unluckychick
Honorary Members-
Posts
44 -
Joined
-
Last visited
Reputation
0 Neutral-
Unexpected PUP, am I safe?
unluckychick replied to unluckychick's topic in Resolved Malware Removal Logs
Did that! Thank you a lot dude, you rock! -
Unexpected PUP, am I safe?
unluckychick replied to unluckychick's topic in Resolved Malware Removal Logs
Things are looking quite normal! I noticed that the folder is listed in quarantine in Malwarebytes, but it also appears on the list of things to skip during a check, is that normal? -
Unexpected PUP, am I safe?
unluckychick replied to unluckychick's topic in Resolved Malware Removal Logs
Hi Borislav, here is the log as requested: All processes killed========== OTL ==========HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!HKEY_USERS\S-1-5-21-1389066822-2107305290-2761972221-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!C:\Users\Mari\AppData\Roaming\uTorrent\updates folder moved successfully.C:\Users\Mari\AppData\Roaming\uTorrent\share folder moved successfully.C:\Users\Mari\AppData\Roaming\uTorrent\dlimagecache folder moved successfully.C:\Users\Mari\AppData\Roaming\uTorrent\apps folder moved successfully.C:\Users\Mari\AppData\Roaming\uTorrent folder moved successfully.========== FILES ==========< ipconfig /flushdns /c >Windows IP ConfigurationSuccessfully flushed the DNS Resolver Cache.C:\Users\Mari\Desktop\cmd.bat deleted successfully.C:\Users\Mari\Desktop\cmd.txt deleted successfully.========== REGISTRY ==========Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9368CFA9-A129-499C-A374-7F46F285A53A} deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9368CFA9-A129-499C-A374-7F46F285A53A}\ not found.Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A4911551-8AD6-4D2B-8548-2D8D7412B119} deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A4911551-8AD6-4D2B-8548-2D8D7412B119}\ not found.========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytes->Flash cache emptied: 57472 bytes User: Default User->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytes->Flash cache emptied: 0 bytes User: Default.migrated User: EasySurvey User: Mari->Temp folder emptied: 1090662 bytes->Temporary Internet Files folder emptied: 122875703 bytes->FireFox cache emptied: 29154265 bytes->Google Chrome cache emptied: 364708479 bytes->Flash cache emptied: 57851 bytes User: Public %systemdrive% .tmp files removed: 0 bytes%systemroot% .tmp files removed: 0 bytes%systemroot%\System32 .tmp files removed: 0 bytes%systemroot%\System32 (64bit) .tmp files removed: 0 bytes%systemroot%\System32\drivers .tmp files removed: 0 bytesWindows Temp folder emptied: 16312902 bytes%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytesRecycleBin emptied: 0 bytes Total Files Cleaned = 510,00 mb HOSTS file reset successfully OTL by OldTimer - Version 3.2.69.0 log created on 02192014_144358 Files\Folders moved on Reboot...C:\Users\Mari\AppData\Local\Microsoft\Windows\INetCache\counters.dat moved successfully.File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.C:\WINDOWS\temp\FireFly(201402191436186FC).log moved successfully.C:\WINDOWS\temp\integratedoffice.exe_c2ruidll(201402191436186FC).log moved successfully.C:\WINDOWS\temp\integratedoffice.exe_streamserver(201402191436186FC).log moved successfully.File move failed. C:\WINDOWS\temp\ood_stream.x86.fi-fi.dat scheduled to be moved on reboot.File move failed. C:\WINDOWS\temp\ood_stream.x86.x-none.dat scheduled to be moved on reboot. PendingFileRenameOperations files... Registry entries deleted on Reboot... -
Unexpected PUP, am I safe?
unluckychick replied to unluckychick's topic in Resolved Malware Removal Logs
Ok I don't know if this is related to my issue but I thought I should mention it. I was trying to download a video and used multiple sources/websites/downloaders, but every time my download was just about ready, it stalled and Chrome gave me a 'Network error'. I'm quite sure the download weren't infected as they were videos from friends from our holiday trip. -
Unexpected PUP, am I safe?
unluckychick replied to unluckychick's topic in Resolved Malware Removal Logs
Ok this is a bit strange. I did another check with Malwarebytes as I got home and it no longer detects the folder and files: Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.org Tietokantaversio: v2014.02.18.03 Windows 8 x64 NTFSInternet Explorer 11.0.9600.16476Mari :: SAMSUNG [järjestelmänvalvoja] 18.2.2014 14:39:49mbam-log-2014-02-18 (14-39-49).txt Tarkistustyyppi: PikatarkistusTarkistussuodattimia valittu: Muisti | Käynnistys | Rekisteri | Tietojärjestelmä | Heuristinen/Ylimäärinen | Heuristinen/Shuriken | Mahdollisesti haitallinen ohjelma | Mahdollisesti haitallinen muutosKäytöstä poistetut tarkistusvalinnat: Vertaisverkko (Peer-to-Peer)Tarkistettuja kohteita: 217948Kulunut aika: 9 minuutti(a), 15 sekunti(a) Epäilyttäviä muistiprosesseja: 0(Ei haitallisia kohteita) Epäilyttäviä muistimoduuleja: 0(Ei haitallisia kohteita) Epäilyttäviä rekisteriavaimia: 0(Ei haitallisia kohteita) Epäilyttäviä rekisteriarvoja: 0(Ei haitallisia kohteita) Epäilyttäviä rekisterikohteita: 0(Ei haitallisia kohteita) Epäilyttäviä kansioita: 0(Ei haitallisia kohteita) Epäilyttäviä tiedostoja: 0(Ei haitallisia kohteita) (loppu) I did update my detections before the check, and I can see that the folder seems to be in the quarantine in Malwarebytes. -
Unexpected PUP, am I safe?
unluckychick replied to unluckychick's topic in Resolved Malware Removal Logs
And here the extras: OTL Extras logfile created on: 18.2.2014 11:19:53 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mari\Desktop 64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.16476) Locale: 0000040B | Country: Suomi | Language: FIN | Date Format: d.M.yyyy 3,87 Gb Total Physical Memory | 2,79 Gb Available Physical Memory | 72,14% Memory free 4,56 Gb Paging File | 3,45 Gb Available in Paging File | 75,75% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86) Drive C: | 441,38 Gb Total Space | 339,80 Gb Free Space | 76,98% Space Free | Partition Type: NTFS Drive D: | 76,15 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: SAMSUNG | User Name: Mari | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\WINDOWS\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\WINDOWS\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) htmlfile [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation) Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation) Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = AC 1C AE C5 46 9F CE 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade] "UpgradeTime" = [binary data] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade] "UpgradeTime" = Reg Error: Unknown registry data type -- File not found ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{2810BB2C-C4A2-43F7-907C-40A184C790D1}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\outlook.exe | "{6DE054F0-F02D-4E27-A465-4749C2EF1216}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{7EA60BC6-FD7F-4AC9-A987-6DCD0E87B199}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0340E9F5-4F4C-40A6-9B5A-A86EB97DD595}" = dir=out | name=music hub | "{1A8B01C7-13B6-4A63-93B4-722450C6A653}" = dir=out | name=windows_ie_ac_001 | "{24E5BF00-3ED7-41FF-AC63-D955B4FB94F8}" = dir=in | app=c:\users\mari\appdata\local\microsoft\skydrive\skydrive.exe | "{26EC9563-2CB0-47D8-929A-80B926B82E00}" = dir=out | name=f5 vpn | "{2AB10267-B4B9-49BA-8F6F-FB3742EE3CCA}" = dir=out | name=check point vpn | "{2F53D59D-A13C-4F58-824B-541FF453BCCF}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd cinema\powerdvdcinema10.exe | "{4282FE99-8560-4BC7-9576-5F3ED84E263F}" = dir=in | name=checkpoint.vpn | "{47003751-60BD-4C95-90AA-07D279138F8B}" = dir=in | name=skype | "{52433229-24BB-47BE-8A78-D23E200E45FD}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{5488337A-07E3-4800-92BD-F55DCE00D00F}" = dir=out | name=s player | "{560448D6-095C-4907-B046-AC7F710701A7}" = dir=in | name=sonicwall.mobileconnect | "{56B31924-4ABE-4415-A58E-0EE99E47457D}" = dir=out | name=bitcasa for samsung | "{5D702AA7-516C-437A-8E61-9FC4B0DC5C4D}" = dir=out | name=skype | "{5F4632C0-D5B1-40C3-B0D9-E3A759C81B9E}" = dir=out | name=sonicwall.mobileconnect | "{7583069E-7B49-4FE8-A000-32901DCBA5ED}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{7D497A36-FBA1-4AAA-8132-8E673B980E28}" = dir=in | name=juniper networks junos pulse | "{7FABC255-CE29-4B51-BFDC-98597646BAF9}" = dir=in | name=sonicwall mobile connect | "{8309DB7A-6DF6-4B4E-806A-783207A48D7C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{9368CFA9-A129-499C-A374-7F46F285A53A}" = protocol=6 | dir=in | app=c:\users\mari\appdata\roaming\utorrent\utorrent.exe | "{A4911551-8AD6-4D2B-8548-2D8D7412B119}" = protocol=17 | dir=in | app=c:\users\mari\appdata\roaming\utorrent\utorrent.exe | "{A6364B7F-6AC1-4B74-BDE2-1EF69562F32A}" = dir=out | name=evernote touch | "{A801E461-8C93-4C4B-ACA5-8C4C812C81F2}" = dir=out | name=chaton | "{A87DB2D9-AC30-424F-A110-D0F971F4AC9C}" = dir=out | name=s camera | "{A8C83947-DFC1-4E4E-8DBC-014A650A332D}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe | "{AB690F7C-E417-4522-8EE8-3752D59DCF70}" = dir=in | name=check point vpn | "{AE693C45-6A89-49A9-AC11-613A38B2836B}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{B25932B9-E18E-45D6-9940-9CAE82FC3341}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{B50E3ECD-5B30-4FAB-B4F2-840CD3436B9F}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{B669D4AD-B4FC-4ED3-8310-98AAA698D2CE}" = dir=out | name=sonicwall mobile connect | "{BA1EE4F5-5B29-4E97-A18D-4D16D8182BE1}" = dir=out | name=windows_ie_ac_001 | "{C5D446C2-4C31-4482-AFBE-10795438690B}" = dir=in | name=f5 vpn | "{C6920E45-40EF-43E6-B438-8CC4C18FFDC5}" = dir=in | name=bitcasa for samsung | "{C6F6DBCC-D6B6-48F7-9DE9-E20CF89A44A1}" = dir=out | name=juniper networks junos pulse | "{D6980480-941A-4DF6-AB81-3734ECD3D779}" = dir=out | name=junipernetworks.junospulsevpn | "{DB59588E-ED90-4C47-A7B5-7929DD0C0BD2}" = dir=out | name=checkpoint.vpn | "{EA5A7085-7AF7-4A3F-BE9B-912A3892A552}" = dir=out | name=s gallery | "{EC799E33-72BA-42D7-9127-DEFE68F9799D}" = dir=in | name=junipernetworks.junospulsevpn | "{EC83CE91-9D59-4236-8EA6-C0F3DC1FC09A}" = dir=out | name=windows_ie_ac_001 | "{F29E7D89-6E4E-4A65-9944-1C280B1D06E3}" = dir=in | name=evernote touch | "{F64300AD-D559-4000-BD45-0997BCC8E70A}" = dir=out | name=f5.vpn.client | "{F73C13F5-C132-4549-B737-04D894E5A7E4}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{F77E5446-4378-4E99-8B7A-7061AAAEA193}" = dir=in | name=f5.vpn.client | "TCP Query User{D8337C8B-750E-4956-9BF8-9DAE17C2435F}C:\program files (x86)\symantec\norton online backup\nobuclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\norton online backup\nobuclient.exe | "UDP Query User{2BB47235-A184-46F0-8B61-4B4FD5B6772F}C:\program files (x86)\symantec\norton online backup\nobuclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\norton online backup\nobuclient.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0D924CB2-2EA4-4044-BAF7-770202D6BD0D}" = iTunes "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64 "{409CB30E-E457-4008-9B1A-ED1B9EA21140}" = Intel® Rapid Storage Technology "{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64 "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{843A1BDC-0879-4E5B-83E1-B81CC0CF3580}" = Support Center "{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90150000-008F-0000-1000-0000000FF1CE}" = Office 15 Click-to-Run Licensing Component "{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64 "{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64 "{93F692D4-0C4D-4EED-9BFE-657C1D5959FE}" = Intel® Rapid Storage Technology "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64 "{A84A4FB1-D703-48DB-89E0-68B6499D2801}" = Qualcomm Atheros Bluetooth Suite (64) "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{AEC9D273-E162-4614-83F1-722B8C74B185}" = Help Desk "{B5E06417-A4AC-4225-B36E-7E34C91616E7}" = Intel® Trusted Connect Service Client "{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64 "{CFEA455B-E368-45B2-A01E-1C3A6C0F06B6}" = S Agent "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{EDA09459-AD7D-4434-BA0C-647F6703EA12}_is1" = Bitcasa version 0.9.20.4135 "{F842F8B0-6942-4930-821F-543E976B2C66}" = MSVCRT110_amd64 "{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}" = Apple Mobile Device Support "CCleaner" = CCleaner "Elantech" = ETDWare X64 11.7.17.3_WHQL "O365HomePremRetail - fi-fi" = Microsoft Office 365 Home Premium - fi-fi [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0170C9A2-4FBB-47B3-B3FE-76170531EF1B}" = Movie Maker "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help "{0EC7F9CC-4741-45AE-9F55-6E9343F726F5}" = Intel® Manageability Engine Firmware Recovery Agent "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86 "{0F4E2825-F515-40B1-B3E6-F6C973C69E87}" = Photo Gallery "{1057511B-F8FE-4230-9ED3-AB949A57EE4A}" = Windows Live PIMT Platform "{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Recovery "{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5 "{1789AE05-5298-492C-9A4D-CDD3A98AE6A1}" = Photo Common "{1DC65309-3556-4D72-BC22-0FDD529BE2EB}" = Windows Live Essentials "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{20068443-0047-49D6-B25E-3322A56D7E2B}" = Windows Live UX Platform Language Pack "{20FCB655-FF69-4BFF-9300-68C0386A51A6}" = Windows Live UX Platform Language Pack "{233B918E-99FD-4643-BEDD-A9855A56FC3A}" = Windows Live UX Platform Language Pack "{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Qualcomm Atheros Client Installation Program "{29315CEC-E6CE-4394-84DC-6F862E8D9A52}" = Windows Live UX Platform "{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8 "{35BD47F4-C19B-474F-AACC-E8C0BE38148A}" = Photo Common "{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup "{41FEC76C-9F4C-4A9A-B872-C605A4E04BBF}" = Photo Common "{4C0D8B3E-63F0-4773-83F5-C5B7795B0FB8}" = Photo Gallery "{4DAB6CA2-71C2-4B28-A4D4-5F6E62E44D93}" = Photo Common "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.10 "{4F9A382F-4478-4036-905C-F77DF2EA0370}" = Windows Live SOXE "{4FA8F084-C42F-45E1-B7E5-E0C8A1083DC5}" = Windows Live SOXE Definitions "{52FE9150-B4B1-42BE-8F05-7D559757E450}" = Movie Maker "{5932CF7B-00D6-4B31-A849-554C3C68E0EB}" = Windows Live Essentials "{59687468-8CE9-4ABF-9C6A-5C31F0E09F8B}" = SideSync "{5F86FE78-D294-448C-9993-B9AFB62BE456}" = Movie Maker "{61889FC7-9738-439A-96B3-17AF981BDDEF}" = Movie Maker "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{64DF7404-9D46-44AF-AFA1-A2F8D5648C2D}" = Windows Live Photo Common "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "{76EE8FE7-1957-4C51-9074-4930A8CFB1AF}" = Windows Live Installer "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{81019508-84DC-476E-8C49-BD77A61217D9}" = Fotogalleri "{82EC241F-DFCA-4166-A8C3-EA5D2B9A41C4}" = HomeSync Lite "{86F56921-A690-4FD8-87B6-7BEAC39D2500}" = Photo Common "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{8BE01561-9570-47E3-8B7F-D6A80005B970}" = Windows Live Essentials "{8CB5C357-12E5-41B1-A024-D57D4E6F32D9}" = Settings "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110 "{90150000-008C-0000-0000-0000000FF1CE}" = Office 15 Click-to-Run Extensibility Component "{90150000-008C-040B-0000-0000000FF1CE}" = Office 15 Click-to-Run Localization Component "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{976BD361-BD7C-49D5-8423-3E98DD480E1F}" = Windows Liven peruspaketti "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9B2E55F8-5BA8-4A45-9682-ACB6F2CC0DA5}" = Photo Gallery "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A6C17C20-4464-4A2A-968D-684C083B9424}" = User Guide "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5 "{A7C37D4B-F37A-42E8-9B6A-B28C18AD4C12}" = Easy File Share "{A922C4B7-50E0-4787-A94C-59DBF3C65DBE}" = Applen ohjelmatuki "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AA04DFE7-C921-43AD-9A70-595DE6C5A881}" = Valokuvavalikoima "{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.8) MUI "{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime "{B92C2C6C-F70E-497B-88A7-1FEF9888272B}" = Adobe AIR "{BA73469B-D8C7-4FE3-B33C-1340D09F0709}" = Windows Live Communications Platform "{BECFE8E0-4171-4562-8ED4-CBC4594204C9}" = Windows Live UX Platform Language Pack "{BF1EE0CD-2697-49F1-842E-5A0D427331BB}" = Mobiililaajakaista-ohjelma "{CB11603E-C53E-4690-B73E-BC6E1317796B}" = Movie Maker "{CD8F936D-7BA3-4902-B0A0-7D96C69E1193}" = Fotogalleriet "{CE1836A8-3F2B-49BD-8395-93DD414068D2}" = AllSharePlayLink "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D71BC54E-A4E6-4E06-866C-FD6EE16EA187}" = Movie Maker "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{DA06101F-FD76-4BF0-88BD-B26A197005E3}" = SW Update "{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player "{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10 "{DF02C515-40B5-45AC-A601-5DC69D03885C}" = Phone Screen Sharing "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E51363F9-BA22-4069-A5CB-B17A9EB06BB9}" = Windows Live UX Platform Language Pack "{E653AB36-18D7-4FB3-BDAF-024283971050}" = Support Center FAQ "{EBFCBD05-77A3-4FC3-A6D2-27218B61D957}" = Windows Live Essentials "{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}" = E-POP "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel® SDK for OpenCL - CPU Only Runtime Package "Adobe AIR" = Adobe AIR "Avast" = avast! Free Antivirus "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player "Google Chrome" = Google Chrome "HUAWEI" = HUAWEI 4.25.10.00 "Huawei Modems" = Huawei modem "InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8 "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10 "Intel AppUp(SM) center 33070" = Intel AppUp(SM) center "LastFM_is1" = Last.fm Scrobbler 2.1.36 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versio 1.75.0.1300 "Mozilla Firefox 24.0 (x86 fi)" = Mozilla Firefox 24.0 (x86 fi) "MozillaMaintenanceService" = Mozilla Maintenance Service "NARA" = Norton Online Backup ARA "Revo Uninstaller" = Revo Uninstaller 1.95 "WinLiveSuite" = Windows Live Essentials "VLC media player" = VLC media player 2.1.3 ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1389066822-2107305290-2761972221-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "SkyDriveSetup.exe" = Microsoft SkyDrive ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 21.1.2014 17:28:48 | Computer Name = Samsung | Source = Microsoft-Windows-Immersive-Shell | ID = 5973 Description = Sovelluksen microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail aktivointi epäonnistui, virhe: -2144927141. Lisätietoja on Microsoft-Windows-TWinUI/Toiminnassa-lokissa. Error - 22.1.2014 10:03:40 | Computer Name = Samsung | Source = Microsoft-Windows-Immersive-Shell | ID = 5973 Description = Sovelluksen microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 aktivointi epäonnistui, virhe: -2144927141. Lisätietoja on Microsoft-Windows-TWinUI/Toiminnassa-lokissa. Error - 22.1.2014 10:04:07 | Computer Name = Samsung | Source = Microsoft-Windows-Immersive-Shell | ID = 5973 Description = Sovelluksen microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail aktivointi epäonnistui, virhe: -2144927141. Lisätietoja on Microsoft-Windows-TWinUI/Toiminnassa-lokissa. Error - 22.1.2014 10:04:28 | Computer Name = Samsung | Source = Microsoft-Windows-Immersive-Shell | ID = 5973 Description = Sovelluksen microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail aktivointi epäonnistui, virhe: -2144927141. Lisätietoja on Microsoft-Windows-TWinUI/Toiminnassa-lokissa. Error - 22.1.2014 10:04:34 | Computer Name = Samsung | Source = Microsoft-Windows-Immersive-Shell | ID = 5973 Description = Sovelluksen microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail aktivointi epäonnistui, virhe: -2144927141. Lisätietoja on Microsoft-Windows-TWinUI/Toiminnassa-lokissa. Error - 22.1.2014 10:04:39 | Computer Name = Samsung | Source = Microsoft-Windows-Immersive-Shell | ID = 5973 Description = Sovelluksen microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 aktivointi epäonnistui, virhe: -2144927141. Lisätietoja on Microsoft-Windows-TWinUI/Toiminnassa-lokissa. Error - 22.1.2014 10:04:39 | Computer Name = Samsung | Source = Microsoft-Windows-Immersive-Shell | ID = 5973 Description = Sovelluksen microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 aktivointi epäonnistui, virhe: -2144927141. Lisätietoja on Microsoft-Windows-TWinUI/Toiminnassa-lokissa. Error - 22.1.2014 10:04:39 | Computer Name = Samsung | Source = Microsoft-Windows-Immersive-Shell | ID = 5973 Description = Sovelluksen microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 aktivointi epäonnistui, virhe: -2144927141. Lisätietoja on Microsoft-Windows-TWinUI/Toiminnassa-lokissa. Error - 22.1.2014 10:04:39 | Computer Name = Samsung | Source = Microsoft-Windows-Immersive-Shell | ID = 5973 Description = Sovelluksen microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 aktivointi epäonnistui, virhe: -2144927141. Lisätietoja on Microsoft-Windows-TWinUI/Toiminnassa-lokissa. Error - 22.1.2014 10:04:54 | Computer Name = Samsung | Source = Microsoft-Windows-Immersive-Shell | ID = 5973 Description = Sovelluksen microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 aktivointi epäonnistui, virhe: -2144927141. Lisätietoja on Microsoft-Windows-TWinUI/Toiminnassa-lokissa. [ System Events ] Error - 4.2.2014 1:36:27 | Computer Name = Samsung | Source = DCOM | ID = 10010 Description = Error - 4.2.2014 1:36:32 | Computer Name = Samsung | Source = DCOM | ID = 10010 Description = Error - 4.2.2014 1:36:38 | Computer Name = Samsung | Source = DCOM | ID = 10010 Description = Error - 4.2.2014 1:36:39 | Computer Name = Samsung | Source = DCOM | ID = 10010 Description = Error - 4.2.2014 1:36:39 | Computer Name = Samsung | Source = DCOM | ID = 10010 Description = Error - 4.2.2014 1:36:40 | Computer Name = Samsung | Source = DCOM | ID = 10010 Description = Error - 4.2.2014 1:36:50 | Computer Name = Samsung | Source = DCOM | ID = 10010 Description = Error - 4.2.2014 1:39:23 | Computer Name = Samsung | Source = DCOM | ID = 10016 Description = Error - 4.2.2014 2:04:18 | Computer Name = Samsung | Source = DCOM | ID = 10010 Description = Error - 4.2.2014 2:33:14 | Computer Name = Samsung | Source = DCOM | ID = 10010 Description = < End of report > -
Unexpected PUP, am I safe?
unluckychick replied to unluckychick's topic in Resolved Malware Removal Logs
Hello Borislav and thank you so much for the help. Here the text from the notepads: OTL logfile created on: 18.2.2014 11:19:53 - Run 1OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mari\Desktop64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstationInternet Explorer (Version = 9.11.9600.16476)Locale: 0000040B | Country: Suomi | Language: FIN | Date Format: d.M.yyyy 3,87 Gb Total Physical Memory | 2,79 Gb Available Physical Memory | 72,14% Memory free4,56 Gb Paging File | 3,45 Gb Available in Paging File | 75,75% Paging File freePaging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)Drive C: | 441,38 Gb Total Space | 339,80 Gb Free Space | 76,98% Space Free | Partition Type: NTFSDrive D: | 76,15 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: SAMSUNG | User Name: Mari | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit ScansCompany Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2014.02.18 11:10:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mari\Desktop\OTL.exePRC - [2014.02.02 16:46:00 | 003,767,096 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exePRC - [2014.02.02 16:46:00 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exePRC - [2013.10.21 21:07:30 | 003,018,800 | ---- | M] (Samsung Electronics CO., LTD.) -- C:\ProgramData\Samsung\SW Update Service\SWMAgent.exePRC - [2013.09.25 02:43:56 | 000,323,584 | ---- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exePRC - [2013.09.16 12:20:16 | 000,390,616 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exePRC - [2013.09.16 12:20:12 | 000,131,544 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exePRC - [2013.09.16 12:20:10 | 000,169,432 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exePRC - [2013.09.03 05:53:50 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exePRC - [2013.08.07 14:24:00 | 000,015,720 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exePRC - [2013.05.27 08:47:10 | 001,286,144 | ---- | M] () -- C:\Program Files (x86)\Elisa\Mobiililaajakaista-ohjelma\BecHelperService.exePRC - [2013.03.07 02:20:50 | 000,310,640 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exePRC - [2013.02.01 03:52:54 | 001,594,416 | ---- | M] (Samsung Electronics CO., LTD.) -- C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exePRC - [2013.02.01 03:52:48 | 000,085,040 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exePRC - [2013.02.01 03:52:30 | 002,624,048 | ---- | M] (Samsung Electronics CO., LTD.) -- C:\Program Files (x86)\Samsung\Settings\sSettings.exePRC - [2012.08.15 13:41:26 | 000,097,392 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exePRC - [2012.06.08 05:34:06 | 000,111,120 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exePRC - [2012.04.24 13:37:56 | 000,169,752 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe ========== Modules (No Company Name) ========== MOD - [2014.01.20 13:17:04 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dllMOD - [2014.01.20 13:16:38 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dllMOD - [2013.10.16 11:40:59 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dllMOD - [2013.02.01 03:52:58 | 000,111,152 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\EasySettingsBase.dllMOD - [2013.02.01 03:52:46 | 000,211,064 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dllMOD - [2013.02.01 03:52:32 | 000,060,976 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\EasyMovieEnhancer.dllMOD - [2013.02.01 03:52:20 | 000,103,472 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\EasySettingsCmdClient.dllMOD - [2013.02.01 03:52:18 | 000,027,184 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\EasySettingsAPI.dllMOD - [2012.06.08 05:34:06 | 000,627,216 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dllMOD - [2012.06.08 04:34:06 | 000,016,400 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll ========== Services (SafeList) ========== SRV:64bit: - [2014.02.02 16:46:00 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)SRV:64bit: - [2013.11.27 17:36:30 | 003,395,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)SRV:64bit: - [2013.11.08 05:41:17 | 001,302,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc)SRV:64bit: - [2013.10.31 09:08:22 | 001,907,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe -- (OfficeSvc)SRV:64bit: - [2013.10.22 03:53:47 | 001,584,128 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc)SRV:64bit: - [2013.10.19 07:37:49 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)SRV:64bit: - [2013.10.04 10:10:59 | 000,533,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness)SRV:64bit: - [2013.09.30 06:15:54 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)SRV:64bit: - [2013.09.30 06:15:53 | 001,555,456 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)SRV:64bit: - [2013.09.30 06:15:53 | 000,491,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\GeofenceMonitorService.dll -- (lfsvc)SRV:64bit: - [2013.09.30 06:15:53 | 000,261,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)SRV:64bit: - [2013.09.06 14:19:36 | 000,100,104 | ---- | M] (ELAN Microelectronics Corp.) [Auto | Running] -- C:\Program Files\Elantech\ETDService.exe -- (ETDService)SRV:64bit: - [2013.08.27 14:32:30 | 000,828,376 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe -- (Intel®SRV:64bit: - [2013.08.27 14:32:14 | 000,747,520 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®SRV:64bit: - [2013.08.22 14:32:01 | 000,346,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\NisSrv.exe -- (WdNisSvc)SRV:64bit: - [2013.08.22 14:32:00 | 000,023,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)SRV:64bit: - [2013.08.22 14:31:56 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)SRV:64bit: - [2013.08.22 13:32:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC)SRV:64bit: - [2013.08.22 13:31:43 | 000,040,448 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)SRV:64bit: - [2013.08.22 13:22:45 | 000,066,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)SRV:64bit: - [2013.08.22 13:21:15 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)SRV:64bit: - [2013.08.22 13:16:57 | 000,118,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)SRV:64bit: - [2013.08.22 12:25:28 | 000,164,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)SRV:64bit: - [2013.08.22 12:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)SRV:64bit: - [2013.08.22 12:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)SRV:64bit: - [2013.08.22 12:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)SRV:64bit: - [2013.08.22 12:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)SRV:64bit: - [2013.08.22 12:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)SRV:64bit: - [2013.08.22 12:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)SRV:64bit: - [2013.08.22 12:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface)SRV:64bit: - [2013.08.22 12:04:53 | 000,716,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)SRV:64bit: - [2013.08.22 12:02:47 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost)SRV:64bit: - [2013.08.22 11:59:26 | 000,832,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)SRV:64bit: - [2013.08.22 11:58:42 | 000,280,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)SRV:64bit: - [2013.08.22 11:57:25 | 000,130,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum)SRV:64bit: - [2013.08.22 11:54:59 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)SRV:64bit: - [2013.08.22 11:50:59 | 000,245,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)SRV:64bit: - [2013.08.22 11:50:00 | 000,525,312 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)SRV:64bit: - [2013.08.22 11:45:59 | 000,151,040 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService)SRV:64bit: - [2013.08.22 11:40:49 | 000,248,832 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)SRV:64bit: - [2013.08.22 11:40:14 | 000,398,848 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)SRV:64bit: - [2013.08.22 11:39:33 | 000,198,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)SRV:64bit: - [2013.08.22 11:31:03 | 000,201,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)SRV:64bit: - [2013.08.22 11:15:54 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)SRV:64bit: - [2013.08.07 14:24:00 | 000,015,720 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)SRV - [2014.01.29 23:02:44 | 000,279,000 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)SRV - [2013.10.21 21:07:30 | 003,018,800 | ---- | M] (Samsung Electronics CO., LTD.) [Auto | Running] -- C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe -- (SWUpdateService)SRV - [2013.09.30 06:15:49 | 000,357,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GeofenceMonitorService.dll -- (lfsvc)SRV - [2013.09.25 03:08:56 | 000,312,448 | ---- | M] (Windows ® Win 7 DDK provider) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc)SRV - [2013.09.25 02:43:56 | 000,323,584 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (ZAtheros Bt and Wlan Coex Agent)SRV - [2013.09.16 12:20:16 | 000,390,616 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)SRV - [2013.09.16 12:20:12 | 000,131,544 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe -- (Intel®SRV - [2013.09.16 12:20:10 | 000,169,432 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)SRV - [2013.09.11 04:26:44 | 000,118,680 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)SRV - [2013.09.05 10:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)SRV - [2013.09.03 05:53:50 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)SRV - [2013.08.22 14:31:56 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)SRV - [2013.08.22 05:55:35 | 000,018,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)SRV - [2013.08.22 04:53:34 | 000,011,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)SRV - [2013.05.27 08:47:10 | 001,286,144 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Elisa\Mobiililaajakaista-ohjelma\BecHelperService.exe -- (BecHelperService)SRV - [2013.02.01 03:52:54 | 001,594,416 | ---- | M] (Samsung Electronics CO., LTD.) [Auto | Running] -- C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe -- (Easy Launcher)SRV - [2012.08.15 04:44:50 | 003,943,104 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)SRV - [2012.04.24 13:37:56 | 000,169,752 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe -- (ICCS)SRV - [2010.02.19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) ========== Driver Services (SafeList) ========== DRV:64bit: - [2014.02.02 16:46:04 | 001,038,072 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)DRV:64bit: - [2014.02.02 16:46:04 | 000,421,704 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsp.sys -- (aswSP)DRV:64bit: - [2014.02.02 16:46:04 | 000,080,184 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\aswstm.sys -- (aswStm)DRV:64bit: - [2014.02.02 16:46:04 | 000,078,648 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)DRV:64bit: - [2014.01.29 23:02:28 | 005,363,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)DRV:64bit: - [2013.12.29 20:38:51 | 000,207,904 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\aswVmm.sys -- (aswVmm)DRV:64bit: - [2013.11.11 04:48:41 | 000,039,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep)DRV:64bit: - [2013.11.09 13:55:11 | 000,325,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI)DRV:64bit: - [2013.11.01 13:39:53 | 000,086,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc)DRV:64bit: - [2013.10.31 02:58:59 | 000,372,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport)DRV:64bit: - [2013.10.26 03:54:32 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2)DRV:64bit: - [2013.10.16 11:41:01 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\aswRvrt.sys -- (aswRvrt)DRV:64bit: - [2013.10.16 11:41:00 | 000,092,544 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)DRV:64bit: - [2013.10.16 10:54:36 | 000,032,512 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hitmanpro37.sys -- (hitmanpro37)DRV:64bit: - [2013.10.13 04:48:34 | 000,136,536 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS)DRV:64bit: - [2013.10.05 17:25:54 | 000,057,176 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme)DRV:64bit: - [2013.09.30 06:15:49 | 000,467,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3)DRV:64bit: - [2013.09.30 06:15:49 | 000,236,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)DRV:64bit: - [2013.09.30 06:15:49 | 000,175,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt)DRV:64bit: - [2013.09.30 06:02:18 | 000,027,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)DRV:64bit: - [2013.09.30 06:02:13 | 000,037,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)DRV:64bit: - [2013.09.25 02:45:26 | 000,594,632 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)DRV:64bit: - [2013.09.25 02:45:26 | 000,137,928 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)DRV:64bit: - [2013.09.25 02:45:24 | 000,338,120 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)DRV:64bit: - [2013.09.25 02:45:24 | 000,223,432 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hid.sys -- (BTATH_HID)DRV:64bit: - [2013.09.25 02:45:24 | 000,179,432 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)DRV:64bit: - [2013.09.25 02:45:24 | 000,116,424 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_avdt.sys -- (btath_avdt)DRV:64bit: - [2013.09.25 02:45:24 | 000,089,800 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)DRV:64bit: - [2013.09.25 02:45:24 | 000,077,464 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)DRV:64bit: - [2013.09.25 02:45:24 | 000,034,384 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)DRV:64bit: - [2013.09.16 12:20:12 | 000,099,288 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TeeDriverx64.sys -- (MEIx64)DRV:64bit: - [2013.09.06 14:19:20 | 000,358,664 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)DRV:64bit: - [2013.08.22 15:25:40 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv)DRV:64bit: - [2013.08.22 15:25:40 | 000,030,048 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec)DRV:64bit: - [2013.08.22 14:50:19 | 000,057,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam)DRV:64bit: - [2013.08.22 14:49:54 | 000,079,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex)DRV:64bit: - [2013.08.22 14:49:33 | 000,159,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)DRV:64bit: - [2013.08.22 14:43:49 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis)DRV:64bit: - [2013.08.22 14:43:48 | 000,146,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101)DRV:64bit: - [2013.08.22 14:43:48 | 000,041,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32)DRV:64bit: - [2013.08.22 14:43:45 | 003,357,024 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)DRV:64bit: - [2013.08.22 14:43:45 | 000,093,536 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)DRV:64bit: - [2013.08.22 14:43:45 | 000,082,784 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS)DRV:64bit: - [2013.08.22 14:43:45 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)DRV:64bit: - [2013.08.22 14:43:44 | 000,081,760 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3.sys -- (LSI_SAS3)DRV:64bit: - [2013.08.22 14:43:41 | 000,782,176 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX)DRV:64bit: - [2013.08.22 14:43:41 | 000,531,296 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)DRV:64bit: - [2013.08.22 14:43:41 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)DRV:64bit: - [2013.08.22 14:43:41 | 000,108,896 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware)DRV:64bit: - [2013.08.22 14:43:41 | 000,079,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)DRV:64bit: - [2013.08.22 14:43:40 | 000,114,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)DRV:64bit: - [2013.08.22 14:43:40 | 000,082,784 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass)DRV:64bit: - [2013.08.22 14:43:40 | 000,025,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)DRV:64bit: - [2013.08.22 14:43:34 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID)DRV:64bit: - [2013.08.22 14:43:33 | 000,189,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UCX01000.SYS -- (UCX01000)DRV:64bit: - [2013.08.22 14:43:33 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor)DRV:64bit: - [2013.08.22 14:43:32 | 000,078,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor)DRV:64bit: - [2013.08.22 14:43:32 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)DRV:64bit: - [2013.08.22 14:43:31 | 000,107,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci)DRV:64bit: - [2013.08.22 14:43:31 | 000,072,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx)DRV:64bit: - [2013.08.22 14:43:31 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx)DRV:64bit: - [2013.08.22 14:41:08 | 000,054,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpcfltr.sys -- (wpcfltr)DRV:64bit: - [2013.08.22 14:39:44 | 000,377,696 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS)DRV:64bit: - [2013.08.22 14:39:15 | 000,924,512 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\refs.sys -- (ReFS)DRV:64bit: - [2013.08.22 14:39:15 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI)DRV:64bit: - [2013.08.22 14:37:27 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci)DRV:64bit: - [2013.08.22 14:36:12 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr)DRV:64bit: - [2013.08.22 14:34:22 | 000,265,056 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter)DRV:64bit: - [2013.08.22 14:34:22 | 000,124,256 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv)DRV:64bit: - [2013.08.22 14:31:28 | 000,034,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot)DRV:64bit: - [2013.08.22 13:39:54 | 000,076,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache)DRV:64bit: - [2013.08.22 13:39:31 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay)DRV:64bit: - [2013.08.22 13:39:28 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender)DRV:64bit: - [2013.08.22 13:39:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HyperVideo.sys -- (HyperVideo)DRV:64bit: - [2013.08.22 13:39:06 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf)DRV:64bit: - [2013.08.22 13:38:58 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime)DRV:64bit: - [2013.08.22 13:38:48 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr)DRV:64bit: - [2013.08.22 13:38:39 | 000,036,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)DRV:64bit: - [2013.08.22 13:38:26 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic)DRV:64bit: - [2013.08.22 13:38:23 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter)DRV:64bit: - [2013.08.22 13:38:22 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig)DRV:64bit: - [2013.08.22 13:38:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid)DRV:64bit: - [2013.08.22 13:37:49 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd)DRV:64bit: - [2013.08.22 13:37:46 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)DRV:64bit: - [2013.08.22 13:37:42 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum)DRV:64bit: - [2013.08.22 13:37:28 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)DRV:64bit: - [2013.08.22 13:37:28 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c)DRV:64bit: - [2013.08.22 13:37:14 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)DRV:64bit: - [2013.08.22 13:36:43 | 000,087,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc63.sys -- (netvsc)DRV:64bit: - [2013.08.22 13:36:37 | 000,224,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BthLEEnum.sys -- (BthLEEnum)DRV:64bit: - [2013.08.22 13:36:25 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)DRV:64bit: - [2013.08.22 13:36:17 | 000,124,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform)DRV:64bit: - [2013.08.22 13:36:07 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp)DRV:64bit: - [2013.08.22 13:35:42 | 000,103,424 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu)DRV:64bit: - [2013.08.22 10:46:33 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fxppm.sys -- (FxPPM)DRV:64bit: - [2013.08.15 20:13:30 | 003,859,968 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athwbx.sys -- (athr)DRV:64bit: - [2013.08.13 01:25:46 | 000,017,624 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2)DRV:64bit: - [2013.08.10 02:39:30 | 000,651,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV)DRV:64bit: - [2013.08.07 14:23:46 | 000,644,968 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA)DRV:64bit: - [2013.07.30 20:47:35 | 000,024,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO)DRV:64bit: - [2013.07.26 15:07:30 | 000,827,096 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt630x64.sys -- (RTL8168)DRV:64bit: - [2013.07.25 21:05:39 | 000,099,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C)DRV:64bit: - [2013.07.25 15:53:46 | 000,023,040 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)DRV:64bit: - [2013.01.29 17:05:04 | 000,014,336 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter)DRV:64bit: - [2013.01.29 17:05:02 | 000,452,608 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ewusbwwan.sys -- (ewusbmbb)DRV:64bit: - [2013.01.29 17:05:02 | 000,225,920 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)DRV:64bit: - [2013.01.29 17:05:02 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)DRV:64bit: - [2013.01.29 17:05:02 | 000,090,112 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator)DRV:64bit: - [2012.12.13 12:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)DRV:64bit: - [2012.08.06 05:37:08 | 000,352,456 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cbfs3.sys -- (cbfs3)DRV:64bit: - [2012.07.27 14:00:03 | 000,023,408 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RadioHIDMini.sys -- (RadioHIDMini)DRV:64bit: - [2012.06.25 03:24:50 | 000,092,536 | ---- | M] (CyberLink) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\CLVirtualDrive.sys -- (CLVirtualDrive)DRV:64bit: - [2012.06.19 00:40:50 | 000,342,528 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)DRV:64bit: - [2012.05.26 02:56:14 | 000,168,608 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NARAx64\0401000.00E\ccSetx64.sys -- (ccSet_NARA) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {5387967B-EEB6-4153-9D59-0F3C7606A394}IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRCIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htmIE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1389066822-2107305290-2761972221-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung13.msn.comIE - HKU\S-1-5-21-1389066822-2107305290-2761972221-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://samsung13.msn.com/IE - HKU\S-1-5-21-1389066822-2107305290-2761972221-1001\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1389066822-2107305290-2761972221-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SRIE - HKU\S-1-5-21-1389066822-2107305290-2761972221-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}IE - HKU\S-1-5-21-1389066822-2107305290-2761972221-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-21-1389066822-2107305290-2761972221-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "about:home"FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:9.0.2011.70FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not foundFF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014.02.02 16:46:06 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\componentsFF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.09.11 00:49:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mari\AppData\Roaming\mozilla\Extensions[2013.10.16 10:44:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mari\AppData\Roaming\mozilla\Firefox\Profiles\i4q717sh.default\extensions[2013.10.16 11:35:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions[2013.10.16 11:35:07 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}[2014.02.02 16:46:06 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF ========== Chrome ========== CHR - default_search_provider: Google (Enabled)CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},CHR - Extension: Media Hint = C:\Users\Mari\AppData\Local\Google\Chrome\User Data\Default\Extensions\anepbdekljkmmimmhbniglnnanmmkoja\0.1.13_0\CHR - Extension: Google-dokumentit = C:\Users\Mari\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_1\CHR - Extension: Google Drive = C:\Users\Mari\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_1\CHR - Extension: YouTube = C:\Users\Mari\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1\CHR - Extension: Adblock Plus = C:\Users\Mari\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.7.4_0\CHR - Extension: Google-haku = C:\Users\Mari\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1\CHR - Extension: XKit = C:\Users\Mari\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpfgeeomkfdefkckijiabdbogjkdaecd\7.4.2_0\CHR - Extension: avast! Online Security = C:\Users\Mari\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2013.75_0\CHR - Extension: Reddit Enhancement Suite = C:\Users\Mari\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb\4.3.1.2_0\CHR - Extension: Google Wallet = C:\Users\Mari\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\CHR - Extension: Gmail = C:\Users\Mari\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_2\ Hosts file not foundO2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)O3 - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)O4:64bit: - HKLM..\Run: [bitcasa] C:\Program Files\Bitcasa\Bitcasa.exe (Bitcasa, Inc)O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\SysNative\hkcmd.exe (Intel Corporation)O4:64bit: - HKLM..\Run: [igfxTray] C:\WINDOWS\SysNative\igfxtray.exe (Intel Corporation)O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\WINDOWS\SysNative\LogiLDA.dll (Logitech, Inc.)O4:64bit: - HKLM..\Run: [Persistence] C:\WINDOWS\SysNative\igfxpers.exe (Intel Corporation)O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)O4 - HKLM..\Run: [] File not foundO4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)O4 - HKLM..\Run: [CLMLServer_For_P2G8] C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (CyberLink)O4 - HKLM..\Run: [CLVirtualDrive] C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe (CyberLink Corp.)O4 - HKLM..\Run: [intel AppUp(SM) center] C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe (Intel Corporation)O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)O4 - HKLM..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: BtvStack = "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe" (Qualcomm®Atheros®)O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPath = 1O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)O1364bit: - gopher Prefix: missingO13 - gopher Prefix: missingO17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3323EA63-0941-44EE-82B4-2BCEA411D47B}: DhcpNameServer = 172.20.10.1O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9192355D-A01E-4595-AC0E-828E345F8B0A}: DhcpNameServer = 192.168.0.254O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A53C783C-2567-42B0-9A4A-DF69487C3FCF}: DhcpNameServer = 192.168.0.254O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BB849D9B-7821-4069-9513-6AD572D67D84}: NameServer = 195.197.54.100 195.74.0.47O18:64bit: - Protocol\Handler\osf - No CLSID value foundO18:64bit: - Protocol\Handler\skype4com - No CLSID value foundO18:64bit: - Protocol\Handler\wlpg - No CLSID value foundO18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation)O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\WINDOWS\SysNative\igfxdev.dll (Intel Corporation)O21:64bit: - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysNative\CbFsMntNtf3.dll (EldoS Corporation)O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O22:64bit: - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\SysNative\CbFsMntNtf3.dll (EldoS Corporation)O22 - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)O30 - LSA: Security Packages - (livessp) - File not foundO32 - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2013.05.27 11:30:42 | 000,448,896 | R--- | M] () - D:\Autorun.exe -- [ CDFS ]O32 - AutoRun File - [2013.05.27 11:20:40 | 000,062,896 | R--- | M] () - D:\Autorun.ico -- [ CDFS ]O32 - AutoRun File - [2013.05.27 11:23:36 | 000,000,047 | R--- | M] () - D:\Autorun.inf -- [ CDFS ]O33 - MountPoints2\{d0928262-4207-11e3-bebb-001e101ff69a}\Shell - "" = AutoRunO33 - MountPoints2\{d0928262-4207-11e3-bebb-001e101ff69a}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2013.05.27 11:30:42 | 000,448,896 | R--- | M] ()O33 - MountPoints2\{dfbf43e5-37f3-11e3-8250-f8a4f7d96fd1}\Shell - "" = AutoRunO33 - MountPoints2\{dfbf43e5-37f3-11e3-8250-f8a4f7d96fd1}\Shell\AutoRun\command - "" = D:\Autorun.exe -- [2013.05.27 11:30:42 | 000,448,896 | R--- | M] ()O34 - HKLM BootExecute: (autocheck autochk *)O35:64bit: - HKLM\..comfile [open] -- "%1" %*O35:64bit: - HKLM\..exefile [open] -- "%1" %*O35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*O37 - HKLM\...com [@ = comfile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2014.02.18 11:10:07 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Mari\Desktop\OTL.exe[2014.02.18 10:17:10 | 000,000,000 | R--D | C] -- C:\Users\Mari\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices[2014.02.17 21:46:32 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess[2014.02.13 18:57:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime[2014.02.08 15:54:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER[2014.02.08 15:33:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office[2014.02.08 15:26:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013[2014.02.08 15:24:37 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office 15[2014.02.02 23:25:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes[2014.02.02 23:24:40 | 000,000,000 | ---D | C] -- C:\Program Files\iPod[2014.02.02 23:24:39 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes[2014.02.02 23:24:39 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69[2014.02.02 23:24:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update[2014.02.02 23:24:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple[2014.02.02 23:23:55 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour[2014.02.02 23:23:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour[2014.02.02 23:23:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple[2014.01.19 16:02:59 | 000,000,000 | ---D | C] -- C:\AdwCleaner[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ][1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2014.02.18 11:10:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mari\Desktop\OTL.exe[2014.02.18 11:04:02 | 000,001,020 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job[2014.02.18 10:18:31 | 000,002,197 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk[2014.02.18 10:18:06 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat[2014.02.18 10:16:39 | 000,001,016 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job[2014.02.18 10:16:03 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys[2014.02.17 21:45:36 | 3326,443,520 | -HS- | M] () -- C:\hiberfil.sys[2014.02.15 18:44:50 | 001,371,388 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI[2014.02.15 18:44:50 | 000,723,514 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat[2014.02.15 18:44:50 | 000,436,568 | ---- | M] () -- C:\WINDOWS\SysNative\perfh00B.dat[2014.02.15 18:44:50 | 000,136,128 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat[2014.02.15 18:44:50 | 000,082,128 | ---- | M] () -- C:\WINDOWS\SysNative\perfc00B.dat[2014.02.06 00:06:44 | 000,001,086 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk[2014.02.02 23:25:37 | 000,001,795 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk[2014.02.02 16:46:34 | 000,001,982 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk[2014.02.02 16:46:04 | 001,038,072 | ---- | M] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswSnx.sys[2014.02.02 16:46:04 | 000,421,704 | ---- | M] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswsp.sys[2014.02.02 16:46:04 | 000,334,136 | ---- | M] (AVAST Software) -- C:\WINDOWS\SysNative\aswBoot.exe[2014.02.02 16:46:04 | 000,080,184 | ---- | M] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswstm.sys[2014.02.02 16:46:04 | 000,078,648 | ---- | M] (AVAST Software) -- C:\WINDOWS\SysNative\drivers\aswMonFlt.sys[2014.02.02 16:46:03 | 000,043,152 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr[2014.01.29 23:02:42 | 000,017,058 | ---- | M] () -- C:\WINDOWS\SysNative\iglhxs64.vp[2014.01.29 23:02:38 | 000,009,728 | ---- | M] ( ) -- C:\WINDOWS\SysNative\IGFXDEVLib.dll[2014.01.29 23:02:22 | 000,098,304 | ---- | M] () -- C:\WINDOWS\SysNative\igdde64.dll[2014.01.29 23:02:22 | 000,077,312 | ---- | M] () -- C:\WINDOWS\SysWow64\igdde32.dll[2014.01.29 23:02:14 | 000,223,664 | ---- | M] () -- C:\WINDOWS\SysNative\Gfxres.th-TH.resources[2014.01.29 23:02:14 | 000,144,645 | ---- | M] () -- C:\WINDOWS\SysNative\Gfxres.tr-TR.resources[2014.01.29 23:02:14 | 000,126,300 | ---- | M] () -- C:\WINDOWS\SysNative\Gfxres.zh-TW.resources[2014.01.29 23:02:14 | 000,124,650 | ---- | M] () -- C:\WINDOWS\SysNative\Gfxres.zh-CN.resources[2014.01.29 23:02:12 | 000,210,106 | ---- | M] () -- C:\WINDOWS\SysNative\Gfxres.el-GR.resources[2014.01.29 23:02:12 | 000,194,245 | ---- | M] () -- C:\WINDOWS\SysNative\Gfxres.ru-RU.resources[2014.01.29 23:02:12 | 000,166,170 | ---- | M] () -- C:\WINDOWS\SysNative\Gfxres.ar-SA.resources[2014.01.29 23:02:12 | 000,163,421 | ---- | M] () -- C:\WINDOWS\SysNative\Gfxres.ja-JP.resources[2014.01.29 23:02:12 | 000,159,008 | ---- | M] () -- C:\WINDOWS\SysNative\Gfxres.he-IL.resources[2014.01.29 23:02:12 | 000,149,682 | ---- | M] () -- C:\WINDOWS\SysNative\Gfxres.it-IT.resources[2014.01.29 23:02:12 | 000,148,042 | ---- | M] () -- C:\WINDOWS\SysNative\Gfxres.ko-KR.resources[2014.01.29 23:02:12 | 000,147,393 | ---- | M] () -- C:\WINDOWS\SysNative\Gfxres.de-DE.resources[2014.01.29 23:02:12 | 000,147,288 | ---- | M] () -- C:\WINDOWS\SysNative\Gfxres.es-ES.resources[2014.01.29 23:02:12 | 000,146,004 | ---- | M] () -- C:\WINDOWS\SysNative\Gfxres.ro-RO.resources[2014.01.29 23:02:12 | 000,145,491 | ---- | M] () -- C:\WINDOWS\SysNative\Gfxres.fr-FR.resources[2014.01.29 23:02:12 | 000,144,260 | ---- | M] () -- C:\WINDOWS\SysNative\Gfxres.pt-BR.resources[2014.01.29 23:02:12 | 000,144,020 | ---- | M] () -- C:\WINDOWS\SysNative\Gfxres.nl-NL.resources[2014.01.29 23:02:12 | 000,143,932 | ---- | M] () -- C:\WINDOWS\SysNative\Gfxres.hu-HU.resources[2014.01.29 23:02:12 | 000,142,882 | ---- | M] () -- C:\WINDOWS\SysNative\Gfxres.sv-SE.resources[2014.01.29 23:02:12 | 000,142,877 | ---- | M] () -- C:\WINDOWS\SysNative\Gfxres.pt-PT.resources[2014.01.29 23:02:12 | 000,142,717 | ---- | M] () -- C:\WINDOWS\SysNative\Gfxres.pl-PL.resources[2014.01.29 23:02:12 | 000,142,289 | ---- | M] () -- C:\WINDOWS\SysNative\Gfxres.cs-CZ.resources[2014.01.29 23:02:12 | 000,142,008 | ---- | M] () -- C:\WINDOWS\SysNative\Gfxres.fi-FI.resources[2014.01.29 23:02:12 | 000,141,838 | ---- | M] () -- C:\WINDOWS\SysNative\Gfxres.sk-SK.resources[2014.01.29 23:02:12 | 000,141,049 | ---- | M] () -- C:\WINDOWS\SysNative\Gfxres.hr-HR.resources[2014.01.29 23:02:12 | 000,137,889 | ---- | M] () -- C:\WINDOWS\SysNative\Gfxres.sl-SI.resources[2014.01.29 23:02:12 | 000,137,784 | ---- | M] () -- C:\WINDOWS\SysNative\Gfxres.nb-NO.resources[2014.01.29 23:02:12 | 000,137,141 | ---- | M] () -- C:\WINDOWS\SysNative\Gfxres.da-DK.resources[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ][1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ] ========== Files Created - No Company Name ========== [2014.02.06 00:06:44 | 000,001,086 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk[2014.02.02 23:25:37 | 000,001,795 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk[2014.02.02 23:24:16 | 000,002,535 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk[2014.01.29 23:02:42 | 000,017,058 | ---- | C] () -- C:\WINDOWS\SysNative\iglhxs64.vp[2014.01.29 23:02:38 | 000,009,728 | ---- | C] ( ) -- C:\WINDOWS\SysNative\IGFXDEVLib.dll[2014.01.29 23:02:22 | 000,098,304 | ---- | C] () -- C:\WINDOWS\SysNative\igdde64.dll[2014.01.29 23:02:22 | 000,077,312 | ---- | C] () -- C:\WINDOWS\SysWow64\igdde32.dll[2014.01.29 23:02:14 | 000,223,664 | ---- | C] () -- C:\WINDOWS\SysNative\Gfxres.th-TH.resources[2014.01.29 23:02:14 | 000,144,645 | ---- | C] () -- C:\WINDOWS\SysNative\Gfxres.tr-TR.resources[2014.01.29 23:02:14 | 000,126,300 | ---- | C] () -- C:\WINDOWS\SysNative\Gfxres.zh-TW.resources[2014.01.29 23:02:14 | 000,124,650 | ---- | C] () -- C:\WINDOWS\SysNative\Gfxres.zh-CN.resources[2014.01.29 23:02:12 | 000,210,106 | ---- | C] () -- C:\WINDOWS\SysNative\Gfxres.el-GR.resources[2014.01.29 23:02:12 | 000,194,245 | ---- | C] () -- C:\WINDOWS\SysNative\Gfxres.ru-RU.resources[2014.01.29 23:02:12 | 000,166,170 | ---- | C] () -- C:\WINDOWS\SysNative\Gfxres.ar-SA.resources[2014.01.29 23:02:12 | 000,163,421 | ---- | C] () -- C:\WINDOWS\SysNative\Gfxres.ja-JP.resources[2014.01.29 23:02:12 | 000,159,008 | ---- | C] () -- C:\WINDOWS\SysNative\Gfxres.he-IL.resources[2014.01.29 23:02:12 | 000,149,682 | ---- | C] () -- C:\WINDOWS\SysNative\Gfxres.it-IT.resources[2014.01.29 23:02:12 | 000,148,042 | ---- | C] () -- C:\WINDOWS\SysNative\Gfxres.ko-KR.resources[2014.01.29 23:02:12 | 000,147,393 | ---- | C] () -- C:\WINDOWS\SysNative\Gfxres.de-DE.resources[2014.01.29 23:02:12 | 000,147,288 | ---- | C] () -- C:\WINDOWS\SysNative\Gfxres.es-ES.resources[2014.01.29 23:02:12 | 000,146,004 | ---- | C] () -- C:\WINDOWS\SysNative\Gfxres.ro-RO.resources[2014.01.29 23:02:12 | 000,145,491 | ---- | C] () -- C:\WINDOWS\SysNative\Gfxres.fr-FR.resources[2014.01.29 23:02:12 | 000,144,260 | ---- | C] () -- C:\WINDOWS\SysNative\Gfxres.pt-BR.resources[2014.01.29 23:02:12 | 000,144,020 | ---- | C] () -- C:\WINDOWS\SysNative\Gfxres.nl-NL.resources[2014.01.29 23:02:12 | 000,143,932 | ---- | C] () -- C:\WINDOWS\SysNative\Gfxres.hu-HU.resources[2014.01.29 23:02:12 | 000,142,882 | ---- | C] () -- C:\WINDOWS\SysNative\Gfxres.sv-SE.resources[2014.01.29 23:02:12 | 000,142,877 | ---- | C] () -- C:\WINDOWS\SysNative\Gfxres.pt-PT.resources[2014.01.29 23:02:12 | 000,142,717 | ---- | C] () -- C:\WINDOWS\SysNative\Gfxres.pl-PL.resources[2014.01.29 23:02:12 | 000,142,289 | ---- | C] () -- C:\WINDOWS\SysNative\Gfxres.cs-CZ.resources[2014.01.29 23:02:12 | 000,142,008 | ---- | C] () -- C:\WINDOWS\SysNative\Gfxres.fi-FI.resources[2014.01.29 23:02:12 | 000,141,838 | ---- | C] () -- C:\WINDOWS\SysNative\Gfxres.sk-SK.resources[2014.01.29 23:02:12 | 000,141,049 | ---- | C] () -- C:\WINDOWS\SysNative\Gfxres.hr-HR.resources[2014.01.29 23:02:12 | 000,137,889 | ---- | C] () -- C:\WINDOWS\SysNative\Gfxres.sl-SI.resources[2014.01.29 23:02:12 | 000,137,784 | ---- | C] () -- C:\WINDOWS\SysNative\Gfxres.nb-NO.resources[2014.01.29 23:02:12 | 000,137,141 | ---- | C] () -- C:\WINDOWS\SysNative\Gfxres.da-DK.resources[2014.01.22 16:07:41 | 000,138,240 | ---- | C] () -- C:\WINDOWS\SysNative\OEMLicense.dll[2014.01.22 16:07:41 | 000,103,936 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll[2013.12.30 14:03:06 | 000,024,064 | ---- | C] () -- C:\WINDOWS\zoek-delete.exe[2013.12.01 22:13:11 | 000,000,132 | ---- | C] () -- C:\Users\Mari\AppData\Roaming\Adobe PNG Format CS5 Prefs[2013.11.28 15:09:57 | 000,001,456 | ---- | C] () -- C:\Users\Mari\AppData\Local\Adobe Save for Web 12.0 Prefs[2013.11.21 14:37:01 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl[2013.11.21 14:20:18 | 001,394,918 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI[2013.08.28 19:55:40 | 000,067,156 | ---- | C] () -- C:\WINDOWS\Huawei ModemsUninstall.exe[2013.08.22 17:36:43 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat[2013.08.22 17:36:42 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT[2013.08.22 16:46:23 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat[2013.08.22 09:01:23 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin[2013.08.22 05:32:36 | 000,046,080 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll[2013.08.22 01:55:20 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll[2013.08.22 01:52:39 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat[2013.03.11 12:01:42 | 000,000,002 | ---- | C] () -- C:\WINDOWS\HotFixList.ini[2013.03.11 11:37:52 | 000,003,004 | ---- | C] () -- C:\ProgramData\MakeMarkerFile.xml[2013.02.07 07:27:32 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe[2013.02.07 07:27:28 | 000,974,848 | ---- | C] () -- C:\WINDOWS\SysWow64\cis-2.4.dll[2013.02.07 07:27:28 | 000,081,920 | ---- | C] () -- C:\WINDOWS\SysWow64\issacapi_bs-2.3.dll[2013.02.07 07:27:28 | 000,065,536 | ---- | C] () -- C:\WINDOWS\SysWow64\issacapi_pe-2.3.dll[2013.02.07 07:27:28 | 000,057,344 | ---- | C] () -- C:\WINDOWS\SysWow64\issacapi_se-2.3.dll[2012.12.14 01:42:30 | 000,963,452 | ---- | C] () -- C:\WINDOWS\SysWow64\igcodeckrng600.bin[2012.12.14 01:42:28 | 000,272,928 | ---- | C] () -- C:\WINDOWS\SysWow64\igvpkrng600.bin[2012.12.10 07:12:50 | 000,001,536 | ---- | C] () -- C:\WINDOWS\SysWow64\IusEventLog.dll ========== ZeroAccess Check ========== [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64"" = C:\Windows\SysNative\shell32.dll -- [2013.11.05 22:21:27 | 021,196,664 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]"" = %SystemRoot%\system32\shell32.dll -- [2013.11.05 20:51:37 | 018,642,504 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2013.08.22 11:49:49 | 000,921,088 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]"" = %systemroot%\system32\wbem\fastprox.dll -- [2013.08.22 04:45:10 | 000,691,712 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2013.08.22 11:45:17 | 000,483,840 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.10.16 18:27:41 | 000,000,000 | ---D | M] -- C:\Users\Mari\AppData\Roaming\AVAST Software[2013.10.31 11:09:14 | 000,000,000 | ---D | M] -- C:\Users\Mari\AppData\Roaming\Birdstep Technology[2013.08.31 17:41:42 | 000,000,000 | ---D | M] -- C:\Users\Mari\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant[2013.09.06 18:47:04 | 000,000,000 | ---D | M] -- C:\Users\Mari\AppData\Roaming\No Company Name[2013.09.05 22:57:32 | 000,000,000 | ---D | M] -- C:\Users\Mari\AppData\Roaming\PDAppFlex[2013.11.21 14:04:26 | 000,000,000 | ---D | M] -- C:\Users\Mari\AppData\Roaming\Samsung[2013.12.29 21:30:00 | 000,000,000 | ---D | M] -- C:\Users\Mari\AppData\Roaming\uTorrent ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 220 bytes -> C:\Users\Mari\SkyDrive:ms-properties < End of report > -
Hi! I was doing my daily scan with Malwarebytes when quite unexpectedly it came back with 3 results. It was a PUP, more specifically PUP.Optional.BoostInterProcess.A I tried deleting them, rebooted as Malwarebytes prompted, but when I ran the check on my laptop again, the same 3 files were there. This is the Malwarebytes log for the second check: Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.org Tietokantaversio: v2014.02.17.07 Windows 8 x64 NTFSInternet Explorer 11.0.9600.16476Mari :: SAMSUNG [järjestelmänvalvoja] 17.2.2014 21:49:24MBAM-log-2014-02-17 (22-00-36).txt Tarkistustyyppi: PikatarkistusTarkistussuodattimia valittu: Muisti | Käynnistys | Rekisteri | Tietojärjestelmä | Heuristinen/Ylimäärinen | Heuristinen/Shuriken | Mahdollisesti haitallinen ohjelma | Mahdollisesti haitallinen muutosKäytöstä poistetut tarkistusvalinnat: Vertaisverkko (Peer-to-Peer)Tarkistettuja kohteita: 217778Kulunut aika: 8 minuutti(a), 44 sekunti(a) Epäilyttäviä muistiprosesseja: 0(Ei haitallisia kohteita) Epäilyttäviä muistimoduuleja: 0(Ei haitallisia kohteita) Epäilyttäviä rekisteriavaimia: 0(Ei haitallisia kohteita) Epäilyttäviä rekisteriarvoja: 0(Ei haitallisia kohteita) Epäilyttäviä rekisterikohteita: 0(Ei haitallisia kohteita) Epäilyttäviä kansioita: 1C:\ProgramData\boost_interprocess (PUP.Optional.BoostInterProcess.A) -> Toimintoja ei suoritettu. Epäilyttäviä tiedostoja: 2C:\ProgramData\boost_interprocess\Nobu64AgentService (PUP.Optional.BoostInterProcess.A) -> Toimintoja ei suoritettu.C:\ProgramData\boost_interprocess\Nobu64TrayIcon (PUP.Optional.BoostInterProcess.A) -> Toimintoja ei suoritettu. (loppu) Unfortunately my computer won't run DDS I'm quite confused as to where I could have picked this up, I haven't downloaded anything from the internet in a while, and I have not visited any suspicious websites. I have a Samsung laptop with Windows 8.1 Help would be appreciated!
-
Infected and in trouble
unluckychick replied to unluckychick's topic in Resolved Malware Removal Logs
I think I'll have to think about what to do for a while, so I believe this topic could be closed. I'm starting to think that I won't do anything about the metro issue, but if I find more trouble I think I'll go to a professional and see what they recommend as quite honestly I am absolutely clueless on this thing and think I could cause more trouble than benefit if I tried doing anything myself. Thank you for all of your help Kevin, you've been very helpful! -
Infected and in trouble
unluckychick replied to unluckychick's topic in Resolved Malware Removal Logs
Oh God, I honestly have NO idea what to do, all of this is making me really really anxious right now. What option would you recommend? I think I'll have to sleep on this as it is quite late and my nerves are getting the best of me on this. -
Infected and in trouble
unluckychick replied to unluckychick's topic in Resolved Malware Removal Logs
The slider seems to be in the normal position for me if that is what I need to check... I know this is propably not your area anymore, but do you think it would be fine if I didn't do anything and just left the windows apps broken? I really don't use them anyway. I'm just worried if this means there could be other things wrong with my system as well now that this has arisen. -
Infected and in trouble
unluckychick replied to unluckychick's topic in Resolved Malware Removal Logs
Sorry I'm a bit useless with this, how do I check if UAC is turned off? The screen resolution is fine. I think this problem started when that one program I used during our process got stuck because of my mistake and I had to turn the computer off. After that I remember the metro tiles looking strange for a moment. But I am almost certain this started at some point during the virus check process. -
Infected and in trouble
unluckychick replied to unluckychick's topic in Resolved Malware Removal Logs
How do I check for that? -
Infected and in trouble
unluckychick replied to unluckychick's topic in Resolved Malware Removal Logs
Does the refresh require the installation disc? I'm honestly not sure if I have it, but I'm finally going home on Monday, so I could try to find it if you indeed think its my best option. And if we're being honest I really don't use any metro app besides e-mail so if they don't work it isn't that big of a loss to me. -
Infected and in trouble
unluckychick replied to unluckychick's topic in Resolved Malware Removal Logs
Sorry I don't know what that is, not a native english speaker