Jump to content

unluckychick

Honorary Members
  • Posts

    44
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Things are looking quite normal! I noticed that the folder is listed in quarantine in Malwarebytes, but it also appears on the list of things to skip during a check, is that normal?
  2. Hi Borislav, here is the log as requested: All processes killed========== OTL ==========HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!HKEY_USERS\S-1-5-21-1389066822-2107305290-2761972221-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!C:\Users\Mari\AppData\Roaming\uTorrent\updates folder moved successfully.C:\Users\Mari\AppData\Roaming\uTorrent\share folder moved successfully.C:\Users\Mari\AppData\Roaming\uTorrent\dlimagecache folder moved successfully.C:\Users\Mari\AppData\Roaming\uTorrent\apps folder moved successfully.C:\Users\Mari\AppData\Roaming\uTorrent folder moved successfully.========== FILES ==========< ipconfig /flushdns /c >Windows IP ConfigurationSuccessfully flushed the DNS Resolver Cache.C:\Users\Mari\Desktop\cmd.bat deleted successfully.C:\Users\Mari\Desktop\cmd.txt deleted successfully.========== REGISTRY ==========Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9368CFA9-A129-499C-A374-7F46F285A53A} deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9368CFA9-A129-499C-A374-7F46F285A53A}\ not found.Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A4911551-8AD6-4D2B-8548-2D8D7412B119} deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A4911551-8AD6-4D2B-8548-2D8D7412B119}\ not found.========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytes->Flash cache emptied: 57472 bytes User: Default User->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytes->Flash cache emptied: 0 bytes User: Default.migrated User: EasySurvey User: Mari->Temp folder emptied: 1090662 bytes->Temporary Internet Files folder emptied: 122875703 bytes->FireFox cache emptied: 29154265 bytes->Google Chrome cache emptied: 364708479 bytes->Flash cache emptied: 57851 bytes User: Public %systemdrive% .tmp files removed: 0 bytes%systemroot% .tmp files removed: 0 bytes%systemroot%\System32 .tmp files removed: 0 bytes%systemroot%\System32 (64bit) .tmp files removed: 0 bytes%systemroot%\System32\drivers .tmp files removed: 0 bytesWindows Temp folder emptied: 16312902 bytes%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytesRecycleBin emptied: 0 bytes Total Files Cleaned = 510,00 mb HOSTS file reset successfully OTL by OldTimer - Version 3.2.69.0 log created on 02192014_144358 Files\Folders moved on Reboot...C:\Users\Mari\AppData\Local\Microsoft\Windows\INetCache\counters.dat moved successfully.File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.C:\WINDOWS\temp\FireFly(201402191436186FC).log moved successfully.C:\WINDOWS\temp\integratedoffice.exe_c2ruidll(201402191436186FC).log moved successfully.C:\WINDOWS\temp\integratedoffice.exe_streamserver(201402191436186FC).log moved successfully.File move failed. C:\WINDOWS\temp\ood_stream.x86.fi-fi.dat scheduled to be moved on reboot.File move failed. C:\WINDOWS\temp\ood_stream.x86.x-none.dat scheduled to be moved on reboot. PendingFileRenameOperations files... Registry entries deleted on Reboot...
  3. Ok I don't know if this is related to my issue but I thought I should mention it. I was trying to download a video and used multiple sources/websites/downloaders, but every time my download was just about ready, it stalled and Chrome gave me a 'Network error'. I'm quite sure the download weren't infected as they were videos from friends from our holiday trip.
  4. Ok this is a bit strange. I did another check with Malwarebytes as I got home and it no longer detects the folder and files: Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.org Tietokantaversio: v2014.02.18.03 Windows 8 x64 NTFSInternet Explorer 11.0.9600.16476Mari :: SAMSUNG [järjestelmänvalvoja] 18.2.2014 14:39:49mbam-log-2014-02-18 (14-39-49).txt Tarkistustyyppi: PikatarkistusTarkistussuodattimia valittu: Muisti | Käynnistys | Rekisteri | Tietojärjestelmä | Heuristinen/Ylimäärinen | Heuristinen/Shuriken | Mahdollisesti haitallinen ohjelma | Mahdollisesti haitallinen muutosKäytöstä poistetut tarkistusvalinnat: Vertaisverkko (Peer-to-Peer)Tarkistettuja kohteita: 217948Kulunut aika: 9 minuutti(a), 15 sekunti(a) Epäilyttäviä muistiprosesseja: 0(Ei haitallisia kohteita) Epäilyttäviä muistimoduuleja: 0(Ei haitallisia kohteita) Epäilyttäviä rekisteriavaimia: 0(Ei haitallisia kohteita) Epäilyttäviä rekisteriarvoja: 0(Ei haitallisia kohteita) Epäilyttäviä rekisterikohteita: 0(Ei haitallisia kohteita) Epäilyttäviä kansioita: 0(Ei haitallisia kohteita) Epäilyttäviä tiedostoja: 0(Ei haitallisia kohteita) (loppu) I did update my detections before the check, and I can see that the folder seems to be in the quarantine in Malwarebytes.
  5. And here the extras: OTL Extras logfile created on: 18.2.2014 11:19:53 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mari\Desktop 64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.16476) Locale: 0000040B | Country: Suomi | Language: FIN | Date Format: d.M.yyyy 3,87 Gb Total Physical Memory | 2,79 Gb Available Physical Memory | 72,14% Memory free 4,56 Gb Paging File | 3,45 Gb Available in Paging File | 75,75% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86) Drive C: | 441,38 Gb Total Space | 339,80 Gb Free Space | 76,98% Space Free | Partition Type: NTFS Drive D: | 76,15 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: SAMSUNG | User Name: Mari | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\WINDOWS\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\WINDOWS\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) htmlfile [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation) Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation) Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = AC 1C AE C5 46 9F CE 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade] "UpgradeTime" = [binary data] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade] "UpgradeTime" = Reg Error: Unknown registry data type -- File not found ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{2810BB2C-C4A2-43F7-907C-40A184C790D1}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\outlook.exe | "{6DE054F0-F02D-4E27-A465-4749C2EF1216}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{7EA60BC6-FD7F-4AC9-A987-6DCD0E87B199}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0340E9F5-4F4C-40A6-9B5A-A86EB97DD595}" = dir=out | name=music hub | "{1A8B01C7-13B6-4A63-93B4-722450C6A653}" = dir=out | name=windows_ie_ac_001 | "{24E5BF00-3ED7-41FF-AC63-D955B4FB94F8}" = dir=in | app=c:\users\mari\appdata\local\microsoft\skydrive\skydrive.exe | "{26EC9563-2CB0-47D8-929A-80B926B82E00}" = dir=out | name=f5 vpn | "{2AB10267-B4B9-49BA-8F6F-FB3742EE3CCA}" = dir=out | name=check point vpn | "{2F53D59D-A13C-4F58-824B-541FF453BCCF}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd cinema\powerdvdcinema10.exe | "{4282FE99-8560-4BC7-9576-5F3ED84E263F}" = dir=in | name=checkpoint.vpn | "{47003751-60BD-4C95-90AA-07D279138F8B}" = dir=in | name=skype | "{52433229-24BB-47BE-8A78-D23E200E45FD}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{5488337A-07E3-4800-92BD-F55DCE00D00F}" = dir=out | name=s player | "{560448D6-095C-4907-B046-AC7F710701A7}" = dir=in | name=sonicwall.mobileconnect | "{56B31924-4ABE-4415-A58E-0EE99E47457D}" = dir=out | name=bitcasa for samsung | "{5D702AA7-516C-437A-8E61-9FC4B0DC5C4D}" = dir=out | name=skype | "{5F4632C0-D5B1-40C3-B0D9-E3A759C81B9E}" = dir=out | name=sonicwall.mobileconnect | "{7583069E-7B49-4FE8-A000-32901DCBA5ED}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{7D497A36-FBA1-4AAA-8132-8E673B980E28}" = dir=in | name=juniper networks junos pulse | "{7FABC255-CE29-4B51-BFDC-98597646BAF9}" = dir=in | name=sonicwall mobile connect | "{8309DB7A-6DF6-4B4E-806A-783207A48D7C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{9368CFA9-A129-499C-A374-7F46F285A53A}" = protocol=6 | dir=in | app=c:\users\mari\appdata\roaming\utorrent\utorrent.exe | "{A4911551-8AD6-4D2B-8548-2D8D7412B119}" = protocol=17 | dir=in | app=c:\users\mari\appdata\roaming\utorrent\utorrent.exe | "{A6364B7F-6AC1-4B74-BDE2-1EF69562F32A}" = dir=out | name=evernote touch | "{A801E461-8C93-4C4B-ACA5-8C4C812C81F2}" = dir=out | name=chaton | "{A87DB2D9-AC30-424F-A110-D0F971F4AC9C}" = dir=out | name=s camera | "{A8C83947-DFC1-4E4E-8DBC-014A650A332D}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe | "{AB690F7C-E417-4522-8EE8-3752D59DCF70}" = dir=in | name=check point vpn | "{AE693C45-6A89-49A9-AC11-613A38B2836B}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{B25932B9-E18E-45D6-9940-9CAE82FC3341}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{B50E3ECD-5B30-4FAB-B4F2-840CD3436B9F}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{B669D4AD-B4FC-4ED3-8310-98AAA698D2CE}" = dir=out | name=sonicwall mobile connect | "{BA1EE4F5-5B29-4E97-A18D-4D16D8182BE1}" = dir=out | name=windows_ie_ac_001 | "{C5D446C2-4C31-4482-AFBE-10795438690B}" = dir=in | name=f5 vpn | "{C6920E45-40EF-43E6-B438-8CC4C18FFDC5}" = dir=in | name=bitcasa for samsung | "{C6F6DBCC-D6B6-48F7-9DE9-E20CF89A44A1}" = dir=out | name=juniper networks junos pulse | "{D6980480-941A-4DF6-AB81-3734ECD3D779}" = dir=out | name=junipernetworks.junospulsevpn | "{DB59588E-ED90-4C47-A7B5-7929DD0C0BD2}" = dir=out | name=checkpoint.vpn | "{EA5A7085-7AF7-4A3F-BE9B-912A3892A552}" = dir=out | name=s gallery | "{EC799E33-72BA-42D7-9127-DEFE68F9799D}" = dir=in | name=junipernetworks.junospulsevpn | "{EC83CE91-9D59-4236-8EA6-C0F3DC1FC09A}" = dir=out | name=windows_ie_ac_001 | "{F29E7D89-6E4E-4A65-9944-1C280B1D06E3}" = dir=in | name=evernote touch | "{F64300AD-D559-4000-BD45-0997BCC8E70A}" = dir=out | name=f5.vpn.client | "{F73C13F5-C132-4549-B737-04D894E5A7E4}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{F77E5446-4378-4E99-8B7A-7061AAAEA193}" = dir=in | name=f5.vpn.client | "TCP Query User{D8337C8B-750E-4956-9BF8-9DAE17C2435F}C:\program files (x86)\symantec\norton online backup\nobuclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\norton online backup\nobuclient.exe | "UDP Query User{2BB47235-A184-46F0-8B61-4B4FD5B6772F}C:\program files (x86)\symantec\norton online backup\nobuclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\norton online backup\nobuclient.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0D924CB2-2EA4-4044-BAF7-770202D6BD0D}" = iTunes "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64 "{409CB30E-E457-4008-9B1A-ED1B9EA21140}" = Intel® Rapid Storage Technology "{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64 "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{843A1BDC-0879-4E5B-83E1-B81CC0CF3580}" = Support Center "{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90150000-008F-0000-1000-0000000FF1CE}" = Office 15 Click-to-Run Licensing Component "{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64 "{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64 "{93F692D4-0C4D-4EED-9BFE-657C1D5959FE}" = Intel® Rapid Storage Technology "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64 "{A84A4FB1-D703-48DB-89E0-68B6499D2801}" = Qualcomm Atheros Bluetooth Suite (64) "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{AEC9D273-E162-4614-83F1-722B8C74B185}" = Help Desk "{B5E06417-A4AC-4225-B36E-7E34C91616E7}" = Intel® Trusted Connect Service Client "{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64 "{CFEA455B-E368-45B2-A01E-1C3A6C0F06B6}" = S Agent "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{EDA09459-AD7D-4434-BA0C-647F6703EA12}_is1" = Bitcasa version 0.9.20.4135 "{F842F8B0-6942-4930-821F-543E976B2C66}" = MSVCRT110_amd64 "{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}" = Apple Mobile Device Support "CCleaner" = CCleaner "Elantech" = ETDWare X64 11.7.17.3_WHQL "O365HomePremRetail - fi-fi" = Microsoft Office 365 Home Premium - fi-fi [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0170C9A2-4FBB-47B3-B3FE-76170531EF1B}" = Movie Maker "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help "{0EC7F9CC-4741-45AE-9F55-6E9343F726F5}" = Intel® Manageability Engine Firmware Recovery Agent "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86 "{0F4E2825-F515-40B1-B3E6-F6C973C69E87}" = Photo Gallery "{1057511B-F8FE-4230-9ED3-AB949A57EE4A}" = Windows Live PIMT Platform "{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Recovery "{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5 "{1789AE05-5298-492C-9A4D-CDD3A98AE6A1}" = Photo Common "{1DC65309-3556-4D72-BC22-0FDD529BE2EB}" = Windows Live Essentials "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{20068443-0047-49D6-B25E-3322A56D7E2B}" = Windows Live UX Platform Language Pack "{20FCB655-FF69-4BFF-9300-68C0386A51A6}" = Windows Live UX Platform Language Pack "{233B918E-99FD-4643-BEDD-A9855A56FC3A}" = Windows Live UX Platform Language Pack "{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Qualcomm Atheros Client Installation Program "{29315CEC-E6CE-4394-84DC-6F862E8D9A52}" = Windows Live UX Platform "{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8 "{35BD47F4-C19B-474F-AACC-E8C0BE38148A}" = Photo Common "{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup "{41FEC76C-9F4C-4A9A-B872-C605A4E04BBF}" = Photo Common "{4C0D8B3E-63F0-4773-83F5-C5B7795B0FB8}" = Photo Gallery "{4DAB6CA2-71C2-4B28-A4D4-5F6E62E44D93}" = Photo Common "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.10 "{4F9A382F-4478-4036-905C-F77DF2EA0370}" = Windows Live SOXE "{4FA8F084-C42F-45E1-B7E5-E0C8A1083DC5}" = Windows Live SOXE Definitions "{52FE9150-B4B1-42BE-8F05-7D559757E450}" = Movie Maker "{5932CF7B-00D6-4B31-A849-554C3C68E0EB}" = Windows Live Essentials "{59687468-8CE9-4ABF-9C6A-5C31F0E09F8B}" = SideSync "{5F86FE78-D294-448C-9993-B9AFB62BE456}" = Movie Maker "{61889FC7-9738-439A-96B3-17AF981BDDEF}" = Movie Maker "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{64DF7404-9D46-44AF-AFA1-A2F8D5648C2D}" = Windows Live Photo Common "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "{76EE8FE7-1957-4C51-9074-4930A8CFB1AF}" = Windows Live Installer "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{81019508-84DC-476E-8C49-BD77A61217D9}" = Fotogalleri "{82EC241F-DFCA-4166-A8C3-EA5D2B9A41C4}" = HomeSync Lite "{86F56921-A690-4FD8-87B6-7BEAC39D2500}" = Photo Common "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{8BE01561-9570-47E3-8B7F-D6A80005B970}" = Windows Live Essentials "{8CB5C357-12E5-41B1-A024-D57D4E6F32D9}" = Settings "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110 "{90150000-008C-0000-0000-0000000FF1CE}" = Office 15 Click-to-Run Extensibility Component "{90150000-008C-040B-0000-0000000FF1CE}" = Office 15 Click-to-Run Localization Component "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{976BD361-BD7C-49D5-8423-3E98DD480E1F}" = Windows Liven peruspaketti "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9B2E55F8-5BA8-4A45-9682-ACB6F2CC0DA5}" = Photo Gallery "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A6C17C20-4464-4A2A-968D-684C083B9424}" = User Guide "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5 "{A7C37D4B-F37A-42E8-9B6A-B28C18AD4C12}" = Easy File Share "{A922C4B7-50E0-4787-A94C-59DBF3C65DBE}" = Applen ohjelmatuki "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AA04DFE7-C921-43AD-9A70-595DE6C5A881}" = Valokuvavalikoima "{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.8) MUI "{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime "{B92C2C6C-F70E-497B-88A7-1FEF9888272B}" = Adobe AIR "{BA73469B-D8C7-4FE3-B33C-1340D09F0709}" = Windows Live Communications Platform "{BECFE8E0-4171-4562-8ED4-CBC4594204C9}" = Windows Live UX Platform Language Pack "{BF1EE0CD-2697-49F1-842E-5A0D427331BB}" = Mobiililaajakaista-ohjelma "{CB11603E-C53E-4690-B73E-BC6E1317796B}" = Movie Maker "{CD8F936D-7BA3-4902-B0A0-7D96C69E1193}" = Fotogalleriet "{CE1836A8-3F2B-49BD-8395-93DD414068D2}" = AllSharePlayLink "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D71BC54E-A4E6-4E06-866C-FD6EE16EA187}" = Movie Maker "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{DA06101F-FD76-4BF0-88BD-B26A197005E3}" = SW Update "{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player "{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10 "{DF02C515-40B5-45AC-A601-5DC69D03885C}" = Phone Screen Sharing "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E51363F9-BA22-4069-A5CB-B17A9EB06BB9}" = Windows Live UX Platform Language Pack "{E653AB36-18D7-4FB3-BDAF-024283971050}" = Support Center FAQ "{EBFCBD05-77A3-4FC3-A6D2-27218B61D957}" = Windows Live Essentials "{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}" = E-POP "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel® SDK for OpenCL - CPU Only Runtime Package "Adobe AIR" = Adobe AIR "Avast" = avast! Free Antivirus "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player "Google Chrome" = Google Chrome "HUAWEI" = HUAWEI 4.25.10.00 "Huawei Modems" = Huawei modem "InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8 "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10 "Intel AppUp(SM) center 33070" = Intel AppUp(SM) center "LastFM_is1" = Last.fm Scrobbler 2.1.36 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versio 1.75.0.1300 "Mozilla Firefox 24.0 (x86 fi)" = Mozilla Firefox 24.0 (x86 fi) "MozillaMaintenanceService" = Mozilla Maintenance Service "NARA" = Norton Online Backup ARA "Revo Uninstaller" = Revo Uninstaller 1.95 "WinLiveSuite" = Windows Live Essentials "VLC media player" = VLC media player 2.1.3 ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1389066822-2107305290-2761972221-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "SkyDriveSetup.exe" = Microsoft SkyDrive ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 21.1.2014 17:28:48 | Computer Name = Samsung | Source = Microsoft-Windows-Immersive-Shell | ID = 5973 Description = Sovelluksen microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail aktivointi epäonnistui, virhe: -2144927141. Lisätietoja on Microsoft-Windows-TWinUI/Toiminnassa-lokissa. Error - 22.1.2014 10:03:40 | Computer Name = Samsung | Source = Microsoft-Windows-Immersive-Shell | ID = 5973 Description = Sovelluksen microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 aktivointi epäonnistui, virhe: -2144927141. Lisätietoja on Microsoft-Windows-TWinUI/Toiminnassa-lokissa. Error - 22.1.2014 10:04:07 | Computer Name = Samsung | Source = Microsoft-Windows-Immersive-Shell | ID = 5973 Description = Sovelluksen microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail aktivointi epäonnistui, virhe: -2144927141. Lisätietoja on Microsoft-Windows-TWinUI/Toiminnassa-lokissa. Error - 22.1.2014 10:04:28 | Computer Name = Samsung | Source = Microsoft-Windows-Immersive-Shell | ID = 5973 Description = Sovelluksen microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail aktivointi epäonnistui, virhe: -2144927141. Lisätietoja on Microsoft-Windows-TWinUI/Toiminnassa-lokissa. Error - 22.1.2014 10:04:34 | Computer Name = Samsung | Source = Microsoft-Windows-Immersive-Shell | ID = 5973 Description = Sovelluksen microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail aktivointi epäonnistui, virhe: -2144927141. Lisätietoja on Microsoft-Windows-TWinUI/Toiminnassa-lokissa. Error - 22.1.2014 10:04:39 | Computer Name = Samsung | Source = Microsoft-Windows-Immersive-Shell | ID = 5973 Description = Sovelluksen microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 aktivointi epäonnistui, virhe: -2144927141. Lisätietoja on Microsoft-Windows-TWinUI/Toiminnassa-lokissa. Error - 22.1.2014 10:04:39 | Computer Name = Samsung | Source = Microsoft-Windows-Immersive-Shell | ID = 5973 Description = Sovelluksen microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 aktivointi epäonnistui, virhe: -2144927141. Lisätietoja on Microsoft-Windows-TWinUI/Toiminnassa-lokissa. Error - 22.1.2014 10:04:39 | Computer Name = Samsung | Source = Microsoft-Windows-Immersive-Shell | ID = 5973 Description = Sovelluksen microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 aktivointi epäonnistui, virhe: -2144927141. Lisätietoja on Microsoft-Windows-TWinUI/Toiminnassa-lokissa. Error - 22.1.2014 10:04:39 | Computer Name = Samsung | Source = Microsoft-Windows-Immersive-Shell | ID = 5973 Description = Sovelluksen microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 aktivointi epäonnistui, virhe: -2144927141. Lisätietoja on Microsoft-Windows-TWinUI/Toiminnassa-lokissa. Error - 22.1.2014 10:04:54 | Computer Name = Samsung | Source = Microsoft-Windows-Immersive-Shell | ID = 5973 Description = Sovelluksen microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 aktivointi epäonnistui, virhe: -2144927141. Lisätietoja on Microsoft-Windows-TWinUI/Toiminnassa-lokissa. [ System Events ] Error - 4.2.2014 1:36:27 | Computer Name = Samsung | Source = DCOM | ID = 10010 Description = Error - 4.2.2014 1:36:32 | Computer Name = Samsung | Source = DCOM | ID = 10010 Description = Error - 4.2.2014 1:36:38 | Computer Name = Samsung | Source = DCOM | ID = 10010 Description = Error - 4.2.2014 1:36:39 | Computer Name = Samsung | Source = DCOM | ID = 10010 Description = Error - 4.2.2014 1:36:39 | Computer Name = Samsung | Source = DCOM | ID = 10010 Description = Error - 4.2.2014 1:36:40 | Computer Name = Samsung | Source = DCOM | ID = 10010 Description = Error - 4.2.2014 1:36:50 | Computer Name = Samsung | Source = DCOM | ID = 10010 Description = Error - 4.2.2014 1:39:23 | Computer Name = Samsung | Source = DCOM | ID = 10016 Description = Error - 4.2.2014 2:04:18 | Computer Name = Samsung | Source = DCOM | ID = 10010 Description = Error - 4.2.2014 2:33:14 | Computer Name = Samsung | Source = DCOM | ID = 10010 Description = < End of report >
  6. Hello Borislav and thank you so much for the help. Here the text from the notepads: OTL logfile created on: 18.2.2014 11:19:53 - Run 1OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mari\Desktop64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstationInternet Explorer (Version = 9.11.9600.16476)Locale: 0000040B | Country: Suomi | Language: FIN | Date Format: d.M.yyyy 3,87 Gb Total Physical Memory | 2,79 Gb Available Physical Memory | 72,14% Memory free4,56 Gb Paging File | 3,45 Gb Available in Paging File | 75,75% Paging File freePaging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)Drive C: | 441,38 Gb Total Space | 339,80 Gb Free Space | 76,98% Space Free | Partition Type: NTFSDrive D: | 76,15 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: SAMSUNG | User Name: Mari | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit ScansCompany Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2014.02.18 11:10:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mari\Desktop\OTL.exePRC - [2014.02.02 16:46:00 | 003,767,096 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exePRC - [2014.02.02 16:46:00 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exePRC - [2013.10.21 21:07:30 | 003,018,800 | ---- | M] (Samsung Electronics CO., LTD.) -- C:\ProgramData\Samsung\SW Update Service\SWMAgent.exePRC - [2013.09.25 02:43:56 | 000,323,584 | ---- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exePRC - [2013.09.16 12:20:16 | 000,390,616 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exePRC - [2013.09.16 12:20:12 | 000,131,544 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exePRC - [2013.09.16 12:20:10 | 000,169,432 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exePRC - [2013.09.03 05:53:50 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exePRC - [2013.08.07 14:24:00 | 000,015,720 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exePRC - [2013.05.27 08:47:10 | 001,286,144 | ---- | M] () -- C:\Program Files (x86)\Elisa\Mobiililaajakaista-ohjelma\BecHelperService.exePRC - [2013.03.07 02:20:50 | 000,310,640 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exePRC - [2013.02.01 03:52:54 | 001,594,416 | ---- | M] (Samsung Electronics CO., LTD.) -- C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exePRC - [2013.02.01 03:52:48 | 000,085,040 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exePRC - [2013.02.01 03:52:30 | 002,624,048 | ---- | M] (Samsung Electronics CO., LTD.) -- C:\Program Files (x86)\Samsung\Settings\sSettings.exePRC - [2012.08.15 13:41:26 | 000,097,392 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exePRC - [2012.06.08 05:34:06 | 000,111,120 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exePRC - [2012.04.24 13:37:56 | 000,169,752 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe ========== Modules (No Company Name) ========== MOD - [2014.01.20 13:17:04 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dllMOD - [2014.01.20 13:16:38 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dllMOD - [2013.10.16 11:40:59 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dllMOD - [2013.02.01 03:52:58 | 000,111,152 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\EasySettingsBase.dllMOD - [2013.02.01 03:52:46 | 000,211,064 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dllMOD - [2013.02.01 03:52:32 | 000,060,976 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\EasyMovieEnhancer.dllMOD - [2013.02.01 03:52:20 | 000,103,472 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\EasySettingsCmdClient.dllMOD - [2013.02.01 03:52:18 | 000,027,184 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\EasySettingsAPI.dllMOD - [2012.06.08 05:34:06 | 000,627,216 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dllMOD - [2012.06.08 04:34:06 | 000,016,400 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll ========== Services (SafeList) ========== SRV:64bit: - [2014.02.02 16:46:00 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)SRV:64bit: - [2013.11.27 17:36:30 | 003,395,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)SRV:64bit: - [2013.11.08 05:41:17 | 001,302,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc)SRV:64bit: - [2013.10.31 09:08:22 | 001,907,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe -- (OfficeSvc)SRV:64bit: - [2013.10.22 03:53:47 | 001,584,128 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc)SRV:64bit: - [2013.10.19 07:37:49 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)SRV:64bit: - [2013.10.04 10:10:59 | 000,533,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness)SRV:64bit: - [2013.09.30 06:15:54 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)SRV:64bit: - [2013.09.30 06:15:53 | 001,555,456 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)SRV:64bit: - [2013.09.30 06:15:53 | 000,491,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\GeofenceMonitorService.dll -- (lfsvc)SRV:64bit: - [2013.09.30 06:15:53 | 000,261,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)SRV:64bit: - [2013.09.06 14:19:36 | 000,100,104 | ---- | M] (ELAN Microelectronics Corp.) [Auto | Running] -- C:\Program Files\Elantech\ETDService.exe -- (ETDService)SRV:64bit: - [2013.08.27 14:32:30 | 000,828,376 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe -- (Intel®SRV:64bit: - [2013.08.27 14:32:14 | 000,747,520 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®SRV:64bit: - [2013.08.22 14:32:01 | 000,346,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\NisSrv.exe -- (WdNisSvc)SRV:64bit: - [2013.08.22 14:32:00 | 000,023,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)SRV:64bit: - [2013.08.22 14:31:56 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)SRV:64bit: - [2013.08.22 13:32:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC)SRV:64bit: - [2013.08.22 13:31:43 | 000,040,448 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)SRV:64bit: - [2013.08.22 13:22:45 | 000,066,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)SRV:64bit: - [2013.08.22 13:21:15 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)SRV:64bit: - [2013.08.22 13:16:57 | 000,118,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)SRV:64bit: - [2013.08.22 12:25:28 | 000,164,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)SRV:64bit: - [2013.08.22 12:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)SRV:64bit: - [2013.08.22 12:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)SRV:64bit: - [2013.08.22 12:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)SRV:64bit: - [2013.08.22 12:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)SRV:64bit: - [2013.08.22 12:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)SRV:64bit: - [2013.08.22 12:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)SRV:64bit: - [2013.08.22 12:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface)SRV:64bit: - [2013.08.22 12:04:53 | 000,716,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)SRV:64bit: - [2013.08.22 12:02:47 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost)SRV:64bit: - [2013.08.22 11:59:26 | 000,832,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)SRV:64bit: - [2013.08.22 11:58:42 | 000,280,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)SRV:64bit: - [2013.08.22 11:57:25 | 000,130,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum)SRV:64bit: - [2013.08.22 11:54:59 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)SRV:64bit: - [2013.08.22 11:50:59 | 000,245,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)SRV:64bit: - [2013.08.22 11:50:00 | 000,525,312 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)SRV:64bit: - [2013.08.22 11:45:59 | 000,151,040 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService)SRV:64bit: - [2013.08.22 11:40:49 | 000,248,832 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)SRV:64bit: - [2013.08.22 11:40:14 | 000,398,848 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)SRV:64bit: - [2013.08.22 11:39:33 | 000,198,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)SRV:64bit: - [2013.08.22 11:31:03 | 000,201,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)SRV:64bit: - [2013.08.22 11:15:54 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)SRV:64bit: - [2013.08.07 14:24:00 | 000,015,720 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)SRV - [2014.01.29 23:02:44 | 000,279,000 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)SRV - [2013.10.21 21:07:30 | 003,018,800 | ---- | M] (Samsung Electronics CO., LTD.) [Auto | Running] -- C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe -- (SWUpdateService)SRV - [2013.09.30 06:15:49 | 000,357,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GeofenceMonitorService.dll -- (lfsvc)SRV - [2013.09.25 03:08:56 | 000,312,448 | ---- | M] (Windows ® Win 7 DDK provider) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc)SRV - [2013.09.25 02:43:56 | 000,323,584 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (ZAtheros Bt and Wlan Coex Agent)SRV - [2013.09.16 12:20:16 | 000,390,616 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)SRV - [2013.09.16 12:20:12 | 000,131,544 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe -- (Intel®SRV - [2013.09.16 12:20:10 | 000,169,432 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)SRV - [2013.09.11 04:26:44 | 000,118,680 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)SRV - [2013.09.05 10:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)SRV - [2013.09.03 05:53:50 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)SRV - [2013.08.22 14:31:56 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)SRV - [2013.08.22 05:55:35 | 000,018,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)SRV - [2013.08.22 04:53:34 | 000,011,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)SRV - [2013.05.27 08:47:10 | 001,286,144 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Elisa\Mobiililaajakaista-ohjelma\BecHelperService.exe -- (BecHelperService)SRV - [2013.02.01 03:52:54 | 001,594,416 | ---- | M] (Samsung Electronics CO., LTD.) [Auto | Running] -- C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe -- (Easy Launcher)SRV - [2012.08.15 04:44:50 | 003,943,104 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)SRV - [2012.04.24 13:37:56 | 000,169,752 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe -- (ICCS)SRV - [2010.02.19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) ========== Driver Services (SafeList) ========== DRV:64bit: - [2014.02.02 16:46:04 | 001,038,072 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)DRV:64bit: - [2014.02.02 16:46:04 | 000,421,704 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsp.sys -- (aswSP)DRV:64bit: - [2014.02.02 16:46:04 | 000,080,184 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\aswstm.sys -- (aswStm)DRV:64bit: - [2014.02.02 16:46:04 | 000,078,648 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)DRV:64bit: - [2014.01.29 23:02:28 | 005,363,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)DRV:64bit: - [2013.12.29 20:38:51 | 000,207,904 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\aswVmm.sys -- (aswVmm)DRV:64bit: - [2013.11.11 04:48:41 | 000,039,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep)DRV:64bit: - [2013.11.09 13:55:11 | 000,325,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI)DRV:64bit: - [2013.11.01 13:39:53 | 000,086,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc)DRV:64bit: - [2013.10.31 02:58:59 | 000,372,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport)DRV:64bit: - [2013.10.26 03:54:32 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2)DRV:64bit: - [2013.10.16 11:41:01 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\aswRvrt.sys -- (aswRvrt)DRV:64bit: - [2013.10.16 11:41:00 | 000,092,544 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)DRV:64bit: - [2013.10.16 10:54:36 | 000,032,512 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hitmanpro37.sys -- (hitmanpro37)DRV:64bit: - [2013.10.13 04:48:34 | 000,136,536 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS)DRV:64bit: - [2013.10.05 17:25:54 | 000,057,176 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme)DRV:64bit: - [2013.09.30 06:15:49 | 000,467,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3)DRV:64bit: - [2013.09.30 06:15:49 | 000,236,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)DRV:64bit: - [2013.09.30 06:15:49 | 000,175,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt)DRV:64bit: - [2013.09.30 06:02:18 | 000,027,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)DRV:64bit: - [2013.09.30 06:02:13 | 000,037,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)DRV:64bit: - [2013.09.25 02:45:26 | 000,594,632 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)DRV:64bit: - [2013.09.25 02:45:26 | 000,137,928 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)DRV:64bit: - [2013.09.25 02:45:24 | 000,338,120 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)DRV:64bit: - [2013.09.25 02:45:24 | 000,223,432 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hid.sys -- (BTATH_HID)DRV:64bit: - [2013.09.25 02:45:24 | 000,179,432 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)DRV:64bit: - [2013.09.25 02:45:24 | 000,116,424 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_avdt.sys -- (btath_avdt)DRV:64bit: - [2013.09.25 02:45:24 | 000,089,800 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)DRV:64bit: - [2013.09.25 02:45:24 | 000,077,464 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)DRV:64bit: - [2013.09.25 02:45:24 | 000,034,384 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)DRV:64bit: - [2013.09.16 12:20:12 | 000,099,288 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TeeDriverx64.sys -- (MEIx64)DRV:64bit: - [2013.09.06 14:19:20 | 000,358,664 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)DRV:64bit: - [2013.08.22 15:25:40 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv)DRV:64bit: - [2013.08.22 15:25:40 | 000,030,048 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec)DRV:64bit: - [2013.08.22 14:50:19 | 000,057,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam)DRV:64bit: - [2013.08.22 14:49:54 | 000,079,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex)DRV:64bit: - [2013.08.22 14:49:33 | 000,159,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)DRV:64bit: - [2013.08.22 14:43:49 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis)DRV:64bit: - [2013.08.22 14:43:48 | 000,146,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101)DRV:64bit: - [2013.08.22 14:43:48 | 000,041,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32)DRV:64bit: - [2013.08.22 14:43:45 | 003,357,024 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)DRV:64bit: - [2013.08.22 14:43:45 | 000,093,536 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)DRV:64bit: - [2013.08.22 14:43:45 | 000,082,784 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS)DRV:64bit: - [2013.08.22 14:43:45 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)DRV:64bit: - [2013.08.22 14:43:44 | 000,081,760 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3.sys -- (LSI_SAS3)DRV:64bit: - [2013.08.22 14:43:41 | 000,782,176 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX)DRV:64bit: - [2013.08.22 14:43:41 | 000,531,296 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)DRV:64bit: - [2013.08.22 14:43:41 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)DRV:64bit: - [2013.08.22 14:43:41 | 000,108,896 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware)DRV:64bit: - [2013.08.22 14:43:41 | 000,079,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)DRV:64bit: - [2013.08.22 14:43:40 | 000,114,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)DRV:64bit: - [2013.08.22 14:43:40 | 000,082,784 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass)DRV:64bit: - [2013.08.22 14:43:40 | 000,025,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)DRV:64bit: - [2013.08.22 14:43:34 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID)DRV:64bit: - [2013.08.22 14:43:33 | 000,189,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UCX01000.SYS -- (UCX01000)DRV:64bit: - [2013.08.22 14:43:33 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor)DRV:64bit: - [2013.08.22 14:43:32 | 000,078,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor)DRV:64bit: - [2013.08.22 14:43:32 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)DRV:64bit: - [2013.08.22 14:43:31 | 000,107,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci)DRV:64bit: - [2013.08.22 14:43:31 | 000,072,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx)DRV:64bit: - [2013.08.22 14:43:31 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx)DRV:64bit: - [2013.08.22 14:41:08 | 000,054,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpcfltr.sys -- (wpcfltr)DRV:64bit: - [2013.08.22 14:39:44 | 000,377,696 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS)DRV:64bit: - [2013.08.22 14:39:15 | 000,924,512 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\refs.sys -- (ReFS)DRV:64bit: - [2013.08.22 14:39:15 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI)DRV:64bit: - [2013.08.22 14:37:27 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci)DRV:64bit: - [2013.08.22 14:36:12 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr)DRV:64bit: - [2013.08.22 14:34:22 | 000,265,056 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter)DRV:64bit: - [2013.08.22 14:34:22 | 000,124,256 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv)DRV:64bit: - [2013.08.22 14:31:28 | 000,034,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot)DRV:64bit: - [2013.08.22 13:39:54 | 000,076,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache)DRV:64bit: - [2013.08.22 13:39:31 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay)DRV:64bit: - [2013.08.22 13:39:28 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender)DRV:64bit: - [2013.08.22 13:39:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HyperVideo.sys -- (HyperVideo)DRV:64bit: - [2013.08.22 13:39:06 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf)DRV:64bit: - [2013.08.22 13:38:58 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime)DRV:64bit: - [2013.08.22 13:38:48 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr)DRV:64bit: - [2013.08.22 13:38:39 | 000,036,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)DRV:64bit: - [2013.08.22 13:38:26 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic)DRV:64bit: - [2013.08.22 13:38:23 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter)DRV:64bit: - [2013.08.22 13:38:22 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig)DRV:64bit: - [2013.08.22 13:38:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid)DRV:64bit: - [2013.08.22 13:37:49 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd)DRV:64bit: - [2013.08.22 13:37:46 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)DRV:64bit: - [2013.08.22 13:37:42 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum)DRV:64bit: - [2013.08.22 13:37:28 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)DRV:64bit: - [2013.08.22 13:37:28 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c)DRV:64bit: - [2013.08.22 13:37:14 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)DRV:64bit: - [2013.08.22 13:36:43 | 000,087,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc63.sys -- (netvsc)DRV:64bit: - [2013.08.22 13:36:37 | 000,224,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BthLEEnum.sys -- (BthLEEnum)DRV:64bit: - [2013.08.22 13:36:25 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)DRV:64bit: - [2013.08.22 13:36:17 | 000,124,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform)DRV:64bit: - [2013.08.22 13:36:07 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp)DRV:64bit: - [2013.08.22 13:35:42 | 000,103,424 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu)DRV:64bit: - [2013.08.22 10:46:33 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fxppm.sys -- (FxPPM)DRV:64bit: - [2013.08.15 20:13:30 | 003,859,968 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athwbx.sys -- (athr)DRV:64bit: - [2013.08.13 01:25:46 | 000,017,624 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2)DRV:64bit: - [2013.08.10 02:39:30 | 000,651,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV)DRV:64bit: - [2013.08.07 14:23:46 | 000,644,968 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA)DRV:64bit: - [2013.07.30 20:47:35 | 000,024,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO)DRV:64bit: - [2013.07.26 15:07:30 | 000,827,096 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt630x64.sys -- (RTL8168)DRV:64bit: - [2013.07.25 21:05:39 | 000,099,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C)DRV:64bit: - [2013.07.25 15:53:46 | 000,023,040 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)DRV:64bit: - [2013.01.29 17:05:04 | 000,014,336 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter)DRV:64bit: - [2013.01.29 17:05:02 | 000,452,608 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ewusbwwan.sys -- (ewusbmbb)DRV:64bit: - [2013.01.29 17:05:02 | 000,225,920 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)DRV:64bit: - [2013.01.29 17:05:02 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)DRV:64bit: - [2013.01.29 17:05:02 | 000,090,112 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator)DRV:64bit: - [2012.12.13 12:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)DRV:64bit: - [2012.08.06 05:37:08 | 000,352,456 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cbfs3.sys -- (cbfs3)DRV:64bit: - [2012.07.27 14:00:03 | 000,023,408 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RadioHIDMini.sys -- (RadioHIDMini)DRV:64bit: - [2012.06.25 03:24:50 | 000,092,536 | ---- | M] (CyberLink) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\CLVirtualDrive.sys -- (CLVirtualDrive)DRV:64bit: - [2012.06.19 00:40:50 | 000,342,528 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)DRV:64bit: - [2012.05.26 02:56:14 | 000,168,608 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NARAx64\0401000.00E\ccSetx64.sys -- (ccSet_NARA) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {5387967B-EEB6-4153-9D59-0F3C7606A394}IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRCIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htmIE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1389066822-2107305290-2761972221-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung13.msn.comIE - HKU\S-1-5-21-1389066822-2107305290-2761972221-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://samsung13.msn.com/IE - HKU\S-1-5-21-1389066822-2107305290-2761972221-1001\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1389066822-2107305290-2761972221-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SRIE - HKU\S-1-5-21-1389066822-2107305290-2761972221-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}IE - HKU\S-1-5-21-1389066822-2107305290-2761972221-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-21-1389066822-2107305290-2761972221-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "about:home"FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:9.0.2011.70FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not foundFF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014.02.02 16:46:06 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\componentsFF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.09.11 00:49:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mari\AppData\Roaming\mozilla\Extensions[2013.10.16 10:44:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mari\AppData\Roaming\mozilla\Firefox\Profiles\i4q717sh.default\extensions[2013.10.16 11:35:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions[2013.10.16 11:35:07 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}[2014.02.02 16:46:06 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF ========== Chrome ========== CHR - default_search_provider: Google (Enabled)CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},CHR - Extension: Media Hint = C:\Users\Mari\AppData\Local\Google\Chrome\User Data\Default\Extensions\anepbdekljkmmimmhbniglnnanmmkoja\0.1.13_0\CHR - Extension: Google-dokumentit = C:\Users\Mari\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_1\CHR - Extension: Google Drive = C:\Users\Mari\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_1\CHR - Extension: YouTube = C:\Users\Mari\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1\CHR - Extension: Adblock Plus = C:\Users\Mari\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.7.4_0\CHR - Extension: Google-haku = C:\Users\Mari\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1\CHR - Extension: XKit = C:\Users\Mari\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpfgeeomkfdefkckijiabdbogjkdaecd\7.4.2_0\CHR - Extension: avast! Online Security = C:\Users\Mari\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2013.75_0\CHR - Extension: Reddit Enhancement Suite = C:\Users\Mari\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb\4.3.1.2_0\CHR - Extension: Google Wallet = C:\Users\Mari\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\CHR - Extension: Gmail = C:\Users\Mari\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_2\ Hosts file not foundO2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)O3 - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)O4:64bit: - HKLM..\Run: [bitcasa] C:\Program Files\Bitcasa\Bitcasa.exe (Bitcasa, Inc)O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\SysNative\hkcmd.exe (Intel Corporation)O4:64bit: - HKLM..\Run: [igfxTray] C:\WINDOWS\SysNative\igfxtray.exe (Intel Corporation)O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\WINDOWS\SysNative\LogiLDA.dll (Logitech, Inc.)O4:64bit: - HKLM..\Run: [Persistence] C:\WINDOWS\SysNative\igfxpers.exe (Intel Corporation)O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)O4 - HKLM..\Run: [] File not foundO4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)O4 - HKLM..\Run: [CLMLServer_For_P2G8] C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (CyberLink)O4 - HKLM..\Run: [CLVirtualDrive] C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe (CyberLink Corp.)O4 - HKLM..\Run: [intel AppUp(SM) center] C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe (Intel Corporation)O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)O4 - HKLM..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: BtvStack = "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe" (Qualcomm®Atheros®)O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPath = 1O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)O1364bit: - gopher Prefix: missingO13 - gopher Prefix: missingO17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3323EA63-0941-44EE-82B4-2BCEA411D47B}: DhcpNameServer = 172.20.10.1O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9192355D-A01E-4595-AC0E-828E345F8B0A}: DhcpNameServer = 192.168.0.254O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A53C783C-2567-42B0-9A4A-DF69487C3FCF}: DhcpNameServer = 192.168.0.254O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BB849D9B-7821-4069-9513-6AD572D67D84}: NameServer = 195.197.54.100 195.74.0.47O18:64bit: - Protocol\Handler\osf - No CLSID value foundO18:64bit: - Protocol\Handler\skype4com - No CLSID value foundO18:64bit: - Protocol\Handler\wlpg - No CLSID value foundO18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation)O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\WINDOWS\SysNative\igfxdev.dll (Intel Corporation)O21:64bit: - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysNative\CbFsMntNtf3.dll (EldoS Corporation)O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O22:64bit: - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\SysNative\CbFsMntNtf3.dll (EldoS Corporation)O22 - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)O30 - LSA: Security Packages - (livessp) - File not foundO32 - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2013.05.27 11:30:42 | 000,448,896 | R--- | M] () - D:\Autorun.exe -- [ CDFS ]O32 - AutoRun File - [2013.05.27 11:20:40 | 000,062,896 | R--- | M] () - D:\Autorun.ico -- [ CDFS ]O32 - AutoRun File - [2013.05.27 11:23:36 | 000,000,047 | R--- | M] () - D:\Autorun.inf -- [ CDFS ]O33 - MountPoints2\{d0928262-4207-11e3-bebb-001e101ff69a}\Shell - "" = AutoRunO33 - MountPoints2\{d0928262-4207-11e3-bebb-001e101ff69a}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2013.05.27 11:30:42 | 000,448,896 | R--- | M] ()O33 - MountPoints2\{dfbf43e5-37f3-11e3-8250-f8a4f7d96fd1}\Shell - "" = AutoRunO33 - MountPoints2\{dfbf43e5-37f3-11e3-8250-f8a4f7d96fd1}\Shell\AutoRun\command - "" = D:\Autorun.exe -- [2013.05.27 11:30:42 | 000,448,896 | R--- | M] ()O34 - HKLM BootExecute: (autocheck autochk *)O35:64bit: - HKLM\..comfile [open] -- "%1" %*O35:64bit: - HKLM\..exefile [open] -- "%1" %*O35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*O37 - HKLM\...com [@ = comfile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2014.02.18 11:10:07 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Mari\Desktop\OTL.exe[2014.02.18 10:17:10 | 000,000,000 | R--D | C] -- C:\Users\Mari\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices[2014.02.17 21:46:32 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess[2014.02.13 18:57:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime[2014.02.08 15:54:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER[2014.02.08 15:33:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office[2014.02.08 15:26:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013[2014.02.08 15:24:37 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office 15[2014.02.02 23:25:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes[2014.02.02 23:24:40 | 000,000,000 | ---D | C] -- C:\Program Files\iPod[2014.02.02 23:24:39 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes[2014.02.02 23:24:39 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69[2014.02.02 23:24:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update[2014.02.02 23:24:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple[2014.02.02 23:23:55 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour[2014.02.02 23:23:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour[2014.02.02 23:23:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple[2014.01.19 16:02:59 | 000,000,000 | ---D | C] -- C:\AdwCleaner[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ][1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2014.02.18 11:10:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mari\Desktop\OTL.exe[2014.02.18 11:04:02 | 000,001,020 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job[2014.02.18 10:18:31 | 000,002,197 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk[2014.02.18 10:18:06 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat[2014.02.18 10:16:39 | 000,001,016 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job[2014.02.18 10:16:03 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys[2014.02.17 21:45:36 | 3326,443,520 | -HS- | M] () -- C:\hiberfil.sys[2014.02.15 18:44:50 | 001,371,388 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI[2014.02.15 18:44:50 | 000,723,514 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat[2014.02.15 18:44:50 | 000,436,568 | ---- | M] () -- C:\WINDOWS\SysNative\perfh00B.dat[2014.02.15 18:44:50 | 000,136,128 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat[2014.02.15 18:44:50 | 000,082,128 | ---- | M] () -- C:\WINDOWS\SysNative\perfc00B.dat[2014.02.06 00:06:44 | 000,001,086 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk[2014.02.02 23:25:37 | 000,001,795 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk[2014.02.02 16:46:34 | 000,001,982 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk[2014.02.02 16:46:04 | 001,038,072 | ---- | M] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswSnx.sys[2014.02.02 16:46:04 | 000,421,704 | ---- | M] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswsp.sys[2014.02.02 16:46:04 | 000,334,136 | ---- | M] (AVAST Software) -- C:\WINDOWS\SysNative\aswBoot.exe[2014.02.02 16:46:04 | 000,080,184 | ---- | M] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswstm.sys[2014.02.02 16:46:04 | 000,078,648 | ---- | M] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswMonFlt.sys[2014.02.02 16:46:03 | 000,043,152 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr[2014.01.29 23:02:42 | 000,017,058 | ---- | M] () -- C:\WINDOWS\SysNative\iglhxs64.vp[2014.01.29 23:02:38 | 000,009,728 | ---- | M] ( ) -- C:\WINDOWS\SysNative\IGFXDEVLib.dll[2014.01.29 23:02:22 | 000,098,304 | ---- | M] () -- C:\WINDOWS\SysNative\igdde64.dll[2014.01.29 23:02:22 | 000,077,312 | ---- | M] () -- C:\WINDOWS\SysWow64\igdde32.dll[2014.01.29 23:02:14 | 000,223,664 | ---- | M] () -- C:\WINDOWS\SysNative\Gfxres.th-TH.resources[2014.01.29 23:02:14 | 000,144,645 | ---- | M] () -- C:\WINDOWS\SysNative\Gfxres.tr-TR.resources[2014.01.29 23:02:14 | 000,126,300 | ---- | M] () -- C:\WINDOWS\SysNative\Gfxres.zh-TW.resources[2014.01.29 23:02:14 | 000,124,650 | ---- | M] () -- C:\WINDOWS\SysNative\Gfxres.zh-CN.resources[2014.01.29 23:02:12 | 000,210,106 | ---- | M] () -- C:\WINDOWS\SysNative\Gfxres.el-GR.resources[2014.01.29 23:02:12 | 000,194,245 | ---- | M] () -- C:\WINDOWS\SysNative\Gfxres.ru-RU.resources[2014.01.29 23:02:12 | 000,166,170 | ---- | M] () -- C:\WINDOWS\SysNative\Gfxres.ar-SA.resources[2014.01.29 23:02:12 | 000,163,421 | ---- | M] () -- C:\WINDOWS\SysNative\Gfxres.ja-JP.resources[2014.01.29 23:02:12 | 000,159,008 | ---- | M] () -- C:\WINDOWS\SysNative\Gfxres.he-IL.resources[2014.01.29 23:02:12 | 000,149,682 | ---- | M] () -- C:\WINDOWS\SysNative\Gfxres.it-IT.resources[2014.01.29 23:02:12 | 000,148,042 | ---- | M] () -- C:\WINDOWS\SysNative\Gfxres.ko-KR.resources[2014.01.29 23:02:12 | 000,147,393 | ---- | M] () -- C:\WINDOWS\SysNative\Gfxres.de-DE.resources[2014.01.29 23:02:12 | 000,147,288 | ---- | M] () -- C:\WINDOWS\SysNative\Gfxres.es-ES.resources[2014.01.29 23:02:12 | 000,146,004 | ---- | M] () -- C:\WINDOWS\SysNative\Gfxres.ro-RO.resources[2014.01.29 23:02:12 | 000,145,491 | ---- | M] () -- C:\WINDOWS\SysNative\Gfxres.fr-FR.resources[2014.01.29 23:02:12 | 000,144,260 | ---- | M] () -- C:\WINDOWS\SysNative\Gfxres.pt-BR.resources[2014.01.29 23:02:12 | 000,144,020 | ---- | M] () -- C:\WINDOWS\SysNative\Gfxres.nl-NL.resources[2014.01.29 23:02:12 | 000,143,932 | ---- | M] () -- C:\WINDOWS\SysNative\Gfxres.hu-HU.resources[2014.01.29 23:02:12 | 000,142,882 | ---- | M] () -- C:\WINDOWS\SysNative\Gfxres.sv-SE.resources[2014.01.29 23:02:12 | 000,142,877 | ---- | M] () -- C:\WINDOWS\SysNative\Gfxres.pt-PT.resources[2014.01.29 23:02:12 | 000,142,717 | ---- | M] () -- C:\WINDOWS\SysNative\Gfxres.pl-PL.resources[2014.01.29 23:02:12 | 000,142,289 | ---- | M] () -- C:\WINDOWS\SysNative\Gfxres.cs-CZ.resources[2014.01.29 23:02:12 | 000,142,008 | ---- | M] () -- C:\WINDOWS\SysNative\Gfxres.fi-FI.resources[2014.01.29 23:02:12 | 000,141,838 | ---- | M] () -- C:\WINDOWS\SysNative\Gfxres.sk-SK.resources[2014.01.29 23:02:12 | 000,141,049 | ---- | M] () -- C:\WINDOWS\SysNative\Gfxres.hr-HR.resources[2014.01.29 23:02:12 | 000,137,889 | ---- | M] () -- C:\WINDOWS\SysNative\Gfxres.sl-SI.resources[2014.01.29 23:02:12 | 000,137,784 | ---- | M] () -- C:\WINDOWS\SysNative\Gfxres.nb-NO.resources[2014.01.29 23:02:12 | 000,137,141 | ---- | M] () -- C:\WINDOWS\SysNative\Gfxres.da-DK.resources[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ][1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ] ========== Files Created - No Company Name ========== [2014.02.06 00:06:44 | 000,001,086 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk[2014.02.02 23:25:37 | 000,001,795 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk[2014.02.02 23:24:16 | 000,002,535 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk[2014.01.29 23:02:42 | 000,017,058 | ---- | C] () -- C:\WINDOWS\SysNative\iglhxs64.vp[2014.01.29 23:02:38 | 000,009,728 | ---- | C] ( ) -- C:\WINDOWS\SysNative\IGFXDEVLib.dll[2014.01.29 23:02:22 | 000,098,304 | ---- | C] () -- C:\WINDOWS\SysNative\igdde64.dll[2014.01.29 23:02:22 | 000,077,312 | ---- | C] () -- C:\WINDOWS\SysWow64\igdde32.dll[2014.01.29 23:02:14 | 000,223,664 | ---- | C] () -- C:\WINDOWS\SysNative\Gfxres.th-TH.resources[2014.01.29 23:02:14 | 000,144,645 | ---- | C] () -- C:\WINDOWS\SysNative\Gfxres.tr-TR.resources[2014.01.29 23:02:14 | 000,126,300 | ---- | C] () -- C:\WINDOWS\SysNative\Gfxres.zh-TW.resources[2014.01.29 23:02:14 | 000,124,650 | ---- | C] () -- C:\WINDOWS\SysNative\Gfxres.zh-CN.resources[2014.01.29 23:02:12 | 000,210,106 | ---- | C] () -- C:\WINDOWS\SysNative\Gfxres.el-GR.resources[2014.01.29 23:02:12 | 000,194,245 | ---- | C] () -- C:\WINDOWS\SysNative\Gfxres.ru-RU.resources[2014.01.29 23:02:12 | 000,166,170 | ---- | C] () -- C:\WINDOWS\SysNative\Gfxres.ar-SA.resources[2014.01.29 23:02:12 | 000,163,421 | ---- | C] () -- C:\WINDOWS\SysNative\Gfxres.ja-JP.resources[2014.01.29 23:02:12 | 000,159,008 | ---- | C] () -- C:\WINDOWS\SysNative\Gfxres.he-IL.resources[2014.01.29 23:02:12 | 000,149,682 | ---- | C] () -- C:\WINDOWS\SysNative\Gfxres.it-IT.resources[2014.01.29 23:02:12 | 000,148,042 | ---- | C] () -- C:\WINDOWS\SysNative\Gfxres.ko-KR.resources[2014.01.29 23:02:12 | 000,147,393 | ---- | C] () -- C:\WINDOWS\SysNative\Gfxres.de-DE.resources[2014.01.29 23:02:12 | 000,147,288 | ---- | C] () -- C:\WINDOWS\SysNative\Gfxres.es-ES.resources[2014.01.29 23:02:12 | 000,146,004 | ---- | C] () -- C:\WINDOWS\SysNative\Gfxres.ro-RO.resources[2014.01.29 23:02:12 | 000,145,491 | ---- | C] () -- C:\WINDOWS\SysNative\Gfxres.fr-FR.resources[2014.01.29 23:02:12 | 000,144,260 | ---- | C] () -- C:\WINDOWS\SysNative\Gfxres.pt-BR.resources[2014.01.29 23:02:12 | 000,144,020 | ---- | C] () -- C:\WINDOWS\SysNative\Gfxres.nl-NL.resources[2014.01.29 23:02:12 | 000,143,932 | ---- | C] () -- C:\WINDOWS\SysNative\Gfxres.hu-HU.resources[2014.01.29 23:02:12 | 000,142,882 | ---- | C] () -- C:\WINDOWS\SysNative\Gfxres.sv-SE.resources[2014.01.29 23:02:12 | 000,142,877 | ---- | C] () -- C:\WINDOWS\SysNative\Gfxres.pt-PT.resources[2014.01.29 23:02:12 | 000,142,717 | ---- | C] () -- C:\WINDOWS\SysNative\Gfxres.pl-PL.resources[2014.01.29 23:02:12 | 000,142,289 | ---- | C] () -- C:\WINDOWS\SysNative\Gfxres.cs-CZ.resources[2014.01.29 23:02:12 | 000,142,008 | ---- | C] () -- C:\WINDOWS\SysNative\Gfxres.fi-FI.resources[2014.01.29 23:02:12 | 000,141,838 | ---- | C] () -- C:\WINDOWS\SysNative\Gfxres.sk-SK.resources[2014.01.29 23:02:12 | 000,141,049 | ---- | C] () -- C:\WINDOWS\SysNative\Gfxres.hr-HR.resources[2014.01.29 23:02:12 | 000,137,889 | ---- | C] () -- C:\WINDOWS\SysNative\Gfxres.sl-SI.resources[2014.01.29 23:02:12 | 000,137,784 | ---- | C] () -- C:\WINDOWS\SysNative\Gfxres.nb-NO.resources[2014.01.29 23:02:12 | 000,137,141 | ---- | C] () -- C:\WINDOWS\SysNative\Gfxres.da-DK.resources[2014.01.22 16:07:41 | 000,138,240 | ---- | C] () -- C:\WINDOWS\SysNative\OEMLicense.dll[2014.01.22 16:07:41 | 000,103,936 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll[2013.12.30 14:03:06 | 000,024,064 | ---- | C] () -- C:\WINDOWS\zoek-delete.exe[2013.12.01 22:13:11 | 000,000,132 | ---- | C] () -- C:\Users\Mari\AppData\Roaming\Adobe PNG Format CS5 Prefs[2013.11.28 15:09:57 | 000,001,456 | ---- | C] () -- C:\Users\Mari\AppData\Local\Adobe Save for Web 12.0 Prefs[2013.11.21 14:37:01 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl[2013.11.21 14:20:18 | 001,394,918 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI[2013.08.28 19:55:40 | 000,067,156 | ---- | C] () -- C:\WINDOWS\Huawei ModemsUninstall.exe[2013.08.22 17:36:43 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat[2013.08.22 17:36:42 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT[2013.08.22 16:46:23 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat[2013.08.22 09:01:23 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin[2013.08.22 05:32:36 | 000,046,080 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll[2013.08.22 01:55:20 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll[2013.08.22 01:52:39 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat[2013.03.11 12:01:42 | 000,000,002 | ---- | C] () -- C:\WINDOWS\HotFixList.ini[2013.03.11 11:37:52 | 000,003,004 | ---- | C] () -- C:\ProgramData\MakeMarkerFile.xml[2013.02.07 07:27:32 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe[2013.02.07 07:27:28 | 000,974,848 | ---- | C] () -- C:\WINDOWS\SysWow64\cis-2.4.dll[2013.02.07 07:27:28 | 000,081,920 | ---- | C] () -- C:\WINDOWS\SysWow64\issacapi_bs-2.3.dll[2013.02.07 07:27:28 | 000,065,536 | ---- | C] () -- C:\WINDOWS\SysWow64\issacapi_pe-2.3.dll[2013.02.07 07:27:28 | 000,057,344 | ---- | C] () -- C:\WINDOWS\SysWow64\issacapi_se-2.3.dll[2012.12.14 01:42:30 | 000,963,452 | ---- | C] () -- C:\WINDOWS\SysWow64\igcodeckrng600.bin[2012.12.14 01:42:28 | 000,272,928 | ---- | C] () -- C:\WINDOWS\SysWow64\igvpkrng600.bin[2012.12.10 07:12:50 | 000,001,536 | ---- | C] () -- C:\WINDOWS\SysWow64\IusEventLog.dll ========== ZeroAccess Check ========== [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64"" = C:\Windows\SysNative\shell32.dll -- [2013.11.05 22:21:27 | 021,196,664 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]"" = %SystemRoot%\system32\shell32.dll -- [2013.11.05 20:51:37 | 018,642,504 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2013.08.22 11:49:49 | 000,921,088 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]"" = %systemroot%\system32\wbem\fastprox.dll -- [2013.08.22 04:45:10 | 000,691,712 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2013.08.22 11:45:17 | 000,483,840 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.10.16 18:27:41 | 000,000,000 | ---D | M] -- C:\Users\Mari\AppData\Roaming\AVAST Software[2013.10.31 11:09:14 | 000,000,000 | ---D | M] -- C:\Users\Mari\AppData\Roaming\Birdstep Technology[2013.08.31 17:41:42 | 000,000,000 | ---D | M] -- C:\Users\Mari\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant[2013.09.06 18:47:04 | 000,000,000 | ---D | M] -- C:\Users\Mari\AppData\Roaming\No Company Name[2013.09.05 22:57:32 | 000,000,000 | ---D | M] -- C:\Users\Mari\AppData\Roaming\PDAppFlex[2013.11.21 14:04:26 | 000,000,000 | ---D | M] -- C:\Users\Mari\AppData\Roaming\Samsung[2013.12.29 21:30:00 | 000,000,000 | ---D | M] -- C:\Users\Mari\AppData\Roaming\uTorrent ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 220 bytes -> C:\Users\Mari\SkyDrive:ms-properties < End of report >
  7. Hi! I was doing my daily scan with Malwarebytes when quite unexpectedly it came back with 3 results. It was a PUP, more specifically PUP.Optional.BoostInterProcess.A I tried deleting them, rebooted as Malwarebytes prompted, but when I ran the check on my laptop again, the same 3 files were there. This is the Malwarebytes log for the second check: Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.org Tietokantaversio: v2014.02.17.07 Windows 8 x64 NTFSInternet Explorer 11.0.9600.16476Mari :: SAMSUNG [järjestelmänvalvoja] 17.2.2014 21:49:24MBAM-log-2014-02-17 (22-00-36).txt Tarkistustyyppi: PikatarkistusTarkistussuodattimia valittu: Muisti | Käynnistys | Rekisteri | Tietojärjestelmä | Heuristinen/Ylimäärinen | Heuristinen/Shuriken | Mahdollisesti haitallinen ohjelma | Mahdollisesti haitallinen muutosKäytöstä poistetut tarkistusvalinnat: Vertaisverkko (Peer-to-Peer)Tarkistettuja kohteita: 217778Kulunut aika: 8 minuutti(a), 44 sekunti(a) Epäilyttäviä muistiprosesseja: 0(Ei haitallisia kohteita) Epäilyttäviä muistimoduuleja: 0(Ei haitallisia kohteita) Epäilyttäviä rekisteriavaimia: 0(Ei haitallisia kohteita) Epäilyttäviä rekisteriarvoja: 0(Ei haitallisia kohteita) Epäilyttäviä rekisterikohteita: 0(Ei haitallisia kohteita) Epäilyttäviä kansioita: 1C:\ProgramData\boost_interprocess (PUP.Optional.BoostInterProcess.A) -> Toimintoja ei suoritettu. Epäilyttäviä tiedostoja: 2C:\ProgramData\boost_interprocess\Nobu64AgentService (PUP.Optional.BoostInterProcess.A) -> Toimintoja ei suoritettu.C:\ProgramData\boost_interprocess\Nobu64TrayIcon (PUP.Optional.BoostInterProcess.A) -> Toimintoja ei suoritettu. (loppu) Unfortunately my computer won't run DDS I'm quite confused as to where I could have picked this up, I haven't downloaded anything from the internet in a while, and I have not visited any suspicious websites. I have a Samsung laptop with Windows 8.1 Help would be appreciated!
  8. I think I'll have to think about what to do for a while, so I believe this topic could be closed. I'm starting to think that I won't do anything about the metro issue, but if I find more trouble I think I'll go to a professional and see what they recommend as quite honestly I am absolutely clueless on this thing and think I could cause more trouble than benefit if I tried doing anything myself. Thank you for all of your help Kevin, you've been very helpful!
  9. Oh God, I honestly have NO idea what to do, all of this is making me really really anxious right now. What option would you recommend? I think I'll have to sleep on this as it is quite late and my nerves are getting the best of me on this.
  10. The slider seems to be in the normal position for me if that is what I need to check... I know this is propably not your area anymore, but do you think it would be fine if I didn't do anything and just left the windows apps broken? I really don't use them anyway. I'm just worried if this means there could be other things wrong with my system as well now that this has arisen.
  11. Sorry I'm a bit useless with this, how do I check if UAC is turned off? The screen resolution is fine. I think this problem started when that one program I used during our process got stuck because of my mistake and I had to turn the computer off. After that I remember the metro tiles looking strange for a moment. But I am almost certain this started at some point during the virus check process.
  12. Does the refresh require the installation disc? I'm honestly not sure if I have it, but I'm finally going home on Monday, so I could try to find it if you indeed think its my best option. And if we're being honest I really don't use any metro app besides e-mail so if they don't work it isn't that big of a loss to me.
  13. Sorry I don't know what that is, not a native english speaker
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.