Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

TR/ATRAPS.Gen2 [Solved]


  • This topic is locked This topic is locked

#1
bobsapp

bobsapp

    New Member

  • Member
  • Pip
  • 5 posts
Hello,
I was on my laptop earlier when I was notified by Avira on a virus TR/ATRAPS.Gen2, I have tried deleting the virus to no avail,

Any help appreciated :thumbsup:
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets get some data first

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    Posted Image
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    qmgr.dll
    /md5stop
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

THEN

Download aswMBR.exe ( 4.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image
  • 0

#3
bobsapp

bobsapp

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Hey thanks for the reply
Heres the logs you asked for

OTL logfile created on: 23/09/2012 10:47:01 - Run 1
OTL by OldTimer - Version 3.2.66.0 Folder = c:\Users\Corey\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.75 Gb Total Physical Memory | 1.52 Gb Available Physical Memory | 55.38% Memory free
5.70 Gb Paging File | 4.24 Gb Available in Paging File | 74.29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.70 Gb Total Space | 75.59 Gb Free Space | 54.11% Space Free | Partition Type: NTFS
Drive D: | 9.35 Gb Total Space | 1.64 Gb Free Space | 17.51% Space Free | Partition Type: NTFS
Drive E: | 6.62 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: COREY-PC | User Name: Corey | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/23 10:31:49 | 000,601,600 | ---- | M] (OldTimer Tools) -- c:\Users\Corey\Downloads\OTL.exe
PRC - [2012/09/22 20:51:52 | 000,722,528 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
PRC - [2012/09/22 20:51:48 | 000,947,808 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2012/09/14 05:35:58 | 003,039,352 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe
PRC - [2012/09/12 05:41:24 | 000,713,848 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgrsx.exe
PRC - [2012/08/28 11:11:34 | 000,690,888 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\Macromed\Flash\FlashUtil32_11_4_402_265_ActiveX.exe
PRC - [2012/08/27 02:27:10 | 001,108,088 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgnsx.exe
PRC - [2012/08/20 04:53:34 | 000,184,304 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe
PRC - [2012/08/20 04:52:42 | 005,751,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe
PRC - [2012/08/20 04:52:34 | 000,783,992 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgemcx.exe
PRC - [2012/08/20 04:52:26 | 000,450,168 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcsrvx.exe
PRC - [2012/07/18 18:05:10 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012/07/18 18:05:01 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012/07/18 18:04:59 | 000,086,992 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\ipmgui.exe
PRC - [2012/07/18 18:04:50 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/07/18 18:04:50 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012/07/02 16:02:28 | 004,473,728 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Malware Fighter\IMF.exe
PRC - [2012/01/09 20:17:44 | 000,821,592 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/26 09:15:26 | 000,361,808 | ---- | M] () -- C:\WINDOWS\SMINST\BLService.exe
PRC - [2008/02/22 12:25:21 | 000,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe


========== Modules (No Company Name) ==========

MOD - [2012/09/22 20:51:59 | 000,564,832 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\DNTInstaller\12.2.6\avgdttbx.dll
MOD - [2012/09/22 20:51:54 | 000,132,704 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\SiteSafety.dll
MOD - [2012/09/22 20:51:48 | 000,947,808 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2012/09/05 18:29:21 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f3d4d5fe5ab848fbfcf91a49960dc8ae\System.Management.ni.dll
MOD - [2012/08/30 20:36:12 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\1b337cf9a031145849bc48c11b2cfe58\Accessibility.ni.dll
MOD - [2012/08/30 20:36:09 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
MOD - [2012/08/30 20:35:49 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\663112d3002034cf5126be253efff60d\System.Web.Services.ni.dll
MOD - [2012/08/30 20:34:50 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll
MOD - [2012/08/30 20:34:33 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
MOD - [2012/08/30 20:33:07 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
MOD - [2012/08/30 20:31:25 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012/08/30 14:38:33 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2008/06/12 06:18:38 | 000,120,216 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSchMgr.dll
MOD - [2008/06/12 06:18:36 | 000,259,480 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapEngine.dll
MOD - [2008/06/12 06:18:34 | 000,345,384 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLTinyDB.dll
MOD - [2007/08/14 20:59:54 | 006,365,184 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
MOD - [2007/07/12 20:55:52 | 000,131,072 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2007/07/12 20:55:28 | 001,581,056 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll


========== Services (SafeList) ==========

SRV - [2012/09/22 20:51:52 | 000,722,528 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe -- (vToolbarUpdater12.2.6)
SRV - [2012/08/20 04:53:34 | 000,184,304 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012/08/20 04:52:42 | 005,751,928 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/07/18 18:05:01 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/07/18 18:04:50 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/01/09 20:17:44 | 000,821,592 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice)
SRV - [2011/11/16 17:23:44 | 000,377,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2008/04/26 09:15:26 | 000,361,808 | ---- | M] () [Auto | Running] -- C:\WINDOWS\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/02/03 20:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\WINDOWS\System32\ezsvc7.dll -- (ezSharedSvc)
SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012/09/22 20:51:56 | 000,027,496 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2012/09/17 18:58:56 | 000,051,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/09/14 05:34:34 | 000,089,440 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2012/09/12 11:47:22 | 000,164,704 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/09/12 11:47:04 | 000,151,648 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/09/02 21:04:28 | 000,010,536 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\hmonitor45.sys -- (Hmonitor45)
DRV - [2012/08/13 16:40:54 | 000,176,096 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2012/08/10 04:52:28 | 000,019,808 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2012/08/10 04:52:18 | 000,035,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2012/08/09 13:56:44 | 000,178,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\avglogx.sys -- (Avglogx)
DRV - [2012/07/18 18:05:10 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/07/18 18:05:10 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012/07/18 18:05:10 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012/07/05 13:53:52 | 000,019,832 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wlh_x86\UrlFilter.sys -- (UrlFilter)
DRV - [2012/07/05 13:53:50 | 000,030,640 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wlh_x86\RegFilter.sys -- (RegFilter)
DRV - [2012/01/05 18:07:28 | 000,020,336 | ---- | M] (IObit) [File_System | On_Demand | Running] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wlh_x86\FileMonitor.sys -- (FileMonitor)
DRV - [2010/06/17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/07/23 21:01:00 | 009,791,072 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/06/05 17:58:42 | 000,222,208 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/05/09 20:17:32 | 000,043,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2008/04/27 19:07:44 | 000,909,824 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\athr.sys -- (athr)
DRV - [2008/04/24 23:51:46 | 000,014,848 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2008/01/29 14:55:00 | 001,042,464 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007/10/18 00:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/19 01:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...resario&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...resario&pf=cnnb
IE - HKLM\..\URLSearchHook: {3bbd3c14-4c16-4989-8366-95bc9179779d} - SOFTWARE\Classes\CLSID\{3bbd3c14-4c16-4989-8366-95bc9179779d}\InprocServer32 File not found
IE - HKLM\..\SearchScopes,DefaultScope = {24D7C095-6F20-4F20-863D-E518F34F550B}
IE - HKLM\..\SearchScopes\{24D7C095-6F20-4F20-863D-E518F34F550B}: "URL" = http://slirsredirect...hpcnnbie7-en-gb
IE - HKLM\..\SearchScopes\{46BF7163-5FFC-42B8-B8D3-93663F3407D9}: "URL" = http://uk.kelkoopart...tnerId=96913936
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3196716
IE - HKLM\..\SearchScopes\{F89D75F6-187F-4801-825D-564ADB84CBAB}: "URL" = http://uk.kelkoopart...tnerId=96913936


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-203628022-2586996127-1559333331-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...resario&pf=cnnb
IE - HKU\S-1-5-21-203628022-2586996127-1559333331-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-203628022-2586996127-1559333331-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-203628022-2586996127-1559333331-1000\..\URLSearchHook: {3bbd3c14-4c16-4989-8366-95bc9179779d} - SOFTWARE\Classes\CLSID\{3bbd3c14-4c16-4989-8366-95bc9179779d}\InprocServer32 File not found
IE - HKU\S-1-5-21-203628022-2586996127-1559333331-1000\..\URLSearchHook: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - No CLSID value found
IE - HKU\S-1-5-21-203628022-2586996127-1559333331-1000\..\SearchScopes,DefaultScope = {24D7C095-6F20-4F20-863D-E518F34F550B}
IE - HKU\S-1-5-21-203628022-2586996127-1559333331-1000\..\SearchScopes\{24D7C095-6F20-4F20-863D-E518F34F550B}: "URL" = http://slirsredirect...hpcnnbie7-en-gb
IE - HKU\S-1-5-21-203628022-2586996127-1559333331-1000\..\SearchScopes\{46BF7163-5FFC-42B8-B8D3-93663F3407D9}: "URL" = http://uk.kelkoopart...tnerId=96913936
IE - HKU\S-1-5-21-203628022-2586996127-1559333331-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg....fr&d=2012-09-22 20:52:01&v=12.2.5.34&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-203628022-2586996127-1559333331-1000\..\SearchScopes\{EE047DB1-406D-456E-ADE5-73A69E372005}: "URL" = http://search.condui...&ctid=CT3201318
IE - HKU\S-1-5-21-203628022-2586996127-1559333331-1000\..\SearchScopes\{F89D75F6-187F-4801-825D-564ADB84CBAB}: "URL" = http://uk.kelkoopart...tnerId=96913936
IE - HKU\S-1-5-21-203628022-2586996127-1559333331-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Corey\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Corey\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramData\AVG Secure Search\12.2.5.34\ [2012/09/22 20:52:50 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Corey\AppData\Local\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Corey\AppData\Local\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Corey\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Corey\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Corey\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: AVG Secure Search = C:\Users\Corey\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.2.5.34_0\

O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (FLV Runner Toolbar) - {3bbd3c14-4c16-4989-8366-95bc9179779d} - C:\Program Files\FLV_Runner\prxtbFLV_.dll File not found
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (FLV Runner Toolbar) - {3bbd3c14-4c16-4989-8366-95bc9179779d} - C:\Program Files\FLV_Runner\prxtbFLV_.dll File not found
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll ()
O3 - HKU\S-1-5-21-203628022-2586996127-1559333331-1000\..\Toolbar\WebBrowser: (FLV Runner Toolbar) - {3BBD3C14-4C16-4989-8366-95BC9179779D} - C:\Program Files\FLV_Runner\prxtbFLV_.dll File not found
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IObit Malware Fighter] C:\Program Files\IObit\IObit Malware Fighter\IMF.exe (IObit)
O4 - HKLM..\Run: [ROC_ROC_NT] C:\Program Files\AVG Secure Search\ROC_ROC_NT.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-203628022-2586996127-1559333331-1000..\Run: [ShowBatteryBar] C:\Program Files\BatteryBar\ShowBatteryBar.exe ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-203628022-2586996127-1559333331-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E63A2E35-9158-48A9-A29D-EE9688C3CBA8}: DhcpNameServer = 192.168.1.254 192.168.1.254
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll ()
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Dots.jpg
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Dots.jpg
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/04 18:37:14 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007/07/16 03:07:53 | 000,000,044 | R--- | M] () - E:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{52541701-f01a-11e1-9fbf-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{52541701-f01a-11e1-9fbf-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Launch.exe -- [2007/12/18 12:29:19 | 004,657,152 | R--- | M] (Macrovision Corporation)
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: ezSharedSvc - C:\WINDOWS\System32\ezsvc7.dll (EasyBits Sofware AS)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/09/22 20:54:39 | 000,000,000 | ---D | C] -- C:\Users\Corey\AppData\Roaming\AVG2013
[2012/09/22 20:53:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/09/22 20:53:00 | 000,000,000 | ---D | C] -- C:\Users\Corey\AppData\Roaming\TuneUp Software
[2012/09/22 20:52:51 | 000,000,000 | ---D | C] -- C:\Users\Corey\AppData\Local\AVG Secure Search
[2012/09/22 20:52:50 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2012/09/22 20:51:56 | 000,027,496 | ---- | C] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2012/09/22 20:51:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2012/09/22 20:51:47 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2012/09/22 20:48:01 | 000,000,000 | -H-D | C] -- C:\$AVG
[2012/09/22 20:48:01 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013
[2012/09/22 20:45:32 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2012/09/22 20:37:03 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/09/22 20:37:02 | 000,000,000 | ---D | C] -- C:\Users\Corey\AppData\Local\MFAData
[2012/09/22 20:37:02 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/09/22 20:37:02 | 000,000,000 | ---D | C] -- C:\Users\Corey\AppData\Local\Avg2013
[2012/09/20 18:38:02 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/09/18 19:01:01 | 000,000,000 | ---D | C] -- C:\Users\Corey\Documents\Slender_v0_9_5
[2012/09/17 18:58:56 | 000,051,936 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\avgidshx.sys
[2012/09/15 11:45:23 | 000,000,000 | ---D | C] -- C:\Users\Corey\AppData\Roaming\BatteryBar
[2012/09/15 11:45:23 | 000,000,000 | ---D | C] -- C:\Program Files\BatteryBar
[2012/09/14 05:34:34 | 000,089,440 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2012/09/12 17:21:28 | 000,000,000 | ---D | C] -- C:\Users\Corey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Warcraft III
[2012/09/12 17:21:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Warcraft III
[2012/09/12 17:21:27 | 000,126,976 | ---- | C] (Blizzard Entertainment) -- C:\Windows\War3Unin.exe
[2012/09/12 17:16:14 | 000,000,000 | ---D | C] -- C:\Program Files\Warcraft III
[2012/09/12 11:47:22 | 000,164,704 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2012/09/12 11:47:04 | 000,151,648 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2012/09/10 20:35:30 | 000,000,000 | ---D | C] -- C:\Users\Corey\AppData\Local\Adobe
[2012/09/05 21:33:54 | 000,000,000 | ---D | C] -- C:\Users\Corey\AppData\Roaming\CyberLink
[2012/09/05 21:33:43 | 003,063,561 | ---- | C] (Macromedia, Inc.) -- C:\Users\Public\Documents\MobileTV.exe
[2012/09/05 21:33:43 | 002,989,660 | ---- | C] (Macromedia, Inc.) -- C:\Users\Public\Documents\DVD.exe
[2012/09/05 21:33:43 | 002,864,396 | ---- | C] (Macromedia, Inc.) -- C:\Users\Public\Documents\MPV.exe
[2012/09/05 21:33:43 | 002,331,174 | ---- | C] (Macromedia, Inc.) -- C:\Users\Public\Documents\Karaoke.exe
[2012/09/05 21:33:42 | 002,231,606 | ---- | C] (Macromedia, Inc.) -- C:\Users\Public\Documents\Games.exe
[2012/09/05 21:33:42 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\ENU
[2012/09/05 21:33:40 | 000,000,000 | ---D | C] -- C:\Users\Corey\AppData\Local\QuickPlay
[2012/09/05 21:16:26 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2012/09/05 21:14:02 | 000,000,000 | ---D | C] -- C:\Users\Corey\AppData\Roaming\uTorrent
[2012/09/04 22:59:32 | 000,000,000 | ---D | C] -- C:\Users\Corey\Documents\Eternal Lands
[2012/09/04 22:58:37 | 000,000,000 | ---D | C] -- C:\Users\Corey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Eternal Lands
[2012/09/04 22:58:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eternal Lands
[2012/09/04 22:57:50 | 000,000,000 | ---D | C] -- C:\Program Files\Eternal Lands
[2012/09/02 21:04:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hmonitor
[2012/09/02 21:04:27 | 000,000,000 | ---D | C] -- C:\Program Files\Hmonitor
[2012/09/02 20:57:28 | 000,000,000 | ---D | C] -- C:\ProgramData\AOL OCP
[2012/09/02 20:57:26 | 000,000,000 | ---D | C] -- C:\Users\Corey\AppData\Local\AOL OCP
[2012/09/02 20:57:25 | 000,000,000 | ---D | C] -- C:\ProgramData\AOL
[2012/08/30 21:02:05 | 000,000,000 | ---D | C] -- C:\Users\Corey\AppData\Local\ApplicationHistory
[2012/08/30 20:56:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\URTTEMP
[2012/08/30 20:55:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SEGA
[2012/08/30 20:40:20 | 000,000,000 | ---D | C] -- C:\Program Files\SEGA
[2012/08/30 20:37:46 | 000,000,000 | ---D | C] -- C:\Users\Corey\AppData\Roaming\InstallShield
[2012/08/30 14:14:49 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2012/08/30 13:37:14 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur
[2012/08/30 00:44:46 | 000,000,000 | ---D | C] -- C:\Users\Corey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/08/30 00:43:12 | 000,000,000 | ---D | C] -- C:\Users\Corey\AppData\Local\Google
[2012/08/30 00:42:50 | 000,000,000 | ---D | C] -- C:\Users\Corey\AppData\Local\Deployment
[2012/08/30 00:42:50 | 000,000,000 | ---D | C] -- C:\Users\Corey\AppData\Local\Apps
[2012/08/27 20:28:10 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2012/08/27 20:28:07 | 000,000,000 | ---D | C] -- C:\Users\Corey\AppData\Local\Conduit
[2012/08/27 18:40:55 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2012/08/27 18:40:55 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2012/08/27 18:40:53 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2012/08/27 18:14:12 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2012/08/27 17:05:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total War
[2012/08/27 16:55:27 | 000,000,000 | ---D | C] -- C:\Program Files\The Creative Assembly
[2012/08/27 15:09:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012/08/27 13:36:12 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2012/08/27 12:32:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012/08/27 12:25:29 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2012/08/27 12:25:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2012/08/27 12:23:40 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2012/08/27 12:23:39 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2012/08/27 12:16:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2005
[2012/08/27 12:16:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2012/08/27 12:14:09 | 000,000,000 | ---D | C] -- C:\Users\Corey\AppData\Local\Microsoft Help
[2012/08/27 12:10:32 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2012/08/27 12:02:12 | 000,000,000 | ---D | C] -- C:\Users\Corey\AppData\Local\Seven Zip
[2012/08/27 11:47:45 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2012/08/27 11:44:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
[2012/08/27 11:44:32 | 000,000,000 | ---D | C] -- C:\Users\Corey\AppData\Roaming\IObit
[2012/08/27 11:44:29 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2012/08/27 11:35:03 | 000,000,000 | ---D | C] -- C:\Users\Corey\AppData\Roaming\Avira
[2012/08/27 11:32:02 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2012/08/27 11:32:01 | 000,137,928 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012/08/27 11:32:01 | 000,083,392 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2012/08/27 11:32:01 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2012/08/27 11:32:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012/08/27 11:32:00 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012/08/27 11:27:02 | 000,000,000 | ---D | C] -- C:\Users\Corey\AppData\Roaming\Macromedia
[2012/08/27 09:09:00 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2012/08/27 08:36:44 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/08/27 08:36:42 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2012/08/27 08:36:03 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2012/08/27 08:32:27 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling
[2012/08/27 08:32:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LightScribe
[2012/08/27 08:28:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetWaiting
[2012/08/27 08:27:59 | 000,000,000 | ---D | C] -- C:\Program Files\NetWaiting
[2012/08/27 08:27:41 | 000,000,000 | ---D | C] -- C:\Program Files\CONEXANT
[2012/08/27 08:26:34 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2012/08/27 08:20:34 | 000,909,824 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\System32\drivers\athr.sys
[2012/08/27 08:20:33 | 000,393,216 | ---- | C] (Atheros) -- C:\Windows\System32\athihvs.dll
[2012/08/27 08:20:33 | 000,376,832 | ---- | C] (Atheros) -- C:\Windows\System32\S64CPA.exe
[2012/08/27 08:20:33 | 000,053,248 | ---- | C] (Atheros) -- C:\Windows\System32\athihvui.dll
[2012/08/27 08:20:33 | 000,000,000 | ---D | C] -- C:\Windows\System32\nn-NO
[2012/08/27 08:20:19 | 000,000,000 | ---D | C] -- C:\Program Files\Atheros
[2012/08/27 08:20:18 | 000,000,000 | ---D | C] -- C:\Program Files\Cisco
[2012/08/27 08:20:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Atheros
[2012/08/27 08:16:21 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012/08/27 08:11:33 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2012/08/27 00:53:18 | 000,000,000 | ---D | C] -- C:\Users\Corey\AppData\Roaming\Symantec
[2012/08/27 00:52:49 | 000,000,000 | R--D | C] -- C:\Users\Corey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012/08/27 00:52:49 | 000,000,000 | R--D | C] -- C:\Users\Corey\Searches
[2012/08/27 00:52:49 | 000,000,000 | R--D | C] -- C:\Users\Corey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/08/27 00:52:40 | 000,000,000 | ---D | C] -- C:\Users\Corey\AppData\Roaming\Identities
[2012/08/27 00:52:37 | 000,000,000 | R--D | C] -- C:\Users\Corey\Contacts
[2012/08/27 00:52:11 | 000,000,000 | ---D | C] -- C:\Users\Corey\AppData\Roaming\Adobe
[2012/08/27 00:51:30 | 000,000,000 | ---D | C] -- C:\Users\Corey\AppData\Roaming\Hewlett-Packard
[2012/08/27 00:51:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Viewpoint
[2012/08/27 00:51:24 | 000,000,000 | ---D | C] -- C:\Program Files\Viewpoint
[2012/08/27 00:51:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIM
[2012/08/27 00:50:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AOL
[2012/08/27 00:50:56 | 000,000,000 | ---D | C] -- C:\Program Files\AIM6
[2012/08/27 00:50:42 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Services
[2012/08/27 00:47:44 | 000,000,000 | ---D | C] -- C:\Users\Corey\AppData\Local\VirtualStore
[2012/08/27 00:47:41 | 000,000,000 | -HSD | C] -- C:\Users\Corey\AppData\Local\Temporary Internet Files
[2012/08/27 00:47:41 | 000,000,000 | -HSD | C] -- C:\Users\Corey\Templates
[2012/08/27 00:47:41 | 000,000,000 | -HSD | C] -- C:\Users\Corey\Start Menu
[2012/08/27 00:47:41 | 000,000,000 | -HSD | C] -- C:\Users\Corey\SendTo
[2012/08/27 00:47:41 | 000,000,000 | -HSD | C] -- C:\Users\Corey\Recent
[2012/08/27 00:47:41 | 000,000,000 | -HSD | C] -- C:\Users\Corey\PrintHood
[2012/08/27 00:47:41 | 000,000,000 | -HSD | C] -- C:\Users\Corey\NetHood
[2012/08/27 00:47:41 | 000,000,000 | -HSD | C] -- C:\Users\Corey\Documents\My Videos
[2012/08/27 00:47:41 | 000,000,000 | -HSD | C] -- C:\Users\Corey\Documents\My Pictures
[2012/08/27 00:47:41 | 000,000,000 | -HSD | C] -- C:\Users\Corey\Documents\My Music
[2012/08/27 00:47:41 | 000,000,000 | -HSD | C] -- C:\Users\Corey\My Documents
[2012/08/27 00:47:41 | 000,000,000 | -HSD | C] -- C:\Users\Corey\Local Settings
[2012/08/27 00:47:41 | 000,000,000 | -HSD | C] -- C:\Users\Corey\AppData\Local\History
[2012/08/27 00:47:41 | 000,000,000 | -HSD | C] -- C:\Users\Corey\Cookies
[2012/08/27 00:47:41 | 000,000,000 | -HSD | C] -- C:\Users\Corey\Application Data
[2012/08/27 00:47:41 | 000,000,000 | -HSD | C] -- C:\Users\Corey\AppData\Local\Application Data
[2012/08/27 00:47:40 | 000,000,000 | --SD | C] -- C:\Users\Corey\AppData\Roaming\Microsoft
[2012/08/27 00:47:40 | 000,000,000 | R--D | C] -- C:\Users\Corey\Videos
[2012/08/27 00:47:40 | 000,000,000 | R--D | C] -- C:\Users\Corey\Saved Games
[2012/08/27 00:47:40 | 000,000,000 | R--D | C] -- C:\Users\Corey\Pictures
[2012/08/27 00:47:40 | 000,000,000 | R--D | C] -- C:\Users\Corey\Music
[2012/08/27 00:47:40 | 000,000,000 | R--D | C] -- C:\Users\Corey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/08/27 00:47:40 | 000,000,000 | R--D | C] -- C:\Users\Corey\Links
[2012/08/27 00:47:40 | 000,000,000 | R--D | C] -- C:\Users\Corey\Favorites
[2012/08/27 00:47:40 | 000,000,000 | R--D | C] -- C:\Users\Corey\Downloads
[2012/08/27 00:47:40 | 000,000,000 | R--D | C] -- C:\Users\Corey\Documents
[2012/08/27 00:47:40 | 000,000,000 | R--D | C] -- C:\Users\Corey\Desktop
[2012/08/27 00:47:40 | 000,000,000 | R--D | C] -- C:\Users\Corey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/08/27 00:47:40 | 000,000,000 | -H-D | C] -- C:\Users\Corey\AppData
[2012/08/27 00:47:40 | 000,000,000 | ---D | C] -- C:\Users\Corey\AppData\Local\Temp
[2012/08/27 00:47:40 | 000,000,000 | ---D | C] -- C:\Users\Corey\AppData\Local\Microsoft
[2012/08/27 00:47:40 | 000,000,000 | ---D | C] -- C:\Users\Corey\AppData\Roaming\Media Center Programs
[2012/08/27 00:47:40 | 000,000,000 | ---D | C] -- C:\Users\Corey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink YouCam
[2012/08/27 00:47:40 | 000,000,000 | ---D | C] -- C:\Users\Corey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite

========== Files - Modified Within 30 Days ==========

[2012/09/23 10:53:15 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-203628022-2586996127-1559333331-1000UA.job
[2012/09/23 10:43:41 | 000,000,248 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2012/09/23 10:42:39 | 000,031,871 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012/09/23 10:42:38 | 000,031,871 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012/09/23 10:41:20 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/23 10:41:20 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/23 10:41:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/22 20:53:02 | 000,000,842 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2012/09/22 20:51:56 | 000,027,496 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2012/09/22 16:48:34 | 000,004,608 | ---- | M] () -- C:\Users\Corey\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/09/22 14:53:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-203628022-2586996127-1559333331-1000Core.job
[2012/09/20 18:37:52 | 325,789,759 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/09/17 18:58:56 | 000,051,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\avgidshx.sys
[2012/09/14 16:24:42 | 000,617,964 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/09/14 16:24:42 | 000,112,698 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/09/14 05:34:34 | 000,089,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2012/09/12 17:21:31 | 000,018,037 | ---- | M] () -- C:\Windows\War3Unin.dat
[2012/09/12 17:21:31 | 000,001,734 | ---- | M] () -- C:\Users\Corey\Desktop\Warcraft III.lnk
[2012/09/12 17:21:28 | 000,002,829 | ---- | M] () -- C:\Windows\War3Unin.pif
[2012/09/12 17:21:27 | 000,126,976 | ---- | M] (Blizzard Entertainment) -- C:\Windows\War3Unin.exe
[2012/09/12 11:47:22 | 000,164,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2012/09/12 11:47:04 | 000,151,648 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2012/09/05 21:33:45 | 003,063,561 | ---- | M] (Macromedia, Inc.) -- C:\Users\Public\Documents\MobileTV.exe
[2012/09/05 21:33:43 | 002,989,660 | ---- | M] (Macromedia, Inc.) -- C:\Users\Public\Documents\DVD.exe
[2012/09/05 21:33:43 | 002,864,396 | ---- | M] (Macromedia, Inc.) -- C:\Users\Public\Documents\MPV.exe
[2012/09/05 21:33:43 | 002,331,174 | ---- | M] (Macromedia, Inc.) -- C:\Users\Public\Documents\Karaoke.exe
[2012/09/05 21:33:42 | 002,231,606 | ---- | M] (Macromedia, Inc.) -- C:\Users\Public\Documents\Games.exe
[2012/09/05 21:16:27 | 000,000,776 | ---- | M] () -- C:\Users\Corey\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2012/09/05 21:16:27 | 000,000,752 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2012/09/05 17:21:10 | 000,001,677 | ---- | M] () -- C:\Users\Corey\Desktop\test.lnk
[2012/09/04 22:58:37 | 000,001,667 | ---- | M] () -- C:\Users\Corey\Desktop\Eternal Lands.lnk
[2012/09/04 21:54:45 | 000,002,042 | ---- | M] () -- C:\Users\Corey\Desktop\Google Chrome.lnk
[2012/09/04 21:54:45 | 000,002,004 | ---- | M] () -- C:\Users\Corey\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/09/03 15:15:35 | 000,000,056 | -H-- | M] () -- C:\Windows\System32\ezsidmv.dat
[2012/09/02 21:04:28 | 000,010,536 | ---- | M] () -- C:\Windows\System32\drivers\hmonitor45.sys
[2012/09/02 21:04:27 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\Hmonitor.lnk
[2012/08/30 20:55:50 | 000,001,892 | ---- | M] () -- C:\Users\Public\Desktop\Medieval II Total War.lnk
[2012/08/30 14:31:51 | 000,389,928 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/08/30 14:14:19 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2012/08/29 23:41:06 | 000,000,943 | ---- | M] () -- C:\Users\Corey\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/08/29 23:19:03 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2012/08/29 23:19:03 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2012/08/29 23:18:45 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2012/08/27 20:01:28 | 000,000,938 | ---- | M] () -- C:\Users\Corey\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/08/27 17:05:58 | 000,002,011 | ---- | M] () -- C:\Users\Public\Desktop\Barbarian Invasion.lnk
[2012/08/27 17:05:58 | 000,001,988 | ---- | M] () -- C:\Users\Public\Desktop\Rome - Total War.lnk
[2012/08/27 15:09:01 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012/08/27 11:59:02 | 000,001,589 | ---- | M] () -- C:\Users\Public\Desktop\Browser Choice.lnk
[2012/08/27 11:56:45 | 000,588,472 | ---- | M] (EasyBits Software AS) -- C:\Windows\System32\ezsvc7x.dll
[2012/08/27 11:44:37 | 000,000,966 | ---- | M] () -- C:\Users\Public\Desktop\IObit Malware Fighter.lnk
[2012/08/27 08:40:38 | 000,047,092 | ---- | M] () -- C:\Windows\System32\license.rtf
[2012/08/27 08:27:06 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01000.Wdf
[2012/08/27 08:16:37 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2012/08/27 00:52:27 | 000,000,044 | ---- | M] () -- C:\Windows\System\hpsysdrv.dat
[2012/08/27 00:51:27 | 000,000,373 | -H-- | M] () -- C:\IPH.PH
[2012/08/27 00:51:24 | 000,001,820 | ---- | M] () -- C:\Users\Corey\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM 6.1.lnk
[2012/08/27 00:48:49 | 000,000,000 | RHS- | M] () -- C:\Windows\System32\drivers\103C_HP_cNB_Presario CQ60 Notebook PC_Y5335KV_0U_Q2CE840FCZF_E480060-033_4A_I303C_SWistron_V08.40_F.24_T080903_WV3-1_L409_M2814_J160_7AMD_8F31_92.00_#120827_N168C002A;10DE0760_(FV855EA#ABU)_XMOBILE_CN10_Z_2F.24.MRK

========== Files Created - No Company Name ==========

[2012/09/22 20:53:01 | 000,000,842 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2012/09/22 16:48:32 | 000,004,608 | ---- | C] () -- C:\Users\Corey\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/09/20 18:37:52 | 325,789,759 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/09/12 17:21:31 | 000,001,734 | ---- | C] () -- C:\Users\Corey\Desktop\Warcraft III.lnk
[2012/09/12 17:21:29 | 000,018,037 | ---- | C] () -- C:\Windows\War3Unin.dat
[2012/09/12 17:21:28 | 000,002,829 | ---- | C] () -- C:\Windows\War3Unin.pif
[2012/09/05 21:16:27 | 000,000,776 | ---- | C] () -- C:\Users\Corey\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2012/09/05 21:16:27 | 000,000,752 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2012/09/05 17:20:45 | 000,001,677 | ---- | C] () -- C:\Users\Corey\Desktop\test.lnk
[2012/09/04 22:58:37 | 000,001,667 | ---- | C] () -- C:\Users\Corey\Desktop\Eternal Lands.lnk
[2012/09/03 15:15:35 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2012/09/02 21:04:28 | 000,010,536 | ---- | C] () -- C:\Windows\System32\drivers\hmonitor45.sys
[2012/09/02 21:04:27 | 000,000,804 | ---- | C] () -- C:\Users\Public\Desktop\Hmonitor.lnk
[2012/08/30 20:55:50 | 000,001,892 | ---- | C] () -- C:\Users\Public\Desktop\Medieval II Total War.lnk
[2012/08/30 14:14:19 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2012/08/30 00:44:53 | 000,002,042 | ---- | C] () -- C:\Users\Corey\Desktop\Google Chrome.lnk
[2012/08/30 00:44:53 | 000,002,004 | ---- | C] () -- C:\Users\Corey\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/08/30 00:43:47 | 000,000,908 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-203628022-2586996127-1559333331-1000UA.job
[2012/08/30 00:43:47 | 000,000,856 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-203628022-2586996127-1559333331-1000Core.job
[2012/08/29 23:18:45 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2012/08/27 20:01:27 | 000,000,938 | ---- | C] () -- C:\Users\Corey\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/08/27 18:05:56 | 000,130,008 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
[2012/08/27 18:05:55 | 000,009,239 | ---- | C] () -- C:\Windows\System32\spcinstrumentation.man
[2012/08/27 18:05:49 | 000,442,788 | ---- | C] () -- C:\Windows\System32\dot3.tmf
[2012/08/27 18:05:48 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2012/08/27 18:05:48 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2012/08/27 18:05:45 | 000,392,170 | ---- | C] () -- C:\Windows\System32\onex.tmf
[2012/08/27 18:05:43 | 000,344,698 | ---- | C] () -- C:\Windows\System32\eaphost.tmf
[2012/08/27 18:05:25 | 000,208,966 | ---- | C] () -- C:\Windows\System32\WFP.TMF
[2012/08/27 18:05:22 | 000,092,918 | ---- | C] () -- C:\Windows\System32\slmgr.vbs
[2012/08/27 18:04:36 | 000,009,212 | ---- | C] () -- C:\Windows\System32\RacUR.xml
[2012/08/27 17:05:58 | 000,002,011 | ---- | C] () -- C:\Users\Public\Desktop\Barbarian Invasion.lnk
[2012/08/27 17:05:58 | 000,001,988 | ---- | C] () -- C:\Users\Public\Desktop\Rome - Total War.lnk
[2012/08/27 14:00:16 | 000,031,871 | ---- | C] () -- C:\ProgramData\nvModes.001
[2012/08/27 13:59:44 | 000,031,871 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2012/08/27 13:34:43 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2012/08/27 13:34:43 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2012/08/27 13:34:43 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2012/08/27 12:25:03 | 002,501,921 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2012/08/27 11:59:02 | 000,001,589 | ---- | C] () -- C:\Users\Public\Desktop\Browser Choice.lnk
[2012/08/27 11:52:03 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2012/08/27 11:52:01 | 011,967,524 | ---- | C] () -- C:\Windows\System32\korwbrkr.lex
[2012/08/27 11:44:37 | 000,000,966 | ---- | C] () -- C:\Users\Public\Desktop\IObit Malware Fighter.lnk
[2012/08/27 11:32:22 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012/08/27 11:26:31 | 000,000,943 | ---- | C] () -- C:\Users\Corey\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/08/27 08:36:05 | 000,000,248 | ---- | C] () -- C:\Users\Public\Documents\hpqp.ini
[2012/08/27 08:36:03 | 000,001,736 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Play.lnk
[2012/08/27 08:28:19 | 006,416,928 | ---- | C] () -- C:\Windows\System\DriveIcon.dll
[2012/08/27 08:27:06 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01000.Wdf
[2012/08/27 08:23:19 | 000,003,948 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2012/08/27 08:23:00 | 000,002,016 | ---- | C] () -- C:\Windows\System32\nvsmb.nvu
[2012/08/27 08:16:37 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2012/08/27 00:52:50 | 000,000,949 | ---- | C] () -- C:\Users\Corey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/08/27 00:52:48 | 000,000,944 | ---- | C] () -- C:\Users\Corey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2012/08/27 00:52:36 | 000,000,915 | ---- | C] () -- C:\Users\Corey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
[2012/08/27 00:52:27 | 000,000,044 | ---- | C] () -- C:\Windows\System\hpsysdrv.dat
[2012/08/27 00:51:24 | 000,001,820 | ---- | C] () -- C:\Users\Corey\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM 6.1.lnk
[2012/08/27 00:50:53 | 000,000,373 | -H-- | C] () -- C:\IPH.PH
[2012/08/27 00:50:45 | 000,002,079 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visit eBay.co.uk.lnk
[2012/08/27 00:50:45 | 000,002,073 | ---- | C] () -- C:\Users\Public\Desktop\Visit eBay.co.uk.lnk
[2012/08/27 00:50:45 | 000,001,932 | ---- | C] () -- C:\Users\Public\Desktop\For Kids.lnk
[2012/08/27 00:50:45 | 000,001,932 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\For Kids.lnk
[2012/08/27 00:50:45 | 000,001,849 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/08/27 00:50:37 | 000,001,859 | ---- | C] () -- C:\Users\Public\Desktop\HP Total Care Advisor.lnk
[2012/08/27 00:50:37 | 000,001,859 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Total Care Advisor.lnk
[2012/08/27 00:48:49 | 000,000,000 | RHS- | C] () -- C:\Windows\System32\drivers\103C_HP_cNB_Presario CQ60 Notebook PC_Y5335KV_0U_Q2CE840FCZF_E480060-033_4A_I303C_SWistron_V08.40_F.24_T080903_WV3-1_L409_M2814_J160_7AMD_8F31_92.00_#120827_N168C002A;10DE0760_(FV855EA#ABU)_XMOBILE_CN10_Z_2F.24.MRK
[2012/08/27 00:47:41 | 000,000,258 | ---- | C] () -- C:\Users\Corey\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/08/27 00:47:41 | 000,000,240 | ---- | C] () -- C:\Users\Corey\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

========== ZeroAccess Check ==========

[2006/11/02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/09/22 20:54:39 | 000,000,000 | ---D | M] -- C:\Users\Corey\AppData\Roaming\AVG2013
[2012/09/15 13:23:14 | 000,000,000 | ---D | M] -- C:\Users\Corey\AppData\Roaming\BatteryBar
[2012/08/27 11:44:33 | 000,000,000 | ---D | M] -- C:\Users\Corey\AppData\Roaming\IObit
[2012/09/22 20:53:00 | 000,000,000 | ---D | M] -- C:\Users\Corey\AppData\Roaming\TuneUp Software
[2012/09/22 16:50:29 | 000,000,000 | ---D | M] -- C:\Users\Corey\AppData\Roaming\uTorrent

========== Purity Check ==========



========== Custom Scans ==========

========== Base Services ==========
SRV - [2006/11/02 10:46:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\aelupsvc.dll -- (AeLookupSvc)
SRV - [2008/01/21 03:24:17 | 000,033,280 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\System32\appinfo.dll -- (Appinfo)
SRV - [2008/01/21 03:24:14 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\alg.exe -- (ALG)
SRV - [2009/04/11 07:28:23 | 000,758,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\qmgr.dll -- (BITS)
SRV - [2009/04/11 07:28:18 | 000,334,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\BFE.DLL -- (BFE)
SRV - [2011/11/16 15:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\System32\lsass.exe -- (KeyIso)
SRV - [2009/04/11 07:28:19 | 000,268,800 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\es.dll -- (EventSystem)
SRV - [2008/01/21 03:24:36 | 000,081,920 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\System32\browser.dll -- (Browser)
SRV - [2012/04/23 17:00:53 | 000,133,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\cryptsvc.dll -- (CryptSvc)
SRV - [2009/04/11 07:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\rpcss.dll -- (DcomLaunch)
SRV - [2009/04/11 07:28:18 | 000,204,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\dhcpcsvc.dll -- (Dhcp)
SRV - [2011/03/02 16:44:27 | 000,086,528 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\dnsrslvr.dll -- (Dnscache)
SRV - [2008/01/21 03:25:01 | 000,057,344 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\System32\eapsvc.dll -- (EapHost)
SRV - [2009/04/11 07:28:19 | 000,026,112 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (hidserv)
SRV - [2008/01/21 03:24:09 | 000,288,256 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\System32\ipnathlp.dll -- (SharedAccess)
SRV - [2009/04/11 07:28:20 | 000,364,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV - [2009/04/11 07:28:24 | 000,311,808 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\swprv.dll -- (swprv)
SRV - [2008/01/21 03:24:54 | 000,045,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\mmcss.dll -- (MMCSS)
SRV - [2008/01/21 03:24:11 | 000,274,432 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\System32\netman.dll -- (Netman)
SRV - [2008/01/21 03:24:23 | 000,237,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\netprofm.dll -- (netprofm)
SRV - [2008/01/21 03:23:44 | 000,168,448 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\nlasvc.dll -- (NlaSvc)
SRV - [2008/01/21 03:24:47 | 000,018,432 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\nsisvc.dll -- (nsi)
SRV - [2009/04/11 07:28:25 | 000,222,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\umpnpmgr.dll -- (PlugPlay)
SRV - [2010/08/17 15:11:37 | 000,128,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\spoolsv.exe -- (Spooler)
SRV - [2011/11/16 15:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\lsass.exe -- (ProtectedStorage)
SRV - [2009/04/11 07:28:19 | 000,564,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\emdmgmt.dll -- (EMDMgmt)
SRV - [2008/01/21 03:24:19 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\rasauto.dll -- (RasAuto)
SRV - [2009/04/11 07:28:24 | 000,262,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\System32\rasmans.dll -- (RasMan)
SRV - [2009/04/11 07:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\rpcss.dll -- (RpcSs)
SRV - [2008/01/21 03:24:35 | 000,019,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\seclogon.dll -- (seclogon)
SRV - [2011/11/16 15:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\lsass.exe -- (SamSs)
SRV - [2009/04/11 07:28:26 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\wscsvc.dll -- (wscsvc)
SRV - [2010/09/06 17:20:29 | 000,125,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\srvsvc.dll -- (LanmanServer)
SRV - [2009/07/10 12:47:42 | 000,247,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\shsvcs.dll -- (ShellHWDetection)
SRV - [2009/04/11 07:27:49 | 003,408,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\SLsvc.exe -- (slsvc)
SRV - [2010/11/04 19:55:12 | 000,601,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\schedsvc.dll -- (Schedule)
SRV - [2009/04/11 07:28:24 | 000,242,688 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\System32\tapisrv.dll -- (TapiSrv)
SRV - [2009/07/10 12:47:42 | 000,247,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\shsvcs.dll -- (Themes)
SRV - [2009/04/11 07:28:23 | 000,153,088 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\profsvc.dll -- (ProfSvc)
SRV - [2009/04/11 07:28:10 | 001,055,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\VSSVC.exe -- (VSS)
SRV - [2009/04/11 07:28:18 | 000,315,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\audiosrv.dll -- (Audiosrv)
SRV - [2009/04/11 07:28:18 | 000,315,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\audiosrv.dll -- (AudioEndpointBuilder)
SRV - [2008/01/21 03:23:27 | 000,104,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\sdrsvc.dll -- (SDRSVC)
SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/04/11 07:28:25 | 001,017,856 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\wevtsvc.dll -- (Eventlog)
SRV - [2009/04/11 07:28:20 | 000,407,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\MPSSVC.dll -- (MpsSvc)
SRV - [2009/04/11 07:28:25 | 000,453,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\wiaservc.dll -- (stisvc)
SRV - [2009/04/11 07:27:45 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\msiexec.exe -- (msiserver)
SRV - [2009/04/11 07:28:25 | 000,162,304 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\wbem\WMIsvc.dll -- (Winmgmt)
SRV - [2012/06/02 23:19:17 | 001,933,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\wuaueng.dll -- (wuauserv)
SRV - [2009/04/11 07:28:18 | 000,175,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\dot3svc.dll -- (dot3svc)
SRV - [2009/07/11 20:01:42 | 000,513,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\wlansvc.dll -- (Wlansvc)
SRV - [2009/06/10 12:42:23 | 000,160,256 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\wkssvc.dll -- (LanmanWorkstation)

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008/10/29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\WINDOWS\explorer.exe
[2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: QMGR.DLL >
[2008/01/21 03:25:00 | 000,758,272 | ---- | M] (Microsoft Corporation) MD5=02ED7B4DBC2A3232A389106DA7515C3D -- C:\WINDOWS\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6001.18000_none_2390c4ecf9720b8c\qmgr.dll
[2009/04/11 07:28:23 | 000,758,784 | ---- | M] (Microsoft Corporation) MD5=93952506C6D67330367F7E7934B6A02F -- C:\WINDOWS\System32\qmgr.dll
[2009/04/11 07:28:23 | 000,758,784 | ---- | M] (Microsoft Corporation) MD5=93952506C6D67330367F7E7934B6A02F -- C:\WINDOWS\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6002.18005_none_257c3df8f693d6d8\qmgr.dll

< MD5 for: SERVICES >
[2006/09/18 22:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\WINDOWS\System32\drivers\etc\services
[2006/09/18 22:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\WINDOWS\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6000.16386_none_024e4071fa6fea95\services

< MD5 for: SERVICES.EXE >
[2008/01/21 03:24:48 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\WINDOWS\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2009/04/11 07:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\WINDOWS\System32\services.exe
[2009/04/11 07:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\WINDOWS\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2006/11/02 13:40:53 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\WINDOWS\System32\en-US\services.exe.mui
[2006/11/02 13:40:53 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\WINDOWS\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.0.6000.16386_en-us_67c6851b290a1ced\services.exe.mui

< MD5 for: SERVICES.LNK >
[2008/01/21 03:42:58 | 000,001,688 | ---- | M] () MD5=C50AE46E57C3F3FB61A3B3A1E5D9C412 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2008/01/21 03:42:58 | 000,001,688 | ---- | M] () MD5=C50AE46E57C3F3FB61A3B3A1E5D9C412 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2006/09/18 22:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\WINDOWS\System32\wbem\services.mof
[2006/09/18 22:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\WINDOWS\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.mof
[2006/09/18 22:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\WINDOWS\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.mof

< MD5 for: SERVICES.MSC >
[2006/11/02 13:41:29 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\WINDOWS\System32\en-US\services.msc
[2006/09/18 22:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\WINDOWS\System32\services.msc
[2006/11/02 13:41:29 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\WINDOWS\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.0.6000.16386_en-us_a2085506ff73b6e0\services.msc
[2006/09/18 22:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\WINDOWS\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.0.6001.18000_none_cf63e2a445bae4e3\services.msc

< MD5 for: SVCHOST.EXE >
[2008/01/21 03:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\WINDOWS\System32\svchost.exe
[2008/01/21 03:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\WINDOWS\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\WINDOWS\System32\userinit.exe
[2008/01/21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\WINDOWS\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\WINDOWS\System32\winlogon.exe
[2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\WINDOWS\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\WINDOWS\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< End of report >



OTL Extras logfile created on: 23/09/2012 10:47:01 - Run 1
OTL by OldTimer - Version 3.2.66.0 Folder = c:\Users\Corey\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.75 Gb Total Physical Memory | 1.52 Gb Available Physical Memory | 55.38% Memory free
5.70 Gb Paging File | 4.24 Gb Available in Paging File | 74.29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.70 Gb Total Space | 75.59 Gb Free Space | 54.11% Space Free | Partition Type: NTFS
Drive D: | 9.35 Gb Total Space | 1.64 Gb Free Space | 17.51% Space Free | Partition Type: NTFS
Drive E: | 6.62 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: COREY-PC | User Name: Corey | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{A5513A72-BCFF-4636-A3E3-FA30ACBB9EE2}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A5AE183-09E0-4079-BA07-B2571F6B438F}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |
"{0F5A6865-95CC-4357-BF9E-7BF914827090}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{2291170A-8CC3-4D2D-8768-59484CEDF44E}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe |
"{2E6F17DF-0ED5-42C2-99C3-46AC8140AA82}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{33264CA0-4332-4F0C-8136-212F8B7450B3}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe |
"{4CD656B1-7378-416C-8BE5-6685D7577C67}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |
"{7A281165-90E3-422F-8844-226C64433932}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{7AAF321A-5BAB-48CB-9FB1-56516FB47A25}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |
"{85F341C9-4392-43F7-9ADB-E2FEBBF8A5B4}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{AD8FC98F-4EFB-4A87-874D-BBB832E1E1EF}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{BA037152-14A9-4752-9640-94BC96D942ED}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{BC1B80C9-D79A-4EBC-8039-CCAA9F517581}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
"{BDBB060A-669A-47A1-AC3B-0C262422FCC2}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{E10D80D3-5BF0-4BCA-874E-55E838984786}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |
"{F35B0144-3FF9-416D-A982-33FC11429189}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
"{F9C0CE60-2C74-4CBE-BA2A-DA07A6904E93}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{FCD1675E-C901-4B67-B636-BF93733FFC46}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"TCP Query User{67678C68-AD1B-4EAE-81E1-420B8A539D1A}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{7D062BE3-CD09-40EB-A33D-0864E70F48A2}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{CAA4D9EA-962D-4160-8B15-81219566BDFE}C:\program files\the creative assembly\rome - total war\rometw.exe" = protocol=6 | dir=in | app=c:\program files\the creative assembly\rome - total war\rometw.exe |
"UDP Query User{42617EA5-7F52-49B7-AB59-7F30A1C5DDC4}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{ADB4CC27-2E05-422E-B265-5EB300741D57}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{AFC6DB11-17CB-4D4E-B771-F2B397825821}C:\program files\the creative assembly\rome - total war\rometw.exe" = protocol=17 | dir=in | app=c:\program files\the creative assembly\rome - total war\rometw.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{2E97F7E8-ABDE-4E0D-B0AD-B6B4BAD89E24}" = Rome - Total War - Gold Edition
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{340F521E-3576-4E1A-B75C-EB0ACF751379}" = HP Wireless Assistant
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 D3
"{35F83303-C0C0-46B7-B8A8-ADA7C2AC5645}" = muvee autoProducer 6.1
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7
"{51E5C397-0AA0-48DD-9CB6-7259AFFDFB0A}" = HP Easy Setup - Frontend
"{582287DA-0806-4AC0-BF19-C15E3A466034}" = LightScribe System Software 1.12.33.2
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{6F8C35F6-AD7E-4DCF-8FAC-5CB10BC5BC00}" = AVG 2013
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{8DF92D68-F8EE-4F9C-89A2-26254C1C4B6B}" = HP Help and Support
"{8E503D23-7969-45EE-B488-F80B8AE28D39}" = AVG 2013
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{926CC8AE-8414-43DF-8EB4-CF26D9C3C663}" =
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9E2CCD5E-1990-4EF2-9B61-32F0BBACC29B}" = HP Active Support Library
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{B16DA0F8-26BC-4FFC-9363-1D9F3E6C3E21}" = HP Customer Experience Enhancements
"{B6D0B141-B2BE-4DD0-B08F-B9186F3E36B3}" = HP User Guides 0118
"{C0698BDA-0D29-40EE-8570-A31106DF9AB1}" = Medieval II Total War
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{f32502b5-5b64-4882-bf61-77f23edcac4f}" = HP Total Care Advisor
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"AIM_6" = AIM 6
"AVG" = AVG 2013
"Avira AntiVir Desktop" = Avira Free Antivirus
"BatteryBar" = BatteryBar (remove only)
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_HERMOSA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FLV_Runner Toolbar" = FLV Runner Toolbar
"Hardware sensors monitor 4.5_is1" = Hardware sensors monitor 4.5
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"IObit Malware Fighter_is1" = IObit Malware Fighter
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"Shogun Total War - Battle Trainer Test" = Shogun Total War - Battle Trainer Test
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.6
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"uTorrent" = µTorrent
"ViewpointMediaPlayer" = Viewpoint Media Player
"Warcraft III" = Warcraft III
"WildTangent hp Master Uninstall" = My HP Games

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-203628022-2586996127-1559333331-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 20/09/2012 14:22:37 | Computer Name = Corey-PC | Source = IMFservice | ID = 0
Description =

Error - 21/09/2012 11:20:37 | Computer Name = Corey-PC | Source = WinMgmt | ID = 10
Description =

Error - 22/09/2012 09:14:02 | Computer Name = Corey-PC | Source = WinMgmt | ID = 10
Description =

Error - 22/09/2012 11:50:36 | Computer Name = Corey-PC | Source = IMFservice | ID = 0
Description =

Error - 22/09/2012 11:50:36 | Computer Name = Corey-PC | Source = IMFservice | ID = 0
Description =

Error - 22/09/2012 11:59:44 | Computer Name = Corey-PC | Source = WinMgmt | ID = 10
Description =

Error - 22/09/2012 13:00:24 | Computer Name = Corey-PC | Source = WinMgmt | ID = 10
Description =

Error - 22/09/2012 14:34:09 | Computer Name = Corey-PC | Source = WinMgmt | ID = 10
Description =

Error - 22/09/2012 15:48:59 | Computer Name = Corey-PC | Source = VSS | ID = 12310
Description =

Error - 22/09/2012 15:48:59 | Computer Name = Corey-PC | Source = VSS | ID = 12298
Description =

[ System Events ]
Error - 29/08/2012 17:22:46 | Computer Name = Corey-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 29/08/2012 17:22:46 | Computer Name = Corey-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 29/08/2012 17:22:46 | Computer Name = Corey-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =

Error - 29/08/2012 17:22:46 | Computer Name = Corey-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 29/08/2012 17:22:46 | Computer Name = Corey-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =

Error - 29/08/2012 17:22:46 | Computer Name = Corey-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 29/08/2012 17:22:46 | Computer Name = Corey-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =

Error - 29/08/2012 18:39:46 | Computer Name = Corey-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 29/08/2012 19:41:07 | Computer Name = Corey-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 30/08/2012 08:07:36 | Computer Name = Corey-PC | Source = Service Control Manager | ID = 7000
Description =


< End of report >



aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-23 11:20:03
-----------------------------
11:20:03.242 OS Version: Windows 6.0.6002 Service Pack 2
11:20:03.242 Number of processors: 2 586 0x301
11:20:03.258 ComputerName: COREY-PC UserName: Corey
11:20:04.771 Initialize success
11:20:44.327 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-5
11:20:44.343 Disk 0 Vendor: TOSHIBA_MK1652GSX LV011C Size: 152627MB BusType: 3
11:20:44.390 Disk 0 MBR read successfully
11:20:44.405 Disk 0 MBR scan
11:20:44.421 Disk 0 unknown MBR code
11:20:44.436 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 143048 MB offset 63
11:20:44.468 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 9575 MB offset 292964352
11:20:44.499 Disk 0 scanning sectors +312573952
11:20:44.577 Disk 0 scanning C:\Windows\system32\drivers
11:20:52.065 Service scanning
11:21:27.390 Modules scanning
11:22:16.889 Disk 0 trace - called modules:
11:22:16.936 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
11:22:16.951 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85dcd418]
11:22:16.983 3 CLASSPNP.SYS[807a98b3] -> nt!IofCallDriver -> [0x85567690]
11:22:16.998 5 acpi.sys[806166bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-5[0x847c7148]
11:22:17.014 Scan finished successfully
11:34:15.987 Disk 0 MBR has been saved successfully to "C:\Users\Corey\Documents\MBR.dat"
11:34:15.987 The log file has been saved successfully to "C:\Users\Corey\Documents\aswMBR.txt"
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Intriguing no sign of it on that scan

  • Download RogueKiller and save it on your desktop.

    NOTE: If using IE8 or better Smartscreen Filter will need to be disabled
  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Click on Scan
Posted Image

  • Wait for the end of the scan.
  • The report has been created on the desktop.
  • Click on the Delete button.
Posted Image
  • The report has been created on the desktop.

  • Next click on the ShortcutsFix
    Posted Image
  • The report has been created on the desktop.

Please post: All RKreport.txt text files located on your desktop.
  • 0

#5
bobsapp

bobsapp

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
RogueKiller V8.0.4 [09/19/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Corey [Admin rights]
Mode : Scan -- Date : 09/23/2012 12:53:09

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-21-203628022-2586996127-1559333331-1000\$a7b9e804614bcf3224a69c3a646750d1\n.) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] n : C:\$recycle.bin\S-1-5-21-203628022-2586996127-1559333331-1000\$a7b9e804614bcf3224a69c3a646750d1\n --> FOUND
[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-21-203628022-2586996127-1559333331-1000\$a7b9e804614bcf3224a69c3a646750d1\@ --> FOUND
[ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-21-203628022-2586996127-1559333331-1000\$a7b9e804614bcf3224a69c3a646750d1\U --> FOUND
[ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-21-203628022-2586996127-1559333331-1000\$a7b9e804614bcf3224a69c3a646750d1\L --> FOUND

¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[75] : NtCreateSection @ 0x81E50DE5 -> HOOKED (Unknown @ 0x8C73712E)
SSDT[276] : NtRequestWaitReplyPort @ 0x81E62F90 -> HOOKED (Unknown @ 0x8C737138)
SSDT[289] : NtSetContextThread @ 0x81EB206F -> HOOKED (Unknown @ 0x8C737133)
SSDT[314] : NtSetSecurityObject @ 0x81DDF038 -> HOOKED (Unknown @ 0x8C73713D)
SSDT[332] : NtSystemDebugControl @ 0x81E17EC1 -> HOOKED (Unknown @ 0x8C737142)
S_SSDT[573] : Unknown -> HOOKED (Unknown @ 0x8C737156)
S_SSDT[576] : Unknown -> HOOKED (Unknown @ 0x8C73715B)

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK1652GSX ATA Device +++++
--- User ---
[MBR] 979f59df1cbad4bf89b0d378e71b7184
[BSP] 8378b5fcc76f9e38dca8af9d40e9fb06 : HP tatooed MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 143048 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 292964352 | Size: 9575 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt


RogueKiller V8.0.4 [09/19/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Corey [Admin rights]
Mode : Remove -- Date : 09/23/2012 12:53:35

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-21-203628022-2586996127-1559333331-1000\$a7b9e804614bcf3224a69c3a646750d1\n.) -> REPLACED (C:\Windows\system32\shell32.dll)

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] n : C:\$recycle.bin\S-1-5-21-203628022-2586996127-1559333331-1000\$a7b9e804614bcf3224a69c3a646750d1\n --> REMOVED AT REBOOT
[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-21-203628022-2586996127-1559333331-1000\$a7b9e804614bcf3224a69c3a646750d1\@ --> REMOVED
[Del.Parent][FILE] [email protected] : C:\$recycle.bin\S-1-5-21-203628022-2586996127-1559333331-1000\$a7b9e804614bcf3224a69c3a646750d1\U\[email protected] --> REMOVED
[Del.Parent][FILE] [email protected] : C:\$recycle.bin\S-1-5-21-203628022-2586996127-1559333331-1000\$a7b9e804614bcf3224a69c3a646750d1\U\[email protected] --> REMOVED
[Del.Parent][FILE] [email protected] : C:\$recycle.bin\S-1-5-21-203628022-2586996127-1559333331-1000\$a7b9e804614bcf3224a69c3a646750d1\U\[email protected] --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-203628022-2586996127-1559333331-1000\$a7b9e804614bcf3224a69c3a646750d1\U --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-203628022-2586996127-1559333331-1000\$a7b9e804614bcf3224a69c3a646750d1\L --> REMOVED

¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[75] : NtCreateSection @ 0x81E50DE5 -> HOOKED (Unknown @ 0x8C73712E)
SSDT[276] : NtRequestWaitReplyPort @ 0x81E62F90 -> HOOKED (Unknown @ 0x8C737138)
SSDT[289] : NtSetContextThread @ 0x81EB206F -> HOOKED (Unknown @ 0x8C737133)
SSDT[314] : NtSetSecurityObject @ 0x81DDF038 -> HOOKED (Unknown @ 0x8C73713D)
SSDT[332] : NtSystemDebugControl @ 0x81E17EC1 -> HOOKED (Unknown @ 0x8C737142)
S_SSDT[573] : Unknown -> HOOKED (Unknown @ 0x8C737156)
S_SSDT[576] : Unknown -> HOOKED (Unknown @ 0x8C73715B)

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK1652GSX ATA Device +++++
--- User ---
[MBR] 979f59df1cbad4bf89b0d378e71b7184
[BSP] 8378b5fcc76f9e38dca8af9d40e9fb06 : HP tatooed MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 143048 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 292964352 | Size: 9575 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt


RogueKiller V8.0.4 [09/19/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Corey [Admin rights]
Mode : Remove -- Date : 09/23/2012 12:53:35

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-21-203628022-2586996127-1559333331-1000\$a7b9e804614bcf3224a69c3a646750d1\n.) -> REPLACED (C:\Windows\system32\shell32.dll)

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] n : C:\$recycle.bin\S-1-5-21-203628022-2586996127-1559333331-1000\$a7b9e804614bcf3224a69c3a646750d1\n --> REMOVED AT REBOOT
[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-21-203628022-2586996127-1559333331-1000\$a7b9e804614bcf3224a69c3a646750d1\@ --> REMOVED
[Del.Parent][FILE] [email protected] : C:\$recycle.bin\S-1-5-21-203628022-2586996127-1559333331-1000\$a7b9e804614bcf3224a69c3a646750d1\U\[email protected] --> REMOVED
[Del.Parent][FILE] [email protected] : C:\$recycle.bin\S-1-5-21-203628022-2586996127-1559333331-1000\$a7b9e804614bcf3224a69c3a646750d1\U\[email protected] --> REMOVED
[Del.Parent][FILE] [email protected] : C:\$recycle.bin\S-1-5-21-203628022-2586996127-1559333331-1000\$a7b9e804614bcf3224a69c3a646750d1\U\[email protected] --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-203628022-2586996127-1559333331-1000\$a7b9e804614bcf3224a69c3a646750d1\U --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-203628022-2586996127-1559333331-1000\$a7b9e804614bcf3224a69c3a646750d1\L --> REMOVED

¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[75] : NtCreateSection @ 0x81E50DE5 -> HOOKED (Unknown @ 0x8C73712E)
SSDT[276] : NtRequestWaitReplyPort @ 0x81E62F90 -> HOOKED (Unknown @ 0x8C737138)
SSDT[289] : NtSetContextThread @ 0x81EB206F -> HOOKED (Unknown @ 0x8C737133)
SSDT[314] : NtSetSecurityObject @ 0x81DDF038 -> HOOKED (Unknown @ 0x8C73713D)
SSDT[332] : NtSystemDebugControl @ 0x81E17EC1 -> HOOKED (Unknown @ 0x8C737142)
S_SSDT[573] : Unknown -> HOOKED (Unknown @ 0x8C737156)
S_SSDT[576] : Unknown -> HOOKED (Unknown @ 0x8C73715B)

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK1652GSX ATA Device +++++
--- User ---
[MBR] 979f59df1cbad4bf89b0d378e71b7184
[BSP] 8378b5fcc76f9e38dca8af9d40e9fb06 : HP tatooed MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 143048 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 292964352 | Size: 9575 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt
  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK that saw it, and removed some. Now for the final removal

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#7
bobsapp

bobsapp

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
ComboFix 12-09-23.02 - Corey 23/09/2012 14:19:11.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2814.1706 [GMT 1:00]
Running from: c:\users\Corey\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-08-23 to 2012-09-23 )))))))))))))))))))))))))))))))
.
.
2012-09-23 13:31 . 2012-09-23 13:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-22 19:52 . 2012-09-22 19:52 -------- d-----w- c:\programdata\AVG Secure Search
2012-09-22 19:51 . 2012-09-22 19:51 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-09-22 19:51 . 2012-09-22 19:51 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2012-09-22 19:51 . 2012-09-22 19:52 -------- d-----w- c:\program files\AVG Secure Search
2012-09-22 19:48 . 2012-09-22 20:01 -------- d-----w- c:\programdata\AVG2013
2012-09-22 19:48 . 2012-09-22 19:48 -------- d-----w- C:\$AVG
2012-09-22 19:45 . 2012-09-22 19:45 -------- d-----w- c:\program files\AVG
2012-09-22 19:37 . 2012-09-22 19:37 -------- d-----w- c:\programdata\Common Files
2012-09-22 19:37 . 2012-09-23 09:33 -------- d-----w- c:\programdata\MFAData
2012-09-17 17:58 . 2012-09-17 17:58 51936 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2012-09-15 10:45 . 2012-09-15 10:45 -------- d-----w- c:\program files\BatteryBar
2012-09-14 04:34 . 2012-09-14 04:34 89440 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2012-09-13 22:26 . 2012-09-13 22:26 -------- d-----w- c:\users\Public\CyberLink
2012-09-12 16:21 . 2012-09-12 16:21 2829 ----a-w- c:\windows\War3Unin.pif
2012-09-12 16:21 . 2012-09-12 16:21 126976 ----a-w- c:\windows\War3Unin.exe
2012-09-12 16:16 . 2012-09-15 12:22 -------- d-----w- c:\program files\Warcraft III
2012-09-12 10:47 . 2012-09-12 10:47 164704 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-09-12 10:47 . 2012-09-12 10:47 151648 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2012-09-05 20:16 . 2012-09-05 20:16 -------- d-----w- c:\program files\uTorrent
2012-09-04 21:57 . 2012-09-04 21:58 -------- d-----w- c:\program files\Eternal Lands
2012-09-03 00:11 . 1998-10-02 18:00 327168 ----a-w- c:\windows\IsUninst.exe
2012-09-02 20:04 . 2012-09-02 20:04 10536 ----a-w- c:\windows\system32\drivers\hmonitor45.sys
2012-09-02 20:04 . 2012-09-02 20:04 -------- d-----w- c:\program files\Hmonitor
2012-09-02 19:57 . 2012-09-02 19:57 -------- d-----w- c:\programdata\AOL OCP
2012-09-02 19:57 . 2012-09-02 19:57 -------- d-----w- c:\programdata\AOL
2012-08-30 20:00 . 2005-05-26 14:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2012-08-30 19:54 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2012-08-30 19:54 . 2012-02-29 13:41 1069056 ----a-w- c:\windows\system32\DWrite.dll
2012-08-30 19:54 . 2012-03-01 14:46 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-08-30 19:54 . 2012-03-01 14:46 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-08-30 19:54 . 2012-02-29 14:08 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-08-30 19:54 . 2012-02-29 13:44 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-08-30 19:40 . 2012-08-30 19:40 -------- d-----w- c:\program files\SEGA
2012-08-30 13:14 . 2012-08-30 13:14 -------- d-----w- c:\program files\Windows Portable Devices
2012-08-30 12:37 . 2012-08-30 12:37 -------- d-----w- c:\windows\CheckSur
2012-08-30 12:36 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2012-08-30 12:36 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2012-08-30 12:36 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2012-08-29 22:24 . 2012-02-29 15:11 5120 ----a-w- c:\windows\system32\wmi.dll
2012-08-29 22:24 . 2012-02-29 15:11 172032 ----a-w- c:\windows\system32\wintrust.dll
2012-08-29 22:24 . 2012-02-29 15:09 157696 ----a-w- c:\windows\system32\imagehlp.dll
2012-08-29 22:24 . 2012-02-29 13:32 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-08-29 22:19 . 2012-07-04 14:02 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-08-29 22:17 . 2012-08-29 22:17 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2012-08-29 22:16 . 2012-08-29 22:16 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2012-08-29 22:16 . 2012-08-29 22:16 252928 ----a-w- c:\windows\system32\dxdiag.exe
2012-08-29 22:16 . 2012-08-29 22:16 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2012-08-29 22:16 . 2012-08-29 22:16 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2012-08-29 22:16 . 2012-08-29 22:16 519680 ----a-w- c:\windows\system32\d3d11.dll
2012-08-29 22:16 . 2012-08-29 22:16 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2012-08-29 22:16 . 2012-08-29 22:16 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2012-08-29 22:08 . 2012-04-23 16:00 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-08-29 22:08 . 2012-04-23 16:00 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-08-29 22:08 . 2012-04-23 16:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-08-29 22:08 . 2011-07-29 16:01 293376 ----a-w- c:\windows\system32\psisdecd.dll
2012-08-29 22:08 . 2011-07-29 16:01 217088 ----a-w- c:\windows\system32\psisrndr.ax
2012-08-29 22:08 . 2011-07-29 16:00 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2012-08-29 22:08 . 2011-07-29 16:00 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
2012-08-29 22:08 . 2011-10-14 16:03 189952 ----a-w- c:\windows\system32\winmm.dll
2012-08-29 22:08 . 2011-10-14 16:00 23552 ----a-w- c:\windows\system32\mciseq.dll
2012-08-29 22:08 . 2012-05-11 15:57 623616 ----a-w- c:\windows\system32\localspl.dll
2012-08-29 22:08 . 2011-11-18 20:23 1205064 ----a-w- c:\windows\system32\ntdll.dll
2012-08-29 22:07 . 2011-10-14 16:02 429056 ----a-w- c:\windows\system32\EncDec.dll
2012-08-29 22:07 . 2012-03-20 23:28 53120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-08-29 22:07 . 2012-03-30 12:39 905600 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-29 22:07 . 2012-02-01 15:11 1218048 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-08-29 22:07 . 2012-02-01 15:10 964608 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-08-29 22:07 . 2012-02-01 15:10 1404928 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\InkObj.dll
2012-08-29 22:07 . 2012-02-01 15:10 983040 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-08-29 22:07 . 2012-02-01 15:10 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-08-29 22:07 . 2012-02-01 13:58 47104 ----a-w- c:\program files\Windows Journal\PDIALOG.exe
2012-08-29 22:05 . 2012-06-05 16:47 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-08-29 21:38 . 2012-01-09 15:54 613376 ----a-w- c:\windows\system32\rdpencom.dll
2012-08-29 21:20 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-08-29 21:20 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-08-29 21:20 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-08-29 21:20 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-08-29 21:20 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-08-29 21:20 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-08-29 21:20 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-08-29 21:19 . 2012-06-02 14:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-08-29 21:19 . 2012-06-02 14:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-08-28 10:11 . 2012-08-28 10:11 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-28 10:11 . 2012-08-28 10:11 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-27 19:28 . 2012-08-27 19:28 -------- d-----w- c:\program files\Conduit
2012-08-27 17:40 . 2012-08-27 17:42 -------- d-----w- c:\windows\system32\ca-ES
2012-08-27 17:40 . 2012-08-27 17:42 -------- d-----w- c:\windows\system32\eu-ES
2012-08-27 17:40 . 2012-08-27 17:42 -------- d-----w- c:\windows\system32\vi-VN
2012-08-27 17:14 . 2012-08-27 17:14 -------- d-----w- c:\windows\system32\EventProviders
2012-08-27 17:05 . 2009-04-11 06:28 758784 ----a-w- c:\windows\system32\qmgr.dll
2012-08-27 17:04 . 2009-04-11 06:28 50688 ----a-w- c:\windows\system32\wsnmp32.dll
2012-08-27 15:55 . 2012-08-27 15:55 -------- d-----w- c:\program files\The Creative Assembly
2012-08-27 15:53 . 2006-02-07 14:45 757760 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll
2012-08-27 15:53 . 2006-02-07 14:40 204800 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll
2012-08-27 15:53 . 2006-02-07 14:40 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll
2012-08-27 15:53 . 2006-02-07 14:40 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll
2012-08-27 15:53 . 2005-11-13 22:19 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
2012-08-27 15:53 . 2012-08-27 15:53 200836 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
2012-08-27 15:53 . 2012-08-27 15:53 331908 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
2012-08-27 14:14 . 2009-11-08 09:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2012-08-27 14:14 . 2009-11-08 09:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2012-08-27 14:14 . 2009-11-08 09:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2012-08-27 14:14 . 2009-11-08 09:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2012-08-27 14:14 . 2009-11-08 09:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2012-08-27 14:13 . 2010-09-06 16:20 125952 ----a-w- c:\windows\system32\srvsvc.dll
2012-08-27 14:13 . 2010-09-06 16:19 17920 ----a-w- c:\windows\system32\netevent.dll
2012-08-27 14:10 . 2009-04-23 12:15 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2012-08-27 12:35 . 2009-10-09 21:56 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2012-08-27 11:28 . 2010-10-12 15:53 33280 ----a-w- c:\program files\Windows Mail\wabfind.dll
2012-08-27 11:28 . 2010-10-12 13:41 66048 ----a-w- c:\program files\Windows Mail\wabmig.exe
2012-08-27 11:28 . 2010-10-12 13:41 515584 ----a-w- c:\program files\Windows Mail\wab.exe
2012-08-27 11:28 . 2010-04-16 16:46 502272 ----a-w- c:\windows\system32\usp10.dll
2012-08-27 11:28 . 2010-09-13 13:56 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2012-08-27 11:28 . 2010-09-13 13:56 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2012-08-27 11:24 . 2009-07-11 19:01 513536 ----a-w- c:\windows\system32\wlansvc.dll
2012-08-27 11:24 . 2009-04-11 06:28 68096 ----a-w- c:\windows\system32\wlanhlp.dll
2012-08-27 11:24 . 2009-07-11 19:01 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2012-08-27 11:24 . 2009-07-11 17:03 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2012-08-27 11:24 . 2009-07-11 19:01 302592 ----a-w- c:\windows\system32\wlansec.dll
2012-08-27 11:24 . 2009-07-11 19:01 65024 ----a-w- c:\windows\system32\wlanapi.dll
2012-08-27 11:24 . 2011-02-22 13:23 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2012-08-27 11:24 . 2011-04-14 14:59 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
2012-08-27 11:23 . 2012-08-27 11:23 -------- d-----w- c:\windows\PCHEALTH
2012-08-27 11:23 . 2012-08-27 14:53 -------- d-----w- c:\program files\Microsoft.NET
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-29 22:16 . 2012-08-29 22:16 4096 ----a-w- c:\windows\system32\drivers\en-US\dxgkrnl.sys.mui
2012-08-27 10:56 . 2008-08-04 18:04 588472 ----a-w- c:\windows\system32\ezsvc7x.dll
2012-08-13 15:40 . 2012-08-13 15:40 176096 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2012-08-10 03:52 . 2012-08-10 03:52 19808 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2012-08-10 03:52 . 2012-08-10 03:52 35168 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2012-08-09 12:56 . 2012-08-09 12:56 178656 ----a-w- c:\windows\system32\drivers\avglogx.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-09-22 19:51 1734240 ----a-w- c:\program files\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll" [2012-09-22 1734240]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-02-26 2289664]
"ShowBatteryBar"="c:\program files\BatteryBar\ShowBatteryBar.exe" [2009-05-28 90624]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-06-12 468264]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-14 202032]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-04-15 70912]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-07-18 348664]
"IObit Malware Fighter"="c:\program files\IObit\IObit Malware Fighter\IMF.exe" [2012-07-02 4473728]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2012-09-14 3039352]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-09-22 947808]
"ROC_ROC_NT"="c:\program files\AVG Secure Search\ROC_ROC_NT.exe" [2012-09-22 856160]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2013\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-02-26 21:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-203628022-2586996127-1559333331-1000Core.job
- c:\users\Corey\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-29 23:43]
.
2012-09-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-203628022-2586996127-1559333331-1000UA.job
- c:\users\Corey\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-29 23:43]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=83&bd=Presario&pf=cnnb
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254 192.168.1.254
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - (no file)
URLSearchHooks-{3bbd3c14-4c16-4989-8366-95bc9179779d} - c:\program files\FLV_Runner\prxtbFLV_.dll
BHO-{3bbd3c14-4c16-4989-8366-95bc9179779d} - c:\program files\FLV_Runner\prxtbFLV_.dll
Toolbar-{3bbd3c14-4c16-4989-8366-95bc9179779d} - c:\program files\FLV_Runner\prxtbFLV_.dll
WebBrowser-{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} - (no file)
WebBrowser-{3BBD3C14-4C16-4989-8366-95BC9179779D} - c:\program files\FLV_Runner\prxtbFLV_.dll
AddRemove-FLV_Runner Toolbar - c:\program files\FLV_Runner\uninstall.exe
AddRemove-Shogun Total War - Battle Trainer Test - c:\program files\Total War\Shogun Total War - Battle Trainer Test\Uninst.isu
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-23 14:31
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\users\Corey\AppData\Local\Temp\catchme.dll 53248 bytes executable
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(2996)
c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
.
Completion time: 2012-09-23 14:34:33
ComboFix-quarantined-files.txt 2012-09-23 13:34
.
Pre-Run: 81,546,321,920 bytes free
Post-Run: 81,476,993,024 bytes free
.
- - End Of File - - 0E3FC3377DEAAEA6D9A3F162F9138087

I haven't been notified on another virus since using roguekiller
  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Looks good, any further problems ?
  • 0

#9
bobsapp

bobsapp

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Nope and just run afew scans and found nothing.
I think thats done it, Thanks alot for all the help I appreciate it :thumbsup:
  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [emptytemp]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Remove ComboFix

  • Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
  • In the Run box, type in ComboFix /Uninstall (Notice the space between the "x" and "/") then click OK

    Posted Image
  • Follow the prompts on the screen
  • A message should appear confirming that ComboFix was uninstalled

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Go to control panel
  • Select folder options (Appearance > Folder options in category view)
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Posted Image
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version

SPRING CLEAN

To manually create a new Restore Point
  • Go to Control Panel and select System
  • Select System
  • On the left select System Protection and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name i.e. Clean
  • Select Create

Now we can purge the infected ones
  • GoStart > All programs > Accessories > system tools
  • Right click Disc cleanup and select run as administrator
  • Select Your main drive and accept the warning if you get one
  • For a few moments the system will make some calculations
  • Select the More Options tab
  • In the System Restore and Shadow Backups select Clean up
  • Select Delete on the pop up
  • Select OK
  • Select Delete

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
Posted Image
Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?

Keep safe :wave:
  • 0

#11
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP