OTL logfile created on: 23/11/2012 16:55:15 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Windows\SysWOW64\config\systemprofile\Desktop 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 1.99 Gb Total Physical Memory | 1.52 Gb Available Physical Memory | 76.16% Memory free 4.27 Gb Paging File | 3.83 Gb Available in Paging File | 89.58% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 148.95 Gb Total Space | 133.03 Gb Free Space | 89.31% Space Free | Partition Type: NTFS Computer Name: SPIRITUALITY-PC | User Name: spirituality | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2012/11/23 16:53:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Windows\SysWOW64\config\systemprofile\Desktop\OTL.exe PRC - [2012/11/20 06:17:32 | 000,916,960 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2012/11/20 06:17:34 | 002,400,224 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - [2009/07/14 01:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:[b]64bit:[/b] - [2009/07/14 01:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012/11/21 12:24:51 | 000,711,112 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe -- (vToolbarUpdater13.2.0) SRV - [2012/11/20 06:17:34 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/11/06 19:00:04 | 005,814,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent) SRV - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd) SRV - [2012/08/26 11:14:37 | 000,036,640 | ---- | M] (Panda Security, S.L.) [Auto | Stopped] -- C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAService.exe -- (PSUAService) SRV - [2012/08/26 10:41:30 | 000,140,064 | ---- | M] (Panda Security, S.L.) [Auto | Stopped] -- C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe -- (NanoServiceMain) SRV - [2012/08/23 11:31:24 | 002,148,216 | ---- | M] (AVG) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc) SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - [2012/11/21 12:24:51 | 000,030,568 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp) DRV:[b]64bit:[/b] - [2012/10/22 13:02:44 | 000,154,464 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver) DRV:[b]64bit:[/b] - [2012/10/15 03:48:50 | 000,063,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA) DRV:[b]64bit:[/b] - [2012/10/05 03:32:50 | 000,111,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64) DRV:[b]64bit:[/b] - [2012/10/02 03:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64) DRV:[b]64bit:[/b] - [2012/09/21 03:46:04 | 000,200,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia) DRV:[b]64bit:[/b] - [2012/09/21 03:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga) DRV:[b]64bit:[/b] - [2012/09/14 03:05:18 | 000,040,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64) DRV:[b]64bit:[/b] - [2012/08/26 10:46:07 | 000,130,088 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\PSINProt.sys -- (PSINProt) DRV:[b]64bit:[/b] - [2012/08/26 10:46:07 | 000,124,456 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\PSINProc.sys -- (PSINProc) DRV:[b]64bit:[/b] - [2012/08/26 10:46:06 | 000,205,352 | ---- | M] (Panda Security, S.L.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\PSINKNC.sys -- (PSINKNC) DRV:[b]64bit:[/b] - [2012/08/26 10:46:06 | 000,168,488 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\PSINAflt.sys -- (PSINAflt) DRV:[b]64bit:[/b] - [2012/08/26 10:46:06 | 000,120,872 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\PSINFile.sys -- (PSINFile) DRV:[b]64bit:[/b] - [2012/07/12 11:18:56 | 000,219,688 | ---- | M] (Panda Security, S.L.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\NNSStrm.sys -- (NNSSTRM) DRV:[b]64bit:[/b] - [2012/06/27 15:51:24 | 000,105,000 | ---- | M] (Panda Security, S.L.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\NNStlsc.sys -- (NNSTLSC) DRV:[b]64bit:[/b] - [2012/06/27 15:51:23 | 000,112,680 | ---- | M] (Panda Security, S.L.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\NNSSmtp.sys -- (NNSSMTP) DRV:[b]64bit:[/b] - [2012/06/27 15:51:23 | 000,109,096 | ---- | M] (Panda Security, S.L.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\NNSPrv.sys -- (NNSPRV) DRV:[b]64bit:[/b] - [2012/06/27 15:51:22 | 000,304,680 | ---- | M] (Panda Security, S.L.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\NNSProt.sys -- (NNSPROT) DRV:[b]64bit:[/b] - [2012/06/27 15:51:22 | 000,116,776 | ---- | M] (Panda Security, S.L.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\NNSPop3.sys -- (NNSPOP3) DRV:[b]64bit:[/b] - [2012/06/27 15:51:22 | 000,068,648 | ---- | M] (Panda Security, S.L.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\NNSPihsw.sys -- (NNSPIHSW) DRV:[b]64bit:[/b] - [2012/06/27 15:51:21 | 000,093,224 | ---- | M] (Panda Security, S.L.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\NNSpicc.sys -- (NNSPICC) DRV:[b]64bit:[/b] - [2012/06/27 15:51:21 | 000,033,320 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NNSNAHSL.sys -- (NNSNAHSL) DRV:[b]64bit:[/b] - [2012/06/27 15:51:20 | 000,113,192 | ---- | M] (Panda Security, S.L.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\NNSIds.sys -- (NNSIDS) DRV:[b]64bit:[/b] - [2012/06/27 15:51:19 | 000,116,776 | ---- | M] (Panda Security, S.L.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\NNSHttp.sys -- (NNSHTTP) DRV:[b]64bit:[/b] - [2012/06/27 15:51:19 | 000,089,128 | ---- | M] (Panda Security, S.L.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\NNSAlpc.sys -- (NNSALPC) DRV:[b]64bit:[/b] - [2011/03/10 18:05:04 | 000,057,928 | ---- | M] (Panda Security) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PSKMAD.sys -- (PSKMAD) DRV:[b]64bit:[/b] - [2009/07/14 01:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:[b]64bit:[/b] - [2009/07/14 01:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:[b]64bit:[/b] - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:[b]64bit:[/b] - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:[b]64bit:[/b] - [2009/07/14 01:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:[b]64bit:[/b] - [2009/07/14 01:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:[b]64bit:[/b] - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:[b]64bit:[/b] - [2009/07/13 23:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:[b]64bit:[/b] - [2009/06/30 10:37:16 | 000,033,800 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Stopped] -- C:\Windows\SysNative\drivers\pavboot64.sys -- (pavboot) DRV:[b]64bit:[/b] - [2009/06/10 21:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92) DRV:[b]64bit:[/b] - [2009/06/10 21:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac) DRV:[b]64bit:[/b] - [2009/06/10 21:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA) DRV:[b]64bit:[/b] - [2009/06/10 20:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:[b]64bit:[/b] - [2009/06/10 20:35:38 | 000,707,072 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr7364.sys -- (netr7364) DRV:[b]64bit:[/b] - [2009/06/10 20:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) DRV:[b]64bit:[/b] - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:[b]64bit:[/b] - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:[b]64bit:[/b] - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:[b]64bit:[/b] - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2012/07/04 15:26:12 | 000,011,880 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv) DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-635847260-497286889-30479053-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve IE - HKU\S-1-5-21-635847260-497286889-30479053-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://pandasecurity.mystart.com/?source=5b97eeb3&tbp=homepage&toolbarid=pandasecuritytb&v=4_0&u=BF466520AAF3CC06EFFCE050ABB19637 IE - HKU\S-1-5-21-635847260-497286889-30479053-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp IE - HKU\S-1-5-21-635847260-497286889-30479053-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb IE - HKU\S-1-5-21-635847260-497286889-30479053-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BD 94 95 E8 DB C5 CD 01 [binary data] IE - HKU\S-1-5-21-635847260-497286889-30479053-1000\..\URLSearchHook: {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll () IE - HKU\S-1-5-21-635847260-497286889-30479053-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233} IE - HKU\S-1-5-21-635847260-497286889-30479053-1000\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://pandasecurityr.mystart.com/?source=5b97eeb3&v=4_0&tbp=rbox&toolbarid=pandasecuritytb&u=BF466520AAF3CC06EFFCE050ABB19637&q={searchTerms} IE - HKU\S-1-5-21-635847260-497286889-30479053-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={442F7931-AC23-41D6-8C68-372217A469F2}&mid=f0ff562f65cd47d0a523d15262414256-5a46015123d3cca9d1ad240c9e6be1dc01d37a07&lang=en&ds=AVG&pr=pr&d=2012-11-21 12:25:15&v=13.2.0.4&sap=dsp&q={searchTerms} IE - HKU\S-1-5-21-635847260-497286889-30479053-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search" FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search" FF - prefs.js..extensions.enabledAddons: avg%40toolbar:13.2.0.4 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0 FF - prefs.js..keyword.URL: "http://isearch.avg.com/search?cid={442F7931-AC23-41D6-8C68-372217A469F2}&mid=f0ff562f65cd47d0a523d15262414256-5a46015123d3cca9d1ad240c9e6be1dc01d37a07&lang=en&ds=AVG&pr=pr&d=2012-11-21 12:25:15&v=13.2.0.4&sap=ku&q=" FF - user.js - File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll () FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll () FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files (x86)\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\13.2.0.4 [2012/11/21 12:25:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/11/21 00:58:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/11/21 00:58:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\spirituality\AppData\Roaming\Mozilla\Extensions [2012/11/21 00:58:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012/11/21 12:25:26 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\FIREFOXEXT\13.2.0.4 [2012/11/20 06:17:52 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012/11/21 12:25:04 | 000,003,544 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml [2012/11/20 06:17:14 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/11/20 06:17:14 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml [color=#E56717]========== Chrome ==========[/color] CHR - homepage: http://pandasecurity.mystart.com/?source=5b97eeb3&tbp=homepage&toolbarid=pandasecuritytb&v=4_0&u=BF466520AAF3CC06EFFCE050ABB19637 CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}, CHR - homepage: http://pandasecurity.mystart.com/?source=5b97eeb3&tbp=homepage&toolbarid=pandasecuritytb&v=4_0&u=BF466520AAF3CC06EFFCE050ABB19637 CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\pdf.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll CHR - plugin: Error reading preferences file CHR - Extension: Google Drive = C:\Users\spirituality\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\ CHR - Extension: Open IT Online Lite = C:\Users\spirituality\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdbiclcffkhfaodpieaamcfcandaggeb\1.3_0\ CHR - Extension: YouTube = C:\Users\spirituality\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google Search = C:\Users\spirituality\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: MagicScroll eBook Reader = C:\Users\spirituality\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgnmgfdoiplfmhgghbmlphanpfmjble\3.0_0\ CHR - Extension: avast! WebRep = C:\Users\spirituality\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\ CHR - Extension: Kobo Instant Reader = C:\Users\spirituality\AppData\Local\Google\Chrome\User Data\Default\Extensions\jknhjclcchfapglhbceedkoldnkmmhcc\0.9.5_0\ CHR - Extension: Smart QrCode Generator = C:\Users\spirituality\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfnbjbobhhoaekejilcmdkfomkndikho\1.7_0\ CHR - Extension: Docs PDF/PowerPoint Viewer (by Google) = C:\Users\spirituality\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbmlagghjjcbdhgmkedmbmedengocbn\3.10_0\ CHR - Extension: dotEPUB = C:\Users\spirituality\AppData\Local\Google\Chrome\User Data\Default\Extensions\okpfiebkkmjcnodegbbbiellepfhoglm\1.0.0_0\ CHR - Extension: Gmail = C:\Users\spirituality\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009/06/10 21:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.4\AVG Secure Search_toolbar.dll () O2 - BHO: (Panda Security Toolbar) - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll () O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.4\AVG Secure Search_toolbar.dll () O3 - HKLM\..\Toolbar: (Panda Security Toolbar) - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll () O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [yorkyt.exe] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-635847260-497286889-30479053-1000..\RunOnce: [panda4_0dn] reg.exe delete "HKCU\Software\AppDataLow\Software\panda4_0dn" /f File not found O4 - HKU\S-1-5-21-635847260-497286889-30479053-1000..\RunOnce: [panda4_0dn_XP] reg.exe delete "HKCU\Software\panda4_0dn" /f File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\S-1-5-21-635847260-497286889-30479053-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-635847260-497286889-30479053-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInplaceSharing = 1 O13[b]64bit:[/b] - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A746095A-82DE-4512-8B34-EF60C60AB9A4}: DhcpNameServer = 192.168.1.254 192.168.1.254 O18:[b]64bit:[/b] - Protocol\Handler\viprotocol - No CLSID value found O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll () O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - File not found O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) NetSvcs:[b]64bit:[/b] AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) CREATERESTOREPOINT Unable to start System Restore Service. Error code 1084 [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012/11/23 16:35:31 | 000,000,000 | R--D | C] -- C:\Windows\system32\config\systemprofile\Desktop [2012/11/23 16:34:30 | 000,000,000 | R--D | C] -- C:\Windows\system32\config\systemprofile\Favorites [2012/11/23 11:39:09 | 000,000,000 | ---D | C] -- C:\Users\spirituality\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Window Registry Repair [2012/11/23 11:39:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Window Registry Repair [2012/11/23 10:58:11 | 000,000,000 | ---D | C] -- C:\Windows\pss [2012/11/21 13:46:48 | 000,000,000 | ---D | C] -- C:\Users\spirituality\AppData\Roaming\Macromedia [2012/11/21 13:46:48 | 000,000,000 | ---D | C] -- C:\Users\spirituality\AppData\Local\Macromedia [2012/11/21 13:46:48 | 000,000,000 | ---D | C] -- C:\Users\spirituality\AppData\Roaming\Adobe [2012/11/21 13:37:26 | 000,697,272 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012/11/21 13:37:26 | 000,073,656 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012/11/21 13:37:25 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed [2012/11/21 13:37:23 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed [2012/11/21 12:59:02 | 000,057,928 | ---- | C] (Panda Security) -- C:\Windows\SysNative\drivers\PSKMAD.sys [2012/11/21 12:47:10 | 000,000,000 | ---D | C] -- C:\Users\spirituality\AppData\Roaming\AVG2013 [2012/11/21 12:25:45 | 000,000,000 | ---D | C] -- C:\Users\spirituality\AppData\Local\AVG Secure Search [2012/11/21 12:25:37 | 000,000,000 | ---D | C] -- C:\Users\spirituality\AppData\Roaming\TuneUp Software [2012/11/21 12:25:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG [2012/11/21 12:25:26 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search [2012/11/21 12:25:12 | 000,030,568 | ---- | C] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys [2012/11/21 12:25:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search [2012/11/21 12:25:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search [2012/11/21 12:21:55 | 000,000,000 | -H-D | C] -- C:\$AVG [2012/11/21 12:21:55 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013 [2012/11/21 11:59:28 | 000,035,192 | ---- | C] (AVG) -- C:\Windows\SysNative\TURegOpt.exe [2012/11/21 11:59:27 | 000,026,488 | ---- | C] (AVG) -- C:\Windows\SysNative\authuitu.dll [2012/11/21 11:59:27 | 000,021,880 | ---- | C] (AVG) -- C:\Windows\SysWow64\authuitu.dll [2012/11/21 11:59:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp [2012/11/21 11:59:05 | 000,000,000 | ---D | C] -- C:\Users\spirituality\AppData\Roaming\AVG [2012/11/21 11:59:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG [2012/11/21 11:58:48 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG [2012/11/21 10:07:49 | 000,000,000 | ---D | C] -- C:\Users\spirituality\AppData\Local\MFAData [2012/11/21 10:07:49 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData [2012/11/21 10:07:49 | 000,000,000 | ---D | C] -- C:\Users\spirituality\AppData\Local\Avg2013 [2012/11/21 08:37:11 | 000,000,000 | -HSD | C] -- C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F} [2012/11/21 08:37:11 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2012/11/21 07:40:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileASSASSIN [2012/11/21 07:40:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileASSASSIN [2012/11/21 00:58:29 | 000,000,000 | ---D | C] -- C:\Users\spirituality\AppData\Roaming\Mozilla [2012/11/21 00:58:29 | 000,000,000 | ---D | C] -- C:\Users\spirituality\AppData\Local\Mozilla [2012/11/21 00:58:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2012/11/21 00:58:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2012/11/21 00:58:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012/11/20 23:50:06 | 000,000,000 | ---D | C] -- C:\Program Files\Bitdefender [2012/11/20 21:24:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bitdefender [2012/11/20 17:38:28 | 000,999,496 | ---- | C] (Solid State Networks) -- C:\Users\spirituality\Desktop\install_flashplayer11x32ax_gtba_chra_dy_aih.exe [2012/11/20 00:41:18 | 000,000,000 | ---D | C] -- C:\Users\spirituality\AppData\Local\panda4_0dn [2012/11/20 00:40:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\pandasecuritytb [2012/11/19 08:59:44 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2012/11/19 01:37:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security [2012/11/19 01:36:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda USB Vaccine [2012/11/19 01:33:08 | 000,848,856 | ---- | C] (Panda Security ) -- C:\Users\spirituality\Desktop\USBVaccineSetup.exe [2012/11/19 00:17:16 | 000,000,000 | ---D | C] -- C:\Users\spirituality\Desktop\Nov 19 2012 [2012/11/19 00:05:22 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll [2012/11/19 00:05:21 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll [2012/11/19 00:01:36 | 000,000,000 | R--D | C] -- C:\Users\spirituality\Saved Games\Documents\Scanned Documents [2012/11/19 00:01:34 | 000,000,000 | ---D | C] -- C:\Users\spirituality\Saved Games\Documents\Fax [2012/11/18 23:59:23 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe [2012/11/18 23:59:23 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll [2012/11/18 23:59:21 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll [2012/11/18 23:58:48 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll [2012/11/18 23:58:47 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll [2012/11/18 23:58:46 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll [2012/11/18 23:58:00 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll [2012/11/18 23:57:57 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe [2012/11/18 22:44:04 | 000,000,000 | ---D | C] -- C:\Users\spirituality\AppData\Roaming\Panda Security [2012/11/18 22:43:08 | 000,000,000 | ---D | C] -- C:\ProgramData\blekko toolbars [2012/11/18 22:43:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security URL Filtering [2012/11/18 22:42:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Toolbar Cleaner [2012/11/18 22:42:44 | 000,000,000 | ---D | C] -- C:\Users\spirituality\AppData\Roaming\blekko [2012/11/18 22:40:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Cloud Antivirus [2012/11/18 22:40:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security [2012/11/18 22:31:04 | 000,033,800 | ---- | C] (Panda Security, S.L.) -- C:\Windows\SysNative\drivers\pavboot64.sys [2012/11/18 22:30:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda Security [2012/11/18 21:48:29 | 008,994,112 | ---- | C] (Glarysoft Ltd ) -- C:\Users\spirituality\Desktop\gusetup.exe [2012/11/13 14:47:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype [2012/11/12 04:46:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\InstallShield Installation Information [2012/11/11 18:40:44 | 000,000,000 | ---D | C] -- C:\Users\spirituality\AppData\Local\Diagnostics [2012/11/11 13:16:12 | 000,000,000 | ---D | C] -- C:\Users\spirituality\AppData\Local\Deployment [2012/11/11 13:16:12 | 000,000,000 | ---D | C] -- C:\Users\spirituality\AppData\Local\Apps [2012/11/11 12:34:45 | 000,000,000 | ---D | C] -- C:\Users\spirituality\AppData\Roaming\Malwarebytes [2012/11/11 12:34:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/11/11 08:34:51 | 000,000,000 | ---D | C] -- C:\Windows\Panther [2012/11/11 06:40:11 | 000,000,000 | ---D | C] -- C:\Users\spirituality\AppData\Local\ElevatedDiagnostics [2012/11/11 02:09:44 | 000,000,000 | ---D | C] -- C:\Users\spirituality\AppData\Local\Google [2012/11/11 02:09:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google [2012/11/11 02:09:32 | 000,285,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe [2012/11/11 02:09:01 | 000,000,000 | -HSD | C] -- C:\Windows\Installer [2012/11/11 02:08:37 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software [2012/11/11 02:08:37 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software [2012/11/11 00:48:43 | 000,000,000 | R--D | C] -- C:\Users\spirituality\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2012/11/11 00:48:43 | 000,000,000 | R--D | C] -- C:\Users\spirituality\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2012/11/11 00:48:34 | 000,000,000 | ---D | C] -- C:\Users\spirituality\AppData\Roaming\Identities [2012/11/11 00:48:31 | 000,000,000 | ---D | C] -- C:\Users\spirituality\AppData\Local\VirtualStore [2012/11/11 00:48:27 | 000,000,000 | --SD | C] -- C:\Users\spirituality\AppData\Roaming\Microsoft [2012/11/11 00:48:27 | 000,000,000 | R--D | C] -- C:\Users\spirituality\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2012/11/11 00:48:27 | 000,000,000 | R--D | C] -- C:\Users\spirituality\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2012/11/11 00:48:27 | 000,000,000 | -HSD | C] -- C:\Users\spirituality\AppData\Local\Temporary Internet Files [2012/11/11 00:48:27 | 000,000,000 | -HSD | C] -- C:\Users\spirituality\Saved Games\Documents\My Videos [2012/11/11 00:48:27 | 000,000,000 | -HSD | C] -- C:\Users\spirituality\Saved Games\Documents\My Pictures [2012/11/11 00:48:27 | 000,000,000 | -HSD | C] -- C:\Users\spirituality\Saved Games\Documents\My Music [2012/11/11 00:48:27 | 000,000,000 | -HSD | C] -- C:\Users\spirituality\AppData\Local\History [2012/11/11 00:48:27 | 000,000,000 | -HSD | C] -- C:\Users\spirituality\AppData\Local\Application Data [2012/11/11 00:48:27 | 000,000,000 | ---D | C] -- C:\Users\spirituality\AppData\Local\Temp [2012/11/11 00:48:27 | 000,000,000 | ---D | C] -- C:\Users\spirituality\AppData\Local\Microsoft [2012/11/11 00:48:27 | 000,000,000 | ---D | C] -- C:\Users\spirituality\AppData\Roaming\Media Center Programs [2012/11/11 00:48:20 | 000,000,000 | -HSD | C] -- C:\Recovery [2012/11/11 00:39:16 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2012/11/11 00:36:51 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch [2012/11/11 00:36:03 | 000,000,000 | -HSD | C] -- C:\System Volume Information [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2012/11/23 16:32:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/11/23 16:32:40 | 1603,084,288 | -HS- | M] () -- C:\hiberfil.sys [2012/11/23 12:10:34 | 000,021,504 | ---- | M] () -- C:\Windows\SysNative\umstartup.etl [2012/11/23 11:39:09 | 000,001,027 | ---- | M] () -- C:\Users\spirituality\Desktop\Free Window Registry Repair.lnk [2012/11/23 11:01:33 | 000,007,608 | ---- | M] () -- C:\Users\spirituality\AppData\Local\Resmon.ResmonCfg [2012/11/23 10:36:36 | 000,001,657 | ---- | M] () -- C:\Users\spirituality\Desktop\_hiddenPbk - Shortcut.lnk [2012/11/21 17:32:33 | 000,000,092 | ---- | M] () -- C:\Windows\system32\config\systemprofile\avginfo.id [2012/11/21 17:30:13 | 000,000,652 | ---- | M] () -- C:\Windows\system32\config\systemprofile\TEMP_CLOUD_FILE_XML_199282822 [2012/11/21 13:37:26 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012/11/21 13:37:26 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012/11/21 12:53:16 | 000,013,584 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/11/21 12:53:16 | 000,013,584 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/11/21 12:53:14 | 000,008,073 | ---- | M] () -- C:\Windows\TempCloudAV1121124952_2016.csv [2012/11/21 12:25:53 | 000,000,232 | ---- | M] () -- C:\Windows\tasks\SidebarExecute.job [2012/11/21 12:25:37 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk [2012/11/21 12:24:51 | 000,030,568 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys [2012/11/21 12:11:37 | 000,001,051 | ---- | M] () -- C:\Users\Public\Desktop\FileASSASSIN.lnk [2012/11/21 11:59:17 | 000,002,221 | ---- | M] () -- C:\Users\Public\Desktop\AVG 1-Click Maintenance.lnk [2012/11/21 11:59:17 | 000,002,173 | ---- | M] () -- C:\Users\Public\Desktop\AVG PC TuneUp.lnk [2012/11/21 08:58:20 | 000,000,205 | ---- | M] () -- C:\Windows\TempCloudAV1121085751_1532.csv [2012/11/21 08:45:32 | 000,000,796 | ---- | M] () -- C:\Users\spirituality\Desktop\avg_rem_zbot_all_1_822.exe - Shortcut.lnk [2012/11/21 08:20:15 | 000,000,801 | ---- | M] () -- C:\Users\spirituality\Desktop\avg_tuht_stf_all_2013_2.exe - Shortcut.lnk [2012/11/21 08:15:28 | 000,000,000 | ---- | M] () -- C:\Users\spirituality\Desktop\av.exe [2012/11/21 00:58:21 | 000,001,143 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012/11/20 23:50:15 | 000,231,302 | ---- | M] () -- C:\ProgramData\1353451423.bdinstall.bin [2012/11/20 21:27:30 | 002,423,680 | ---- | M] () -- C:\Users\spirituality\Desktop\bitdefender_tsecurity.exe [2012/11/20 17:38:35 | 000,999,496 | ---- | M] (Solid State Networks) -- C:\Users\spirituality\Desktop\install_flashplayer11x32ax_gtba_chra_dy_aih.exe [2012/11/19 22:16:02 | 000,004,422 | ---- | M] () -- C:\Windows\TempCloudAV1119221410_1516.csv [2012/11/19 09:24:56 | 001,059,787 | ---- | M] () -- C:\Windows\TempCloudAV1119090040_1808.csv [2012/11/19 03:01:09 | 000,005,605 | ---- | M] () -- C:\Windows\TempCloudAV1119002939_1660.csv [2012/11/19 01:33:24 | 000,848,856 | ---- | M] (Panda Security ) -- C:\Users\spirituality\Desktop\USBVaccineSetup.exe [2012/11/19 00:28:55 | 000,317,120 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/11/19 00:15:56 | 000,000,586 | ---- | M] () -- C:\Users\spirituality\Desktop\Briefcase Database - Shortcut.lnk [2012/11/18 22:49:02 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt [2012/11/18 22:01:28 | 001,415,784 | ---- | M] () -- C:\Users\spirituality\Desktop\yorkyt.exe [2012/11/18 21:48:29 | 008,994,112 | ---- | M] (Glarysoft Ltd ) -- C:\Users\spirituality\Desktop\gusetup.exe [2012/11/13 14:56:52 | 000,002,755 | ---- | M] () -- C:\Users\spirituality\Saved Games\Documents\free_av_7.0.1474_2012-11-13_14-56-16.avastconfig [2012/11/13 14:56:39 | 000,002,754 | ---- | M] () -- C:\Users\spirituality\Saved Games\Documents\free_av_7.0.1474_2012-11-13_14-56-24.avastconfig [2012/11/11 13:52:02 | 000,001,376 | ---- | M] () -- C:\Users\spirituality\Desktop\MpCmdRun.exe - Shortcut.lnk [2012/11/11 00:49:00 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/11/11 00:49:00 | 000,619,642 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/11/11 00:49:00 | 000,107,792 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/11/11 00:39:27 | 000,042,045 | ---- | M] () -- C:\Windows\SysWow64\license.rtf [2012/11/11 00:39:27 | 000,042,045 | ---- | M] () -- C:\Windows\SysNative\license.rtf [2012/10/30 22:50:30 | 000,285,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012/11/23 11:39:09 | 000,001,027 | ---- | C] () -- C:\Users\spirituality\Desktop\Free Window Registry Repair.lnk [2012/11/23 11:01:33 | 000,007,608 | ---- | C] () -- C:\Users\spirituality\AppData\Local\Resmon.ResmonCfg [2012/11/23 10:36:36 | 000,001,657 | ---- | C] () -- C:\Users\spirituality\Desktop\_hiddenPbk - Shortcut.lnk [2012/11/21 17:32:33 | 000,000,092 | ---- | C] () -- C:\Windows\system32\config\systemprofile\avginfo.id [2012/11/21 17:30:13 | 000,000,652 | ---- | C] () -- C:\Windows\system32\config\systemprofile\TEMP_CLOUD_FILE_XML_199282822 [2012/11/21 12:50:11 | 000,008,073 | ---- | C] () -- C:\Windows\TempCloudAV1121124952_2016.csv [2012/11/21 12:25:53 | 000,000,232 | ---- | C] () -- C:\Windows\tasks\SidebarExecute.job [2012/11/21 12:25:37 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk [2012/11/21 11:59:17 | 000,002,221 | ---- | C] () -- C:\Users\Public\Desktop\AVG 1-Click Maintenance.lnk [2012/11/21 11:59:17 | 000,002,185 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp.lnk [2012/11/21 11:59:17 | 000,002,173 | ---- | C] () -- C:\Users\Public\Desktop\AVG PC TuneUp.lnk [2012/11/21 08:58:20 | 000,000,205 | ---- | C] () -- C:\Windows\TempCloudAV1121085751_1532.csv [2012/11/21 08:43:36 | 000,000,796 | ---- | C] () -- C:\Users\spirituality\Desktop\avg_rem_zbot_all_1_822.exe - Shortcut.lnk [2012/11/21 08:19:27 | 000,000,801 | ---- | C] () -- C:\Users\spirituality\Desktop\avg_tuht_stf_all_2013_2.exe - Shortcut.lnk [2012/11/21 08:15:28 | 000,000,000 | ---- | C] () -- C:\Users\spirituality\Desktop\av.exe [2012/11/21 07:40:27 | 000,001,051 | ---- | C] () -- C:\Users\Public\Desktop\FileASSASSIN.lnk [2012/11/21 00:58:21 | 000,001,155 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2012/11/21 00:58:21 | 000,001,143 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012/11/20 23:50:15 | 000,231,302 | ---- | C] () -- C:\ProgramData\1353451423.bdinstall.bin [2012/11/20 21:27:28 | 002,423,680 | ---- | C] () -- C:\Users\spirituality\Desktop\bitdefender_tsecurity.exe [2012/11/19 22:14:33 | 000,004,422 | ---- | C] () -- C:\Windows\TempCloudAV1119221410_1516.csv [2012/11/19 09:02:03 | 001,059,787 | ---- | C] () -- C:\Windows\TempCloudAV1119090040_1808.csv [2012/11/19 03:00:37 | 000,005,605 | ---- | C] () -- C:\Windows\TempCloudAV1119002939_1660.csv [2012/11/19 00:15:56 | 000,000,586 | ---- | C] () -- C:\Users\spirituality\Desktop\Briefcase Database - Shortcut.lnk [2012/11/18 22:00:38 | 001,415,784 | ---- | C] () -- C:\Users\spirituality\Desktop\yorkyt.exe [2012/11/13 14:56:52 | 000,002,755 | ---- | C] () -- C:\Users\spirituality\Saved Games\Documents\free_av_7.0.1474_2012-11-13_14-56-16.avastconfig [2012/11/13 14:56:38 | 000,002,754 | ---- | C] () -- C:\Users\spirituality\Saved Games\Documents\free_av_7.0.1474_2012-11-13_14-56-24.avastconfig [2012/11/11 13:52:02 | 000,001,376 | ---- | C] () -- C:\Users\spirituality\Desktop\MpCmdRun.exe - Shortcut.lnk [2012/11/11 02:09:32 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt [2012/11/11 00:48:48 | 000,001,405 | ---- | C] () -- C:\Users\spirituality\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk [2012/11/11 00:48:44 | 000,001,439 | ---- | C] () -- C:\Users\spirituality\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2012/11/11 00:39:18 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk [2012/11/11 00:39:04 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk [2012/11/11 00:36:03 | 1603,084,288 | -HS- | C] () -- C:\hiberfil.sys [color=#E56717]========== ZeroAccess Check ==========[/color] [2009/07/14 04:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\desktop.in0 [2012/11/20 18:07:44 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2009/07/14 01:41:54 | 014,161,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2009/07/14 01:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 01:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 01:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 01:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] [color=#E56717]========== Custom Scans ==========[/color] [color=#E56717]========== Base Services ==========[/color] SRV:[b]64bit:[/b] - [2009/07/14 01:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc) SRV:[b]64bit:[/b] - [2009/07/14 01:40:01 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo) SRV:[b]64bit:[/b] - [2009/07/14 01:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG) SRV:[b]64bit:[/b] - [2009/07/14 01:41:53 | 000,848,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\qmgr.dll -- (BITS) SRV:[b]64bit:[/b] - [2009/07/14 01:40:10 | 000,703,488 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\BFE.DLL -- (BFE) SRV:[b]64bit:[/b] - [2009/07/14 01:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso) SRV:[b]64bit:[/b] - [2009/07/14 01:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\es.dll -- (EventSystem) SRV - [2009/07/14 01:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysWOW64\es.dll -- (EventSystem) SRV:[b]64bit:[/b] - [2009/07/14 01:40:13 | 000,136,192 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\browser.dll -- (Browser) SRV:[b]64bit:[/b] - [2009/07/14 01:40:24 | 000,175,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc) SRV - [2009/07/14 01:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc) SRV:[b]64bit:[/b] - [2009/07/14 01:41:53 | 000,509,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch) SRV:[b]64bit:[/b] - [2009/07/14 01:40:28 | 000,314,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp) SRV - [2009/07/14 01:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp) SRV:[b]64bit:[/b] - [2009/07/14 01:40:32 | 000,182,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache) SRV:[b]64bit:[/b] - [2009/07/14 01:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost) SRV:[b]64bit:[/b] - [2009/07/14 01:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\hidserv.dll -- (hidserv) SRV - [2009/07/14 01:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv) SRV:[b]64bit:[/b] - [2009/07/14 01:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess) SRV:[b]64bit:[/b] - [2009/07/14 01:41:10 | 000,500,224 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent) No service found with a name of MsMpSvc No service found with a name of NisSrv SRV:[b]64bit:[/b] - [2009/07/14 01:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\swprv.dll -- (swprv) SRV:[b]64bit:[/b] - [2009/07/14 01:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS) SRV:[b]64bit:[/b] - [2009/07/14 01:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman) SRV:[b]64bit:[/b] - [2009/07/14 01:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm) SRV - [2009/07/14 01:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm) SRV:[b]64bit:[/b] - [2009/07/14 01:41:52 | 000,302,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc) SRV:[b]64bit:[/b] - [2009/07/14 01:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi) SRV:[b]64bit:[/b] - [2009/07/14 01:41:55 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay) SRV:[b]64bit:[/b] - [2009/07/14 01:39:44 | 000,558,080 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler) SRV:[b]64bit:[/b] - [2009/07/14 01:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage) No service found with a name of EMDMgmt SRV:[b]64bit:[/b] - [2009/07/14 01:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto) SRV:[b]64bit:[/b] - [2009/07/14 01:41:53 | 000,343,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan) SRV:[b]64bit:[/b] - [2009/07/14 01:41:53 | 000,509,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs) No service found with a name of seclogon SRV:[b]64bit:[/b] - [2009/07/14 01:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\lsass.exe -- (SamSs) SRV:[b]64bit:[/b] - [2009/07/14 01:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc) SRV:[b]64bit:[/b] - [2009/07/14 01:41:54 | 000,235,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer) SRV:[b]64bit:[/b] - [2009/07/14 01:41:54 | 000,369,664 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection) SRV - [2009/07/14 01:16:14 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection) No service found with a name of slsvc SRV:[b]64bit:[/b] - [2009/07/14 01:41:53 | 001,104,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule) SRV:[b]64bit:[/b] - [2009/07/14 01:41:55 | 000,316,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv) SRV - [2009/07/14 01:16:15 | 000,241,664 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv) SRV:[b]64bit:[/b] - [2009/07/14 01:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\themeservice.dll -- (Themes) SRV:[b]64bit:[/b] - [2009/07/14 01:41:53 | 000,208,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc) SRV:[b]64bit:[/b] - [2009/07/14 01:39:50 | 001,598,976 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS) SRV:[b]64bit:[/b] - [2009/07/14 01:40:04 | 000,676,864 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv) SRV:[b]64bit:[/b] - [2009/07/14 01:40:04 | 000,676,864 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder) SRV:[b]64bit:[/b] - [2009/07/14 01:41:53 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC) SRV:[b]64bit:[/b] - [2009/07/14 01:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:[b]64bit:[/b] - [2009/07/14 01:41:56 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog) SRV:[b]64bit:[/b] - [2009/07/14 01:41:27 | 000,824,832 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc) SRV:[b]64bit:[/b] - [2009/07/14 01:41:56 | 000,578,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc) SRV:[b]64bit:[/b] - [2009/07/14 01:39:21 | 000,127,488 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver) SRV - [2009/07/14 01:14:25 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver) SRV:[b]64bit:[/b] - [2009/07/14 01:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt) SRV:[b]64bit:[/b] - [2012/06/02 22:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv) SRV:[b]64bit:[/b] - [2009/07/14 01:40:32 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc) SRV:[b]64bit:[/b] - [2009/07/14 01:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc) SRV:[b]64bit:[/b] - [2009/07/14 01:41:56 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation) [color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color] [color=#A23BEC]< MD5 for: EXPLORER.EXE >[/color] [2011/02/26 06:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\SoftwareDistribution\Download\71d84967e1e9a8a414d570c6caa8bb08\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe [2011/02/26 05:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\SoftwareDistribution\Download\71d84967e1e9a8a414d570c6caa8bb08\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2009/07/14 01:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\SysWOW64\explorer.exe [2009/07/14 01:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2011/02/26 05:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\SoftwareDistribution\Download\71d84967e1e9a8a414d570c6caa8bb08\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe [2009/10/31 05:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe [2011/02/26 05:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SoftwareDistribution\Download\71d84967e1e9a8a414d570c6caa8bb08\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe [2011/02/25 06:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\SoftwareDistribution\Download\71d84967e1e9a8a414d570c6caa8bb08\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011/02/26 06:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\SoftwareDistribution\Download\71d84967e1e9a8a414d570c6caa8bb08\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2009/08/03 06:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\SoftwareDistribution\Download\00236e2e422dab929dcda56260d05350\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe [2011/02/25 05:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SoftwareDistribution\Download\71d84967e1e9a8a414d570c6caa8bb08\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2009/10/31 06:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe [2009/08/03 05:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\SoftwareDistribution\Download\00236e2e422dab929dcda56260d05350\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe [2009/10/31 06:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe [2009/08/03 05:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\SoftwareDistribution\Download\00236e2e422dab929dcda56260d05350\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe [2009/07/14 01:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\explorer.exe [2009/07/14 01:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2009/10/31 06:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe [2011/02/26 06:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\SoftwareDistribution\Download\71d84967e1e9a8a414d570c6caa8bb08\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe [2009/08/03 06:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\SoftwareDistribution\Download\00236e2e422dab929dcda56260d05350\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe [color=#A23BEC]< MD5 for: SERVICES >[/color] [2009/06/10 21:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services [color=#A23BEC]< MD5 for: SERVICES.EXE >[/color] [2009/07/14 01:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe [2009/07/14 01:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe [color=#A23BEC]< MD5 for: SERVICES.EXE.MUI >[/color] [2009/07/14 02:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui [2009/07/14 02:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui [color=#A23BEC]< MD5 for: SERVICES.LNK >[/color] [2012/11/11 13:33:17 | 000,000,780 | ---- | M] () MD5=7A12E5A2514C1E14EAE3284B270DD53C -- C:\Users\spirituality\AppData\Roaming\Microsoft\Windows\Recent\Services.lnk [2009/07/14 04:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk [2009/07/14 04:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk [color=#A23BEC]< MD5 for: SERVICES.MOF >[/color] [2009/06/10 20:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof [2009/06/10 20:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof [color=#A23BEC]< MD5 for: SERVICES.MSC >[/color] [2009/07/14 02:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc [2009/06/10 20:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc [2009/07/14 02:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc [2009/06/10 21:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc [2009/07/14 02:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc [2009/06/10 20:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc [2009/07/14 02:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc [2009/06/10 21:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc [color=#A23BEC]< MD5 for: SERVICES.PTXML >[/color] [2009/07/13 20:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml [2009/07/13 20:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml [color=#A23BEC]< MD5 for: SERVICES.TICO >[/color] [2009/09/25 14:00:00 | 000,002,038 | ---- | M] () MD5=D669B1B2EBE288A61680C3C863828D28 -- C:\Program Files (x86)\AVG\AVG PC TuneUp\data\services.tico [color=#A23BEC]< MD5 for: SVCHOST.EXE >[/color] [2009/07/14 01:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe [2009/07/14 01:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe [2009/07/14 01:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe [2009/07/14 01:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe [color=#A23BEC]< MD5 for: USERINIT.EXE >[/color] [2009/07/14 01:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe [2009/07/14 01:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009/07/14 01:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe [2009/07/14 01:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2009/07/14 01:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\SysNative\winlogon.exe [2009/07/14 01:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009/10/28 07:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009/10/28 06:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe [color=#A23BEC]< >[/color] [color=#A23BEC]< Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long. >[/color] [color=#A23BEC]< When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. >[/color] [color=#A23BEC]< Post both logs >[/color] [color=#A23BEC]< >[/color] [color=#A23BEC]< >[/color] [color=#A23BEC]< >[/color] [color=#A23BEC]< THEN >[/color] [color=#A23BEC]< >[/color] [color=#A23BEC]< Download aswMBR.exe ( 4.5mb ) to your desktop. >[/color] [color=#A23BEC]< Double click the aswMBR.exe to run it Click the "Scan" button to start scan >[/color] [color=#A23BEC]< >[/color] [color=#A23BEC]< Resized to 67% (was 700 x 312) - Click image to enlargePosted Image >[/color] [color=#A23BEC]< >[/color] [color=#A23BEC]< >[/color] [color=#A23BEC]< >[/color] [color=#A23BEC]< On completion of the scan click save log, save it to your desktop and post in your next reply >[/color] [color=#A23BEC]< Have I helped you? If y >[/color] < End of report >