\...\{FA4C2D53-205F-4245-9717-F3761154824D}) (Version: 5.34.57.2 - Apple Inc.)
SearchCore for Browsers (HKLM-x32\...\SearchCore for Browsers) (Version: 3.0.0.115554 - SearchCore)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Sony Ericsson Update Engine (HKLM-x32\...\Update Engine) (Version: 2.13.5.201304180917 - Sony Ericsson Communications AB)
Sony PC Companion 2.10.206 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.206 - Sony)
Uninstall 1.0.0.1 (HKLM-x32\...\Uninstall_is1) (Version:  - )
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{5E8EB600-8B94-429E-873E-98369C6DC1BC}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
Use the entry named LeapFrog Connect to uninstall (LeapFrog MyOwnLeaptop Plugin) (HKLM-x32\...\LeaptopPlugin) (Version:  - LeapFrog)
Vodafone Mobile Broadband via the phone (HKLM-x32\...\{34A0FF07-F11A-4157-84A3-92F8AD688CBF}) (Version: 2.7.16 - Vodafone Ltd)
Vodafone Mobile Broadband via the phone (HKLM-x32\...\{3E0D0742-45BF-4438-8CE2-1AAADE878DBD}) (Version: 2.7.16 - Vodafone Ltd)
WD SmartWare (HKLM\...\{6F482C75-174D-42EB-A2CF-B00A1F354F7B}) (Version: 1.4.1.1 - Western Digital)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
Windows iLivid Toolbar (HKLM-x32\...\Searchqu 406 MediaBar) (Version: 3.0.0.115554 - Bandoo Media, Inc) <==== ATTENTION
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
 
==================== Restore Points  =========================
 
 
==================== Hosts content: ==========================
 
2009-07-14 14:34 - 2009-06-11 09:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {02AD814E-8A85-4815-BF55-04B5251B95B3} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {07B17B79-6AB9-46C9-A5D1-9D803FFA8085} - System32\Tasks\HPCeeScheduleForMafi => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {125B5C2E-2246-4AF8-A9F6-EDF2C6B369C8} - System32\Tasks\DVDAgent => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
Task: {1D6D31E5-231D-47DC-96C7-5AEBFFCC2B13} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2661574004-630529994-1827076542-1000Core => C:\Users\Mafi\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: {20B2F9A9-DA4A-445C-8EBD-71F2F1E13F71} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-04] (Adobe Systems Incorporated)
Task: {243C9EC6-6772-481F-A7E6-791CA2C60523} - System32\Tasks\PCDRScheduledMaintenance => C:\Program Files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18] (PC-Doctor, Inc.)
Task: {292E04E8-5491-4C52-B591-91856C6F1975} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {45479B7D-0A4F-4925-BB02-57DBF6FCA8BC} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2661574004-630529994-1827076542-1000UA => C:\Users\Mafi\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: {46AF7CD1-CFE4-4947-83BF-EC35E54D79E3} - System32\Tasks\RMSmartUpdate => C:\Program Files (x86)\Registry Mechanic\update.exe [2010-08-05] (PC Tools)
Task: {5D986A11-BE86-49B3-AEAD-CD9779A88F80} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-08-12] (Google Inc.)
Task: {6F7DEBBF-E6F7-4D08-B16C-41A9AC4A6CD5} - System32\Tasks\AdobeAAMUpdater-1.0-Mafi-PC-Mafi => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {7B508AB1-A91F-44E1-BF48-0F4DE71918D8} - System32\Tasks\Opera scheduled Autoupdate 1403318883 => C:\Program Files (x86)\Opera\launcher.exe [2014-06-16] (Opera Software)
Task: {82E64117-0D53-43BC-AB0E-D4BB58CD7A22} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-20] ()
Task: {83F1E7EE-787E-4D63-8668-B355A11F42C6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-21] (Piriform Ltd)
Task: {884BAD61-7D7C-43EB-8899-5995CC345B5D} - System32\Tasks\HPOSIAPP64 => C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe [2009-02-27] ()
Task: {8D3B2CC8-CF7F-499F-9099-B983F12F7F0E} - System32\Tasks\CLMLSvc => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [2009-12-01] (CyberLink)
Task: {954BBE6B-31D4-46E2-A390-6FFA886915B4} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {9989BD1F-C306-4EB4-8F0B-1D936CF5712B} - System32\Tasks\RMSchedule => C:\Program Files (x86)\Registry Mechanic\RegMech.exe [2010-08-05] (PC Tools)
Task: {A29059DC-F068-442C-9ACD-717E6CC57BA2} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2661574004-630529994-1827076542-1000
Task: {ACEC8F36-55DE-4A35-ADDD-4E485D3AD987} - System32\Tasks\ExtendedServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-20] ()
Task: {C420FDA3-9940-4BF1-BA5D-481417111770} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {CA303B83-E311-40D0-9E0D-3A86B834DADF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {DA208141-5E59-4FED-8B13-3F3795333EF1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-08-12] (Google Inc.)
Task: {E893E62A-CCA1-40ED-95CB-131EE967B496} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2014-06-10] (Microsoft)
Task: {FC768D5E-5485-4E2D-B73C-18C4418E103A} - System32\Tasks\ServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-20] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2661574004-630529994-1827076542-1000Core.job => C:\Users\Mafi\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2661574004-630529994-1827076542-1000UA.job => C:\Users\Mafi\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForMafi.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\PCDRScheduledMaintenance.job => C:\Program Files\PC-Doctor for Windows\pcdrcui.exe
Task: C:\Windows\Tasks\RMSchedule.job => C:\Program Files (x86)\Registry Mechanic\RegMech.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-12-26 18:36 - 2013-12-26 18:43 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2010-01-21 21:20 - 2009-02-27 20:13 - 00053248 _____ () C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
2014-06-21 14:48 - 2014-06-16 20:24 - 01396344 _____ () C:\Program Files (x86)\Opera\22.0.1471.70\opera_crashreporter.exe
2009-12-01 20:49 - 2009-12-01 20:49 - 00931112 ____N () c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
2014-06-21 14:48 - 2014-06-16 20:25 - 00877688 _____ () C:\Program Files (x86)\Opera\22.0.1471.70\libglesv2.dll
2014-06-21 14:48 - 2014-06-16 20:25 - 00135800 _____ () C:\Program Files (x86)\Opera\22.0.1471.70\libegl.dll
2014-06-21 14:48 - 2014-06-16 20:25 - 00957048 _____ () C:\Program Files (x86)\Opera\22.0.1471.70\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\ProgramData\Temp:D1B5B4F1
AlternateDataStreams: C:\Users\Mafi\Downloads\No Subject.eml:OECustomProperty
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ESETOlmarikOlmascoCleaner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ESETOlmarikOlmascoCleaner.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ESETOlmarikOlmascoCleaner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ESETOlmarikOlmascoCleaner.sys => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: HP Support Assistant Service => 2
MSCONFIG\Services: hpqwmiex => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: LeapFrog Connect Device Service => 2
MSCONFIG\Services: LightScribeService => 2
MSCONFIG\Services: McComponentHostService => 3
MSCONFIG\Services: PCToolsSSDMonitorSvc => 2
MSCONFIG\Services: PMBDeviceInfoProvider => 2
MSCONFIG\Services: Sony PC Companion => 3
MSCONFIG\Services: SwitchBoard => 3
MSCONFIG\Services: VodafoneConnectorService => 2
MSCONFIG\Services: WDDMService => 2
MSCONFIG\Services: WDFME => 2
MSCONFIG\Services: WDSC => 2
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/21/2014 09:10:36 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (06/21/2014 09:10:34 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (06/21/2014 09:10:34 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (06/21/2014 09:10:34 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (06/21/2014 09:10:34 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (06/21/2014 08:52:34 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -Embedding; Description = Configured Microsoft Office Home and Student 2010; Error = 0x8007043c).
 
Error: (06/21/2014 08:52:26 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -Embedding; Description = Configured Microsoft Office Home and Student 2010; Error = 0x8007043c).
 
Error: (06/21/2014 08:52:22 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -Embedding; Description = Configured Microsoft Office Home and Student 2010; Error = 0x8007043c).
 
Error: (06/21/2014 08:51:47 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -Embedding; Description = Configured Microsoft Office Home and Student 2010; Error = 0x8007043c).
 
Error: (06/21/2014 07:44:59 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
 
System errors:
=============
Error: (06/21/2014 09:02:24 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (06/21/2014 09:02:24 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (06/21/2014 09:02:24 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (06/21/2014 09:01:02 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (06/21/2014 09:01:02 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (06/21/2014 09:01:02 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (06/21/2014 09:00:22 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (06/21/2014 09:00:22 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (06/21/2014 09:00:22 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (06/21/2014 08:56:20 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
 
Microsoft Office Sessions:
=========================
Error: (06/21/2014 09:10:36 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Mafi\Downloads\esetsmartinstaller_enu.exe
 
Error: (06/21/2014 09:10:34 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Mafi\Downloads\esetsmartinstaller_enu (3).exe
 
Error: (06/21/2014 09:10:34 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Mafi\Downloads\esetsmartinstaller_enu (2).exe
 
Error: (06/21/2014 09:10:34 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Mafi\Downloads\esetsmartinstaller_enu (4).exe
 
Error: (06/21/2014 09:10:34 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Mafi\Downloads\esetsmartinstaller_enu (1).exe
 
Error: (06/21/2014 08:52:34 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -EmbeddingConfigured Microsoft Office Home and Student 20100x8007043c
 
Error: (06/21/2014 08:52:26 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -EmbeddingConfigured Microsoft Office Home and Student 20100x8007043c
 
Error: (06/21/2014 08:52:22 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -EmbeddingConfigured Microsoft Office Home and Student 20100x8007043c
 
Error: (06/21/2014 08:51:47 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -EmbeddingConfigured Microsoft Office Home and Student 20100x8007043c
 
Error: (06/21/2014 07:44:59 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Mafi\Downloads\esetsmartinstaller_enu (1).exe
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 54%
Total physical RAM: 3959.08 MB
Available physical RAM: 1815.57 MB
Total Pagefile: 7916.34 MB
Available Pagefile: 6117.25 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: (HP) (Fixed) (Total:454.68 GB) (Free:398.16 GB) NTFS
Drive d: (FACTORY_IMAGE) (Fixed) (Total:10.99 GB) (Free:1.59 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=455 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
 
# AdwCleaner v3.212 - Report created 21/06/2014 at 23:36:01
# Updated 05/06/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Mafi - MAFI-PC
# Running from : C:\Users\Mafi\Downloads\adwcleaner_3.212.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Program Files (x86)\DVDVideoSoftTB
Folder Found : C:\Program Files (x86)\DVDVideoSoftTB
Folder Found : C:\Program Files (x86)\iMesh Applications
Folder Found : C:\Program Files (x86)\registry mechanic
Folder Found : C:\Program Files (x86)\SearchCore for Browsers
Folder Found : C:\Program Files (x86)\Windows iLivid Toolbar
Folder Found : C:\ProgramData\~0
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\registry mechanic
Folder Found : C:\ProgramData\Premium
Folder Found : C:\Users\Mafi\AppData\Local\iMesh
Folder Found : C:\Users\Mafi\AppData\Local\PackageAware
Folder Found : C:\Users\Mafi\AppData\LocalLow\Conduit
Folder Found : C:\Users\Mafi\AppData\LocalLow\DVDVideoSoftTB
Folder Found : C:\Users\Mafi\AppData\LocalLow\DVDVideoSoftTB
Folder Found : C:\Users\Mafi\AppData\LocalLow\imeshbandmltbpi
Folder Found : C:\Users\Mafi\AppData\LocalLow\mediabarim
Folder Found : C:\Users\Mafi\AppData\LocalLow\PriceGong
Folder Found : C:\Users\Mafi\AppData\LocalLow\searchquband
Folder Found : C:\Users\Mafi\AppData\LocalLow\Searchqutoolbar
Folder Found : C:\Users\Mafi\AppData\Roaming\dvdvideosoftiehelpers
Folder Found : C:\Users\Mafi\AppData\Roaming\registry mechanic
Folder Found : C:\Users\Mafi\AppData\Roaming\Uniblue
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Data Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\datamngr.dll
Data Found : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\IEBHO.dll
Key Found : HKCU\Software\AppDataLow\Software\bearsharemediabartb
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\DVDVideoSoftTB
Key Found : HKCU\Software\AppDataLow\Software\DVDVideoSoftTB
Key Found : HKCU\Software\AppDataLow\Software\mediabarim
Key Found : HKCU\Software\AppDataLow\Software\searchqutoolbar
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\Imesh
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : [x64] HKCU\Software\Imesh
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : [x64] HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\Software\bearsharemediabartb
Key Found : HKLM\SOFTWARE\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\BabylonHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\DVDVideoSoftTB
Key Found : HKLM\Software\DVDVideoSoftTB
Key Found : HKLM\Software\iMeshMediabarTb
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BabylonTC_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BabylonTC_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iMesh_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iMesh_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0974BA1E-64EC-11DE-B2A5-E43756D89593}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{ACF2FB18-A064-4689-8597-0E949C2545D3}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DVDVideoSoftTB Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchCore for Browsers
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu 406 MediaBar
Key Found : HKLM\Software\SearchCore for Browsers
Key Found : HKLM\Software\SearchquMediabarTb
Key Found : HKLM\Software\Uniblue
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{0BF91075-F457-4A8B-99EF-140B52D2F22A}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{37425600-CB21-49A0-8659-476FBAB0F8E8}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{431FB0E5-2CBB-4602-9FE6-F1D64488ADD7}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{5C9A230D-70A5-11D5-AFB0-0050DAC67890}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{5F339F0B-716F-408F-A627-DEEB5DEB4020}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{8911483C-C00A-4183-9FBC-6C9C00946C15}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{95734BDE-B702-45B9-86E5-27676729F904}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{B7EA2226-F876-4BE4-B478-76EBAE2A668A}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C3F058A9-407D-4CD1-8F66-B75605B54B69}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D0482C8E-BAEA-4943-911A-B661060F56A7}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [RegistryBooster]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{0974BA1E-64EC-11DE-B2A5-E43756D89593}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17126
 
 
-\\ Google Chrome v35.0.1916.153
 
[ File : C:\Users\Mafi\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Found [Search Provider] : hxxp://www.searchqu.com/web?src=crb&appid=113&systemid=406&sr=0&q={searchTerms}
Found [Search Provider] : hxxp://search.tb.ask.com/search/GGmain.jhtml?searchfor={searchTerms}&st=kwd&ptb=AA99DB39-A0E8-4748-95DA-36FA509B4E70&n=780bd92c&ind=2014042412&p2=^AFD^xdm005^YYA^nz&si=CODrkpny970CFcFhpQodHDAAWw
Found [Search Provider] : hxxp://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=103689&mntrId=b00b825200000000000000164132747c
Found [Search Provider] : hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZCxdm996YYNZ&ptnrS=ZCxdm996YYNZ&si=CIi_5Y-e56oCFRA5gwod7X_j6Q&ptb=t2wOHo1C0tFXyaGxjWf0sQ&ind=2011082403&n=77deaea3&psa=&st=sb&searchfor={searchTerms}
Found [Extension] : cknghehebaconkajgiobncfleofebcog
Found [Extension] : dhkplhfnhceodhffomolpfigojocbpcb
Found [Extension] : ndibdjnfmopecpmkdieinmbadjfpblof
 
*************************
 
AdwCleaner[R0].txt - [11091 octets] - [21/06/2014 23:36:01]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [11152 octets] ##########
 

Attached Files


Edited by TechNoHelpYes, 21 June 2014 - 06:39 AM.


#5 TechNoHelpYes

TechNoHelpYes
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:15 AM

Posted 21 June 2014 - 06:38 AM

my mums no good at this, so I have to do it... :warrior:

 

 

ahhhhh nuts!!! I get white screen after login, I still have to press ctrl+alt+del


Edited by TechNoHelpYes, 21 June 2014 - 04:20 PM.


#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,271 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:15 PM

Posted 21 June 2014 - 10:40 AM

Run the AdwCleaner tool again. This time select the Clean button.

Keep me posted.

#7 TechNoHelpYes

TechNoHelpYes
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:15 AM

Posted 21 June 2014 - 03:58 PM

k doing it now

 

I did the scan, it found nothing, but I cleaned it anyway, then it had to reboot, but I still have to press ctrl+alt+del to get desktop by tying explorer in "run"

 

Oh we know its a virus cause mom rang microsoft she thought it was a op issue, but they did all kinds of things and went to start up menu to see what programs was running and they saw 3 viruses that they showed he and she deleted but theres more somewhere.

 

Ive done chkdsk,no errors there.

 

I just did this...http://www.microsoft.com/security/scanner/en-us/default.aspx

found nothing. Issue happens when I boot.

 

# AdwCleaner v3.212 - Report created 22/06/2014 at 09:00:49
# Updated 05/06/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Mafi - MAFI-PC
# Running from : C:\Users\Mafi\Downloads\adwcleaner_3.212.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17126
 
 
-\\ Google Chrome v35.0.1916.153
 
[ File : C:\Users\Mafi\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [11325 octets] - [21/06/2014 23:36:01]
AdwCleaner[R1].txt - [887 octets] - [21/06/2014 23:44:51]
AdwCleaner[R2].txt - [946 octets] - [22/06/2014 08:59:01]
AdwCleaner[S0].txt - [10275 octets] - [21/06/2014 23:40:14]
AdwCleaner[S1].txt - [868 octets] - [22/06/2014 09:00:49]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [927 octets] ##########
 
 
So the problem is happening when I boot. I already did a clean boot. Only loads MS only programs.
Do you need a screen shot of all startup programs or....???

Edited by TechNoHelpYes, 22 June 2014 - 12:42 AM.


#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,271 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:15 PM

Posted 22 June 2014 - 06:55 AM

Look at my instructions on post no. 3.

Run the RogueKiller tool and Delete all of these items.
 

[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND
[Hj.RegVal] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SafeBoot | AlternateShell : 884054312640l.exe -> FOUND
[Hj.RegVal] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Control\SafeBoot | AlternateShell : 884054312640l.exe -> FOUND
[Hj.RegVal] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Control\SafeBoot | AlternateShell : 884054312640l.exe -> FOUND
[Hj.RegVal] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Control\SafeBoot | AlternateShell : 884054312640l.exe -> FOUND


Restart the computer normally when done.

Keep me posted.

#9 TechNoHelpYes

TechNoHelpYes
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:15 AM

Posted 22 June 2014 - 03:48 PM

O.K, it found all this and I am now deleting and restarting computer

 

RogueKiller V9.0.3.0 (x64) [Jun 17 2014] by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Mafi [Admin rights]
Mode : Scan -- Date : 06/23/2014  08:52:34
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 4 ¤¤¤
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ HOSTS File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Hitachi HDT721050SLA360 +++++
--- User ---
[MBR] 1d26da3989c3d7af49985348ec9c4c42
[BSP] 2552a5e72f9d5798f4d5efc56a0f9f9c : Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 465588 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 953731072 | Size: 11250 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: Multi Flash Reader USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
 
============================================
RKreport_DEL_06212014_232320.log - RKreport_SCN_06212014_231914.log

Edited by TechNoHelpYes, 22 June 2014 - 03:56 PM.


#10 TechNoHelpYes

TechNoHelpYes
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:15 AM

Posted 22 June 2014 - 04:12 PM

Here's the result of deletion. I restarted the computer and still got the white screen.

 

 

RogueKiller V9.0.3.0 (x64) [Jun 17 2014] by Adlice Software

 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Mafi [Admin rights]
Mode : Scan -- Date : 06/23/2014  09:10:13
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 0 ¤¤¤
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ HOSTS File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Hitachi HDT721050SLA360 +++++
--- User ---
[MBR] 1d26da3989c3d7af49985348ec9c4c42
[BSP] 2552a5e72f9d5798f4d5efc56a0f9f9c : Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 465588 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 953731072 | Size: 11250 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: Multi Flash Reader USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
 
============================================
RKreport_DEL_06212014_232320.log - RKreport_DEL_06232014_090205.log - RKreport_SCN_06212014_231914.log - RKreport_SCN_06232014_085234.log


#11 TechNoHelpYes

TechNoHelpYes
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:15 AM

Posted 22 June 2014 - 04:21 PM

Rogue killer didn't find these, I assume this was already deleted during another scan.

 

[Hj.RegVal] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SafeBoot | AlternateShell : 884054312640l.exe -> FOUND
[Hj.RegVal] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Control\SafeBoot | AlternateShell : 884054312640l.exe -> FOUND
[Hj.RegVal] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Control\SafeBoot | AlternateShell : 884054312640l.exe -> FOUND
[Hj.RegVal] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Control\SafeBoot | AlternateShell : 884054312640l.exe -> FOUND

 

But I did follow the line into registry and found this  

http://www.symantec.com/security_response/earthlink_writeup.jsp?docid=2012-052303-2240-99

 

 HKEY_LOCAL_MACHINE\System\ControlSet001\Control\SafeBoot | AlternateShell :REG_SZ/cmd.exe


Edited by TechNoHelpYes, 22 June 2014 - 04:26 PM.


#12 TechNoHelpYes

TechNoHelpYes
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:15 AM

Posted 22 June 2014 - 10:36 PM

eset found this just now and has been deleted. going to restart computer 

 

 C:\Users\Mafi\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000021 » GZIP » f_000021 - PHP/Agent.DD trojan - deleted - quarantined

 

sigh, still white screen after login


Edited by TechNoHelpYes, 23 June 2014 - 05:59 AM.


#13 nasdaq

nasdaq

  • Malware Response Team
  • 38,271 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:15 PM

Posted 23 June 2014 - 08:05 AM

Run the SFC.EXE tool.

How to use the System File Checker tool to troubleshoot missing or corrupted system files on Windows Vista or on Windows 7
http://support.microsoft.com/kb/929833

#14 TechNoHelpYes

TechNoHelpYes
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:15 AM

Posted 23 June 2014 - 01:18 PM

Run the SFC.EXE tool.

How to use the System File Checker tool to troubleshoot missing or corrupted system files on Windows Vista or on Windows 7
http://support.microsoft.com/kb/929833

I did that yesterday and it found nothing, ButI will run it again.

 

ok

 

Windows Resource Protection did not find any integrity violations.

 

Just watching this http://channel9.msdn.com/Events/TechEd/NorthAmerica/2012/SIA302


Edited by TechNoHelpYes, 23 June 2014 - 08:43 PM.


#15 nasdaq

nasdaq

  • Malware Response Team
  • 38,271 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:15 PM

Posted 24 June 2014 - 07:25 AM

Perform a Clean Startup to identify the culprit.

Follow the instructions on this page.
http://www.sevenforums.com/tutorials/179159-troubleshoot-application-conflicts-performing-clean-startup.html

p.s.

Run also the tools suggested by Microsoft on this page.

http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Worm:Win32/Lightmoon.H

Edited by nasdaq, 24 June 2014 - 07:28 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users