OTL logfile created on: 2014.01.23 19:27:24 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Rugilė\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.16428) Locale: 00000427 | Country: Lithuania | Language: LTH | Date Format: yyyy.MM.dd 3,90 Gb Total Physical Memory | 1,93 Gb Available Physical Memory | 49,46% Memory free 7,81 Gb Paging File | 5,64 Gb Available in Paging File | 72,21% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 445,65 Gb Total Space | 370,07 Gb Free Space | 83,04% Space Free | Partition Type: NTFS Drive D: | 19,81 Gb Total Space | 2,15 Gb Free Space | 10,84% Space Free | Partition Type: NTFS Drive E: | 1,86 Gb Total Space | 1,67 Gb Free Space | 89,99% Space Free | Partition Type: FAT32 Computer Name: RUGILE-HP | User Name: Rugilė | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2014.01.23 19:22:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Rugilė\Desktop\OTL.scr PRC - [2013.12.20 09:30:26 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2013.12.18 10:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013.12.11 20:21:32 | 001,862,536 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe PRC - [2013.11.20 01:54:20 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe PRC - [2013.11.20 01:54:00 | 004,411,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe PRC - [2013.10.26 12:15:44 | 000,607,232 | ---- | M] (MyCity) -- C:\Program Files (x86)\MCShield\MCShieldRTM.exe PRC - [2013.10.25 23:11:58 | 000,404,480 | ---- | M] (MyCity) -- C:\Program Files (x86)\MCShield\MCShieldDS.exe PRC - [2013.10.09 10:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe PRC - [2013.07.04 14:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe PRC - [2013.06.26 18:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2013.06.26 18:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2013.02.19 03:01:14 | 000,328,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe PRC - [2013.02.07 08:20:20 | 001,641,768 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe PRC - [2013.02.07 08:20:08 | 003,695,912 | ---- | M] (AuthenTec Inc.) -- C:\Program Files (x86)\HP SimplePass\TouchControl.exe PRC - [2013.02.07 08:19:54 | 004,073,768 | ---- | M] () -- C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe PRC - [2013.01.07 17:30:22 | 000,246,112 | ---- | M] () -- C:\ProgramData\Omnitel mobilusis internetas\OnlineUpdate\ouc.exe PRC - [2012.11.05 15:14:34 | 001,343,904 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe PRC - [2012.09.02 08:55:05 | 000,218,624 | ---- | M] () -- C:\ProgramData\Tele2 Mobile Partner\OnlineUpdate\ouc.exe PRC - [2012.03.27 07:02:04 | 001,104,208 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe PRC - [2012.03.27 07:02:02 | 001,304,912 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe PRC - [2012.03.27 07:01:56 | 001,014,096 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe PRC - [2012.03.27 07:01:56 | 000,936,272 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe PRC - [2012.03.05 22:38:38 | 000,578,944 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe PRC - [2012.03.05 22:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe PRC - [2012.02.11 01:18:30 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe PRC - [2012.02.08 20:03:36 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2012.02.08 20:03:34 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2012.02.08 20:03:16 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe PRC - [2012.02.07 03:49:04 | 000,193,536 | ---- | M] (Intel Corporation) -- C:\Windows\SysWOW64\irstrtsv.exe PRC - [2012.02.02 02:29:58 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2012.01.28 03:40:46 | 000,291,608 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe PRC - [2011.08.19 23:48:44 | 000,379,960 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe PRC - [2010.11.16 15:37:30 | 000,230,912 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe PRC - [2010.04.23 21:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2013.12.20 09:30:25 | 003,559,024 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2013.12.11 20:21:31 | 016,242,056 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll MOD - [2013.10.10 15:18:23 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\8f5b881951592b2fd05f710650bf7e04\System.Core.ni.dll MOD - [2013.10.10 15:15:44 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll MOD - [2013.10.10 15:15:24 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29f3ae8d313e62b4daed1107ccd29f9f\System.Configuration.ni.dll MOD - [2013.09.05 00:14:10 | 004,300,456 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF MOD - [2013.09.02 09:54:51 | 000,220,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\de6ee26de5e4f343509de7e92ab48ba6\CustomMarshalers.ni.dll MOD - [2013.09.02 09:09:19 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll MOD - [2013.09.02 09:08:48 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll MOD - [2013.09.02 09:08:43 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll MOD - [2013.09.02 09:08:27 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll MOD - [2013.02.07 08:19:54 | 004,073,768 | ---- | M] () -- C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe MOD - [2013.02.07 08:19:50 | 000,019,240 | ---- | M] () -- C:\Program Files (x86)\HP SimplePass\DownloadManager.dll MOD - [2010.11.21 05:24:01 | 000,069,120 | ---- | M] () -- C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - [2013.11.26 11:18:09 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService) SRV:[b]64bit:[/b] - [2013.05.27 07:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:[b]64bit:[/b] - [2013.01.07 22:31:42 | 000,401,856 | ---- | M] (AuthenTec, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\AuthenTec\TrueService.exe -- (TrueService) SRV:[b]64bit:[/b] - [2012.09.24 12:40:56 | 000,031,040 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv) SRV:[b]64bit:[/b] - [2012.03.04 02:16:40 | 000,313,856 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV) SRV:[b]64bit:[/b] - [2012.02.26 04:07:52 | 002,669,840 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService) SRV:[b]64bit:[/b] - [2012.02.26 04:07:42 | 000,273,168 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS) SRV:[b]64bit:[/b] - [2012.02.26 04:07:32 | 000,626,960 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV:[b]64bit:[/b] - [2012.02.26 04:07:26 | 000,148,752 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV:[b]64bit:[/b] - [2012.02.10 01:26:48 | 000,133,632 | ---- | M] () [Auto | Running] -- C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe -- (ISCTAgent) SRV:[b]64bit:[/b] - [2012.02.03 07:29:52 | 000,628,448 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R) SRV:[b]64bit:[/b] - [2012.01.17 15:12:28 | 000,135,952 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr) SRV:[b]64bit:[/b] - [2012.01.09 11:39:44 | 000,659,968 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3) SRV:[b]64bit:[/b] - [2011.02.17 07:47:28 | 000,682,040 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe -- (HPAuto) SRV:[b]64bit:[/b] - [2010.09.23 03:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2014.01.14 02:47:42 | 000,227,904 | ---- | M] (WildTangent) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe -- (GamesAppIntegrationService) SRV - [2013.12.20 09:30:25 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.12.18 10:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013.12.11 20:21:32 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.11.20 01:54:20 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd) SRV - [2013.10.09 10:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2013.07.04 14:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent) SRV - [2013.06.26 18:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2013.06.26 18:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2013.03.09 00:10:32 | 000,000,000 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2013.02.07 08:20:20 | 001,641,768 | ---- | M] (HP) [Auto | Running] -- C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe -- (FPLService) SRV - [2013.01.07 17:30:22 | 000,246,112 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Omnitel mobilusis internetas\UpdateDog\ouc.exe -- (Omnitel mobilusis internetas. RunOuc) SRV - [2012.09.27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service) SRV - [2012.09.02 08:55:05 | 000,218,624 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Tele2 Mobile Partner\UpdateDog\ouc.exe -- (Tele2 Mobile Partner. RunOuc) SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.03.27 07:02:04 | 001,104,208 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service) SRV - [2012.03.27 07:02:02 | 001,304,912 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service) SRV - [2012.03.27 07:01:56 | 001,014,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor) SRV - [2012.03.05 22:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC) SRV - [2012.02.22 04:34:22 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) SRV - [2012.02.08 20:03:36 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2012.02.08 20:03:34 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2012.02.08 20:03:16 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe -- (jhi_service) SRV - [2012.02.07 03:49:04 | 000,193,536 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysWOW64\irstrtsv.exe -- (irstrtsv) SRV - [2012.02.02 02:29:58 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2011.03.14 17:27:34 | 000,346,976 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\HWDeviceService64.exe -- (HWDeviceService64.exe) SRV - [2010.10.12 19:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService) SRV - [2010.03.18 22:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - [2014.01.23 19:16:52 | 000,034,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WPRO_41_2001.sys -- (WPRO_41_2001) DRV:[b]64bit:[/b] - [2013.11.25 01:48:36 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver) DRV:[b]64bit:[/b] - [2013.10.23 01:05:08 | 000,045,880 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64) DRV:[b]64bit:[/b] - [2013.07.20 00:51:00 | 000,311,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga) DRV:[b]64bit:[/b] - [2013.07.20 00:50:56 | 000,071,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA) DRV:[b]64bit:[/b] - [2013.07.20 00:50:50 | 000,206,648 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64) DRV:[b]64bit:[/b] - [2013.07.01 00:45:28 | 000,116,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64) DRV:[b]64bit:[/b] - [2013.06.26 18:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:[b]64bit:[/b] - [2013.06.26 18:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:[b]64bit:[/b] - [2013.06.26 18:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:[b]64bit:[/b] - [2013.06.26 18:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:[b]64bit:[/b] - [2013.03.21 02:08:24 | 000,240,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia) DRV:[b]64bit:[/b] - [2013.01.07 17:30:22 | 000,421,376 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbwwan.sys -- (ewusbmbb) DRV:[b]64bit:[/b] - [2013.01.07 17:30:22 | 000,221,312 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard) DRV:[b]64bit:[/b] - [2013.01.07 17:30:22 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev) DRV:[b]64bit:[/b] - [2013.01.07 17:30:22 | 000,086,016 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator) DRV:[b]64bit:[/b] - [2012.09.24 12:40:56 | 000,043,840 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer) DRV:[b]64bit:[/b] - [2012.09.24 12:40:56 | 000,031,040 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt) DRV:[b]64bit:[/b] - [2012.03.25 06:10:25 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:[b]64bit:[/b] - [2012.03.25 06:10:25 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:[b]64bit:[/b] - [2012.03.21 10:13:14 | 000,060,928 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (ibtfltcoex) DRV:[b]64bit:[/b] - [2012.03.04 02:16:48 | 000,535,552 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA) DRV:[b]64bit:[/b] - [2012.03.02 03:39:42 | 000,425,232 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:[b]64bit:[/b] - [2012.03.02 03:39:36 | 000,021,264 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Smb_driver.sys -- (SmbDrv) DRV:[b]64bit:[/b] - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:[b]64bit:[/b] - [2012.02.20 11:36:58 | 011,471,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Netwsw00.sys -- (NETwNs64) DRV:[b]64bit:[/b] - [2012.02.15 12:47:38 | 014,692,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:[b]64bit:[/b] - [2012.02.13 08:10:40 | 000,747,008 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf) DRV:[b]64bit:[/b] - [2012.02.13 07:53:54 | 000,095,232 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux) DRV:[b]64bit:[/b] - [2012.02.10 01:24:16 | 000,044,992 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ISCTD64.sys -- (ISCT) DRV:[b]64bit:[/b] - [2012.02.10 01:24:16 | 000,025,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\imsevent.sys -- (imsevent) DRV:[b]64bit:[/b] - [2012.02.10 01:24:14 | 000,025,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ikbevent.sys -- (ikbevent) DRV:[b]64bit:[/b] - [2012.02.07 19:49:04 | 000,026,504 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\irstrtdv.sys -- (irstrtdv) DRV:[b]64bit:[/b] - [2012.02.02 02:16:40 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:[b]64bit:[/b] - [2012.01.28 03:39:34 | 000,787,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc) DRV:[b]64bit:[/b] - [2012.01.28 03:39:34 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub) DRV:[b]64bit:[/b] - [2012.01.28 03:39:34 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs) DRV:[b]64bit:[/b] - [2012.01.27 19:00:28 | 000,109,056 | ---- | M] (Ozmo Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hswpan.sys -- (hswpan) DRV:[b]64bit:[/b] - [2012.01.27 03:37:24 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible) DRV:[b]64bit:[/b] - [2012.01.27 03:37:24 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus) DRV:[b]64bit:[/b] - [2012.01.09 11:32:40 | 000,195,584 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amppal.sys -- (AMPPALP) DRV:[b]64bit:[/b] - [2012.01.09 11:32:40 | 000,195,584 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amppal.sys -- (AMPPAL) DRV:[b]64bit:[/b] - [2011.12.28 09:15:50 | 000,292,456 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsBaStor.sys -- (RSBASTOR) DRV:[b]64bit:[/b] - [2011.12.07 05:23:10 | 000,331,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:[b]64bit:[/b] - [2011.11.11 03:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:[b]64bit:[/b] - [2011.09.30 03:30:34 | 000,646,248 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:[b]64bit:[/b] - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:[b]64bit:[/b] - [2010.11.21 05:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:[b]64bit:[/b] - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:[b]64bit:[/b] - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:[b]64bit:[/b] - [2010.07.28 18:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd) DRV:[b]64bit:[/b] - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:[b]64bit:[/b] - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:[b]64bit:[/b] - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:[b]64bit:[/b] - [2009.06.10 23:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92) DRV:[b]64bit:[/b] - [2009.06.10 23:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac) DRV:[b]64bit:[/b] - [2009.06.10 23:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA) DRV:[b]64bit:[/b] - [2009.06.10 22:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD) DRV:[b]64bit:[/b] - [2009.06.10 22:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:[b]64bit:[/b] - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:[b]64bit:[/b] - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:[b]64bit:[/b] - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:[b]64bit:[/b] - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2013.01.31 11:00:00 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl) DRV - [2013.01.31 11:00:00 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11220.sys -- (EraserUtilDrv11220) DRV - [2012.09.03 08:08:22 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) [color=#E56717]========== Standard Registry (All) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://do-search.com/?type=hp&ts=1384193705&from=ild&uid=_ IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://do-search.com/web/?type=ds&ts=1384193705&from=ild&uid=_&q={searchTerms} IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://do-search.com/web/?type=ds&ts=1384193705&from=ild&uid=_&q={searchTerms} IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://do-search.com/?type=hp&ts=1384193705&from=ild&uid=_ IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86} IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{18503355-251D-497E-8E40-E1C27F6B47F3}: "URL" = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://do-search.com/web/?type=ds&ts=1384193705&from=ild&uid=_&q={searchTerms} IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://do-search.com/web/?type=ds&ts=1384193705&from=ild&uid=_&q={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\URLSearchHook: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE - HKLM\..\SearchScopes\{18503355-251D-497E-8E40-E1C27F6B47F3}: "URL" = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10011&barid={ECEB1E60-F740-11E1-AF7D-001E101FB45E} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation) IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation) IE - HKU\S-1-5-21-2485889189-2964997085-1895398575-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com IE - HKU\S-1-5-21-2485889189-2964997085-1895398575-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm IE - HKU\S-1-5-21-2485889189-2964997085-1895398575-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKU\S-1-5-21-2485889189-2964997085-1895398575-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKU\S-1-5-21-2485889189-2964997085-1895398575-1000\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-2485889189-2964997085-1895398575-1000\..\URLSearchHook: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.) IE - HKU\S-1-5-21-2485889189-2964997085-1895398575-1000\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation) IE - HKU\S-1-5-21-2485889189-2964997085-1895398575-1000\..\SearchScopes,BrowserMngrDefaultScope = {N2342-ASDAD-T2DSS-TSDDAA-LDASDT-YASDDS3} IE - HKU\S-1-5-21-2485889189-2964997085-1895398575-1000\..\SearchScopes,DefaultScope = {1948E92A-E308-4681-BDE1-4D41C9025968} IE - HKU\S-1-5-21-2485889189-2964997085-1895398575-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE - HKU\S-1-5-21-2485889189-2964997085-1895398575-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=109220&tt=4612_4&babsrc=SP_ss&mntrId=76ffbfeb000000000000001e101f36d9 IE - HKU\S-1-5-21-2485889189-2964997085-1895398575-1000\..\SearchScopes\{18503355-251D-497E-8E40-E1C27F6B47F3}: "URL" = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE - HKU\S-1-5-21-2485889189-2964997085-1895398575-1000\..\SearchScopes\{1948E92A-E308-4681-BDE1-4D41C9025968}: "URL" = http://search.ividi.org/?q={searchTerms}&src=tbsp&id=76ffbfeb000000000000001e101f9843&affilt=1&r=914 IE - HKU\S-1-5-21-2485889189-2964997085-1895398575-1000\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF IE - HKU\S-1-5-21-2485889189-2964997085-1895398575-1000\..\SearchScopes\{AD740C9B-4B01-11E3-A0F6-001E101F9843}: "URL" = http://www.nattly.com/?q={searchTerms} IE - HKU\S-1-5-21-2485889189-2964997085-1895398575-1000\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF IE - HKU\S-1-5-21-2485889189-2964997085-1895398575-1000\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKU\S-1-5-21-2485889189-2964997085-1895398575-1000\..\SearchScopes\{E8C9B397-717F-4534-A9AB-1C78F6A3872A}: "URL" = http://tuvaro.com/ws/?source=ab9c6293&tbp=rbox&toolbarid=base&u=76ffbfeb000000000000001e101fb45e&q={searchTerms} IE - HKU\S-1-5-21-2485889189-2964997085-1895398575-1000\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10011&barid={ECEB1E60-F740-11E1-AF7D-001E101FB45E} IE - HKU\S-1-5-21-2485889189-2964997085-1895398575-1000\..\SearchScopes\{N2342-ASDAD-T2DSS-TSDDAA-LDASDT-YASDDS3}: "URL" = http://www.nattly.com/?q={searchTerms} IE - HKU\S-1-5-21-2485889189-2964997085-1895398575-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultenginename: "Search the Web" FF - prefs.js..browser.search.selectedEngine: "Search the Web" FF - prefs.js..browser.startup.homepage: "www.nattly.com" FF - prefs.js..extensions.enabledAddons: plugin%40yontoo.com:1.20.02 FF - prefs.js..extensions.enabledAddons: %7BE71B541F-5E72-5555-A47C-E47863195841%7D:1.0.37 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0 FF - prefs.js..keyword.URL: "http://www.nattly.com/?q=" FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@authentec.com/ffwloplugin: C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll ( HP) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014.01.18 10:00:19 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014.01.18 10:00:19 | 000,000,000 | ---D | M] [2012.09.08 12:06:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rugilė\AppData\Roaming\Mozilla\Extensions [2012.09.05 12:06:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rugilė\AppData\Roaming\Mozilla\Firefox\extensions [2012.09.05 12:06:05 | 000,000,000 | ---D | M] (uTorrentControl_v2) -- C:\Users\Rugilė\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6} [2012.11.14 22:46:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rugilė\AppData\Roaming\Mozilla\Firefox\Profiles\extensions [2012.11.14 22:46:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rugilė\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions [2012.09.05 12:03:05 | 000,000,000 | ---D | M] (OneClickDownloader) -- C:\Users\Rugilė\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\OneClickDownload@OneClickDownload.com [2012.11.14 22:46:31 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\Rugilė\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\plugin@yontoo.com [2014.01.06 21:04:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rugilė\AppData\Roaming\Mozilla\Firefox\Profiles\r5eatd9g.default\extensions [2013.04.29 21:37:18 | 000,000,000 | ---D | M] ("SimilarSites") -- C:\Users\Rugilė\AppData\Roaming\Mozilla\Firefox\Profiles\r5eatd9g.default\extensions\{E71B541F-5E72-5555-A47C-E47863195841} [2013.02.21 21:29:07 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\Rugilė\AppData\Roaming\Mozilla\Firefox\Profiles\r5eatd9g.default\extensions\plugin@yontoo.com [2013.04.29 21:37:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rugilė\AppData\Roaming\Mozilla\Firefox\Profilesr5eatd9g.default\extensions [2013.04.29 21:37:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rugilė\AppData\Roaming\Mozilla\Firefox\Profilesr5eatd9g.default\extensions\staged [2012.07.31 13:59:18 | 000,221,380 | ---- | M] () (No name found) -- C:\Users\Rugilė\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\gophoto@gophoto.it.xpi [2013.02.21 19:56:49 | 000,021,487 | ---- | M] () (No name found) -- C:\Users\Rugilė\AppData\Roaming\Mozilla\Firefox\Profiles\r5eatd9g.default\extensions\plugin@yontoo.com.xpi [2012.11.14 22:45:55 | 000,213,316 | ---- | M] () (No name found) -- C:\Users\Rugilė\AppData\Roaming\Mozilla\Firefox\Profiles\r5eatd9g.default\extensions\torntv@torntv.com.xpi [2013.06.30 10:44:04 | 000,239,491 | ---- | M] () (No name found) -- C:\Users\Rugilė\AppData\Roaming\Mozilla\Firefox\Profiles\r5eatd9g.default\extensions\trtv3@trtv.com.xpi [2013.05.01 17:03:33 | 000,002,352 | ---- | M] () -- C:\Users\Rugilė\AppData\Roaming\Mozilla\Firefox\Profiles\r5eatd9g.default\searchplugins\babylon.xml [2012.11.14 22:46:20 | 000,002,536 | ---- | M] () -- C:\Users\Rugilė\AppData\Roaming\Mozilla\Firefox\Profiles\r5eatd9g.default\searchplugins\browsemngr.xml [2013.11.11 20:47:05 | 000,001,401 | ---- | M] () -- C:\Users\Rugilė\AppData\Roaming\Mozilla\Firefox\Profiles\r5eatd9g.default\searchplugins\ividi.xml [2013.11.15 10:07:43 | 000,000,339 | ---- | M] () -- C:\Users\Rugilė\AppData\Roaming\Mozilla\Firefox\Profiles\r5eatd9g.default\searchplugins\Search the Web.xml [2013.11.11 20:47:13 | 000,000,487 | ---- | M] () -- C:\Users\Rugilė\AppData\Roaming\Mozilla\Firefox\Profiles\r5eatd9g.default\searchplugins\search.xml [2013.11.09 12:51:08 | 000,000,415 | ---- | M] () -- C:\Users\Rugilė\AppData\Roaming\Mozilla\Firefox\Profiles\r5eatd9g.default\searchplugins\search.xml.old [2013.04.29 21:37:34 | 000,001,407 | ---- | M] () -- C:\Users\Rugilė\AppData\Roaming\Mozilla\Firefox\Profiles\r5eatd9g.default\searchplugins\tuvaro.xml [2013.12.20 09:30:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2013.12.20 09:30:19 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2013.12.20 09:30:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com [2013.12.20 09:30:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions [2013.12.20 09:30:26 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} File not found (No name found) -- C:\USERS\RUGILÄ—\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R5EATD9G.DEFAULT\EXTENSIONS\{E71B541F-5E72-5555-A47C-E47863195841} File not found (No name found) -- C:\USERS\RUGILÄ—\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R5EATD9G.DEFAULT\EXTENSIONS\PLUGIN@YONTOO.COM.XPI [2013.12.18 20:42:36 | 000,187,248 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2012.11.14 22:46:05 | 000,002,349 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2013.11.11 20:15:05 | 000,000,517 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\do-search.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:[b]64bit:[/b] - BHO: (no name) - {11111111-1111-1111-1111-110311551178} - No CLSID value found. O2:[b]64bit:[/b] - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:[b]64bit:[/b] - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:[b]64bit:[/b] - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O2:[b]64bit:[/b] - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2:[b]64bit:[/b] - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard) O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.3.8\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (uTorrentControl_v2 Toolbar) - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.) O2 - BHO: (no name) - {8B8B2E80-1444-451D-AC8E-EB9A847F3887} - No CLSID value found. O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) O3 - HKLM\..\Toolbar: (uTorrentControl_v2 Toolbar) - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.) O4:[b]64bit:[/b] - HKLM..\Run: [BLEServicesCtrl] C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe (Intel Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated) O4:[b]64bit:[/b] - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [BCSSync] C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2485889189-2964997085-1895398575-1000..\Run: [dxhxttympx] wscript.exe //B "C:\Users\RUGIL~1\AppData\Local\Temp\dxhxttympx.vbs" File not found O4 - HKU\S-1-5-21-2485889189-2964997085-1895398575-1000..\Run: [HW_OPENEYE_OUC_Tele2 Mobile Partner] C:\Program Files (x86)\Tele2 Mobile Partner\UpdateDog\ouc.exe () O4 - HKU\S-1-5-21-2485889189-2964997085-1895398575-1000..\Run: [MCShield Monitor] C:\Program Files (x86)\MCShield\MCShieldRTM.exe (MyCity) O4:[b]64bit:[/b] - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Rugilė\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dxhxttympx.vbs () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17 O7 - HKU\S-1-5-21-2485889189-2964997085-1895398575-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O7 - HKU\S-1-5-21-2485889189-2964997085-1895398575-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0 O7 - HKU\S-1-5-21-2485889189-2964997085-1895398575-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0 O7 - HKU\S-1-5-21-2485889189-2964997085-1895398575-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0 O8:[b]64bit:[/b] - Extra context menu item: E&ksportuoti į Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8:[b]64bit:[/b] - Extra context menu item: Sių&sti į OneNote - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: E&ksportuoti į Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Sių&sti į OneNote - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:[b]64bit:[/b] - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard) O9:[b]64bit:[/b] - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard) O9:[b]64bit:[/b] - Extra Button: Siųsti į OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:[b]64bit:[/b] - Extra 'Tools' menuitem : Sių&sti į OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:[b]64bit:[/b] - Extra Button: OneNote &susietosios pastabos - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:[b]64bit:[/b] - Extra 'Tools' menuitem : OneNote &susietosios pastabos - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:[b]64bit:[/b] - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard) O9 - Extra Button: Siųsti į OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Sių&sti į OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: OneNote &susietosios pastabos - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : OneNote &susietosios pastabos - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation) O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation) O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation) O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation) O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation) O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Windows\SysNative\wshbth.dll (Microsoft Corporation) O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O13[b]64bit:[/b] - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{012C11C0-D3A1-4807-91EF-87E04BF282F2}: DhcpNameServer = 10.0.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{204B8BD5-A821-4758-9B13-3099902F2084}: NameServer = 212.247.156.66 212.247.156.70 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{50002B8F-8B5D-434A-BCA4-7D3EA1D4C9FE}: NameServer = 212.247.156.66 212.247.156.70 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8A96F3F6-8BBD-4FBB-B5FB-0BBE8CBE590D}: NameServer = 212.247.156.66 212.247.156.70 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FAE0E522-9F42-43B7-A174-863CDA74DF6B}: NameServer = 194.176.32.142 194.176.32.163 O18:[b]64bit:[/b] - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18:[b]64bit:[/b] - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:[b]64bit:[/b] - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation) O18:[b]64bit:[/b] - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:[b]64bit:[/b] - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:[b]64bit:[/b] - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:[b]64bit:[/b] - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:[b]64bit:[/b] - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation) O18:[b]64bit:[/b] - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18:[b]64bit:[/b] - Protocol\Handler\livecall - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:[b]64bit:[/b] - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18:[b]64bit:[/b] - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation) O18:[b]64bit:[/b] - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation) O18:[b]64bit:[/b] - Protocol\Handler\msnim - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O18:[b]64bit:[/b] - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation) O18:[b]64bit:[/b] - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O18:[b]64bit:[/b] - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation) O18:[b]64bit:[/b] - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation) O18:[b]64bit:[/b] - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation) O18:[b]64bit:[/b] - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:[b]64bit:[/b] - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.) O28 - HKLM ShellExecuteHooks: UPB:{B5A7F190-DDA6-4420-B3BA-52453494E6CD} - No CLSID value found. O29:[b]64bit:[/b] - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation) O30:[b]64bit:[/b] - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation) O30:[b]64bit:[/b] - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation) O30:[b]64bit:[/b] - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation) O30:[b]64bit:[/b] - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation) O30:[b]64bit:[/b] - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation) O30:[b]64bit:[/b] - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation) O30:[b]64bit:[/b] - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation) O30:[b]64bit:[/b] - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corp.) O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation) O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation) O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation) O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corp.) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2014.01.23 17:46:40 | 000,000,491 | ---- | M] () - E:\autorun.lnk -- [ FAT32 ] O33 - MountPoints2\{0c5c3737-595e-11e2-8f2f-685d4346a103}\Shell - "" = AutoRun O33 - MountPoints2\{0c5c3737-595e-11e2-8f2f-685d4346a103}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{280575cf-f1c4-11e1-b2c2-685d4346a103}\Shell - "" = AutoRun O33 - MountPoints2\{280575cf-f1c4-11e1-b2c2-685d4346a103}\Shell\AutoRun\command - "" = E:\SETUP.EXE O33 - MountPoints2\{280575cf-f1c4-11e1-b2c2-685d4346a103}\Shell\configure\command - "" = E:\SETUP.EXE O33 - MountPoints2\{280575cf-f1c4-11e1-b2c2-685d4346a103}\Shell\install\command - "" = E:\SETUP.EXE O33 - MountPoints2\{641b3e43-58d1-11e2-afd2-001e101fabdd}\Shell - "" = AutoRun O33 - MountPoints2\{641b3e43-58d1-11e2-afd2-001e101fabdd}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{8aad251b-f6b2-11e1-9b23-685d4346a103}\Shell - "" = AutoRun O33 - MountPoints2\{8aad251b-f6b2-11e1-9b23-685d4346a103}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{9eb65981-f51e-11e1-aea1-685d4346a0ff}\Shell - "" = AutoRun O33 - MountPoints2\{9eb65981-f51e-11e1-aea1-685d4346a0ff}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{b4fee3f5-f4ca-11e1-a1f0-685d4346a0ff}\Shell - "" = AutoRun O33 - MountPoints2\{b4fee3f5-f4ca-11e1-a1f0-685d4346a0ff}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{b4fee41b-f4ca-11e1-a1f0-685d4346a0ff}\Shell - "" = AutoRun O33 - MountPoints2\{b4fee41b-f4ca-11e1-a1f0-685d4346a0ff}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{b5815f95-63a0-11e2-965c-685d4346a0ff}\Shell - "" = AutoRun O33 - MountPoints2\{b5815f95-63a0-11e2-965c-685d4346a0ff}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{f8daec0f-5951-11e2-bf66-685d4346a103}\Shell - "" = AutoRun O33 - MountPoints2\{f8daec0f-5951-11e2-bf66-685d4346a103}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) MsConfig:64bit - StartUpReg: [b]BitTorrent Sync[/b] - hkey= - key= - File not found MsConfig:64bit - StartUpReg: [b]Easybits Recovery[/b] - hkey= - key= - C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS) MsConfig:64bit - StartUpReg: [b]Guard[/b] - hkey= - key= - File not found MsConfig:64bit - StartUpReg: [b]mobilegeni daemon[/b] - hkey= - key= - File not found MsConfig:64bit - StartUpReg: [b]SetDefault[/b] - hkey= - key= - C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe (Hewlett-Packard Development Company, L.P.) MsConfig:64bit - StartUpReg: [b]Torntv Downloader[/b] - hkey= - key= - File not found MsConfig:64bit - StartUpReg: [b]uTorrent[/b] - hkey= - key= - C:\Users\Rugilė\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.) MsConfig:64bit - State: "startup" - Reg Error: Key error. SafeBootMin:[b]64bit:[/b] AppMgmt - Service SafeBootMin:[b]64bit:[/b] Base - Driver Group SafeBootMin:[b]64bit:[/b] Boot Bus Extender - Driver Group SafeBootMin:[b]64bit:[/b] Boot file system - Driver Group SafeBootMin:[b]64bit:[/b] File system - Driver Group SafeBootMin:[b]64bit:[/b] Filter - Driver Group SafeBootMin:[b]64bit:[/b] HelpSvc - Service SafeBootMin:[b]64bit:[/b] PCI Configuration - Driver Group SafeBootMin:[b]64bit:[/b] PNP Filter - Driver Group SafeBootMin:[b]64bit:[/b] Primary disk - Driver Group SafeBootMin:[b]64bit:[/b] sacsvr - Service SafeBootMin:[b]64bit:[/b] SCSI Class - Driver Group SafeBootMin:[b]64bit:[/b] System Bus Extender - Driver Group SafeBootMin:[b]64bit:[/b] vmms - Service SafeBootMin:[b]64bit:[/b] WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin:[b]64bit:[/b] {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:[b]64bit:[/b] {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:[b]64bit:[/b] {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:[b]64bit:[/b] {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:[b]64bit:[/b] {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:[b]64bit:[/b] {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:[b]64bit:[/b] {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:[b]64bit:[/b] {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:[b]64bit:[/b] {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:[b]64bit:[/b] {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:[b]64bit:[/b] {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:[b]64bit:[/b] {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:[b]64bit:[/b] {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:[b]64bit:[/b] {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:[b]64bit:[/b] {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:[b]64bit:[/b] {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:[b]64bit:[/b] {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:[b]64bit:[/b] AppMgmt - Service SafeBootNet:[b]64bit:[/b] Base - Driver Group SafeBootNet:[b]64bit:[/b] Boot Bus Extender - Driver Group SafeBootNet:[b]64bit:[/b] Boot file system - Driver Group SafeBootNet:[b]64bit:[/b] File system - Driver Group SafeBootNet:[b]64bit:[/b] Filter - Driver Group SafeBootNet:[b]64bit:[/b] HelpSvc - Service SafeBootNet:[b]64bit:[/b] Messenger - Service SafeBootNet:[b]64bit:[/b] NDIS Wrapper - Driver Group SafeBootNet:[b]64bit:[/b] NetBIOSGroup - Driver Group SafeBootNet:[b]64bit:[/b] NetDDEGroup - Driver Group SafeBootNet:[b]64bit:[/b] Network - Driver Group SafeBootNet:[b]64bit:[/b] NetworkProvider - Driver Group SafeBootNet:[b]64bit:[/b] PCI Configuration - Driver Group SafeBootNet:[b]64bit:[/b] PNP Filter - Driver Group SafeBootNet:[b]64bit:[/b] PNP_TDI - Driver Group SafeBootNet:[b]64bit:[/b] Primary disk - Driver Group SafeBootNet:[b]64bit:[/b] rdsessmgr - Service SafeBootNet:[b]64bit:[/b] sacsvr - Service SafeBootNet:[b]64bit:[/b] SCSI Class - Driver Group SafeBootNet:[b]64bit:[/b] Streams Drivers - Driver Group SafeBootNet:[b]64bit:[/b] System Bus Extender - Driver Group SafeBootNet:[b]64bit:[/b] TDI - Driver Group SafeBootNet:[b]64bit:[/b] vmms - Service SafeBootNet:[b]64bit:[/b] WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet:[b]64bit:[/b] WudfUsbccidDriver - Driver SafeBootNet:[b]64bit:[/b] {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:[b]64bit:[/b] {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:[b]64bit:[/b] {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:[b]64bit:[/b] {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:[b]64bit:[/b] {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:[b]64bit:[/b] {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:[b]64bit:[/b] {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:[b]64bit:[/b] {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:[b]64bit:[/b] {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:[b]64bit:[/b] {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:[b]64bit:[/b] {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:[b]64bit:[/b] {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:[b]64bit:[/b] {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:[b]64bit:[/b] {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:[b]64bit:[/b] {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:[b]64bit:[/b] {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:[b]64bit:[/b] {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:[b]64bit:[/b] {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:[b]64bit:[/b] {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:[b]64bit:[/b] {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:[b]64bit:[/b] {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:[b]64bit:[/b] {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:[b]64bit:[/b] {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:[b]64bit:[/b] {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:[b]64bit:[/b] {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache ActiveX:[b]64bit:[/b] {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:[b]64bit:[/b] {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:[b]64bit:[/b] {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:[b]64bit:[/b] {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:[b]64bit:[/b] {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:[b]64bit:[/b] {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:[b]64bit:[/b] {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:[b]64bit:[/b] {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:[b]64bit:[/b] {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:[b]64bit:[/b] {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:[b]64bit:[/b] {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:[b]64bit:[/b] {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig ActiveX:[b]64bit:[/b] {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:[b]64bit:[/b] {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:[b]64bit:[/b] {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:[b]64bit:[/b] {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:[b]64bit:[/b] {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:[b]64bit:[/b] {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:[b]64bit:[/b] {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:[b]64bit:[/b] >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {438363A8-F486-4C37-834C-4955773CB3D3} - msiexec /fu {438363A8-F486-4C37-834C-4955773CB3D3} /qn ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP Drivers32:[b]64bit:[/b] msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2014.01.23 19:22:58 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Rugilė\Desktop\OTL.scr [2014.01.23 19:18:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MCShield [2014.01.23 19:18:23 | 000,000,000 | ---D | C] -- C:\ProgramData\MCShield [2014.01.23 19:18:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MCShield [2014.01.23 12:04:28 | 000,000,000 | ---D | C] -- C:\Users\Rugilė\AppData\Roaming\Malwarebytes [2014.01.23 12:04:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2014.01.23 12:04:21 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2014.01.23 12:04:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2014.01.23 12:04:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2014.01.23 12:04:13 | 000,000,000 | ---D | C] -- C:\Users\Rugilė\AppData\Local\Programs [2014.01.19 12:08:55 | 000,000,000 | ---D | C] -- C:\Users\Rugilė\Desktop\Išsikelti [2014.01.15 13:23:02 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys [2014.01.15 13:23:01 | 000,007,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys [2014.01.15 13:23:00 | 000,376,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys [2014.01.12 09:51:21 | 000,000,000 | -HSD | C] -- C:\found.000 [2014.01.08 21:18:19 | 000,000,000 | ---D | C] -- C:\Users\Rugilė\AppData\Local\Microsoft Games [2014.01.07 11:26:00 | 000,000,000 | ---D | C] -- C:\Users\Rugilė\Desktop\sti [2014.01.07 11:13:37 | 000,000,000 | ---D | C] -- C:\Users\Rugilė\Desktop\km [2014.01.06 21:01:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IBM SPSS Statistics [2014.01.06 21:01:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IBM [2014.01.06 20:55:42 | 000,000,000 | ---D | C] -- C:\Users\Rugilė\Documents\SPSSInc [2014.01.06 20:39:57 | 000,000,000 | ---D | C] -- C:\Users\Rugilė\.android [2014.01.06 20:39:55 | 000,000,000 | ---D | C] -- C:\Users\Rugilė\AppData\Local\genienext [2014.01.06 20:39:55 | 000,000,000 | ---D | C] -- C:\Users\Rugilė\AppData\Local\cache [2014.01.06 20:39:54 | 000,000,000 | ---D | C] -- C:\Users\Rugilė\Documents\Mobogenie [2014.01.06 20:39:54 | 000,000,000 | ---D | C] -- C:\Users\Rugilė\AppData\Local\Mobogenie [2014.01.06 20:37:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SPSS Inc [2014.01.06 20:34:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SPSS [2014.01.06 20:34:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SPSSInc [2014.01.06 20:23:35 | 000,000,000 | ---D | C] -- C:\Users\Rugilė\Documents\SPSS v20 - 32bit [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] [1 C:\Users\Rugilė\Desktop\*.tmp files -> C:\Users\Rugilė\Desktop\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2014.01.23 19:24:02 | 000,031,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2014.01.23 19:24:02 | 000,031,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2014.01.23 19:22:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Rugilė\Desktop\OTL.scr [2014.01.23 19:22:04 | 000,779,724 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2014.01.23 19:22:04 | 000,652,600 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2014.01.23 19:22:04 | 000,121,274 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2014.01.23 19:21:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2014.01.23 19:18:32 | 000,001,054 | ---- | M] () -- C:\Users\Public\Desktop\MCShield Real-Time Monitor.lnk [2014.01.23 19:16:52 | 000,034,752 | ---- | M] () -- C:\Windows\SysNative\drivers\WPRO_41_2001.sys [2014.01.23 19:16:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2014.01.23 19:16:47 | 3144,396,800 | -HS- | M] () -- C:\hiberfil.sys [2014.01.23 12:04:22 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2014.01.23 11:59:01 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForRugilė.job [2014.01.19 12:20:04 | 000,002,590 | ---- | M] () -- C:\Users\Public\Desktop\WildTangent Games App - hp.lnk [2014.01.18 10:00:20 | 000,001,981 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2014.01.16 15:52:37 | 000,418,136 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2014.01.06 21:01:15 | 000,000,016 | -H-- | M] () -- C:\Windows\SysWow64\servdat.slm [2014.01.06 20:37:41 | 000,001,024 | ---- | M] () -- C:\Windows\SysWow64\grcauth2.dll [2014.01.06 20:37:41 | 000,001,024 | ---- | M] () -- C:\Windows\SysWow64\grcauth1.dll [2014.01.06 20:37:41 | 000,000,114 | ---- | M] () -- C:\Windows\SysWow64\prsgrc.tgz [2014.01.06 20:37:41 | 000,000,100 | ---- | M] () -- C:\Windows\SysWow64\prsgrc.dll [2014.01.06 20:34:29 | 000,000,219 | ---- | M] () -- C:\Windows\SysWow64\lsprst7.tgz [2014.01.06 20:34:29 | 000,000,205 | ---- | M] () -- C:\Windows\SysWow64\lsprst7.dll [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] [1 C:\Users\Rugilė\Desktop\*.tmp files -> C:\Users\Rugilė\Desktop\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2014.01.23 19:18:32 | 000,001,054 | ---- | C] () -- C:\Users\Public\Desktop\MCShield Real-Time Monitor.lnk [2014.01.23 12:04:22 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2014.01.23 12:03:52 | 000,096,879 | -HS- | C] () -- C:\Users\Rugilė\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dxhxttympx.vbs [2014.01.06 20:37:41 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\grcauth2.dll [2014.01.06 20:37:41 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\grcauth1.dll [2014.01.06 20:37:41 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\prsgrc.tgz [2014.01.06 20:37:41 | 000,000,100 | ---- | C] () -- C:\Windows\SysWow64\prsgrc.dll [2013.12.12 00:14:44 | 000,083,107 | ---- | C] () -- C:\Users\Rugilė\doge.jpg [2013.11.28 16:49:37 | 012,089,065 | ---- | C] () -- C:\Users\Rugilė\althusser.zip [2013.11.05 22:36:36 | 000,932,195 | ---- | C] () -- C:\Users\Rugilė\STI KONSPEKTAS.pdf [2013.11.04 17:54:43 | 001,608,681 | ---- | C] () -- C:\Users\Rugilė\ZA4775_v1-0-0.sav [2013.11.04 17:49:31 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll [2013.11.04 17:49:31 | 000,000,205 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.dll [2013.10.16 20:25:14 | 000,003,214 | ---- | C] () -- C:\Users\Rugilė\download.php [2013.10.16 20:23:39 | 004,459,922 | ---- | C] () -- C:\Users\Rugilė\17896_070825031503.mp3 [2013.10.16 20:21:38 | 004,199,415 | ---- | C] () -- C:\Users\Rugilė\shape of my heart.mp3 [2013.10.16 20:21:12 | 000,000,570 | ---- | C] () -- C:\Users\Rugilė\633434535879218750.mp3 [2013.10.16 20:20:59 | 000,036,766 | ---- | C] () -- C:\Users\Rugilė\BtpkWmwU.htm [2013.10.16 11:39:33 | 000,146,099 | ---- | C] () -- C:\Users\Rugilė\VA 6 seminaras.pdf [2013.10.16 11:39:04 | 000,192,685 | ---- | C] () -- C:\Users\Rugilė\INDUKCIJOS PROBLEMA.pdf [2013.10.15 22:42:13 | 006,430,555 | ---- | C] () -- C:\Users\Rugilė\e09b353d2879fa1f149b29ecac9ddf04.mp3 [2013.10.14 16:28:37 | 009,530,140 | ---- | C] () -- C:\Users\Rugilė\VA sestapaskaita.zip [2013.10.14 16:28:30 | 001,482,714 | ---- | C] () -- C:\Users\Rugilė\IMG_20131014_145433.jpg [2013.10.14 16:28:27 | 001,710,484 | ---- | C] () -- C:\Users\Rugilė\IMG_20131014_145500.jpg [2013.10.14 16:28:21 | 001,608,758 | ---- | C] () -- C:\Users\Rugilė\IMG_20131014_145510.jpg [2013.10.14 16:28:18 | 001,575,338 | ---- | C] () -- C:\Users\Rugilė\IMG_20131014_145521.jpg [2013.10.14 16:28:15 | 001,576,012 | ---- | C] () -- C:\Users\Rugilė\IMG_20131014_145536.jpg [2013.10.14 16:28:12 | 001,580,230 | ---- | C] () -- C:\Users\Rugilė\IMG_20131014_145545.jpg [2013.09.25 18:37:41 | 021,416,616 | ---- | C] () -- C:\Users\Rugilė\savizudybe).zip [2013.09.25 18:36:52 | 017,475,973 | ---- | C] () -- C:\Users\Rugilė\savuzzzudybe.zip [2013.09.23 19:04:12 | 000,130,868 | ---- | C] () -- C:\Users\Rugilė\img.lrytas.lt [2013.09.23 19:03:58 | 000,091,834 | ---- | C] () -- C:\Users\Rugilė\1170683_664599760219780_1102153932_n.jpg [2013.09.16 16:18:00 | 004,386,651 | ---- | C] () -- C:\Users\Rugilė\Sti2.zip [2013.09.16 16:16:50 | 021,571,087 | ---- | C] () -- C:\Users\Rugilė\Sti.zip [2013.09.16 16:14:06 | 018,427,819 | ---- | C] () -- C:\Users\Rugilė\VA tekstas.zip [2013.09.12 17:29:08 | 000,287,211 | ---- | C] () -- C:\Users\Rugilė\Lemert - social theory.pdf [2013.09.12 17:28:37 | 021,238,350 | ---- | C] () -- C:\Users\Rugilė\Discovering Statistics Using SPSS (Introducing Statistical Method), 3rd edition.pdf [2013.09.12 14:46:37 | 025,360,196 | ---- | C] () -- C:\Users\Rugilė\Nisbetas1.zip [2013.09.03 12:39:58 | 003,211,672 | ---- | C] () -- C:\Users\Rugilė\Italu_kalbos_pratimai_pradedantiems_Luca_Pavan.pdf [2012.08.18 23:28:32 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat [2012.06.15 20:12:52 | 000,000,068 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat [2012.03.25 06:27:56 | 000,765,636 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.02.15 12:51:02 | 000,735,796 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin [2012.02.15 12:51:02 | 000,561,508 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin [2012.02.15 12:44:24 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012.02.15 12:01:52 | 013,020,160 | ---- | C] () -- C:\Windows\SysWow64\ig7icd32.dll [2012.02.03 07:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll [color=#E56717]========== ZeroAccess Check ==========[/color] [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.07.26 04:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.07.26 03:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] [color=#E56717]========== LOP Check ==========[/color] [2013.05.10 09:39:22 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software [2013.05.10 09:39:22 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software [2013.04.29 21:41:26 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\Applian FLV and Media Player [2013.08.29 15:04:27 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\AVG [2013.08.29 13:04:00 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\AVG2013 [2012.11.14 22:45:58 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\Babylon [2012.11.14 22:46:20 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\BabylonToolbar [2013.11.11 21:19:37 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\BitTorrent Sync [2013.11.04 17:52:54 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\Eclipse [2013.11.11 21:32:44 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\iSafe [2012.09.08 12:08:26 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\Opera [2013.04.23 00:02:17 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\Oracle [2013.12.19 23:41:54 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\SoftGrid Client [2013.12.10 17:20:28 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\SPSSInc [2012.08.18 13:34:59 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\Synaptics [2012.08.18 13:37:55 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\TP [2013.04.29 21:44:55 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\TuneUp Software [2014.01.23 12:49:38 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\uTorrent [2014.01.19 12:19:54 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\WildTangent [2013.11.11 21:14:05 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\WinZipper [2014.01.12 13:04:06 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\_MDLogs [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %SYSTEMDRIVE%\*.* >[/color] [2010.11.21 05:23:51 | 000,383,786 | RHS- | M] () -- C:\bootmgr [2007.11.07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt [2007.11.07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt [2007.11.07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt [2007.11.07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt [2007.11.07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt [2007.11.07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt [2007.11.07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt [2007.11.07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt [2007.11.07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt [2007.11.07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini [2014.01.23 19:16:47 | 3144,396,800 | -HS- | M] () -- C:\hiberfil.sys [2007.11.07 08:44:20 | 000,855,040 | ---- | M] (Microsoft Corporation) -- C:\install.exe [2007.11.07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini [2007.11.07 08:44:20 | 000,075,280 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll [2007.11.07 08:44:20 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll [2007.11.07 08:44:20 | 000,090,128 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll [2007.11.07 08:44:20 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll [2007.11.07 08:44:20 | 000,094,224 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll [2007.11.07 08:44:20 | 000,080,400 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll [2007.11.07 08:44:20 | 000,078,864 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll [2007.11.07 08:44:20 | 000,074,768 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll [2007.11.07 08:44:20 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll [2014.01.23 19:16:47 | 4192,530,432 | -HS- | M] () -- C:\pagefile.sys [2013.04.29 21:37:34 | 000,000,041 | ---- | M] () -- C:\user.js [2007.11.07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp [2007.11.07 08:50:40 | 001,927,956 | ---- | M] () -- C:\VC_RED.cab [2007.11.07 08:53:12 | 000,242,176 | ---- | M] () -- C:\VC_RED.MSI [2013.11.11 20:47:21 | 000,000,000 | ---- | M] () -- C:\Web Data [color=#A23BEC]< %USERPROFILE%\*.* >[/color] [2013.10.02 22:01:52 | 000,033,792 | ---- | M] () -- C:\Users\Rugilė\.....doc [2013.09.23 19:03:59 | 000,091,834 | ---- | M] () -- C:\Users\Rugilė\1170683_664599760219780_1102153932_n.jpg [2013.10.16 20:23:52 | 004,459,922 | ---- | M] () -- C:\Users\Rugilė\17896_070825031503.mp3 [2013.10.16 20:21:10 | 000,000,570 | ---- | M] () -- C:\Users\Rugilė\633434535879218750.mp3 [2013.11.28 16:49:37 | 012,089,065 | ---- | M] () -- C:\Users\Rugilė\althusser.zip [2013.10.16 20:20:57 | 000,036,766 | ---- | M] () -- C:\Users\Rugilė\BtpkWmwU.htm [2014.01.06 20:39:54 | 000,000,000 | ---- | M] () -- C:\Users\Rugilė\daemonprocess.txt [2013.10.08 21:17:32 | 000,016,722 | ---- | M] () -- C:\Users\Rugilė\Dažnių pasiskirstymas yra pateikiamas dažnių lentelėse.docx [2013.09.11 23:32:44 | 021,238,350 | ---- | M] () -- C:\Users\Rugilė\Discovering Statistics Using SPSS (Introducing Statistical Method), 3rd edition.pdf [2013.12.16 22:44:49 | 000,083,107 | ---- | M] () -- C:\Users\Rugilė\doge.jpg [2013.10.16 20:25:10 | 000,003,214 | ---- | M] () -- C:\Users\Rugilė\download.php [2013.10.15 22:42:19 | 006,430,555 | ---- | M] () -- C:\Users\Rugilė\e09b353d2879fa1f149b29ecac9ddf04.mp3 [2013.09.23 19:04:13 | 000,130,868 | ---- | M] () -- C:\Users\Rugilė\img.lrytas.lt [2013.10.14 13:54:33 | 001,482,714 | ---- | M] () -- C:\Users\Rugilė\IMG_20131014_145433.jpg [2013.10.14 13:55:00 | 001,710,484 | ---- | M] () -- C:\Users\Rugilė\IMG_20131014_145500.jpg [2013.10.14 13:55:10 | 001,608,758 | ---- | M] () -- C:\Users\Rugilė\IMG_20131014_145510.jpg [2013.10.14 13:55:21 | 001,575,338 | ---- | M] () -- C:\Users\Rugilė\IMG_20131014_145521.jpg [2013.10.14 13:55:36 | 001,576,012 | ---- | M] () -- C:\Users\Rugilė\IMG_20131014_145536.jpg [2013.10.14 13:55:46 | 001,580,230 | ---- | M] () -- C:\Users\Rugilė\IMG_20131014_145545.jpg [2013.10.16 11:39:05 | 000,192,685 | ---- | M] () -- C:\Users\Rugilė\INDUKCIJOS PROBLEMA.pdf [2013.09.03 12:39:58 | 003,211,672 | ---- | M] () -- C:\Users\Rugilė\Italu_kalbos_pratimai_pradedantiems_Luca_Pavan.pdf [2013.11.25 18:41:13 | 000,047,616 | ---- | M] () -- C:\Users\Rugilė\Juralevičienė Jūratė.doc [2013.12.02 21:09:39 | 000,027,136 | ---- | M] () -- C:\Users\Rugilė\kad valstyb.doc [2013.12.16 12:07:25 | 000,033,280 | ---- | M] () -- C:\Users\Rugilė\kmKARTOJIMAS.doc [2013.09.07 17:37:32 | 000,287,211 | ---- | M] () -- C:\Users\Rugilė\Lemert - social theory.pdf [2013.11.25 18:43:26 | 000,042,496 | ---- | M] () -- C:\Users\Rugilė\Nakrošis Vitalis.doc [2013.09.12 14:47:52 | 025,360,196 | ---- | M] () -- C:\Users\Rugilė\Nisbetas1.zip [2014.01.23 19:32:16 | 005,767,168 | -HS- | M] () -- C:\Users\Rugilė\NTUSER.DAT [2014.01.23 19:32:16 | 000,262,144 | -HS- | M] () -- C:\Users\Rugilė\ntuser.dat.LOG1 [2012.08.18 13:30:49 | 000,000,000 | -HS- | M] () -- C:\Users\Rugilė\ntuser.dat.LOG2 [2012.08.18 13:53:49 | 000,065,536 | -HS- | M] () -- C:\Users\Rugilė\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2012.08.18 13:53:49 | 000,524,288 | -HS- | M] () -- C:\Users\Rugilė\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2012.08.18 13:53:49 | 000,524,288 | -HS- | M] () -- C:\Users\Rugilė\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2013.08.29 18:46:53 | 000,065,536 | -HS- | M] () -- C:\Users\Rugilė\NTUSER.DAT{9145ae8d-10ca-11e3-beac-685d4346a103}.TM.blf [2013.08.29 18:46:53 | 000,524,288 | -HS- | M] () -- C:\Users\Rugilė\NTUSER.DAT{9145ae8d-10ca-11e3-beac-685d4346a103}.TMContainer00000000000000000001.regtrans-ms [2013.08.29 18:46:53 | 000,524,288 | -HS- | M] () -- C:\Users\Rugilė\NTUSER.DAT{9145ae8d-10ca-11e3-beac-685d4346a103}.TMContainer00000000000000000002.regtrans-ms [2012.08.18 13:30:50 | 000,000,020 | -HS- | M] () -- C:\Users\Rugilė\ntuser.ini [2013.09.25 18:37:51 | 021,416,616 | ---- | M] () -- C:\Users\Rugilė\savizudybe).zip [2013.09.25 18:37:21 | 017,475,973 | ---- | M] () -- C:\Users\Rugilė\savuzzzudybe.zip [2013.10.16 20:21:48 | 004,199,415 | ---- | M] () -- C:\Users\Rugilė\shape of my heart.mp3 [2013.10.17 21:31:04 | 000,020,213 | ---- | M] () -- C:\Users\Rugilė\Simbolinis interakcionizmas.docx [2013.11.28 19:55:11 | 000,050,688 | ---- | M] () -- C:\Users\Rugilė\SMF KONSPEKTAS.doc [2013.09.18 10:55:54 | 000,029,696 | ---- | M] () -- C:\Users\Rugilė\SMF PASKAITA.doc [2013.10.24 16:48:29 | 000,031,744 | ---- | M] () -- C:\Users\Rugilė\SMFANTRAS.doc [2013.10.30 11:32:41 | 000,038,912 | ---- | M] () -- C:\Users\Rugilė\smfastuoni.doc [2013.11.27 13:27:28 | 000,035,840 | ---- | M] () -- C:\Users\Rugilė\smfdvylika.doc [2013.12.12 22:27:27 | 000,019,756 | ---- | M] () -- C:\Users\Rugilė\smfseminaras keturioliktas.docx [2013.09.18 10:45:55 | 000,031,232 | ---- | M] () -- C:\Users\Rugilė\ST PASKAITA.doc [2013.09.18 21:23:16 | 000,059,904 | ---- | M] () -- C:\Users\Rugilė\STI konspektas.doc [2013.11.06 09:18:55 | 000,932,195 | ---- | M] () -- C:\Users\Rugilė\STI KONSPEKTAS.pdf [2013.10.16 18:27:07 | 000,016,231 | ---- | M] () -- C:\Users\Rugilė\STI PASKAITA.doc [2013.09.16 16:17:48 | 021,571,087 | ---- | M] () -- C:\Users\Rugilė\Sti.zip [2013.09.16 16:18:11 | 004,386,651 | ---- | M] () -- C:\Users\Rugilė\Sti2.zip [2013.12.09 18:12:43 | 000,031,232 | ---- | M] () -- C:\Users\Rugilė\stiliet.doc [2013.10.28 17:50:09 | 000,027,648 | ---- | M] () -- C:\Users\Rugilė\STĮJJJ.doc [2013.11.18 22:00:42 | 000,038,400 | ---- | M] () -- C:\Users\Rugilė\Tirštasis aprašymas.doc [2013.09.24 15:15:01 | 000,030,208 | ---- | M] () -- C:\Users\Rugilė\TYRIMO INSTRUMENTAS.doc [2013.10.16 11:39:34 | 000,146,099 | ---- | M] () -- C:\Users\Rugilė\VA 6 seminaras.pdf [2013.11.25 18:49:13 | 000,045,056 | ---- | M] () -- C:\Users\Rugilė\VA PRISTATYMAS (Rugilė J.).doc [2013.10.01 14:55:05 | 000,043,520 | ---- | M] () -- C:\Users\Rugilė\VA PRISTATYMAS.doc [2013.11.25 18:44:26 | 000,751,104 | ---- | M] () -- C:\Users\Rugilė\VA seminaru konspektas(1).doc [2013.10.09 09:12:37 | 000,213,509 | ---- | M] () -- C:\Users\Rugilė\VA seminaru konspektas.doc [2013.10.14 16:28:54 | 009,530,140 | ---- | M] () -- C:\Users\Rugilė\VA sestapaskaita.zip [2013.09.16 16:14:29 | 018,427,819 | ---- | M] () -- C:\Users\Rugilė\VA tekstas.zip [2013.11.26 21:01:03 | 000,103,936 | ---- | M] () -- C:\Users\Rugilė\va.doc [2013.10.01 16:12:22 | 002,118,499 | ---- | M] () -- C:\Users\Rugilė\VAPRISTATYMAS.pptx [2013.11.25 18:52:29 | 002,127,996 | ---- | M] () -- C:\Users\Rugilė\VAPRISTATYMASgeras.pptx [2013.12.04 20:11:23 | 000,019,454 | ---- | M] () -- C:\Users\Rugilė\Viena iš svarbiausių viešojo sektoriaus sričių.docx [2013.12.09 23:11:37 | 000,020,296 | ---- | M] () -- C:\Users\Rugilė\Vilniaus universitetas.docx [2013.11.26 19:47:16 | 000,035,328 | ---- | M] () -- C:\Users\Rugilė\Weber.doc [2013.10.03 22:27:13 | 000,018,247 | ---- | M] () -- C:\Users\Rugilė\Well.docx [2013.11.04 17:47:10 | 001,608,681 | ---- | M] () -- C:\Users\Rugilė\ZA4775_v1-0-0.sav [color=#A23BEC]< %USERPROFILE%\AppData\Local\*.* >[/color] [2014.01.07 10:24:32 | 000,109,976 | ---- | M] () -- C:\Users\Rugilė\AppData\Local\GDIPFONTCACHEV1.DAT [2014.01.23 19:16:05 | 000,843,133 | -H-- | M] () -- C:\Users\Rugilė\AppData\Local\IconCache.db [color=#A23BEC]< %USERPROFILE%\AppData\Local\*. >[/color] [2012.09.05 11:40:47 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Local\Adobe [2012.08.18 13:30:50 | 000,000,000 | -HSD | M] -- C:\Users\Rugilė\AppData\Local\Application Data [2012.08.18 13:31:28 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Local\AuthenTec [2013.08.29 13:09:24 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Local\Avg2013 [2014.01.06 20:39:55 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Local\cache [2012.09.05 12:06:02 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Local\Conduit [2014.01.22 11:53:50 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Local\CrashDumps [2012.09.05 12:06:07 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Local\CRE [2012.08.18 14:06:22 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Local\CyberLink [2014.01.10 19:59:49 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Local\Diagnostics [2013.08.29 12:47:59 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Local\Discount Buddy [2014.01.06 20:39:55 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Local\genienext [2012.09.05 12:06:07 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Local\Google [2012.11.05 18:51:39 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Local\Hewlett-Packard [2012.08.18 13:31:13 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Local\Hewlett-Packard_Company [2012.08.18 13:30:50 | 000,000,000 | -HSD | M] -- C:\Users\Rugilė\AppData\Local\History [2013.09.24 16:37:13 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Local\HP [2013.11.11 21:27:03 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Local\IBM [2012.08.18 13:31:02 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Local\Intel [2013.12.10 17:20:09 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Local\javasharedresources [2013.09.03 14:40:35 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Local\Macromedia [2013.04.24 17:48:37 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Local\MFAData [2014.01.06 17:40:54 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Local\Microsoft [2014.01.08 21:21:36 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Local\Microsoft Games [2013.01.11 22:48:52 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Local\Microsoft Help [2014.01.06 21:05:46 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Local\Mobogenie [2013.10.01 17:19:49 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Local\Mozilla [2012.09.08 12:08:26 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Local\Opera [2014.01.23 12:04:13 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Local\Programs [2012.08.18 13:31:14 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Local\RemEngine [2012.08.18 14:01:07 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Local\SoftGrid Client [2014.01.23 19:29:56 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Local\Temp [2012.08.18 13:30:50 | 000,000,000 | -HSD | M] -- C:\Users\Rugilė\AppData\Local\Temporary Internet Files [2014.01.06 21:02:26 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Local\VirtualStore [2013.03.05 22:25:44 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Local\{0B0842A6-736E-492E-9B3C-7557710FD55F} [2013.03.05 22:17:59 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Local\{1505EFF1-88A1-4716-BE75-16FCD5468557} [2013.02.25 20:51:24 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Local\{9A997684-D6B1-4236-97BA-09F58420B37E} [color=#A23BEC]< %USERPROFILE%\AppData\Local\temp\*.exe >[/color] [2013.11.11 20:15:03 | 001,541,736 | ---- | M] (BitTorrent, Inc.) -- C:\Users\Rugilė\AppData\Local\temp\BTSync.exe [2008.10.15 12:42:52 | 000,050,432 | ---- | M] () -- C:\Users\Rugilė\AppData\Local\temp\Extract.exe [2013.08.29 13:03:06 | 004,543,000 | ---- | M] (AVG Secure Search) -- C:\Users\Rugilė\AppData\Local\temp\oi_{FA5A2C24-7276-4C0F-A37E-7FA65D9065F4}.exe [2014.01.06 19:58:48 | 028,419,680 | ---- | M] () -- C:\Users\Rugilė\AppData\Local\temp\Softonic_EN_1-5-4_EN.exe [2013.07.24 15:57:48 | 006,657,472 | ---- | M] (Hewlett-Packard Company ) -- C:\Users\Rugilė\AppData\Local\temp\SP59551.exe [2013.08.01 09:59:34 | 009,982,176 | ---- | M] (Hewlett-Packard ) -- C:\Users\Rugilė\AppData\Local\temp\SP61037.exe [2013.08.01 10:03:38 | 069,668,656 | ---- | M] (Hewlett-Packard ) -- C:\Users\Rugilė\AppData\Local\temp\SP61399.exe [2014.01.08 17:50:38 | 001,968,152 | ---- | M] (AVG Technologies) -- C:\Users\Rugilė\AppData\Local\temp\UNINSTALL.exe [39 C:\Users\Rugilė\AppData\Local\temp\*.tmp files -> C:\Users\Rugilė\AppData\Local\temp\*.tmp -> ] [color=#A23BEC]< %USERPROFILE%\AppData\Roaming\*.* >[/color] [color=#A23BEC]< %USERPROFILE%\AppData\Roaming\*. >[/color] [2012.09.05 11:40:47 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\Adobe [2013.04.29 21:41:26 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\Applian FLV and Media Player [2013.08.29 15:04:27 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\AVG [2013.08.29 13:04:00 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\AVG2013 [2012.11.14 22:45:58 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\Babylon [2012.11.14 22:46:20 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\BabylonToolbar [2013.11.11 21:19:37 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\BitTorrent Sync [2012.08.18 14:06:22 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\CyberLink [2013.11.04 17:52:54 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\Eclipse [2013.04.29 21:44:01 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\GRETECH [2012.08.25 16:15:18 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\Hewlett-Packard [2014.01.23 12:47:05 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\HPP [2012.09.09 12:16:54 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\hpqlog [2012.08.18 13:34:41 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\Identities [2012.08.18 13:30:51 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\Intel [2013.11.11 21:32:44 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\iSafe [2012.08.18 13:52:53 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\Macromedia [2014.01.23 12:04:28 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\Malwarebytes [2012.06.15 20:56:29 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\Media Center Programs [2013.01.11 22:48:52 | 000,000,000 | --SD | M] -- C:\Users\Rugilė\AppData\Roaming\Microsoft [2012.09.08 12:06:52 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\Mozilla [2012.09.08 12:08:26 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\Opera [2013.04.23 00:02:17 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\Oracle [2013.11.11 23:04:38 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\Skype [2013.12.19 23:41:54 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\SoftGrid Client [2013.12.10 17:20:28 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\SPSSInc [2012.08.18 13:31:02 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\Symantec [2012.08.18 13:34:59 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\Synaptics [2012.08.18 13:37:55 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\TP [2013.04.29 21:44:55 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\TuneUp Software [2014.01.23 12:49:38 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\uTorrent [2014.01.19 12:19:54 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\WildTangent [2013.11.11 21:14:05 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\WinZipper [2014.01.12 13:04:06 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\_MDLogs [color=#A23BEC]< %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Templates\*.* >[/color] [color=#A23BEC]< %USERPROFILE%\AppData\Local\Microsoft\*.* >[/color] [color=#A23BEC]< %USERPROFILE%\AppData\Local\Microsoft\*. >[/color] [2013.01.10 10:18:22 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Local\Microsoft\Assistance [2014.01.16 15:53:08 | 000,000,000 | --SD | M] -- C:\Users\Rugilė\AppData\Local\Microsoft\Credentials [2014.01.13 19:11:09 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Local\Microsoft\Device Metadata [2013.10.11 08:20:58 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Local\Microsoft\Device Stage [2012.08.18 13:34:53 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Local\Microsoft\Feeds [2013.09.02 09:08:01 | 000,000,000 | -HSD | M] -- C:\Users\Rugilė\AppData\Local\Microsoft\Feeds Cache [2013.05.07 20:09:20 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Local\Microsoft\FORMS [2012.09.05 11:40:47 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Local\Microsoft\IME12 [2012.09.05 11:40:47 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Local\Microsoft\IMJP12 [2012.09.05 11:40:47 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Local\Microsoft\IMJP8_1 [2012.09.05 11:40:47 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Local\Microsoft\IMJP9_0 [2013.11.20 21:52:45 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Local\Microsoft\Internet Explorer [2013.12.13 08:13:57 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Local\Microsoft\Media Player [2012.09.05 12:03:25 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Local\Microsoft\Messenger [2013.11.25 11:11:40 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Local\Microsoft\NetTraces [2012.09.27 18:54:41 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Local\Microsoft\Office [2012.11.13 22:17:50 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Local\Microsoft\OIS [2014.01.12 10:16:25 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Local\Microsoft\Outlook [2013.11.20 08:05:54 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Local\Microsoft\PlayReady [2013.12.10 21:56:21 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Local\Microsoft\Portable Devices [2012.08.29 12:27:55 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Local\Microsoft\Vault [2013.11.20 08:05:53 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Local\Microsoft\Windows [2013.02.25 20:51:24 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Local\Microsoft\Windows Live [2013.02.25 20:51:11 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Local\Microsoft\Windows Live Movie Maker [2013.02.25 20:51:10 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Local\Microsoft\Windows Live Photo Gallery [2012.08.18 13:34:54 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Local\Microsoft\Windows Mail [2012.08.18 13:34:47 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Local\Microsoft\Windows Media [2013.04.26 14:22:28 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Local\Microsoft\Windows Sidebar [2013.05.22 21:48:12 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Local\Microsoft\WLSetup [color=#A23BEC]< %USERPROFILE%\AppData\Roaming\Microsoft\*.* >[/color] [color=#A23BEC]< %USERPROFILE%\AppData\Roaming\Microsoft\*. >[/color] [2012.08.18 13:31:13 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\Microsoft\CLR Security Config [2013.01.11 22:48:52 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\Microsoft\CLView [2012.08.18 13:30:50 | 000,000,000 | --SD | M] -- C:\Users\Rugilė\AppData\Roaming\Microsoft\Credentials [2013.05.01 19:48:37 | 000,000,000 | --SD | M] -- C:\Users\Rugilė\AppData\Roaming\Microsoft\Crypto [2012.10.15 17:38:57 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\Microsoft\Document Building Blocks [2014.01.22 16:25:39 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\Microsoft\Excel [2012.08.18 13:36:40 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\Microsoft\HTML Help [2012.09.05 11:40:47 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\Microsoft\IME12 [2012.09.05 11:40:47 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\Microsoft\IMJP12 [2012.09.05 11:40:47 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\Microsoft\IMJP8_1 [2012.09.05 11:40:47 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\Microsoft\IMJP9_0 [2012.09.07 11:54:40 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\Microsoft\Internet Explorer [2012.09.05 12:03:40 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\Microsoft\MSN Messenger [2012.08.18 13:31:29 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\Microsoft\Network [2013.12.19 23:41:53 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\Microsoft\Office [2012.11.13 22:17:58 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\Microsoft\OIS [2013.12.19 23:37:45 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\Microsoft\PowerPoint [2012.08.29 12:58:22 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\Microsoft\Priedai [2012.09.04 19:54:21 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\Microsoft\Proof [2013.09.24 16:37:15 | 000,000,000 | --SD | M] -- C:\Users\Rugilė\AppData\Roaming\Microsoft\Protect [2012.09.05 11:40:47 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\Microsoft\Speech [2013.05.01 19:48:37 | 000,000,000 | --SD | M] -- C:\Users\Rugilė\AppData\Roaming\Microsoft\SystemCertificates [2012.10.02 17:34:33 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\Microsoft\Templates [2012.10.15 17:38:56 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\Microsoft\Tikrinimas [2013.11.11 21:58:57 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\Microsoft\UProof [2012.08.29 12:27:55 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\Microsoft\Vault [2013.11.20 08:05:54 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\Microsoft\Windows [2013.05.09 14:17:26 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\Microsoft\Windows Photo Viewer [2014.01.22 16:28:11 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\Microsoft\Word [2014.01.22 16:33:50 | 000,000,000 | ---D | M] -- C:\Users\Rugilė\AppData\Roaming\Microsoft\Šablonai [color=#A23BEC]< %windir%\AppPatch\*.* >[/color] [2013.04.13 06:45:15 | 002,176,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\AppPatch\AcGenral.dll [2012.10.16 09:39:52 | 000,561,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\AppPatch\AcLayers.dll [2009.07.14 03:03:47 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\AppPatch\AcRes.dll [2013.04.13 06:45:16 | 000,474,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\AppPatch\AcSpecfc.dll [2013.08.29 03:48:15 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\AppPatch\acwow64.dll [2009.07.14 03:14:52 | 000,211,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\AppPatch\AcXtrnal.dll [2009.07.14 03:14:53 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\AppPatch\apihex86.dll [2013.04.13 01:33:29 | 000,151,630 | ---- | M] () -- C:\Windows\AppPatch\drvmain.sdb [2012.03.25 05:56:19 | 001,826,582 | ---- | M] () -- C:\Windows\AppPatch\msimain.sdb [2012.03.25 05:56:19 | 000,044,930 | ---- | M] () -- C:\Windows\AppPatch\pcamain.sdb [2013.04.13 01:33:26 | 004,080,530 | ---- | M] () -- C:\Windows\AppPatch\sysmain.sdb [color=#A23BEC]< %windir%\AppPatch\*. >[/color] [2013.05.16 11:40:14 | 000,000,000 | ---D | M] -- C:\Windows\AppPatch\AppPatch64 [2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\Windows\AppPatch\Custom [2010.11.21 09:06:49 | 000,000,000 | ---D | M] -- C:\Windows\AppPatch\en-US [color=#A23BEC]< %Public%\Documents\*.* >[/color] [2013.08.29 16:47:10 | 000,000,278 | -HS- | M] () -- C:\Users\Public\Documents\desktop.ini [color=#A23BEC]< %Public%\Documents\*. >[/color] [2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Public\Documents\My Music [2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Public\Documents\My Pictures [2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Public\Documents\My Videos [2012.06.15 20:15:06 | 000,000,000 | ---D | M] -- C:\Users\Public\Documents\YouCam [color=#A23BEC]< %ProgramData%\*.* >[/color] [color=#A23BEC]< %ProgramData%\*. >[/color] [2012.09.05 11:43:43 | 000,000,000 | ---D | M] -- C:\ProgramData\Adobe [2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data [2013.08.29 15:04:43 | 000,000,000 | ---D | M] -- C:\ProgramData\AVG [2013.08.29 13:03:37 | 000,000,000 | ---D | M] -- C:\ProgramData\AVG2013 [2012.11.14 22:45:58 | 000,000,000 | ---D | M] -- C:\ProgramData\Babylon [2013.04.24 17:48:37 | 000,000,000 | -H-D | M] -- C:\ProgramData\Common Files [2012.08.18 14:06:35 | 000,000,000 | ---D | M] -- C:\ProgramData\CyberLink [2013.01.07 17:31:15 | 000,000,000 | ---D | M] -- C:\ProgramData\DatacardService [2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop [2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents [2013.09.02 13:12:59 | 000,000,000 | ---D | M] -- C:\ProgramData\Downloaded Installations [2013.11.11 21:20:14 | 000,000,000 | ---D | M] -- C:\ProgramData\eSafe [2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites [2013.09.02 13:07:39 | 000,000,000 | ---D | M] -- C:\ProgramData\Hewlett-Packard [2013.09.02 13:12:45 | 000,000,000 | ---D | M] -- C:\ProgramData\HP SimplePass 2011 [2012.09.09 12:15:46 | 000,000,000 | ---D | M] -- C:\ProgramData\Intel [2013.04.09 20:34:41 | 000,000,000 | ---D | M] -- C:\ProgramData\log [2014.01.23 12:04:21 | 000,000,000 | ---D | M] -- C:\ProgramData\Malwarebytes [2014.01.23 19:31:38 | 000,000,000 | ---D | M] -- C:\ProgramData\MCShield [2014.01.23 17:50:41 | 000,000,000 | ---D | M] -- C:\ProgramData\MFAData [2014.01.06 17:40:55 | 000,000,000 | --SD | M] -- C:\ProgramData\Microsoft [2013.12.12 00:26:07 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft Help [2012.09.08 12:06:32 | 000,000,000 | ---D | M] -- C:\ProgramData\Mozilla [2013.08.29 12:41:02 | 000,000,000 | ---D | M] -- C:\ProgramData\Norton [2013.04.24 17:20:40 | 000,000,000 | ---D | M] -- C:\ProgramData\NortonInstaller [2013.01.07 17:31:10 | 000,000,000 | ---D | M] -- C:\ProgramData\Omnitel mobilusis internetas [2013.10.25 07:00:58 | 000,000,000 | ---D | M] -- C:\ProgramData\OnlineUpdate [2012.06.15 20:06:26 | 000,000,000 | ---D | M] -- C:\ProgramData\Roaming [2013.11.04 17:51:20 | 000,000,000 | ---D | M] -- C:\ProgramData\SafeNet Sentinel [2013.11.11 23:04:25 | 000,000,000 | ---D | M] -- C:\ProgramData\Skype [2014.01.06 21:01:49 | 000,000,000 | ---D | M] -- C:\ProgramData\SPSS [2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu [2013.04.22 23:57:33 | 000,000,000 | ---D | M] -- C:\ProgramData\Sun [2012.09.05 12:03:32 | 000,000,000 | ---D | M] -- C:\ProgramData\SweetIM [2012.06.15 20:28:08 | 000,000,000 | ---D | M] -- C:\ProgramData\Synaptics [2012.11.14 22:46:31 | 000,000,000 | ---D | M] -- C:\ProgramData\Tarma Installer [2012.09.02 08:55:38 | 000,000,000 | ---D | M] -- C:\ProgramData\Tele2 Mobile Partner [2012.06.15 20:20:15 | 000,000,000 | ---D | M] -- C:\ProgramData\Temp [2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates [2013.09.02 13:29:16 | 000,000,000 | ---D | M] -- C:\ProgramData\TrueSuite [2013.04.29 21:44:55 | 000,000,000 | ---D | M] -- C:\ProgramData\TuneUp Software [2012.09.03 14:01:38 | 000,000,000 | ---D | M] -- C:\ProgramData\VirtualizedApplications [2014.01.19 12:19:54 | 000,000,000 | ---D | M] -- C:\ProgramData\WildTangent [2012.11.19 22:21:09 | 000,000,000 | ---D | M] -- C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF} [2013.04.29 21:44:43 | 000,000,000 | -HSD | M] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} [2013.08.29 12:29:10 | 000,000,000 | -HSD | M] -- C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F} [color=#A23BEC]< %CommonProgramFiles%\*.* >[/color] [color=#A23BEC]< %CommonProgramFiles%\*. >[/color] [2014.01.23 12:47:06 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files\337 [2012.03.25 06:42:45 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files\Adobe [2013.09.02 13:12:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files\AuthenTec [2012.08.18 13:37:30 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files\DESIGNER [2013.11.04 17:50:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files\IBM [2012.06.15 20:04:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files\Intel [2012.06.15 20:17:22 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files\Intel Corporation [2013.09.16 21:50:20 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files\microsoft shared [2012.06.15 20:08:46 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files\postureAgent [2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files\Services [2012.08.18 14:18:09 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files\Skype [2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files\SpeechEngines [2014.01.06 20:34:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files\SPSS [2012.09.03 14:31:33 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files\Symantec Shared [2012.11.15 02:11:09 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files\System [2012.03.25 06:39:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files\Windows Live [color=#A23BEC]< %CommonProgramFiles%\ComObjects\*.exe >[/color] [color=#A23BEC]< %ProgramFiles%\*.* >[/color] [2013.08.29 16:47:11 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini [color=#A23BEC]< %ProgramFiles%\*. >[/color] [2012.09.25 08:41:45 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\1ClickDownload [2012.03.25 06:38:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Absolute Software [2012.03.25 06:42:30 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Adobe [2012.09.28 13:34:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Alkonas [2014.01.23 11:59:56 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\AVG [2012.11.14 22:46:15 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\BabylonToolbar [2012.09.09 12:14:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Cisco [2014.01.23 12:00:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files [2012.09.05 12:06:03 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Conduit [2012.06.15 20:15:06 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\CyberLink [2014.01.12 13:11:10 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\EasyBits For Kids [2012.03.25 06:28:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Evernote [2013.04.29 21:43:54 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\GRETECH [2013.09.02 13:07:29 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Hewlett-Packard [2012.03.25 06:38:03 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\HP Games [2013.09.02 13:13:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\HP SimplePass [2014.01.06 21:01:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\IBM [2012.11.19 22:25:21 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\InstallShield Installation Information [2012.09.09 12:18:43 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Intel [2012.06.15 20:17:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Intel Corporation [2013.12.12 11:30:39 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Internet Explorer [2014.01.23 12:04:22 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2014.01.23 19:18:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MCShield [2014.01.06 17:40:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft [2012.08.29 12:30:33 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Analysis Services [2013.09.16 21:52:24 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Application Virtualization Client [2012.08.29 12:38:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Office [2012.08.29 12:38:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition [2012.08.29 12:38:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Sync Framework [2012.08.29 12:39:07 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Synchronization Services [2012.08.29 12:34:33 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Visual Studio 8 [2012.08.29 12:38:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft.NET [2013.12.20 09:30:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox [2013.12.30 11:25:09 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Maintenance Service [2012.08.29 12:39:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSBuild [2013.01.07 17:31:10 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Omnitel mobilusis internetas [2012.08.18 13:31:19 | 000,000,000 | R--D | M] -- C:\Program Files (x86)\Online Services [2013.11.04 17:56:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Opera [2012.03.25 06:28:20 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\PlayReady [2013.11.11 20:14:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\qualitink [2012.06.15 20:10:23 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Realtek [2009.07.14 07:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Reference Assemblies [2013.11.11 21:33:12 | 000,000,000 | R--D | M] -- C:\Program Files (x86)\Skype [2014.01.06 20:34:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\SPSSInc [2014.01.23 12:47:06 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\SweetIM [2012.06.15 20:21:05 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\SymSilent [2012.09.02 08:55:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Tele2 Mobile Partner [2014.01.07 10:24:09 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\TornTV.com [2009.07.14 06:57:06 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Uninstall Information [2012.09.05 12:06:02 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\uTorrentControl_v2 [2014.01.19 12:20:11 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\WildTangent Games [2013.09.02 09:05:56 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Defender [2012.03.25 06:42:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Live [2010.11.21 09:06:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Mail [2013.12.12 11:30:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Media Player [2009.07.14 07:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows NT [2010.11.21 09:06:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Photo Viewer [2010.11.21 05:31:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Portable Devices [2012.08.18 13:31:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Sidebar [2013.11.11 21:36:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\WinZipper [2013.04.24 10:46:17 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Yontoo [2013.11.04 17:51:10 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Zero G Registry [color=#A23BEC]< %programdata%\Microsoft\Windows\DRM\*.tmp >[/color] [color=#A23BEC]< %programdata%\Microsoft\DRM\*.tmp >[/color] [color=#A23BEC]< %systemroot%\system32\config\systemprofile\AppData\Local\*.* >[/color] [color=#A23BEC]< %systemroot%\system32\config\systemprofile\AppData\Local\*. >[/color] [2013.08.29 13:09:23 | 000,000,000 | ---D | M] -- C:\Windows\system32\config\systemprofile\AppData\Local\Avg2013 [2014.01.06 20:11:45 | 000,000,000 | ---D | M] -- C:\Windows\system32\config\systemprofile\AppData\Local\CrashDumps [2012.08.25 16:01:07 | 000,000,000 | ---D | M] -- C:\Windows\system32\config\systemprofile\AppData\Local\Hewlett-Packard [2013.08.29 11:48:17 | 000,000,000 | ---D | M] -- C:\Windows\system32\config\systemprofile\AppData\Local\MFAData [2012.08.30 16:02:22 | 000,000,000 | ---D | M] -- C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft [2014.01.23 19:16:56 | 000,000,000 | ---D | M] -- C:\Windows\system32\config\systemprofile\AppData\Local\SoftGrid Client [color=#A23BEC]< %systemroot%\system32\config\systemprofile\AppData\Roaming\*.* >[/color] [color=#A23BEC]< %systemroot%\system32\config\systemprofile\AppData\Roaming\*. >[/color] [2013.09.02 09:16:38 | 000,000,000 | ---D | M] -- C:\Windows\system32\config\systemprofile\AppData\Roaming\AVG [2013.08.29 13:03:37 | 000,000,000 | ---D | M] -- C:\Windows\system32\config\systemprofile\AppData\Roaming\AVG2013 [2012.03.25 06:46:29 | 000,000,000 | ---D | M] -- C:\Windows\system32\config\systemprofile\AppData\Roaming\hpqLog [2012.08.25 16:01:07 | 000,000,000 | ---D | M] -- C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft [2014.01.23 19:16:11 | 000,000,000 | ---D | M] -- C:\Windows\system32\config\systemprofile\AppData\Roaming\SoftGrid Client [2013.04.30 07:32:38 | 000,000,000 | ---D | M] -- C:\Windows\system32\config\systemprofile\AppData\Roaming\TuneUp Software [2014.01.19 12:20:10 | 000,000,000 | ---D | M] -- C:\Windows\system32\config\systemprofile\AppData\Roaming\WildTangent [2012.08.18 13:37:48 | 000,000,000 | ---D | M] -- C:\Windows\system32\config\systemprofile\AppData\Roaming\{90140011-0066-0409-0000-0000000FF1CE} [color=#A23BEC]< %windir%\SysWOW64\config\systemprofile\AppData\Local\*.* >[/color] [color=#A23BEC]< %windir%\SysWOW64\config\systemprofile\AppData\Local\*. >[/color] [2013.08.29 13:09:23 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Avg2013 [2014.01.06 20:11:45 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\CrashDumps [2012.08.25 16:01:07 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Hewlett-Packard [2013.08.29 11:48:17 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\MFAData [2012.08.30 16:02:22 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft [2014.01.23 19:16:56 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\SoftGrid Client [color=#A23BEC]< %windir%\SysWOW64\config\systemprofile\AppData\Roaming\*.* >[/color] [color=#A23BEC]< %windir%\SysWOW64\config\systemprofile\AppData\Roaming\*. >[/color] [2013.09.02 09:16:38 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\AVG [2013.08.29 13:03:37 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\AVG2013 [2012.03.25 06:46:29 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\hpqLog [2012.08.25 16:01:07 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft [2014.01.23 19:16:11 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client [2013.04.30 07:32:38 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\TuneUp Software [2014.01.19 12:20:10 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\WildTangent [2012.08.18 13:37:48 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\{90140011-0066-0409-0000-0000000FF1CE} [color=#A23BEC]< %windir%\ServiceProfiles\LocalService\AppData\Local\Temp\*.tlb >[/color] [color=#A23BEC]< %windir%\ServiceProfiles\NetworkService\AppData\Local\Temp\*.tlb >[/color] [color=#A23BEC]< %windir%\temp\*.exe >[/color] [2013.10.03 19:04:50 | 004,674,584 | ---- | M] (AVG Technologies) -- C:\Windows\temp\{18FA40C4-18B9-4EDC-B481-A67A87BCAC83}.exe [2013.11.14 19:44:58 | 004,680,728 | ---- | M] (AVG Technologies) -- C:\Windows\temp\{584C6A47-4AF5-4D31-A60C-373787DCDCB4}.exe [2014.01.08 17:50:34 | 004,843,544 | ---- | M] (AVG Technologies) -- C:\Windows\temp\{6E77BC5C-60E2-4165-BDCB-57B6608C4622}.exe [2013.12.12 16:43:13 | 004,811,800 | ---- | M] (AVG Technologies) -- C:\Windows\temp\{7C9B45C0-4025-48F1-8BB3-A5590F1020B8}.exe [2013.09.19 19:09:06 | 004,547,608 | ---- | M] (AVG Secure Search) -- C:\Windows\temp\{929C7B51-4E7B-44F9-BCBB-350D215DAD15}.exe [13 C:\Windows\temp\*.tmp files -> C:\Windows\temp\*.tmp -> ] [color=#A23BEC]< %windir%\*. >[/color] [2009.07.14 07:32:39 | 000,000,000 | ---D | M] -- C:\Windows\addins [2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\Windows\AppCompat [2013.10.10 15:11:51 | 000,000,000 | ---D | M] -- C:\Windows\AppPatch [2013.11.18 10:19:19 | 000,000,000 | R-SD | M] -- C:\Windows\assembly [2009.07.14 07:32:38 | 000,000,000 | ---D | M] -- C:\Windows\Boot [2009.07.14 07:32:38 | 000,000,000 | ---D | M] -- C:\Windows\Branding [2009.07.14 07:32:39 | 000,000,000 | ---D | M] -- C:\Windows\Cursors [2007.01.02 03:32:21 | 000,000,000 | ---D | M] -- C:\Windows\debug [2009.07.14 07:32:38 | 000,000,000 | ---D | M] -- C:\Windows\diagnostics [2009.07.14 07:37:46 | 000,000,000 | ---D | M] -- C:\Windows\DigitalLocker [2009.07.14 07:32:39 | 000,000,000 | ---D | M] -- C:\Windows\Downloaded Program Files [2012.06.15 20:56:29 | 000,000,000 | ---D | M] -- C:\Windows\ehome [2012.03.25 06:41:56 | 000,000,000 | ---D | M] -- C:\Windows\en [2010.11.21 09:06:51 | 000,000,000 | ---D | M] -- C:\Windows\en-US [2012.11.19 18:30:24 | 000,000,000 | R-SD | M] -- C:\Windows\Fonts [2010.11.21 09:19:26 | 000,000,000 | ---D | M] -- C:\Windows\Globalization [2012.11.19 22:25:17 | 000,000,000 | ---D | M] -- C:\Windows\Help [2012.06.15 20:10:21 | 000,000,000 | ---D | M] -- C:\Windows\Hewlett-Packard [2009.07.14 07:37:46 | 000,000,000 | ---D | M] -- C:\Windows\IME [2014.01.23 19:30:21 | 000,000,000 | ---D | M] -- C:\Windows\inf [2014.01.23 19:15:57 | 000,000,000 | -HSD | M] -- C:\Windows\Installer [2009.07.14 07:32:39 | 000,000,000 | ---D | M] -- C:\Windows\L2Schemas [2009.07.14 04:34:24 | 000,000,000 | ---D | M] -- C:\Windows\LiveKernelReports [2013.11.19 23:34:30 | 000,000,000 | ---D | M] -- C:\Windows\Logs [2009.07.14 07:32:40 | 000,000,000 | R-SD | M] -- C:\Windows\Media [2013.11.18 10:19:19 | 000,000,000 | ---D | M] -- C:\Windows\Microsoft.NET [2013.11.19 16:00:19 | 000,000,000 | ---D | M] -- C:\Windows\Minidump [2009.07.14 04:34:34 | 000,000,000 | ---D | M] -- C:\Windows\ModemLogs [2009.07.14 07:32:40 | 000,000,000 | ---D | M] -- C:\Windows\Offline Web Pages [2012.08.18 23:26:25 | 000,000,000 | ---D | M] -- C:\Windows\Panther [2012.03.25 06:40:41 | 000,000,000 | ---D | M] -- C:\Windows\PCHEALTH [2009.07.14 07:32:38 | 000,000,000 | ---D | M] -- C:\Windows\Performance [2009.07.14 05:20:10 | 000,000,000 | ---D | M] -- C:\Windows\PLA [2013.11.20 08:05:20 | 000,000,000 | ---D | M] -- C:\Windows\PolicyDefinitions [2014.01.23 19:28:31 | 000,000,000 | ---D | M] -- C:\Windows\Prefetch [2013.04.26 14:22:27 | 000,000,000 | ---D | M] -- C:\Windows\registration [2013.12.12 23:30:30 | 000,000,000 | ---D | M] -- C:\Windows\rescache [2013.04.29 21:36:01 | 000,000,000 | ---D | M] -- C:\Windows\Resources [2009.07.14 04:35:47 | 000,000,000 | ---D | M] -- C:\Windows\SchCache [2009.07.14 07:32:38 | 000,000,000 | ---D | M] -- C:\Windows\schemas [2009.07.14 05:20:10 | 000,000,000 | ---D | M] -- C:\Windows\security [2009.07.14 06:45:47 | 000,000,000 | ---D | M] -- C:\Windows\ServiceProfiles [2010.11.21 09:06:51 | 000,000,000 | ---D | M] -- C:\Windows\servicing [2012.03.25 05:53:36 | 000,000,000 | ---D | M] -- C:\Windows\Setup [2012.08.29 12:39:26 | 000,000,000 | ---D | M] -- C:\Windows\SHELLNEW [2013.04.25 17:00:57 | 000,000,000 | ---D | M] -- C:\Windows\SoftwareDistribution [2010.11.21 09:06:49 | 000,000,000 | ---D | M] -- C:\Windows\Speech [2009.07.14 04:36:55 | 000,000,000 | ---D | M] -- C:\Windows\system [2014.01.23 19:30:22 | 000,000,000 | ---D | M] -- C:\Windows\System32 [2014.01.23 11:59:48 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64 [2009.07.14 06:57:13 | 000,000,000 | ---D | M] -- C:\Windows\TAPI [2014.01.19 11:59:17 | 000,000,000 | ---D | M] -- C:\Windows\Tasks [2014.01.23 19:32:01 | 000,000,000 | ---D | M] -- C:\Windows\Temp [2009.07.14 04:34:33 | 000,000,000 | ---D | M] -- C:\Windows\tracing [2009.07.14 07:32:39 | 000,000,000 | ---D | M] -- C:\Windows\twain_32 [2009.07.14 05:20:14 | 000,000,000 | ---D | M] -- C:\Windows\Vss [2009.07.14 07:32:38 | 000,000,000 | ---D | M] -- C:\Windows\Web [2014.01.16 15:52:44 | 000,000,000 | ---D | M] -- C:\Windows\winsxs [color=#A23BEC]< %windir%\ShellNew\*.* >[/color] [2010.07.20 16:17:04 | 000,008,831 | ---- | M] () -- C:\Windows\ShellNew\EXCEL12.XLSX [2005.12.13 18:15:36 | 000,059,904 | ---- | M] () -- C:\Windows\ShellNew\MSPUB.PUB [2010.04.29 23:19:08 | 000,029,562 | ---- | M] () -- C:\Windows\ShellNew\PWRPNT12.PPTX [color=#A23BEC]< %windir%\installer\*. >[/color] [2012.03.25 06:40:03 | 000,000,000 | -HSD | M] -- C:\Windows\installer\$PatchCache$ [2012.09.09 12:17:47 | 000,000,000 | ---D | M] -- C:\Windows\installer\_{3015F546-6C3E-4E6A-B564-BCDF88C0BA2A} [2012.09.09 12:16:21 | 000,000,000 | ---D | M] -- C:\Windows\installer\_{37EC048A-81A2-452A-8D1F-3BE2018E767D} [2012.09.09 12:14:53 | 000,000,000 | ---D | M] -- C:\Windows\installer\_{E2D0B67F-8032-4E11-87C6-C8C721D331B3} [2012.06.15 20:15:05 | 000,000,000 | ---D | M] -- C:\Windows\installer\{01FB4998-33C4-4431-85ED-079E3EEFE75D} [2014.01.06 20:12:51 | 000,000,000 | ---D | M] -- C:\Windows\installer\{06C43FAA-7226-41EF-A05E-9AE0AA849FFE} [2012.03.25 06:43:45 | 000,000,000 | ---D | M] -- C:\Windows\installer\{07FA4960-B038-49EB-891B-9F95930AA544} [2014.01.06 18:52:25 | 000,000,000 | ---D | M] -- C:\Windows\installer\{104875A1-D083-4A34-BC4F-3F635B7F8EF7} [2013.04.02 16:19:41 | 000,000,000 | ---D | M] -- C:\Windows\installer\{11AF9A96-6D83-4C3B-8DCB-16EA2A358E3F} [2014.01.06 21:01:46 | 000,000,000 | ---D | M] -- C:\Windows\installer\{2AF8017B-E503-408F-AACE-8A335452CAD2} [2012.09.09 12:18:58 | 000,000,000 | ---D | M] -- C:\Windows\installer\{3015F546-6C3E-4E6A-B564-BCDF88C0BA2A} [2013.09.02 13:14:07 | 000,000,000 | ---D | M] -- C:\Windows\installer\{34C821CA-6B55-44A0-8A9B-2EF471D6019E} [2012.03.25 06:44:14 | 000,000,000 | ---D | M] -- C:\Windows\installer\{3677D4D8-E5E0-49FC-B86E-06541CF00BBE} [2012.09.09 12:16:41 | 000,000,000 | ---D | M] -- C:\Windows\installer\{37EC048A-81A2-452A-8D1F-3BE2018E767D} [2012.03.25 06:38:36 | 000,000,000 | ---D | M] -- C:\Windows\installer\{40F4FF7A-B214-4453-B973-080B09CED019} [2012.06.15 20:18:11 | 000,000,000 | ---D | M] -- C:\Windows\installer\{4169B8AC-D144-4E38-A9CA-637EA44129ED} [2012.03.25 06:45:28 | 000,000,000 | ---D | M] -- C:\Windows\installer\{42719DC3-4982-47DD-B025-B21C4BDD504D} [2012.03.25 06:44:22 | 000,000,000 | ---D | M] -- C:\Windows\installer\{438363A8-F486-4C37-834C-4955773CB3D3} [2014.01.06 20:37:12 | 000,000,000 | ---D | M] -- C:\Windows\installer\{46B65150-F8AA-42F2-94FB-2729A8AE5F7E} [2012.03.25 06:23:24 | 000,000,000 | ---D | M] -- C:\Windows\installer\{53B17A98-5BF0-40BC-AAFF-850A357975AC} [2013.09.02 13:07:38 | 000,000,000 | ---D | M] -- C:\Windows\installer\{54CE68A8-4F2D-4328-B1F7-D6C720405F7F} [2012.06.15 20:20:06 | 000,000,000 | ---D | M] -- C:\Windows\installer\{5A847522-375C-4D05-BD3D-88C450CC047F} [2012.03.25 06:28:18 | 000,000,000 | ---D | M] -- C:\Windows\installer\{5B7C0946-6CBF-4285-8381-34E3CAE4D7A1} [2012.03.25 06:39:24 | 000,000,000 | ---D | M] -- C:\Windows\installer\{612C34C7-5E90-47D8-9B5C-0F717DD82726} [2012.11.05 18:51:06 | 000,000,000 | ---D | M] -- C:\Windows\installer\{675D093B-815D-47FD-AB2C-192EC751E8E2} [2012.11.19 22:24:13 | 000,000,000 | ---D | M] -- C:\Windows\installer\{6F340107-F9AA-47C6-B54C-C3A19F11553F} [2012.09.05 12:03:22 | 000,000,000 | ---D | M] -- C:\Windows\installer\{7683B745-6060-41FD-AA75-0BBB383FEAD4} [2012.09.05 12:03:27 | 000,000,000 | ---D | M] -- C:\Windows\installer\{774C0434-9948-4DEE-A14E-69CDD316E36C} [2012.06.15 20:19:19 | 000,000,000 | ---D | M] -- C:\Windows\installer\{7E799992-5DA0-4A1A-9443-B1836B063FEC} [2012.06.15 20:17:23 | 000,000,000 | ---D | M] -- C:\Windows\installer\{7FCB8D5D-9396-4D17-8CFA-349D6D49CD32} [2013.09.02 13:14:09 | 000,000,000 | ---D | M] -- C:\Windows\installer\{880B5A98-B242-4B53-BD6F-41EA17495EAD} [2012.03.25 06:29:01 | 000,000,000 | ---D | M] -- C:\Windows\installer\{8CE152BA-1D16-11E1-867D-984BE15F174E} [2013.12.12 00:26:05 | 000,000,000 | ---D | M] -- C:\Windows\installer\{90140000-0011-0000-0000-0000000FF1CE} [2012.08.29 12:38:33 | 000,000,000 | ---D | M] -- C:\Windows\installer\{90140000-002A-0000-1000-0000000FF1CE} [2013.09.16 21:52:24 | 000,000,000 | ---D | M] -- C:\Windows\installer\{90140000-006D-0409-1000-0000000FF1CE} [2013.11.15 10:13:00 | 000,000,000 | ---D | M] -- C:\Windows\installer\{90140000-006E-0427-0000-0000000FF1CE} [2012.03.25 06:39:11 | 000,000,000 | ---D | M] -- C:\Windows\installer\{95140000-0070-0000-0000-0000000FF1CE} [2012.03.25 06:41:36 | 000,000,000 | ---D | M] -- C:\Windows\installer\{A726AE06-AAA3-43D1-87E3-70F510314F04} [2014.01.18 10:00:19 | 000,000,000 | ---D | M] -- C:\Windows\installer\{AC76BA86-7AD7-FFFF-7B44-AA0000000001} [2013.11.11 21:33:14 | 000,000,000 | ---D | M] -- C:\Windows\installer\{B6CF2967-C81E-40C0-9815-C05774FEF120} [2012.03.25 06:43:56 | 000,000,000 | ---D | M] -- C:\Windows\installer\{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1} [2012.06.15 20:08:02 | 000,000,000 | ---D | M] -- C:\Windows\installer\{D1B033E8-A077-4B0D-9831-5798E19E861E} [2012.03.25 06:44:17 | 000,000,000 | ---D | M] -- C:\Windows\installer\{D6CB77A6-7142-4352-8116-E636A663909D} [2012.03.25 06:38:27 | 000,000,000 | ---D | M] -- C:\Windows\installer\{DBCD5E64-7379-4648-9444-8A6558DCB614} [2012.03.25 06:41:44 | 000,000,000 | ---D | M] -- C:\Windows\installer\{DECDCB7C-58CC-4865-91AF-627F9798FE48} [2012.06.15 20:20:11 | 000,000,000 | ---D | M] -- C:\Windows\installer\{DF2D7B73-3E53-4241-B6B5-64D8344AEF6B} [2012.09.09 12:14:57 | 000,000,000 | ---D | M] -- C:\Windows\installer\{E2D0B67F-8032-4E11-87C6-C8C721D331B3} [2012.11.14 22:46:20 | 000,000,000 | ---D | M] -- C:\Windows\installer\{E55E7026-EF2A-4A17-AAA7-DB98EA3FD1B1} [2012.03.25 06:41:06 | 000,000,000 | ---D | M] -- C:\Windows\installer\{E5B21F11-6933-4E0B-A25C-7963E3C07D11} [2013.09.02 13:12:54 | 000,000,000 | ---D | M] -- C:\Windows\installer\{EBC0CC3F-B7A1-4FC8-8014-4C7BFD3925E8} [2012.03.25 06:44:29 | 000,000,000 | ---D | M] -- C:\Windows\installer\{ED1BD69A-07E3-418C-91F1-D856582581BF} [2012.11.19 22:23:43 | 000,000,000 | ---D | M] -- C:\Windows\installer\{EE202411-2C26-49E8-9784-1BC1DBF7DE96} [2012.08.18 14:18:09 | 000,000,000 | ---D | M] -- C:\Windows\installer\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8} [2012.03.25 06:41:20 | 000,000,000 | ---D | M] -- C:\Windows\installer\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8} [2012.09.05 12:03:32 | 000,000,000 | ---D | M] -- C:\Windows\installer\{FB697452-8CA4-46B4-98B1-165C922A2EF3} [2012.08.18 13:31:13 | 000,000,000 | ---D | M] -- C:\Windows\installer\{FCD6D60F-AF2B-49E3-ABC4-A4C96B56225D} [color=#A23BEC]< %windir%\system32\*. >[/color] [2010.11.21 09:06:51 | 000,000,000 | ---D | M] -- C:\Windows\system32\0409 [2012.03.25 06:39:20 | 000,000,000 | ---D | M] -- C:\Windows\system32\Adobe [2010.11.21 05:31:14 | 000,000,000 | ---D | M] -- C:\Windows\system32\AdvancedInstallers [2009.07.14 05:20:16 | 000,000,000 | ---D | M] -- C:\Windows\system32\ar-SA [2009.07.14 05:20:16 | 000,000,000 | ---D | M] -- C:\Windows\system32\bg-BG [2009.07.14 04:35:36 | 000,000,000 | ---D | M] -- C:\Windows\system32\catroot [2009.07.14 04:35:36 | 000,000,000 | ---D | M] -- C:\Windows\system32\catroot2 [2010.11.21 09:06:51 | 000,000,000 | ---D | M] -- C:\Windows\system32\com [2009.07.14 05:20:14 | 000,000,000 | ---D | M] -- C:\Windows\system32\config [2013.02.28 13:35:30 | 000,000,000 | ---D | M] -- C:\Windows\system32\cs-CZ [2013.02.28 13:35:30 | 000,000,000 | ---D | M] -- C:\Windows\system32\da-DK [2013.02.28 13:35:30 | 000,000,000 | ---D | M] -- C:\Windows\system32\de-DE [2010.11.21 09:06:51 | 000,000,000 | ---D | M] -- C:\Windows\system32\Dism [2013.12.12 11:30:31 | 000,000,000 | ---D | M] -- C:\Windows\system32\drivers [2010.11.21 09:06:51 | 000,000,000 | ---D | M] -- C:\Windows\system32\DriverStore [2013.02.28 13:35:30 | 000,000,000 | ---D | M] -- C:\Windows\system32\el-GR [2010.11.21 09:06:51 | 000,000,000 | ---D | M] -- C:\Windows\system32\en [2013.12.12 11:30:39 | 000,000,000 | ---D | M] -- C:\Windows\system32\en-US [2013.02.28 13:35:30 | 000,000,000 | ---D | M] -- C:\Windows\system32\es-ES [2009.07.14 05:20:17 | 000,000,000 | ---D | M] -- C:\Windows\system32\et-EE [2013.02.05 10:11:33 | 000,000,000 | ---D | M] -- C:\Windows\system32\Extensions [2013.02.28 13:35:30 | 000,000,000 | ---D | M] -- C:\Windows\system32\fi-FI [2013.02.28 13:35:30 | 000,000,000 | ---D | M] -- C:\Windows\system32\fr-FR [2009.07.14 07:32:38 | 000,000,000 | ---D | M] -- C:\Windows\system32\FxsTmp [2009.07.14 04:34:27 | 000,000,000 | ---D | M] -- C:\Windows\system32\GroupPolicy [2009.07.14 04:34:27 | 000,000,000 | ---D | M] -- C:\Windows\system32\GroupPolicyUsers [2009.07.14 05:20:17 | 000,000,000 | ---D | M] -- C:\Windows\system32\he-IL [2009.07.14 05:20:17 | 000,000,000 | ---D | M] -- C:\Windows\system32\hr-HR [2013.02.28 13:35:30 | 000,000,000 | ---D | M] -- C:\Windows\system32\hu-HU [2009.07.14 05:20:17 | 000,000,000 | ---D | M] -- C:\Windows\system32\icsxml [2009.07.14 05:20:14 | 000,000,000 | ---D | M] -- C:\Windows\system32\IME [2009.07.14 04:36:55 | 000,000,000 | ---D | M] -- C:\Windows\system32\inetsrv [2009.07.14 05:20:17 | 000,000,000 | ---D | M] -- C:\Windows\system32\InstallShield [2013.02.28 13:35:30 | 000,000,000 | ---D | M] -- C:\Windows\system32\it-IT [2013.02.28 13:35:30 | 000,000,000 | ---D | M] -- C:\Windows\system32\ja-JP [2013.02.28 13:35:30 | 000,000,000 | ---D | M] -- C:\Windows\system32\ko-KR [2009.07.14 07:32:38 | 000,000,000 | ---D | M] -- C:\Windows\system32\LogFiles [2009.07.14 05:20:17 | 000,000,000 | ---D | M] -- C:\Windows\system32\lt-LT [2009.07.14 05:20:19 | 000,000,000 | ---D | M] -- C:\Windows\system32\lv-LV [2012.03.25 06:23:31 | 000,000,000 | ---D | M] -- C:\Windows\system32\Macromed [2010.11.21 05:31:14 | 000,000,000 | ---D | M] -- C:\Windows\system32\manifeststore [2013.11.20 08:05:21 | 000,000,000 | ---D | M] -- C:\Windows\system32\migration [2010.11.21 09:06:51 | 000,000,000 | ---D | M] -- C:\Windows\system32\migwiz [2009.07.14 05:20:14 | 000,000,000 | ---D | M] -- C:\Windows\system32\Msdtc [2010.11.21 09:06:51 | 000,000,000 | ---D | M] -- C:\Windows\system32\MUI [2013.02.28 13:35:30 | 000,000,000 | ---D | M] -- C:\Windows\system32\nb-NO [2009.07.14 04:34:31 | 000,000,000 | ---D | M] -- C:\Windows\system32\NDF [2009.07.14 05:20:14 | 000,000,000 | ---D | M] -- C:\Windows\system32\NetworkList [2013.02.28 13:35:30 | 000,000,000 | ---D | M] -- C:\Windows\system32\nl-NL [2010.11.21 09:06:51 | 000,000,000 | ---D | M] -- C:\Windows\system32\oobe [2013.02.28 13:35:30 | 000,000,000 | ---D | M] -- C:\Windows\system32\pl-PL [2010.11.21 09:06:51 | 000,000,000 | ---D | M] -- C:\Windows\system32\Printing_Admin_Scripts [2013.02.28 13:35:30 | 000,000,000 | ---D | M] -- C:\Windows\system32\pt-BR [2013.02.28 13:35:30 | 000,000,000 | ---D | M] -- C:\Windows\system32\pt-PT [2009.07.14 05:20:19 | 000,000,000 | ---D | M] -- C:\Windows\system32\ras [2009.07.14 05:20:19 | 000,000,000 | ---D | M] -- C:\Windows\system32\Recovery [2009.07.14 07:32:38 | 000,000,000 | ---D | M] -- C:\Windows\system32\restore [2009.07.14 05:20:19 | 000,000,000 | ---D | M] -- C:\Windows\system32\ro-RO [2013.02.28 13:35:30 | 000,000,000 | ---D | M] -- C:\Windows\system32\ru-RU [2012.06.15 20:10:25 | 000,000,000 | ---D | M] -- C:\Windows\system32\sda [2013.02.05 10:11:33 | 000,000,000 | ---D | M] -- C:\Windows\system32\searchplugins [2010.11.21 09:06:51 | 000,000,000 | ---D | M] -- C:\Windows\system32\Setup [2009.07.14 05:20:19 | 000,000,000 | ---D | M] -- C:\Windows\system32\sk-SK [2009.07.14 05:20:19 | 000,000,000 | ---D | M] -- C:\Windows\system32\sl-SI [2010.11.21 09:06:51 | 000,000,000 | ---D | M] -- C:\Windows\system32\slmgr [2009.07.14 07:32:38 | 000,000,000 | ---D | M] -- C:\Windows\system32\Speech [2009.07.14 05:20:14 | 000,000,000 | ---D | M] -- C:\Windows\system32\spp [2010.11.21 05:31:13 | 000,000,000 | ---D | M] -- C:\Windows\system32\sppui [2009.07.14 05:20:19 | 000,000,000 | ---D | M] -- C:\Windows\system32\sr-Latn-CS [2013.02.28 13:35:30 | 000,000,000 | ---D | M] -- C:\Windows\system32\sv-SE [2010.11.21 09:06:51 | 000,000,000 | ---D | M] -- C:\Windows\system32\sysprep [2009.07.14 05:20:14 | 000,000,000 | ---D | M] -- C:\Windows\system32\Tasks [2009.07.14 05:20:19 | 000,000,000 | ---D | M] -- C:\Windows\system32\th-TH [2013.02.28 13:35:30 | 000,000,000 | ---D | M] -- C:\Windows\system32\tr-TR [2009.07.14 05:20:19 | 000,000,000 | ---D | M] -- C:\Windows\system32\uk-UA [2012.09.03 13:41:13 | 000,000,000 | ---D | M] -- C:\Windows\system32\Wat [2012.06.15 20:56:29 | 000,000,000 | ---D | M] -- C:\Windows\system32\wbem [2010.11.21 09:06:51 | 000,000,000 | ---D | M] -- C:\Windows\system32\WCN [2009.07.14 05:20:14 | 000,000,000 | ---D | M] -- C:\Windows\system32\wdi [2009.07.14 07:32:38 | 000,000,000 | ---D | M] -- C:\Windows\system32\WindowsPowerShell [2010.11.21 09:06:51 | 000,000,000 | ---D | M] -- C:\Windows\system32\winrm [2013.02.28 13:35:30 | 000,000,000 | ---D | M] -- C:\Windows\system32\zh-CN [2013.02.28 13:35:30 | 000,000,000 | ---D | M] -- C:\Windows\system32\zh-HK [2013.02.28 13:35:30 | 000,000,000 | ---D | M] -- C:\Windows\system32\zh-TW [color=#A23BEC]< %windir%\sysnative\*. >[/color] [2010.11.21 09:06:51 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\0409 [2010.11.21 05:30:27 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\AdvancedInstallers [2009.07.14 05:20:11 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\ar-SA [2009.07.14 05:20:11 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\bg-BG [2012.03.25 05:58:00 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\Boot [2014.01.15 13:22:53 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\catroot [2014.01.20 10:42:08 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\catroot2 [2013.04.26 14:16:46 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\CodeIntegrity [2010.11.21 09:06:49 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\com [2014.01.23 19:30:04 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\config [2013.02.28 13:35:29 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\cs-CZ [2013.02.28 13:35:29 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\da-DK [2013.02.28 13:35:29 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\de-DE [2010.11.21 09:06:50 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\Dism [2014.01.23 12:04:26 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\drivers [2014.01.16 15:51:26 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\DriverStore [2013.02.28 13:35:30 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\el-GR [2010.11.21 09:06:51 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\en [2013.12.12 11:30:39 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\en-US [2013.02.28 13:35:29 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\es-ES [2009.07.14 05:20:14 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\et-EE [2013.02.28 13:35:30 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\fi-FI [2013.02.28 13:35:30 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\fr-FR [2009.07.14 07:09:04 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\FxsTmp [2009.07.14 04:34:27 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\GroupPolicy [2009.07.14 04:34:27 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\GroupPolicyUsers [2009.07.14 05:20:14 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\he-IL [2009.07.14 05:20:14 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\hr-HR [2013.02.28 13:35:30 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\hu-HU [2009.07.14 05:20:14 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\ias [2009.07.14 05:20:14 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\icsxml [2009.07.14 05:20:11 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\IME [2009.07.14 04:36:55 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\inetsrv [2013.02.28 13:35:30 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\it-IT [2013.02.28 13:35:29 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\ja-JP [2013.02.28 13:35:30 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\ko-KR [2013.11.11 21:14:20 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\log [2013.08.29 11:57:54 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\LogFiles [2009.07.14 05:20:14 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\lt-LT [2009.07.14 05:20:14 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\lv-LV [2012.03.25 06:23:28 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\Macromed [2010.11.21 05:30:27 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\manifeststore [2009.07.14 06:45:42 | 000,000,000 | --SD | M] -- C:\Windows\sysnative\Microsoft [2013.11.20 08:05:20 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\migration [2010.11.21 09:06:51 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\migwiz [2009.07.14 05:20:14 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\Msdtc [2010.11.21 09:06:50 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\MUI [2013.02.28 13:35:29 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\nb-NO [2014.01.10 19:59:54 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\NDF [2009.07.14 05:20:11 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\NetworkList [2013.02.28 13:35:30 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\nl-NL [2012.03.25 05:53:23 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\oobe [2013.02.28 13:35:30 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\pl-PL [2010.11.21 09:06:50 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\Printing_Admin_Scripts [2013.02.28 13:35:30 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\pt-BR [2013.02.28 13:35:30 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\pt-PT [2009.07.14 05:20:15 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\ras [2012.08.18 13:31:02 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\Recovery [2012.08.18 13:45:12 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\restore [2009.07.14 05:20:15 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\ro-RO [2013.02.28 13:35:29 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\ru-RU [2010.11.21 09:06:51 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\Setup [2009.07.14 05:20:15 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\sk-SK [2009.07.14 05:20:15 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\sl-SI [2010.11.21 09:06:51 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\slmgr [2009.07.14 05:20:13 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\SMI [2009.07.14 07:32:38 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\Speech [2009.07.14 06:53:31 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\spool [2009.07.14 05:20:13 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\spp [2010.11.21 05:30:26 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\sppui [2009.07.14 05:20:16 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\sr-Latn-CS [2012.06.15 20:03:43 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\SRSLabs [2013.02.28 13:35:29 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\sv-SE [2012.06.15 20:56:52 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\sysprep [2014.01.23 11:59:48 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\Tasks [2009.07.14 05:20:16 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\th-TH [2013.02.28 13:35:30 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\tr-TR [2009.07.14 05:20:16 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\uk-UA [2012.09.03 13:41:13 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\Wat [2013.04.26 14:22:51 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\wbem [2010.11.21 09:06:50 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\WCN [2013.08.29 14:17:48 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\wdi [2009.07.14 07:09:49 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\wfp [2009.07.14 07:32:38 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\WinBioDatabase [2009.07.14 07:37:46 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\WinBioPlugIns [2009.07.14 07:32:38 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\WindowsPowerShell [2009.07.14 05:20:14 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\winevt [2010.11.21 09:06:51 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\winrm [2013.04.26 14:22:28 | 000,000,000 | -H-D | M] -- C:\Windows\sysnative\WLANProfiles [2013.02.28 13:35:29 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\zh-CN [2013.02.28 13:35:30 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\zh-HK [2013.02.28 13:35:29 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\zh-TW [color=#A23BEC]< %Temp%\smtmp\1\*.* >[/color] [color=#A23BEC]< %Temp%\smtmp\2\*.* >[/color] [color=#A23BEC]< %Temp%\smtmp\3\*.* >[/color] [color=#A23BEC]< %Temp%\smtmp\4\*.* >[/color] [color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color] [color=#A23BEC]< %systemroot%\syswow64\*.dll /lockedfiles >[/color] [color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color] [color=#A23BEC]< %systemroot%\system32\drivers\*.sys /90 >[/color] [color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color] [color=#A23BEC]< %systemroot%\syswow64\drivers\*.sys /90 >[/color] [color=#A23BEC]< %systemroot%\syswow64\drivers\*.sys /lockedfiles >[/color] [color=#A23BEC]< %SYSTEMDRIVE%\*. /rp /s >[/color] [color=#A23BEC]< %systemroot%\assembly\tmp\*.* /S /MD5 >[/color] [color=#A23BEC]< %systemroot%\assembly\temp\*.* /S /MD5 >[/color] [color=#A23BEC]< %systemroot%\assembly\GAC\*.ini >[/color] [color=#A23BEC]< %systemroot%\assembly\GAC_32\*.ini >[/color] [color=#A23BEC]< %systemroot%\assembly\GAC_64\*.ini >[/color] [color=#A23BEC]< %SystemRoot%\assembly\GAC_MSIL\*.ini >[/color] [color=#A23BEC]< wsSystemRoot|l,n,u,@;True;False;True;$,{ /fn >[/color] [color=#A23BEC]< %systemdrive%\$Recycle.Bin|@;true;true;true /fp >[/color] [color=#A23BEC]< HKEY_CLASSES_ROOT\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24} /s >[/color] "" = PSFactoryBuffer [HKEY_CLASSES_ROOT\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InProcServer32] "" = %systemroot%\system32\wbem\wbemsvc.dll -- [2009.07.14 03:16:17 | 000,047,616 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [color=#A23BEC]< HKEY_CLASSES_ROOT\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1} /s >[/color] [color=#A23BEC]< HKEY_CURRENT_USER\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} /s >[/color] [color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1} /s >[/color] [color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} /s >[/color] "" = MruPidlList [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.07.26 03:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8} /s >[/color] "" = Start Menu Pin "ImplementsVerbs" = startpin;startunpin [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.07.26 03:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24} /s >[/color] "" = PSFactoryBuffer [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InProcServer32] "" = %systemroot%\system32\wbem\wbemsvc.dll -- [2009.07.14 03:16:17 | 000,047,616 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [color=#A23BEC]< HKEY_CLASSES_ROOT\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F} /s >[/color] "" = Microsoft WBEM _WbemFetchRefresherMgr Proxy Helper [HKEY_CLASSES_ROOT\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [color=#A23BEC]< HKEY_CLASSES_ROOT\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9} /s >[/color] "" = ShellFolder for CD Burning [HKEY_CLASSES_ROOT\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.07.26 03:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_CLASSES_ROOT\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\MergedFolder] "Attributes" = 0x0 "AttributeMask" = 0xffffffff "Location" = @shell32.dll,-12591 -- [2013.07.26 03:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation) "ConflictOverlayIcon" = %SystemRoot%\system32\imageres.dll,-169 -- [2009.07.14 03:06:03 | 020,268,032 | ---- | M] (Microsoft Corporation) [color=#A23BEC]< HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9} /s >[/color] [color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F} /s >[/color] "" = Microsoft WBEM _WbemFetchRefresherMgr Proxy Helper [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [color=#A23BEC]< HKEY_CLASSES_ROOT\CLSID\{118BEDCC-A901-4203-B4F2-ADCB957D1887} /s >[/color] [color=#A23BEC]< HKEY_CLASSES_ROOT\CLSID\{312BED3C-A901-4203-B4F2-ADCB957D1887} /s >[/color] [color=#A23BEC]< HKEY_CLASSES_ROOT\CLSID\{F12BE2CC-A901-4203-B4F2-ADCB957D1887} /s >[/color] [color=#A23BEC]< HKEY_CLASSES_ROOT\CLSID\{312BFDCE-A901-4203-B4F2-ADCB957D1887} /s >[/color] [color=#A23BEC]< HKEY_CLASSES_ROOT\CLSID\{212B3DCC-A901-4203-B4F2-ADCB957D1887} /s >[/color] [color=#A23BEC]< HKEY_CLASSES_ROOT\CLSID\{A12BEDCC-A901-4203-B4F2-ADCB957D1887} /s >[/color] [color=#A23BEC]< HKEY_CLASSES_ROOT\CLSID\{118BEDCA-A901-4203-B4F2-ADCB957D188F} /s >[/color] [color=#A23BEC]< HKEY_CLASSES_ROOT\CLSID\{118BEDCA-A901-4203-B4F2-ADCB957D188B} /s >[/color] [color=#A23BEC]< HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers /s >[/color] [HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\FileSystem] "" = {217FC9C0-3AEA-1069-A2DB-08002B30309D} [HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\Sharing] "" = {40dd6e20-7c17-11ce-a804-00aa003ca9f6} [color=#A23BEC]< HKEY_CURRENT_USER\Software\Classes\Directory\shellex\CopyHookHandlers /s >[/color] [color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\CopyHookHandlers /s >[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\CopyHookHandlers\FileSystem] "" = {217FC9C0-3AEA-1069-A2DB-08002B30309D} [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\CopyHookHandlers\Sharing] "" = {40dd6e20-7c17-11ce-a804-00aa003ca9f6} [color=#A23BEC]< HKEY_CURRENT_USER\Software\MSOLoad /s >[/color] [color=#A23BEC]< type C:\WINDOWS\system.ini >> test.txt /c >[/color] No captured output from command... [color=#A23BEC]< bcdedit /enum all /v >C:\boot.txt /c >[/color] No captured output from command... [color=#A23BEC]< type c:\diskreport.txt /c >[/color] No captured output from command... No captured output from command... No captured output from command... [color=#A23BEC]< MD5 for: AFD.SYS >[/color] [2011.12.28 05:59:24 | 000,498,688 | ---- | M] (Microsoft Corporation) MD5=1C7857B62DE5994A75B054A9FD4C3825 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17752_none_35e10b89752ee0f5\afd.sys [2013.09.14 03:11:05 | 000,496,128 | ---- | M] (Microsoft Corporation) MD5=26EF7E0DF4EDCD898EB7A671529410B8 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.22457_none_366f8b668e482477\afd.sys [2013.09.14 03:10:19 | 000,497,152 | ---- | M] (Microsoft Corporation) MD5=314C17917AC8523EC77A710215012A65 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.18264_none_35d81beb75355772\afd.sys [2011.12.28 06:01:36 | 000,498,176 | ---- | M] (Microsoft Corporation) MD5=36A14FD1A23F57046361733B792CA8DB -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21887_none_364f3a028e605345\afd.sys [2013.09.28 03:14:56 | 000,496,128 | ---- | M] (Microsoft Corporation) MD5=50AB05903CBEF298D135A943D4432E3C -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.22467_none_3664bb7a8e504068\afd.sys [2013.09.28 03:09:10 | 000,497,152 | ---- | M] (Microsoft Corporation) MD5=79059559E89D06E8B80CE2944BE20228 -- C:\Windows\SysNative\drivers\afd.sys [2013.09.28 03:09:10 | 000,497,152 | ---- | M] (Microsoft Corporation) MD5=79059559E89D06E8B80CE2944BE20228 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.18272_none_35cb4b6b753f40b5\afd.sys [2010.11.21 05:24:08 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=D31DC7A16DEA4A9BAF179F3D6FBDB38C -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_360e4801750ca991\afd.sys [2012.03.25 05:57:37 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=D5B031C308A409A0A576BFF4CF083D30 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_3618198975057170\afd.sys [2012.03.25 05:57:37 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=F4AD06143EAC303F55D0E86C40802976 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_3695e61e8e2c13d4\afd.sys [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_552ea5111ec825a6\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.18231_none_3b457059383c66e6\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.22414_none_3be7afc0514717fa\atapi.sys [color=#A23BEC]< MD5 for: CNGAUDIT.DLL >[/color] [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll [color=#A23BEC]< MD5 for: CSC.SYS >[/color] [2010.11.21 05:24:41 | 000,514,560 | ---- | M] (Microsoft Corporation) MD5=54DA3DFD29ED9F1619B6F53F3CE55E49 -- C:\Windows\winsxs\amd64_microsoft-windows-offlinefiles-core_31bf3856ad364e35_6.1.7601.17514_none_fc6e4e567286d457\csc.sys [color=#A23BEC]< MD5 for: DFSC.SYS >[/color] [2010.11.21 05:24:32 | 000,102,400 | ---- | M] (Microsoft Corporation) MD5=9BB2EF44EAA163B29C4A4587887A0FE4 -- C:\Windows\SysNative\drivers\dfsc.sys [2010.11.21 05:24:32 | 000,102,400 | ---- | M] (Microsoft Corporation) MD5=9BB2EF44EAA163B29C4A4587887A0FE4 -- C:\Windows\winsxs\amd64_microsoft-windows-dfsclient_31bf3856ad364e35_6.1.7601.17514_none_e5c0334cfcbb6f1f\dfsc.sys [color=#A23BEC]< MD5 for: DISK.SYS >[/color] [2009.07.14 03:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\SysNative\drivers\disk.sys [2009.07.14 03:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\SysNative\DriverStore\FileRepository\disk.inf_amd64_neutral_10ce25bbc5a9cc43\disk.sys [2009.07.14 03:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\winsxs\amd64_disk.inf_31bf3856ad364e35_6.1.7600.16385_none_55bb738b8ddd8a01\disk.sys [color=#A23BEC]< MD5 for: EXPLORER.EXE >[/color] [2012.03.25 05:59:20 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2012.03.25 05:59:20 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2012.03.25 05:59:20 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2012.03.25 05:59:20 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010.11.21 05:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2012.03.25 05:59:20 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2012.03.25 05:59:20 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2010.11.21 05:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe [color=#A23BEC]< MD5 for: FASTFAT.SYS >[/color] [2009.07.14 01:23:29 | 000,204,800 | ---- | M] (Microsoft Corporation) MD5=0ADC83218B66A6DB380C330836F3E36D -- C:\Windows\SysNative\drivers\fastfat.sys [2009.07.14 01:23:29 | 000,204,800 | ---- | M] (Microsoft Corporation) MD5=0ADC83218B66A6DB380C330836F3E36D -- C:\Windows\winsxs\amd64_microsoft-windows-fat_31bf3856ad364e35_6.1.7600.16385_none_0aa81d2771152f86\fastfat.sys [color=#A23BEC]< MD5 for: I8042PRT.SYS >[/color] [2009.07.14 01:19:57 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=FA55C73D4AFFA7EE23AC4BE53B4592D3 -- C:\Windows\SysNative\drivers\i8042prt.sys [2009.07.14 01:19:57 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=FA55C73D4AFFA7EE23AC4BE53B4592D3 -- C:\Windows\SysNative\DriverStore\FileRepository\keyboard.inf_amd64_neutral_0684fdc43059f486\i8042prt.sys [2009.07.14 01:19:57 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=FA55C73D4AFFA7EE23AC4BE53B4592D3 -- C:\Windows\SysNative\DriverStore\FileRepository\msmouse.inf_amd64_neutral_7a5f47d3150cc0eb\i8042prt.sys [2009.07.14 01:19:57 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=FA55C73D4AFFA7EE23AC4BE53B4592D3 -- C:\Windows\winsxs\amd64_keyboard.inf_31bf3856ad364e35_6.1.7601.17514_none_f5747347ef9876bf\i8042prt.sys [2009.07.14 01:19:57 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=FA55C73D4AFFA7EE23AC4BE53B4592D3 -- C:\Windows\winsxs\amd64_msmouse.inf_31bf3856ad364e35_6.1.7600.16385_none_aa28fd23ec0c39f9\i8042prt.sys [color=#A23BEC]< MD5 for: IASTOR.SYS >[/color] [2012.02.02 02:06:58 | 000,470,808 | ---- | M] (Intel Corporation) MD5=76C3966183BD5382E14CEB6DF97D9709 -- C:\SWSetup\Drivers\RST\Drivers\x32\iaStor.sys [2012.02.02 02:06:58 | 000,470,808 | ---- | M] (Intel Corporation) MD5=76C3966183BD5382E14CEB6DF97D9709 -- C:\SWSetup\Drivers\RST\F6\x86\iaStor.sys [2012.02.02 02:16:40 | 000,568,600 | ---- | M] (Intel Corporation) MD5=D1753C06EE17E29352B065EACF3F10D0 -- C:\SWSetup\Drivers\RST\Drivers\x64\iaStor.sys [2012.02.02 02:16:40 | 000,568,600 | ---- | M] (Intel Corporation) MD5=D1753C06EE17E29352B065EACF3F10D0 -- C:\SWSetup\Drivers\RST\F6\x64\iaStor.sys [2012.02.02 02:16:40 | 000,568,600 | ---- | M] (Intel Corporation) MD5=D1753C06EE17E29352B065EACF3F10D0 -- C:\Windows\SysNative\drivers\iaStor.sys [2012.02.02 02:16:40 | 000,568,600 | ---- | M] (Intel Corporation) MD5=D1753C06EE17E29352B065EACF3F10D0 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_4b6764daf5ce9174\iaStor.sys [2012.02.02 02:16:40 | 000,568,600 | ---- | M] (Intel Corporation) MD5=D1753C06EE17E29352B065EACF3F10D0 -- C:\Windows\SysNative\DriverStore\FileRepository\iastor.inf_amd64_neutral_4ffa60c18b7e0989\iaStor.sys [color=#A23BEC]< MD5 for: KBDCLASS.SYS >[/color] [2009.07.14 03:48:04 | 000,050,768 | ---- | M] (Microsoft Corporation) MD5=BC02336F1CBA7DCC7D1213BB588A68A5 -- C:\Windows\SysNative\drivers\kbdclass.sys [2009.07.14 03:48:04 | 000,050,768 | ---- | M] (Microsoft Corporation) MD5=BC02336F1CBA7DCC7D1213BB588A68A5 -- C:\Windows\SysNative\DriverStore\FileRepository\keyboard.inf_amd64_neutral_0684fdc43059f486\kbdclass.sys [2009.07.14 03:48:04 | 000,050,768 | ---- | M] (Microsoft Corporation) MD5=BC02336F1CBA7DCC7D1213BB588A68A5 -- C:\Windows\winsxs\amd64_keyboard.inf_31bf3856ad364e35_6.1.7601.17514_none_f5747347ef9876bf\kbdclass.sys [color=#A23BEC]< MD5 for: KBDHID.SYS >[/color] [2010.11.21 05:23:47 | 000,033,280 | ---- | M] (Microsoft Corporation) MD5=0705EFF5B42A9DB58548EEC3B26BB484 -- C:\Windows\SysNative\drivers\kbdhid.sys [2010.11.21 05:23:47 | 000,033,280 | ---- | M] (Microsoft Corporation) MD5=0705EFF5B42A9DB58548EEC3B26BB484 -- C:\Windows\SysNative\DriverStore\FileRepository\keyboard.inf_amd64_neutral_0684fdc43059f486\kbdhid.sys [2010.11.21 05:23:47 | 000,033,280 | ---- | M] (Microsoft Corporation) MD5=0705EFF5B42A9DB58548EEC3B26BB484 -- C:\Windows\winsxs\amd64_keyboard.inf_31bf3856ad364e35_6.1.7601.17514_none_f5747347ef9876bf\kbdhid.sys [color=#A23BEC]< MD5 for: LSASS.EXE >[/color] [2009.07.14 03:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17514_none_04709031736ac277\lsass.exe [2012.03.25 06:05:40 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0A10B74FBB437FF9A23F1D5DE4446A83 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.21861_none_04c1204e8cb39c3f\lsass.exe [2013.09.25 03:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=4D71227301DD8D09097B9E4CC6527E5A -- C:\Windows\SysNative\lsass.exe [2013.09.25 03:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=4D71227301DD8D09097B9E4CC6527E5A -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18270_none_042b9307739f26ed\lsass.exe [2012.06.04 09:51:10 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=79C908CAA6F43021EB05F4C733A927D1 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22010_none_04f609a88c8c279c\lsass.exe [2012.03.25 06:05:40 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=C118A82CD78818C29AB228366EBF81C3 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17725_none_0466c45b7371f20d\lsass.exe [2012.03.25 06:05:40 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=C118A82CD78818C29AB228366EBF81C3 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17856_none_044756c773895c5e\lsass.exe [2013.09.25 03:08:17 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=F021DAFB1F87616FCEBA159C2ED7042F -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22465_none_04c503168cb026a0\lsass.exe [color=#A23BEC]< MD5 for: MOUCLASS.SYS >[/color] [2009.07.14 03:48:27 | 000,049,216 | ---- | M] (Microsoft Corporation) MD5=7D27EA49F3C1F687D357E77A470AEA99 -- C:\Windows\SysNative\drivers\mouclass.sys [2009.07.14 03:48:27 | 000,049,216 | ---- | M] (Microsoft Corporation) MD5=7D27EA49F3C1F687D357E77A470AEA99 -- C:\Windows\SysNative\DriverStore\FileRepository\msmouse.inf_amd64_neutral_7a5f47d3150cc0eb\mouclass.sys [2009.07.14 03:48:27 | 000,049,216 | ---- | M] (Microsoft Corporation) MD5=7D27EA49F3C1F687D357E77A470AEA99 -- C:\Windows\winsxs\amd64_msmouse.inf_31bf3856ad364e35_6.1.7600.16385_none_aa28fd23ec0c39f9\mouclass.sys [color=#A23BEC]< MD5 for: MOUHID.SYS >[/color] [2009.07.14 02:00:20 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=D3BF052C40B0C4166D9FD86A4288C1E6 -- C:\Windows\SysNative\drivers\mouhid.sys [2009.07.14 02:00:20 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=D3BF052C40B0C4166D9FD86A4288C1E6 -- C:\Windows\SysNative\DriverStore\FileRepository\msmouse.inf_amd64_neutral_7a5f47d3150cc0eb\mouhid.sys [2009.07.14 02:00:20 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=D3BF052C40B0C4166D9FD86A4288C1E6 -- C:\Windows\winsxs\amd64_msmouse.inf_31bf3856ad364e35_6.1.7600.16385_none_aa28fd23ec0c39f9\mouhid.sys [color=#A23BEC]< MD5 for: NETBT.SYS >[/color] [2010.11.21 05:23:51 | 000,261,632 | ---- | M] (Microsoft Corporation) MD5=09594D1089C523423B32A4229263F068 -- C:\Windows\SysNative\drivers\netbt.sys [2010.11.21 05:23:51 | 000,261,632 | ---- | M] (Microsoft Corporation) MD5=09594D1089C523423B32A4229263F068 -- C:\Windows\winsxs\amd64_microsoft-windows-netbt_31bf3856ad364e35_6.1.7601.17514_none_be8acdd10de3b1a6\netbt.sys [color=#A23BEC]< MD5 for: NETLOGON.DLL >[/color] [2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll [color=#A23BEC]< MD5 for: SCECLI.DLL >[/color] [2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll [color=#A23BEC]< MD5 for: SERIAL.SYS >[/color] [2009.07.14 02:00:40 | 000,094,208 | ---- | M] (Microsoft Corporation) MD5=C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 -- C:\Windows\SysNative\drivers\serial.sys [2009.07.14 02:00:40 | 000,094,208 | ---- | M] (Microsoft Corporation) MD5=C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 -- C:\Windows\SysNative\DriverStore\FileRepository\msports.inf_amd64_neutral_fdcfb86ce78678d1\serial.sys [2009.07.14 02:00:40 | 000,094,208 | ---- | M] (Microsoft Corporation) MD5=C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 -- C:\Windows\winsxs\amd64_msports.inf_31bf3856ad364e35_6.1.7600.16385_none_548ca258d20f4ada\serial.sys [color=#A23BEC]< MD5 for: SERVICES.EXE >[/color] [2009.07.14 03:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe [2009.07.14 03:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe [color=#A23BEC]< MD5 for: SPLDR.SYS >[/color] [2009.07.14 03:45:55 | 000,019,008 | ---- | M] (Microsoft Corporation) MD5=B9E31E5CACDFE584F34F730A677803F9 -- C:\Windows\SysNative\drivers\spldr.sys [2009.07.14 03:45:55 | 000,019,008 | ---- | M] (Microsoft Corporation) MD5=B9E31E5CACDFE584F34F730A677803F9 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59\spldr.sys [color=#A23BEC]< MD5 for: SVCHOST.EXE >[/color] [2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe [2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe [2013.04.04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe [2009.07.14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe [2009.07.14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe [color=#A23BEC]< MD5 for: TCPIP.SYS >[/color] [2012.10.03 19:56:54 | 001,914,248 | ---- | M] (Microsoft Corporation) MD5=37608401DFDB388CAF66917F6B2D6FB0 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17964_none_110e0fbd7d2e4b88\tcpip.sys [2012.03.25 06:06:44 | 001,912,176 | ---- | M] (Microsoft Corporation) MD5=3810F06A4D74A7D62641EE73D6B3C660 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21828_none_11c6e9949627e69c\tcpip.sys [2013.09.08 04:30:37 | 001,903,552 | ---- | M] (Microsoft Corporation) MD5=40AF23633D197905F03AB5628C558C51 -- C:\Windows\SysNative\drivers\tcpip.sys [2013.09.08 04:30:37 | 001,903,552 | ---- | M] (Microsoft Corporation) MD5=40AF23633D197905F03AB5628C558C51 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18254_none_1118bb977d265d27\tcpip.sys [2010.11.21 05:24:08 | 001,924,480 | ---- | M] (Microsoft Corporation) MD5=509383E505C973ED7534A06B3D19688D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_114417c17d05cb37\tcpip.sys [2013.09.07 04:27:48 | 001,896,896 | ---- | M] (Microsoft Corporation) MD5=75F9106B74585D38C8FF6BB5CAD262D7 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22444_none_11ad2a34963bde27\tcpip.sys [2012.08.22 20:06:13 | 001,901,936 | ---- | M] (Microsoft Corporation) MD5=7880A26B7D3B96FDA8EFD9F985036B1D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22097_none_117a13de9661c145\tcpip.sys [2012.03.30 12:26:36 | 001,901,424 | ---- | M] (Microsoft Corporation) MD5=885B202006EE17AE99B9FBCEC9AF88C9 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21954_none_11a27a8e9643d23a\tcpip.sys [2012.03.25 05:57:37 | 001,923,968 | ---- | M] (Microsoft Corporation) MD5=92CE29D95AC9DD2D0EE9061D551BA250 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_114de9497cfe9316\tcpip.sys [2012.03.25 06:04:15 | 001,914,752 | ---- | M] (Microsoft Corporation) MD5=A0EB71E0DC047C7CC95CD6AB4036296E -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21754_none_11a276c29643d7ec\tcpip.sys [2012.03.30 13:35:47 | 001,918,320 | ---- | M] (Microsoft Corporation) MD5=ACB82BDA8F46C84F465C1AFA517DC4B9 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17802_none_114ceccb7cff740d\tcpip.sys [2013.07.06 07:20:38 | 001,900,992 | ---- | M] (Microsoft Corporation) MD5=B27F13153343BC37A27EAE01634D94E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22378_none_1190b9b296509a2f\tcpip.sys [2013.01.03 08:00:54 | 001,913,192 | ---- | M] (Microsoft Corporation) MD5=B62A953F2BF3922C8764A29C34A22899 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18042_none_112187237d20143a\tcpip.sys [2012.03.25 05:57:37 | 001,927,552 | ---- | M] (Microsoft Corporation) MD5=B77977AEB2FF159D01DB08A309989C5F -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_11cbb5de9625357a\tcpip.sys [2013.01.04 07:47:43 | 001,901,416 | ---- | M] (Microsoft Corporation) MD5=B8C1AAC0523E1C33AEB0EF7572144BA2 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22209_none_11dd678a9616f2c8\tcpip.sys [2012.03.25 05:59:26 | 001,927,552 | ---- | M] (Microsoft Corporation) MD5=CB6A53EF141CC3DA32DA54F7E75D301B -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21687_none_118505f696597a9d\tcpip.sys [2012.10.03 19:44:29 | 001,902,472 | ---- | M] (Microsoft Corporation) MD5=D5707FC2300AA5B04B7BFE86D40C0133 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22124_none_11c2c45a962baed0\tcpip.sys [2013.07.06 08:03:53 | 001,910,208 | ---- | M] (Microsoft Corporation) MD5=DB74544B75566C974815E79A62433F29 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18203_none_114dcae97cfeb81b\tcpip.sys [2012.03.25 05:59:26 | 001,924,480 | ---- | M] (Microsoft Corporation) MD5=DC08410DB2D0CC542DACAC7A90E6CB7A -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17582_none_10f667b97d405c20\tcpip.sys [2012.03.25 06:04:15 | 001,923,968 | ---- | M] (Microsoft Corporation) MD5=F0E98C00A09FDF791525829A1D14240F -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17638_none_11327af77d12659c\tcpip.sys [2013.11.26 13:34:34 | 001,897,408 | ---- | M] (Microsoft Corporation) MD5=F55B41AA6114568AC558ADBABDA85620 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22525_none_11c3cc3c962abcc3\tcpip.sys [2012.08.22 20:12:50 | 001,913,200 | ---- | M] (Microsoft Corporation) MD5=F782CAD3CEDBB3F9FFE3BF2775D92DDC -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17939_none_113380f37d117668\tcpip.sys [2012.03.25 06:06:44 | 001,923,952 | ---- | M] (Microsoft Corporation) MD5=FC62769E7BFF2896035AEED399108162 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17697_none_10f09b257d43f3eb\tcpip.sys [color=#A23BEC]< MD5 for: USERINIT.EXE >[/color] [2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe [color=#A23BEC]< MD5 for: VOLSNAP.SYS >[/color] [2010.11.21 05:23:47 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\SysNative\DriverStore\FileRepository\volume.inf_amd64_neutral_df8bea40ac96ca21\volsnap.sys [2010.11.21 05:23:47 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7601.17514_none_73dcbcf012b4850e\volsnap.sys [2012.03.25 05:57:50 | 000,296,320 | ---- | M] (Microsoft Corporation) MD5=879CE6AEA3FE874AD4C500B6B6198EB0 -- C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7601.21668_none_74344b472bf715e9\volsnap.sys [2012.03.25 05:57:50 | 000,296,320 | ---- | M] (Microsoft Corporation) MD5=DF8126BD41180351A093A3AD2FC8903B -- C:\Windows\SysNative\drivers\volsnap.sys [2012.03.25 05:57:50 | 000,296,320 | ---- | M] (Microsoft Corporation) MD5=DF8126BD41180351A093A3AD2FC8903B -- C:\Windows\SysNative\DriverStore\FileRepository\volume.inf_amd64_neutral_e7c4cd5b40e03494\volsnap.sys [2012.03.25 05:57:50 | 000,296,320 | ---- | M] (Microsoft Corporation) MD5=DF8126BD41180351A093A3AD2FC8903B -- C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7601.17567_none_73a9ae3212da5cc8\volsnap.sys [color=#A23BEC]< MD5 for: WININIT.EXE >[/color] [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2013.04.04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [color=#E56717]========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========[/color] [C:\Documents and Settings] -> C:\Users -> Junction [C:\ProgramData\Application Data] -> C:\ProgramData -> Junction [C:\ProgramData\Desktop] -> C:\Users\Public\Desktop -> Junction [C:\ProgramData\Documents] -> C:\Users\Public\Documents -> Junction [C:\ProgramData\Favorites] -> C:\Users\Public\Favorites -> Junction [C:\ProgramData\Start Menu] -> C:\ProgramData\Microsoft\Windows\Start Menu -> Junction [C:\ProgramData\Templates] -> C:\ProgramData\Microsoft\Windows\Templates -> Junction [C:\Users\All Users\Application Data] -> C:\ProgramData -> Junction [C:\Users\All Users\Desktop] -> C:\Users\Public\Desktop -> Junction [C:\Users\All Users\Documents] -> C:\Users\Public\Documents -> Junction [C:\Users\All Users\Favorites] -> C:\Users\Public\Favorites -> Junction [C:\Users\All Users\Start Menu] -> C:\ProgramData\Microsoft\Windows\Start Menu -> Junction [C:\Users\All Users\Templates] -> C:\ProgramData\Microsoft\Windows\Templates -> Junction [C:\Users\All Users] -> -> Unknown point type [C:\Users\Default User] -> C:\Users\Default -> Junction [C:\Users\Default\AppData\Local\Application Data] -> C:\Users\Default\AppData\Local -> Junction [C:\Users\Default\AppData\Local\History] -> C:\Users\Default\AppData\Local\Microsoft\Windows\History -> Junction [C:\Users\Default\AppData\Local\Temporary Internet Files] -> C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction [C:\Users\Default\Application Data] -> C:\Users\Default\AppData\Roaming -> Junction [C:\Users\Default\Cookies] -> C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies -> Junction [C:\Users\Default\Documents\My Music] -> C:\Users\Default\Music -> Junction [C:\Users\Default\Documents\My Pictures] -> C:\Users\Default\Pictures -> Junction [C:\Users\Default\Documents\My Videos] -> C:\Users\Default\Videos -> Junction [C:\Users\Default\Local Settings] -> C:\Users\Default\AppData\Local -> Junction [C:\Users\Default\My Documents] -> C:\Users\Default\Documents -> Junction [C:\Users\Default\NetHood] -> C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction [C:\Users\Default\PrintHood] -> C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction [C:\Users\Default\Recent] -> C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent -> Junction [C:\Users\Default\SendTo] -> C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo -> Junction [C:\Users\Default\Start Menu] -> C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction [C:\Users\Default\Templates] -> C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates -> Junction [C:\Users\Public\Documents\My Music] -> C:\Users\Public\Music -> Junction [C:\Users\Public\Documents\My Pictures] -> C:\Users\Public\Pictures -> Junction [C:\Users\Public\Documents\My Videos] -> C:\Users\Public\Videos -> Junction [C:\Users\Rugilė\AppData\Local\Application Data] -> C:\Users\Rugilė\AppData\Local -> Junction [C:\Users\Rugilė\AppData\Local\History] -> C:\Users\Rugilė\AppData\Local\Microsoft\Windows\History -> Junction [C:\Users\Rugilė\AppData\Local\Temporary Internet Files] -> C:\Users\Rugilė\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction [C:\Users\Rugilė\Application Data] -> C:\Users\Rugilė\AppData\Roaming -> Junction [C:\Users\Rugilė\Cookies] -> C:\Users\Rugilė\AppData\Roaming\Microsoft\Windows\Cookies -> Junction [C:\Users\Rugilė\Documents\My Music] -> C:\Users\Rugilė\Music -> Junction [C:\Users\Rugilė\Documents\My Pictures] -> C:\Users\Rugilė\Pictures -> Junction [C:\Users\Rugilė\Documents\My Videos] -> C:\Users\Rugilė\Videos -> Junction [C:\Users\Rugilė\Local Settings] -> C:\Users\Rugilė\AppData\Local -> Junction [C:\Users\Rugilė\My Documents] -> C:\Users\Rugilė\Documents -> Junction [C:\Users\Rugilė\NetHood] -> C:\Users\Rugilė\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction [C:\Users\Rugilė\PrintHood] -> C:\Users\Rugilė\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction [C:\Users\Rugilė\Recent] -> C:\Users\Rugilė\AppData\Roaming\Microsoft\Windows\Recent -> Junction [C:\Users\Rugilė\SendTo] -> C:\Users\Rugilė\AppData\Roaming\Microsoft\Windows\SendTo -> Junction [C:\Users\Rugilė\Start Menu] -> C:\Users\Rugilė\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction [C:\Users\Rugilė\Templates] -> C:\Users\Rugilė\AppData\Roaming\Microsoft\Windows\Templates -> Junction < End of report >