Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Keylogger Information Stolen =/ Need help.. [Closed]

Started by iconiczack , Mar 02 2012 06:01 PM

  • This topic is locked This topic is locked

#1
iconiczack
Posted 02 March 2012 - 06:01 PM

iconiczack

    Member

  • Member
  • PipPip
  • 22 posts
Well you read the thread name right I 100% have a keylogger of some form and really need help getting rid of it and my computer as well has slowed down tremendously

OTL logfile created on: 2/28/2012 7:42:54 AM - Run 1
OTL by OldTimer - Version 3.2.33.2 Folder = D:\downloadmozila
64bit-Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19190)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.19 Gb Total Physical Memory | 0.81 Gb Available Physical Memory | 25.49% Memory free
6.59 Gb Paging File | 4.01 Gb Available in Paging File | 60.88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74.53 Gb Total Space | 9.59 Gb Free Space | 12.87% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 153.15 Gb Free Space | 32.88% Space Free | Partition Type: NTFS
Drive E: | 178.13 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 5.59 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MR-PC | User Name: MR | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/28 07:42:30 | 000,583,680 | ---- | M] (OldTimer Tools) -- D:\downloadmozila\OTL.exe
PRC - [2012/02/23 07:18:21 | 000,740,216 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
PRC - [2012/02/23 02:40:41 | 002,886,528 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012/02/23 02:40:40 | 007,983,488 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
PRC - [2012/02/23 02:24:59 | 000,116,608 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe
PRC - [2012/02/17 09:44:48 | 000,924,632 | ---- | M] (Mozilla Corporation) -- D:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/02/10 14:38:10 | 003,531,672 | ---- | M] (Xfire Inc.) -- C:\Program Files (x86)\Xfire\Xfire.exe
PRC - [2012/01/24 17:24:26 | 002,416,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\AVG\avgtray.exe
PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/12/23 08:47:10 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011/12/08 01:36:42 | 000,421,736 | ---- | M] (Apple Inc.) -- D:\Program Files (x86)\iTunesHelper.exe
PRC - [2011/11/23 02:36:24 | 002,391,832 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\AVG\avgfws.exe
PRC - [2011/10/12 18:36:36 | 000,415,816 | ---- | M] (Phase Five Systems) -- C:\Program Files (x86)\Jump Desktop\JumpDesktop.exe
PRC - [2011/10/12 18:36:10 | 000,007,680 | ---- | M] (Phase Five Systems) -- C:\Program Files (x86)\Jump Desktop\JumpService.exe
PRC - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\AVG\AVGIDSAgent.exe
PRC - [2011/09/22 14:41:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/09/22 12:29:48 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\AVG\avgwdsvc.exe
PRC - [2011/03/17 00:15:04 | 000,842,048 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe
PRC - [2010/12/02 15:48:00 | 000,218,432 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
PRC - [2010/12/02 15:47:54 | 000,664,896 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
PRC - [2010/10/27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/08/25 11:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010/07/08 05:28:56 | 000,815,704 | ---- | M] (GlavSoft LLC.) -- C:\Program Files (x86)\TightVNC\tvnserver.exe
PRC - [2010/03/24 15:26:02 | 000,243,544 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/02/22 17:30:52 | 000,266,240 | ---- | M] () -- C:\Program Files (x86)\HP Button Manager\BM.exe
PRC - [2010/02/11 18:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2009/10/07 01:47:22 | 000,125,464 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
PRC - [2009/02/23 19:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- D:\Program Files (x86)\MagicDisc\MagicDisc.exe
PRC - [2008/09/18 10:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- D:\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
PRC - [2007/10/12 01:34:56 | 000,071,096 | ---- | M] () -- C:\Program Files\iDumpPro\NMSAccessU.exe
PRC - [2007/09/02 12:58:52 | 000,495,616 | ---- | M] () -- D:\aedit\RocketDock\RocketDock.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/25 17:15:14 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\5c3bfd69e0c268baff0d169e11a6a784\System.Runtime.Remoting.ni.dll
MOD - [2012/02/25 13:47:21 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\65450889f3742aada2a6c0cf8e6173e3\System.Windows.Forms.ni.dll
MOD - [2012/02/25 13:47:07 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\137696d0416b65dbc1561152971488b4\System.Drawing.ni.dll
MOD - [2012/02/25 13:47:02 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d9f0f1dc8cbdb81f1ba122d77a6ab710\System.Xml.ni.dll
MOD - [2012/02/25 13:46:37 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\bcb66dbad2b45d05235b37a02f737eb5\Accessibility.ni.dll
MOD - [2012/02/25 13:45:09 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c50133cb67d7c013fa31e1ffb942060b\System.ni.dll
MOD - [2012/02/25 13:45:06 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2012/02/17 09:44:48 | 001,911,768 | ---- | M] () -- D:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/01/30 18:04:56 | 000,071,680 | ---- | M] () -- C:\Users\MR\AppData\Roaming\Mozilla\Firefox\Profiles\766nbkhm.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\gecko10\WINNT_x86-msvc\SSSLauncher.dll
MOD - [2012/01/10 18:40:30 | 000,079,872 | ---- | M] () -- C:\Users\MR\AppData\Roaming\Mozilla\Firefox\Profiles\766nbkhm.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCoreGecko10.dll
MOD - [2011/11/28 06:53:02 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/09/22 12:29:36 | 000,265,536 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/12/02 15:47:54 | 000,664,896 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
MOD - [2010/02/22 17:30:52 | 000,266,240 | ---- | M] () -- C:\Program Files (x86)\HP Button Manager\BM.exe
MOD - [2007/09/02 12:58:52 | 000,495,616 | ---- | M] () -- D:\aedit\RocketDock\RocketDock.exe
MOD - [2007/09/02 12:57:36 | 000,069,632 | ---- | M] () -- D:\aedit\RocketDock\RocketDock.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/08/03 09:58:52 | 000,168,864 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\WireHelpSvc.exe -- (WireHelpSvc)
SRV:64bit: - [2009/10/07 01:47:10 | 000,191,000 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
SRV:64bit: - [2008/01/19 00:06:50 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/10/12 01:34:56 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\iDumpPro\NMSAccessU.exe -- (NMSAccessU)
SRV - [2012/02/23 02:40:41 | 002,886,528 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012/02/16 20:48:12 | 000,481,064 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/02/15 13:30:18 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/02/07 17:08:44 | 000,008,704 | ---- | M] (Hi-Rez Studios) [Auto | Running] -- D:\HiPatchService.exe -- (HiPatchService)
SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/12/23 08:47:10 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/12/19 05:14:01 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2011/12/09 15:41:00 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2011/11/23 02:36:24 | 002,391,832 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- D:\AVG\avgfws.exe -- (avgfws)
SRV - [2011/10/12 18:36:10 | 000,007,680 | ---- | M] (Phase Five Systems) [Auto | Running] -- C:\Program Files (x86)\Jump Desktop\JumpService.exe -- (JumpDesktop)
SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- D:\AVG\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/09/22 14:41:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/09/22 12:29:48 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- D:\AVG\avgwdsvc.exe -- (avgwd)
SRV - [2010/12/02 15:48:00 | 000,218,432 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2010/07/08 05:28:56 | 000,815,704 | ---- | M] (GlavSoft LLC.) [Auto | Running] -- C:\Program Files (x86)\TightVNC\tvnserver.exe -- (tvnserver)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/02/11 18:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009/03/29 20:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/09/18 10:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- D:\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/12/04 19:12:37 | 000,272,448 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/11/22 18:35:47 | 000,530,488 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2011/10/07 06:23:46 | 000,283,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2011/09/13 06:30:08 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/08/08 06:08:58 | 000,046,672 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\DRIVERS\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/08/03 13:12:34 | 000,161,184 | ---- | M] (<Turtle Entertainment>) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\ESLWireACD.sys -- (ESLWireAC)
DRV:64bit: - [2011/08/02 17:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/07/11 01:14:36 | 000,375,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2011/07/11 01:13:56 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\AVGIDSFilter.Sys -- (AVGIDSFilter)
DRV:64bit: - [2011/07/11 01:13:54 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV:64bit: - [2011/07/11 01:13:52 | 000,120,400 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\AVGIDSDriver.Sys -- (AVGIDSDriver)
DRV:64bit: - [2011/05/23 01:03:28 | 000,048,992 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avgfwd6a.sys -- (Avgfwfd)
DRV:64bit: - [2011/04/30 03:59:22 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011/04/30 03:59:22 | 000,060,184 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011/03/29 14:31:38 | 000,025,528 | ---- | M] (Turtle Entertainment GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ESLvnic.sys -- (ESLvnic1)
DRV:64bit: - [2011/03/01 11:12:48 | 000,087,456 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2010/12/03 14:03:26 | 000,021,504 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\motccgp.sys -- (motccgp)
DRV:64bit: - [2010/11/04 14:12:04 | 000,014,952 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\iPodDrv.sys -- (iPodDrv)
DRV:64bit: - [2010/09/29 17:14:00 | 000,030,208 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\motmodem.sys -- (motmodem)
DRV:64bit: - [2010/09/17 14:40:06 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2010/09/17 14:39:58 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\lmimirr.sys -- (lmimirr)
DRV:64bit: - [2010/08/11 06:51:48 | 001,587,968 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ksaud.sys -- (ksaud)
DRV:64bit: - [2010/07/09 12:19:02 | 000,021,480 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz134_x64.sys -- (cpuz134)
DRV:64bit: - [2010/04/19 19:29:18 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2010/04/01 13:44:06 | 000,026,624 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\Motousbnet.sys -- (Motousbnet)
DRV:64bit: - [2010/03/23 01:17:06 | 001,462,304 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\RTL85n64.sys -- (RTL85n64)
DRV:64bit: - [2010/03/18 01:00:40 | 000,041,040 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\LUsbFilt.Sys -- (LUsbFilt)
DRV:64bit: - [2010/01/25 18:57:54 | 000,010,240 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\motusbdevice.sys -- (motusbdevice)
DRV:64bit: - [2009/10/07 01:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2009/10/07 01:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2009/10/07 00:49:26 | 006,379,288 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lvuvc64.sys -- (LVUVC64) Logitech QuickCam E3500(UVC)
DRV:64bit: - [2009/10/07 00:47:44 | 000,327,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2009/09/30 16:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/07/10 12:06:50 | 000,031,744 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\motoandroid.sys -- (motandroidusb)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/10 21:43:06 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\mcdbus.sys -- (mcdbus)
DRV:64bit: - [2009/01/29 16:18:12 | 000,009,216 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\motccgpfl.sys -- (motccgpfl)
DRV:64bit: - [2009/01/29 16:11:38 | 000,006,144 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\motfilt.sys -- (BTCFilterService)
DRV:64bit: - [2009/01/09 16:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2008/05/20 18:33:36 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2008/04/24 14:06:42 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV:64bit: - [2008/03/20 15:59:00 | 000,011,904 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\salmosa.sys -- (salmosa)
DRV:64bit: - [2008/02/13 22:56:14 | 000,160,768 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/01/18 22:38:16 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RootMdm.sys -- (ROOTMODEM)
DRV:64bit: - [2008/01/18 22:30:09 | 000,903,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\xnacc.sys -- (xnacc)
DRV:64bit: - [2007/11/02 14:52:02 | 000,008,576 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\motswch.sys -- (MotoSwitchService)
DRV:64bit: - [2007/08/28 16:04:20 | 000,067,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\xusb21.sys -- (xusb21)
DRV:64bit: - [2007/06/29 14:48:06 | 000,039,424 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\AmdLLD64.sys -- (AmdLLD64)
DRV:64bit: - [2007/03/07 13:13:20 | 000,017,920 | ---- | M] (June Fabrics Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\pnetmdm64.sys -- (pnetmdm)
DRV - [2011/10/10 07:56:22 | 000,241,848 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Users\MR\AppData\Roaming\TZAC\tizek64.sys -- (tizekdrv)
DRV - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/07/10 17:26:38 | 000,014,352 | ---- | M] () [Kernel | On_Demand | Stopped] -- D:\Program Files (x86)\EVGA Precision\RTCore64.sys -- (RTCore64)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.yahoo.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = my.daemon-search.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 192.168.*.*;*.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.facebook.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:2.2.0.3.7
FF - prefs.js..extensions.enabledItems: [email protected]:3.6.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {07b2a769-ed19-4483-87ce-c643914c81bb}:3.0.0.91
FF - prefs.js..extensions.enabledItems: {c8f71e5b-88f8-42a7-98bb-e4c506161de9}:0.4
FF - prefs.js..extensions.enabledItems: {00352F14-3F76-4e4d-ACFF-9972D7E4B3B9}:0.7.2
FF - prefs.js..extensions.enabledItems: [email protected]:3.6.4


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files (x86)\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files (x86)\GamersFirst\LIVE!\nplivelauncher.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll File not found
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Windows\Downloaded Program Files\npsoe.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKCU\Software\MozillaPlugins\@doubletwist.com/NPPodcast: C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll (doubleTwist Corporation)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\MR\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\MR\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\MR\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\MR\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\Firefox [2011/07/19 06:52:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/07/20 23:52:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: D:\AVG\Firefox4\ [2012/02/26 11:23:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: D:\Program Files (x86)\Mozilla Firefox\components [2012/02/17 09:44:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: D:\Program Files (x86)\Mozilla Firefox\plugins [2011/03/24 18:25:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: D:\components [2011/12/18 23:01:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: D:\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: D:\AVG\Thunderbird\ [2012/02/26 11:22:57 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: D:\Program Files (x86)\Mozilla Firefox\components [2012/02/17 09:44:49 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: D:\Program Files (x86)\Mozilla Firefox\plugins [2011/03/24 18:25:37 | 000,000,000 | ---D | M]

[2010/03/20 07:32:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MR\AppData\Roaming\mozilla\Extensions
[2010/03/20 07:32:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MR\AppData\Roaming\mozilla\Firefox\extensions
[2010/03/20 07:32:57 | 000,000,000 | ---D | M] (PlaySushi TextLinks) -- C:\Users\MR\AppData\Roaming\mozilla\Firefox\extensions\[email protected]
[2012/02/21 08:44:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MR\AppData\Roaming\mozilla\Firefox\Profiles\766nbkhm.default\extensions
[2012/01/24 12:06:15 | 000,000,000 | ---D | M] (Screenshot Pimp) -- C:\Users\MR\AppData\Roaming\mozilla\Firefox\Profiles\766nbkhm.default\extensions\{056d0610-e44d-11df-bccf-0800200c9a66}
[2012/01/30 19:08:41 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\MR\AppData\Roaming\mozilla\Firefox\Profiles\766nbkhm.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2011/03/06 10:01:17 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\MR\AppData\Roaming\mozilla\Firefox\Profiles\766nbkhm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/01/25 17:50:46 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\MR\AppData\Roaming\mozilla\Firefox\Profiles\766nbkhm.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/01/12 06:36:02 | 000,000,000 | ---D | M] (Zynga Community Toolbar) -- C:\Users\MR\AppData\Roaming\mozilla\Firefox\Profiles\766nbkhm.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2011/07/12 10:17:24 | 000,000,000 | ---D | M] (FoxLingo) -- C:\Users\MR\AppData\Roaming\mozilla\Firefox\Profiles\766nbkhm.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}
[2011/05/10 17:35:17 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\MR\AppData\Roaming\mozilla\Firefox\Profiles\766nbkhm.default\extensions\[email protected]
[2011/01/16 20:22:53 | 000,000,000 | ---D | M] (NEW Glasser by SzymekPL) -- C:\Users\MR\AppData\Roaming\mozilla\Firefox\Profiles\766nbkhm.default\extensions\[email protected]
[2011/10/03 06:37:24 | 000,000,000 | ---D | M] (Microsoft Default Manager) -- C:\Users\MR\AppData\Roaming\mozilla\Firefox\Profiles\766nbkhm.default\extensions\DefaultManager@Microsoft
[2011/11/04 19:55:35 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\MR\AppData\Roaming\mozilla\Firefox\Profiles\766nbkhm.default\extensions\[email protected]
[2011/01/16 20:30:00 | 000,000,000 | ---D | M] (Foxdie for Firefox) -- C:\Users\MR\AppData\Roaming\mozilla\Firefox\Profiles\766nbkhm.default\extensions\[email protected]
[2011/11/08 11:15:38 | 000,000,000 | ---D | M] (GOM Player + Ask Toolbar) -- C:\Users\MR\AppData\Roaming\mozilla\Firefox\Profiles\766nbkhm.default\extensions\[email protected]
[2011/05/27 05:51:23 | 000,002,059 | ---- | M] () -- C:\Users\MR\AppData\Roaming\Mozilla\Firefox\Profiles\766nbkhm.default\searchplugins\daemon-search.xml
[2012/01/29 16:45:17 | 000,002,281 | ---- | M] () -- C:\Users\MR\AppData\Roaming\Mozilla\Firefox\Profiles\766nbkhm.default\searchplugins\s-amazon.xml
() (No name found) -- C:\USERS\MR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\766NBKHM.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012/02/26 11:23:54 | 000,000,000 | ---D | M] (AVG Safe Search) -- D:\AVG\FIREFOX4

O1 HOSTS File: ([2012/01/15 23:26:12 | 000,001,084 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 69.39.238.40 gordon.d4rc.net
O1 - Hosts: 69.39.238.40 www.mpgh.net
O1 - Hosts: 69.39.238.40 gamekiller.net
O1 - Hosts: 69.39.238.40 www.gamekiller.net
O1 - Hosts: 69.39.238.40 www.gamerzplanet.net
O1 - Hosts: 69.39.238.40 cheatengine.org
O1 - Hosts: 69.39.238.40 www.cheatengine.org
O1 - Hosts: 69.39.238.40 forum.cheatengine.org
O1 - Hosts: 69.39.238.40 forum.ragezone.com
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\AVG\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg64.dll (Google Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\AVG\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (PodcastBHO Class) - {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - C:\Program Files (x86)\Common Files\doubleTwist\IEPodcastPlugin.dll (doubleTwist Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (GOM Player + Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (GOM Player + Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (GOM Player + Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Creative SB Monitoring Utility] C:\Windows\SysNative\SBAVMon.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [AVG_TRAY] D:\AVG\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Bing Bar] C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe (Microsoft Corp.)
O4 - HKLM..\Run: [iTunesHelper] D:\Program Files (x86)\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [tvncontrol] C:\Program Files (x86)\TightVNC\tvnserver.exe (GlavSoft LLC.)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi Go Pro\Volume Panel\VolPanlu.exe" /r File not found
O4 - HKCU..\Run: [AeroSnap] D:\AeroSnap\AeroSnap.exe ()
O4 - HKCU..\Run: [DAEMON Tools Pro Agent] C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Jump Desktop] C:\Program Files (x86)\Jump Desktop\JumpDesktop.exe (Phase Five Systems)
O4 - HKCU..\Run: [RocketDock] D:\aedit\RocketDock\RocketDock.exe ()
O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Users\MR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = D:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - D:\Bodog Poker\BPGame.exe (Bodog)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {000F1EA4-5E08-4564-A29B-29076F63A37A} http://launch.soe.co...ebInstaller.cab (SOE Web Installer)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creat...13/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creat...015/CTSUEng.cab (Creative Software AutoUpdate 2)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://webaccess.sc...SetupClient.cab (JuniperSetupClientControl Class)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...10926/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.190.192.35 71.9.127.107 24.205.224.36
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7B4108CD-37E1-4CDB-B4BB-77FFF58B324F}: DhcpNameServer = 68.190.192.35 71.9.127.107 24.205.224.36
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8BA5864F-E3F0-4F26-8BD7-65BE6084C216}: DhcpNameServer = 66.174.92.14 69.78.96.14 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{971BA5B0-3DE4-486E-BAF0-17ED36F445FF}: DhcpNameServer = 68.190.192.35 71.9.127.107 24.205.224.36
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\AVG\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\AVG\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\MR\Pictures\zzz.jpg
O24 - Desktop BackupWallPaper: C:\Users\MR\Pictures\zzz.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/02/27 17:41:46 | 009,747,760 | ---- | M] () - D:\Autonomy (Cold Blank Remix).mp3 -- [ NTFS ]
O32 - AutoRun File - [2007/07/18 19:16:10 | 000,000,055 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2010/02/24 20:38:18 | 000,652,600 | R--- | M] (Blue Byte GmbH) - F:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2010/02/24 18:04:46 | 000,000,105 | R--- | M] () - F:\Autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2010/02/26 01:20:08 | 001,886,568 | R--- | M] () - F:\autorun.bba -- [ CDFS ]
O33 - MountPoints2\{09637d42-1977-11e1-9ecc-00ff01000001}\Shell - "" = AutoRun
O33 - MountPoints2\{09637d42-1977-11e1-9ecc-00ff01000001}\Shell\AutoRun\command - "" = H:\autorun.exe
O33 - MountPoints2\{17811470-b69e-11dd-ad64-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{17811470-b69e-11dd-ad64-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRunCD.exe
O33 - MountPoints2\{2fa8f845-f1a4-11df-a6ae-001966774b6d}\Shell - "" = AutoRun
O33 - MountPoints2\{2fa8f845-f1a4-11df-a6ae-001966774b6d}\Shell\AutoRun\command - "" = F:\setup.exe -- [2010/02/26 02:17:25 | 000,378,168 | R--- | M] (Macrovision Corporation)
O33 - MountPoints2\{613d83e2-0c3b-11de-b2ab-806e6f6e6963}\Shell\AutoRun\command - "" = G:\Info.exe folder.htt 480 480
O33 - MountPoints2\{b25c33f5-dc7e-11df-b2fc-001966774b6d}\Shell\AutoRun\command - "" = F:\MULTIM~1.EXE
O33 - MountPoints2\{b25c33f5-dc7e-11df-b2fc-001966774b6d}\Shell\doubleTwist\command - "" = F:\MULTIM~1.EXE
O33 - MountPoints2\{b69263e9-ee78-11df-afb3-001966774b6d}\Shell - "" = AutoRun
O33 - MountPoints2\{b69263e9-ee78-11df-afb3-001966774b6d}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{d6199248-8210-11de-a655-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{d6199248-8210-11de-a655-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Ctrun\Start.exe -- [2007/01/15 01:02:57 | 000,063,240 | R--- | M] (Creative Technology Ltd.)
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (D:\AVG\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/26 19:56:35 | 000,000,000 | ---D | C] -- C:\Users\MR\Documents\Settlers7
[2012/02/26 16:32:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011
[2012/02/26 16:32:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2012/02/26 14:28:34 | 000,000,000 | ---D | C] -- C:\Users\MR\AppData\Roaming\AVG
[2012/02/26 13:34:39 | 000,000,000 | -H-D | C] -- C:\$AVG
[2012/02/26 11:26:02 | 000,000,000 | ---D | C] -- C:\Users\MR\AppData\Roaming\AVG2012
[2012/02/26 11:23:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2012
[2012/02/26 11:23:49 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\AVG
[2012/02/26 11:20:28 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2012/02/26 11:20:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\AVG
[2012/02/26 09:29:45 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/02/26 09:29:20 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/02/25 12:51:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iExplorer
[2012/02/25 12:51:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iExplorer
[2012/02/24 21:22:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/02/24 21:22:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012/02/19 09:21:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios
[2012/02/19 09:21:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Hi-Rez Studios
[2012/02/17 16:44:35 | 000,000,000 | ---D | C] -- C:\Users\MR\AppData\Local\My Games
[2012/02/16 09:37:59 | 000,000,000 | ---D | C] -- C:\Users\MR\AppData\Roaming\Xfire
[2012/02/16 09:37:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xfire
[2012/02/06 08:45:58 | 000,000,000 | ---D | C] -- C:\Users\MR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2012/02/06 08:44:52 | 000,000,000 | ---D | C] -- C:\Users\MR\AppData\Roaming\Dropbox
[2012/02/01 19:15:54 | 000,000,000 | ---D | C] -- C:\Users\MR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AviSynth 2.5
[8 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/28 07:51:00 | 000,000,430 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{381D038A-84A1-4538-86AB-1CC42A2F80C7}.job
[2012/02/28 07:40:26 | 090,307,428 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/02/28 07:37:31 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/28 07:35:08 | 000,004,432 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/28 07:35:08 | 000,004,432 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/28 07:34:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/27 21:35:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2445023958-1216247239-869053252-1000UA.job
[2012/02/27 21:18:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/27 16:46:55 | 000,271,200 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012/02/27 16:46:55 | 000,271,200 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/02/27 16:46:31 | 000,103,736 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012/02/27 13:04:25 | 000,048,267 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/02/27 12:50:26 | 000,178,688 | ---- | M] () -- C:\Users\MR\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/27 12:22:23 | 000,000,412 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{46DB308A-5E1B-4647-BDBC-80F4157387F1}.job
[2012/02/26 11:32:56 | 000,622,194 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavifw.avm
[2012/02/26 11:23:50 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavifw.avm
[2012/02/26 11:23:50 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2012/02/26 11:23:49 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2012/02/26 01:19:41 | 000,807,402 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/02/26 01:19:41 | 000,679,040 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/02/26 01:19:41 | 000,134,810 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/02/26 01:19:33 | 000,807,402 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/02/25 22:35:00 | 000,000,844 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2445023958-1216247239-869053252-1000Core.job
[2012/02/24 21:28:32 | 000,202,539 | ---- | M] () -- C:\Users\MR\Documents\Untitled (28).wma
[2012/02/24 21:03:19 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2012/02/21 17:01:33 | 000,000,003 | ---- | M] () -- C:\Windows\SysNative\HRUPPROG.DIE.NOW
[2012/02/17 15:19:36 | 002,250,024 | ---- | M] () -- C:\Windows\SysWow64\pbsvc.exe
[2012/02/16 09:42:47 | 004,877,288 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/02/15 08:03:49 | 001,200,080 | ---- | M] () -- C:\Users\MR\jamesbond.wav
[2012/02/14 09:58:21 | 001,781,840 | ---- | M] () -- C:\Users\MR\ts3_recording_12_02_14_9_58_8.wav
[2012/02/10 14:38:14 | 000,042,392 | ---- | M] () -- C:\Windows\SysWow64\xfcodec.dll
[2012/02/10 14:38:14 | 000,028,056 | ---- | M] () -- C:\Windows\SysNative\xfcodec64.dll
[2012/01/31 12:59:58 | 000,010,228 | ---- | M] () -- C:\Users\MR\AppData\Local\d3d9caps64.dat
[2012/01/29 19:51:02 | 012,479,448 | ---- | M] () -- C:\Users\MR\Ravaged +15 +5 13-8(1).rar
[2012/01/29 11:48:42 | 001,053,888 | ---- | M] () -- C:\Users\MR\ravaged-muxed.mp4
[2012/01/29 11:42:41 | 000,000,126 | ---- | M] () -- C:\Users\MR\ravaged.avs
[2012/01/29 11:39:36 | 000,000,032 | ---- | M] () -- C:\Users\MR\ravaged.avi.sfl
[2012/01/29 11:36:13 | 004,591,152 | ---- | M] () -- C:\Users\MR\ravaged.wav
[8 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/28 07:40:26 | 090,307,428 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/02/27 13:04:25 | 000,048,267 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/02/27 12:29:24 | 000,271,200 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/02/27 12:29:24 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012/02/26 14:14:09 | 000,001,009 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 7.lnk
[2012/02/26 11:32:56 | 000,622,194 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\iavifw.avm
[2012/02/26 11:23:50 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavifw.avm
[2012/02/26 11:23:50 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2012/02/26 11:23:49 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2012/02/24 21:28:32 | 000,202,539 | ---- | C] () -- C:\Users\MR\Documents\Untitled (28).wma
[2012/02/21 17:01:33 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\HRUPPROG.DIE.NOW
[2012/02/16 07:30:47 | 000,075,204 | ---- | C] () -- C:\Users\MR\Documents\Wahei.ttf
[2012/02/15 08:03:42 | 001,200,080 | ---- | C] () -- C:\Users\MR\jamesbond.wav
[2012/02/14 09:58:10 | 001,781,840 | ---- | C] () -- C:\Users\MR\ts3_recording_12_02_14_9_58_8.wav
[2012/02/10 14:38:14 | 000,042,392 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2012/02/10 14:38:14 | 000,028,056 | ---- | C] () -- C:\Windows\SysNative\xfcodec64.dll
[2012/01/29 19:51:36 | 012,479,448 | ---- | C] () -- C:\Users\MR\Ravaged +15 +5 13-8(1).rar
[2012/01/29 11:48:42 | 001,053,888 | ---- | C] () -- C:\Users\MR\ravaged-muxed.mp4
[2012/01/29 11:42:24 | 000,000,126 | ---- | C] () -- C:\Users\MR\ravaged.avs
[2012/01/29 11:39:36 | 000,000,032 | ---- | C] () -- C:\Users\MR\ravaged.avi.sfl
[2012/01/29 11:36:12 | 004,591,152 | ---- | C] () -- C:\Users\MR\ravaged.wav
[2012/01/15 21:17:53 | 000,000,578 | ---- | C] () -- C:\Windows\iucsplugin.dll
[2011/12/19 05:18:06 | 000,181,760 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2011/12/19 05:18:06 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2011/12/19 05:15:48 | 000,003,077 | ---- | C] () -- C:\ProgramData\cfSB1290.ini
[2011/12/18 09:27:20 | 000,011,688 | -HS- | C] () -- C:\Users\MR\AppData\Local\685387f8b824f316q841i8kjp2q4
[2011/12/18 09:27:20 | 000,011,688 | -HS- | C] () -- C:\ProgramData\685387f8b824f316q841i8kjp2q4
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/09/22 12:29:58 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/09/08 12:15:29 | 000,714,526 | ---- | C] () -- C:\Windows\unins000.exe
[2011/09/08 12:15:29 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll
[2011/09/08 12:15:28 | 000,003,424 | ---- | C] () -- C:\Windows\unins000.dat
[2011/08/14 16:27:41 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\pv_c3.exe
[2011/07/19 20:21:35 | 000,774,144 | ---- | C] () -- C:\Windows\MTUn5582.exe
[2011/07/13 16:48:35 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2011/07/06 09:47:36 | 000,000,552 | ---- | C] () -- C:\Users\MR\AppData\Local\d3d8caps.dat
[2011/07/06 02:11:24 | 000,168,864 | ---- | C] () -- C:\Program Files\Common Files\WireHelpSvc.exe
[2011/04/19 20:50:43 | 000,000,600 | ---- | C] () -- C:\Users\MR\AppData\Roaming\winscp.rnd
[2011/03/21 15:23:54 | 000,007,250 | ---- | C] () -- C:\Windows\SysWow64\dfscacm.dll
[2011/03/21 15:23:52 | 000,006,223 | ---- | C] () -- C:\Windows\SysWow64\dfsc.dll
[2011/01/16 17:43:02 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2011/01/16 17:42:26 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2011/01/16 17:41:59 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2011/01/12 19:04:28 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2010/12/03 22:32:56 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/10/23 15:18:05 | 000,000,133 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2010/10/23 15:17:39 | 000,080,896 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010/10/23 13:29:44 | 001,522,080 | ---- | C] () -- C:\Windows\iDumpPro Uninstaller.exe
[2010/10/22 11:56:47 | 000,157,444 | ---- | C] () -- C:\Windows\hphins26.dat
[2010/10/22 11:56:47 | 000,000,787 | ---- | C] () -- C:\Windows\hphmdl26.dat
[2010/10/16 09:52:29 | 000,000,268 | ---- | C] () -- C:\Windows\game.ini

========== LOP Check ==========

[2011/05/07 15:12:16 | 000,000,000 | ---D | M] -- C:\Users\MR\AppData\Roaming\.minecraft
[2011/11/04 06:49:40 | 000,000,000 | ---D | M] -- C:\Users\MR\AppData\Roaming\AeroSnapApp
[2011/11/28 18:55:16 | 000,000,000 | ---D | M] -- C:\Users\MR\AppData\Roaming\AnvSoft
[2011/10/25 07:56:55 | 000,000,000 | ---D | M] -- C:\Users\MR\AppData\Roaming\ARGELA
[2011/12/20 22:29:58 | 000,000,000 | ---D | M] -- C:\Users\MR\AppData\Roaming\Audacity
[2011/07/31 20:59:41 | 000,000,000 | ---D | M] -- C:\Users\MR\AppData\Roaming\Auslogics
[2012/02/26 15:34:35 | 000,000,000 | ---D | M] -- C:\Users\MR\AppData\Roaming\AVG
[2012/02/26 11:26:02 | 000,000,000 | ---D | M] -- C:\Users\MR\AppData\Roaming\AVG2012
[2011/10/20 22:29:51 | 000,000,000 | ---D | M] -- C:\Users\MR\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/10/20 22:14:55 | 000,000,000 | ---D | M] -- C:\Users\MR\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011/11/25 21:38:30 | 000,000,000 | ---D | M] -- C:\Users\MR\AppData\Roaming\DAEMON Tools Lite
[2012/01/15 21:16:55 | 000,000,000 | ---D | M] -- C:\Users\MR\AppData\Roaming\DAEMON Tools Pro
[2012/02/24 07:43:10 | 000,000,000 | ---D | M] -- C:\Users\MR\AppData\Roaming\Dropbox
[2011/11/24 21:20:23 | 000,000,000 | ---D | M] -- C:\Users\MR\AppData\Roaming\E2iibFF3pnGaQ6d
[2011/10/29 15:15:41 | 000,000,000 | ---D | M] -- C:\Users\MR\AppData\Roaming\FireShot
[2011/11/24 21:20:24 | 000,000,000 | ---D | M] -- C:\Users\MR\AppData\Roaming\iK88fRRZ9hTwjVe
[2011/10/31 13:09:37 | 000,000,000 | ---D | M] -- C:\Users\MR\AppData\Roaming\Image-Line
[2011/05/22 18:41:56 | 000,000,000 | ---D | M] -- C:\Users\MR\AppData\Roaming\ImTOO
[2011/11/24 21:20:19 | 000,000,000 | ---D | M] -- C:\Users\MR\AppData\Roaming\K555sWWJ7f
[2010/10/24 11:46:29 | 000,000,000 | ---D | M] -- C:\Users\MR\AppData\Roaming\Leadertech
[2011/01/15 08:46:29 | 000,000,000 | ---D | M] -- C:\Users\MR\AppData\Roaming\Lionhead Studios
[2011/03/03 08:36:26 | 000,000,000 | ---D | M] -- C:\Users\MR\AppData\Roaming\LolClient
[2011/11/13 08:25:40 | 000,000,000 | ---D | M] -- C:\Users\MR\AppData\Roaming\MAGIX
[2011/10/31 08:45:04 | 000,000,000 | ---D | M] -- C:\Users\MR\AppData\Roaming\MAXON
[2011/08/17 10:06:42 | 000,000,000 | ---D | M] -- C:\Users\MR\AppData\Roaming\Mount&Blade
[2011/07/10 01:47:02 | 000,000,000 | ---D | M] -- C:\Users\MR\AppData\Roaming\Mount&Blade With Fire and Sword
[2012/02/17 20:43:42 | 000,000,000 | ---D | M] -- C:\Users\MR\AppData\Roaming\Mumble
[2010/10/20 14:37:26 | 000,000,000 | ---D | M] -- C:\Users\MR\AppData\Roaming\NAPA Software
[2011/04/27 14:00:03 | 000,000,000 | ---D | M] -- C:\Users\MR\AppData\Roaming\NavNet Solutions
[2011/03/05 21:54:30 | 000,000,000 | ---D | M] -- C:\Users\MR\AppData\Roaming\Need for Speed World
[2010/12/02 16:23:16 | 000,000,000 | ---D | M] -- C:\Users\MR\AppData\Roaming\OpenOffice.org
[2011/11/07 16:00:19 | 000,000,000 | ---D | M] -- C:\Users\MR\AppData\Roaming\Origin
[2011/12/05 14:58:37 | 000,000,000 | ---D | M] -- C:\Users\MR\AppData\Roaming\Phase Five Systems
[2011/10/18 21:16:08 | 000,000,000 | ---D | M] -- C:\Users\MR\AppData\Roaming\Publish Providers
[2011/12/18 15:33:06 | 000,000,000 | ---D | M] -- C:\Users\MR\AppData\Roaming\PunkBuster
[2012/01/16 01:32:07 | 000,000,000 | ---D | M] -- C:\Users\MR\AppData\Roaming\redsn0w
[2011/11/24 21:40:15 | 000,000,000 | ---D | M] -- C:\Users\MR\AppData\Roaming\S555sQQJ7dE8gZq
[2011/10/21 05:58:26 | 000,000,000 | ---D | M] -- C:\Users\MR\AppData\Roaming\Screenshot Studio
[2011/11/03 16:34:52 | 000,000,000 | ---D | M] -- C:\Users\MR\AppData\Roaming\Sony
[2011/10/28 15:07:41 | 000,000,000 | ---D | M] -- C:\Users\MR\AppData\Roaming\Sony Creative Software Inc
[2011/10/16 11:27:51 | 000,000,000 | ---D | M] -- C:\Users\MR\AppData\Roaming\SplitMediaLabs
[2011/11/03 18:55:41 | 000,000,000 | ---D | M] -- C:\Users\MR\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/12/25 19:39:29 | 000,000,000 | ---D | M] -- C:\Users\MR\AppData\Roaming\SystemRequirementsLab
[2011/12/18 23:02:12 | 000,000,000 | ---D | M] -- C:\Users\MR\AppData\Roaming\Thunderbird
[2008/11/27 21:13:52 | 000,000,000 | ---D | M] -- C:\Users\MR\AppData\Roaming\Touchstone
[2012/02/27 11:42:22 | 000,000,000 | ---D | M] -- C:\Users\MR\AppData\Roaming\TS3Client
[2011/11/24 21:20:18 | 000,000,000 | ---D | M] -- C:\Users\MR\AppData\Roaming\tUUUCeekIBrPNxA
[2011/10/10 07:58:04 | 000,000,000 | ---D | M] -- C:\Users\MR\AppData\Roaming\TZAC
[2012/01/20 14:10:19 | 000,000,000 | ---D | M] -- C:\Users\MR\AppData\Roaming\Ubisoft
[2012/02/28 07:53:31 | 000,000,000 | ---D | M] -- C:\Users\MR\AppData\Roaming\uTorrent
[2011/12/23 00:26:32 | 000,000,000 | ---D | M] -- C:\Users\MR\AppData\Roaming\Wi-Fi Sync
[2011/07/07 01:59:05 | 000,000,000 | ---D | M] -- C:\Users\MR\AppData\Roaming\Wireshark
[2012/02/27 22:00:10 | 000,032,610 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/02/28 07:51:00 | 000,000,430 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{381D038A-84A1-4538-86AB-1CC42A2F80C7}.job
[2012/02/27 12:22:23 | 000,000,412 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{46DB308A-5E1B-4647-BDBC-80F4157387F1}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 498 bytes -> C:\ProgramData\TEMP:05EE1EEF
@Alternate Data Stream - 180 bytes -> C:\ProgramData\TEMP:FB1B13D8
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:07BF512B
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >
  • 0

Advertisements

#2
Essexboy
Posted 06 March 2012 - 03:21 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there and sorry for the delay - I will run a quick and dirty fix. Then look deeper. Did you set up the host file yourself ?

O1 - Hosts: 69.39.238.40 gordon.d4rc.net
O1 - Hosts: 69.39.238.40 www.mpgh.net
O1 - Hosts: 69.39.238.40 gamekiller.net
O1 - Hosts: 69.39.238.40 www.gamekiller.net
O1 - Hosts: 69.39.238.40 www.gamerzplanet.net
O1 - Hosts: 69.39.238.40 cheatengine.org
O1 - Hosts: 69.39.238.40 www.cheatengine.org
O1 - Hosts: 69.39.238.40 forum.cheatengine.org
O1 - Hosts: 69.39.238.40 forum.ragezone.com




Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    [2011/12/18 09:27:20 | 000,011,688 | -HS- | C] () -- C:\Users\MR\AppData\Local\685387f8b824f316q841i8kjp2q4
    [2011/12/18 09:27:20 | 000,011,688 | -HS- | C] () -- C:\ProgramData\685387f8b824f316q841i8kjp2q4
    [2011/11/24 21:40:15 | 000,000,000 | ---D | M] -- C:\Users\MR\AppData\Roaming\S555sQQJ7dE8gZq

    :Files
    ipconfig /flushdns /c

    :Commands
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download aswMBR.exe ( 4.1mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

AND FINALLY

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#3
Essexboy
Posted 10 March 2012 - 08:07 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP