Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Is my computer infected or network compromised

Started by V1CeE , Oct 15 2012 07:23 AM

This topic is locked

#1
V1CeE

Posted 15 October 2012 - 07:23 AM

Member

Member
13 posts

My computer wasn't running very well so i started looking into it, i have done various checks with some of the suggested software i have read on this site and have attached the reports findings to this post.I often download various software and go to sites that you could call less then safe but i am very diligent in checking each item i download and install but i realize [bleep] happens it is highly possible my computer is infected. Also I think someone hacked into my network as well and put things on my computers and is now leaching information. It has happened before and there are similar signs happening im not a network pro by any means but i do have some knowledge. I am always watching my traffic with wire shark and have my computer firewall and router locked down fairly so i should be safe but i dunno. If someone could look at the reports i have attached and give me some feedback i would appreciate it.... i really don't want to have to format my computer again.

OTL logfile created on: 10/15/2012 8:15:59 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\vice\Downloads\Programs
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 0.70 Gb Available Physical Memory | 18.28% Memory free
9.50 Gb Paging File | 5.96 Gb Available in Paging File | 62.71% Paging File free
Paging file location(s): C:\pagefile.sys 5839 5839 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286.31 Gb Total Space | 186.91 Gb Free Space | 65.28% Space Free | Partition Type: NTFS

Computer Name: NOTHING | User Name: vice | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/15 07:25:42 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\vice\Downloads\Programs\aswMBR_2.exe
PRC - [2012/10/15 06:36:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\vice\Downloads\Programs\OTL.exe
PRC - [2012/10/15 04:11:55 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
PRC - [2012/10/12 11:38:39 | 000,109,336 | ---- | M] (Siber Systems) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2012/10/10 02:16:38 | 003,536,320 | ---- | M] (Tonec Inc.) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe
PRC - [2012/10/04 10:27:26 | 000,079,384 | ---- | M] (Google) -- C:\Users\vice\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2012/08/13 03:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
PRC - [2012/08/01 10:49:53 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/07/31 03:37:02 | 002,596,984 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2012/07/27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/06/13 03:48:50 | 002,321,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
PRC - [2012/04/26 05:33:16 | 002,743,104 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/08/05 14:01:08 | 000,024,064 | ---- | M] () -- C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe
PRC - [2010/11/20 05:17:56 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2010/11/20 05:17:55 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2010/05/25 05:28:58 | 000,263,600 | ---- | M] (Tonec Inc.) -- C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
PRC - [2009/12/09 16:21:56 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2009/12/09 16:21:52 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/07/13 18:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 18:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 18:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/03/12 18:18:48 | 000,602,624 | ---- | M] () -- C:\Program Files (x86)\Everything\Everything.exe
PRC - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/11/24 13:46:26 | 000,994,952 | ---- | M] (Acunetix Ltd.) -- C:\Program Files (x86)\Acunetix\Web Vulnerability Scanner 6\WVSScheduler.exe

========== Modules (No Company Name) ==========

MOD - [2012/10/15 04:11:55 | 009,814,968 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
MOD - [2012/08/01 10:49:53 | 002,003,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2009/03/12 18:18:48 | 000,602,624 | ---- | M] () -- C:\Program Files (x86)\Everything\Everything.exe

========== Services (SafeList) ==========

SRV:64bit: - [2010/09/28 12:30:28 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/02/05 17:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/07/28 15:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/10/15 04:11:55 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/08/13 03:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/08/01 10:49:53 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/18 14:12:51 | 000,147,368 | ---- | M] (LogMeIn, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\LogMeIn\x64\ramaint.exe -- (LMIMaint)
SRV - [2012/07/18 14:12:28 | 000,375,208 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/06/13 03:48:50 | 002,321,560 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgfws.exe -- (avgfws)
SRV - [2012/06/11 17:59:44 | 000,335,888 | ---- | M] (Verizon) [Auto | Running] -- C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter)
SRV - [2012/04/02 12:17:40 | 000,407,424 | ---- | M] (LogMeIn, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/08/05 14:01:08 | 000,024,064 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe -- (OpenVPNAccessClient)
SRV - [2011/02/11 13:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/11/24 16:00:16 | 007,669,760 | ---- | M] () [On_Demand | Stopped] -- c:\wamp\bin\mysql\mysql5.1.53\bin\mysqld.exe -- (wampmysqld)
SRV - [2010/10/24 14:34:38 | 000,021,504 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- c:\wamp\bin\apache\Apache2.2.17\bin\httpd.exe -- (wampapache)
SRV - [2010/06/25 10:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/09 16:21:56 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009/12/09 16:21:52 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/24 13:46:26 | 000,994,952 | ---- | M] (Acunetix Ltd.) [Auto | Running] -- C:\Program Files (x86)\Acunetix\Web Vulnerability Scanner 6\WVSScheduler.exe -- (AcuWVSSchedulerv6)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/10/13 09:08:52 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/09/27 11:07:26 | 000,160,992 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\idmwfp.sys -- (IDMWFP)
DRV:64bit: - [2012/08/24 15:43:16 | 000,384,352 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/07/26 03:21:28 | 000,291,680 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/07/18 14:12:29 | 000,087,488 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2012/04/19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/04/03 22:35:57 | 002,156,968 | ---- | M] (TamoSoft) [CommView] Atheros AR5008 Wireless Network Adapter Service 7.7 [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ts_athwx.sys -- (TS_AR5416)
DRV:64bit: - [2012/04/02 12:17:40 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2012/04/02 12:17:18 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/01/31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/12/23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/12/23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/12/23 13:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/05/23 01:03:28 | 000,048,992 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgfwd6a.sys -- (Avgfwfd)
DRV:64bit: - [2011/05/10 08:06:14 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2011/04/20 09:24:56 | 000,169,584 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/10/06 19:47:18 | 000,030,720 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tapoas.sys -- (tapoas)
DRV:64bit: - [2010/08/31 12:32:44 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rdpdispm.sys -- (RDPDISPM)
DRV:64bit: - [2010/06/25 10:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2010/03/31 14:50:16 | 000,724,536 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2010/03/10 18:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/02/20 08:24:34 | 010,300,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/02/10 15:01:58 | 000,158,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/01 10:29:48 | 000,232,992 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/01/15 12:22:08 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/11/06 12:56:06 | 001,550,848 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/09/17 12:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/30 20:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 15:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:00:13 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Dot4Scan.sys -- (Dot4Scan)
DRV:64bit: - [2009/07/07 08:51:42 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FwLnk.sys -- (FwLnk)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/03/18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2012/04/02 12:17:40 | 000,015,928 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Stopped] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.toshiba.com/
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{8D40F87F-3D0F-4E0A-B0C3-1F48BA4A4C0D}: "URL" = http://www.google.co...ng}&rlz=1I7TSNF
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{B9392CD0-27B1-4A09-A802-1C172F508BF6}: "URL" = http://www.google.co...ng}&rlz=1I7TSNF

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-254672792-3389915106-1260256797-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-254672792-3389915106-1260256797-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-254672792-3389915106-1260256797-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-254672792-3389915106-1260256797-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-254672792-3389915106-1260256797-1000\..\SearchScopes\{5C443326-F55B-4901-9795-D516DAD7DB0F}: "URL" = http://www.google.co...&rlz=1I7TSNF_en
IE - HKU\S-1-5-21-254672792-3389915106-1260256797-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledAddons: {e968fc70-8f95-4ab9-9e79-304de2a71ee1}:0.7.3
FF - prefs.js..extensions.enabledAddons: {c36177c0-224a-11da-8cd6-0800200c9a91}:3.9.81
FF - prefs.js..extensions.enabledAddons: {3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d}:1.8.1
FF - prefs.js..extensions.enabledAddons: {F53C93F1-07D5-430c-86D4-C9531B27DFAF}:12.0.0.2189
FF - prefs.js..extensions.enabledAddons: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.2.2
FF - prefs.js..extensions.enabledAddons: [email protected]:7.3.29
FF - prefs.js..extensions.enabledAddons: [email protected]:1.0
FF - prefs.js..extensions.enabledAddons: [email protected]:5.8.17
FF - prefs.js..extensions.enabledAddons: {8743b663-b854-4f75-bc82-8f7e751e759f}:1.7.5
FF - prefs.js..extensions.enabledAddons: [email protected]:1.2.0.2
FF - prefs.js..extensions.enabledAddons: [email protected]:4.0.2
FF - prefs.js..extensions.enabledAddons: {7067a92c-1db4-4e5e-869c-25f841287f8b}:0.2.4
FF - prefs.js..extensions.enabledAddons: {8479ade0-2eec-11de-8c30-0800200c9a66}:3.0.6
FF - prefs.js..network.proxy.gopher: ""
FF - prefs.js..network.proxy.gopher_port: 0
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\vice\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\vice\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\vice\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\vice\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/10/12 13:02:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/08/30 09:32:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2012/10/12 11:39:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/01 10:49:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/09/04 10:32:03 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\vice\AppData\Roaming\IDM\idmmzcc5 [2012/10/12 11:59:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/01 10:49:53 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/09/04 10:32:03 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Users\vice\AppData\Roaming\IDM\idmmzcc5 [2012/10/12 11:59:36 | 000,000,000 | ---D | M]

[2011/07/21 11:04:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\vice\AppData\Roaming\mozilla\Extensions
[2012/10/15 04:55:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\vice\AppData\Roaming\mozilla\Firefox\Profiles\ezcijjos.default\extensions
[2012/10/13 12:49:26 | 000,000,000 | ---D | M] (ActiveMail) -- C:\Users\vice\AppData\Roaming\mozilla\Firefox\Profiles\ezcijjos.default\extensions\[email protected]
[2012/10/13 06:04:05 | 000,000,000 | ---D | M] (DealCabby) -- C:\Users\vice\AppData\Roaming\mozilla\Firefox\Profiles\ezcijjos.default\extensions\dealcabby@jetpack
[2012/10/14 22:23:24 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\vice\AppData\Roaming\mozilla\Firefox\Profiles\ezcijjos.default\extensions\[email protected]
[2012/06/19 17:59:06 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Users\vice\AppData\Roaming\mozilla\Firefox\Profiles\ezcijjos.default\extensions\[email protected]
[2012/01/22 19:35:15 | 000,084,673 | ---- | M] () (No name found) -- C:\Users\vice\AppData\Roaming\mozilla\firefox\profiles\ezcijjos.default\extensions\[email protected]
[2012/10/14 21:38:47 | 000,016,275 | ---- | M] () (No name found) -- C:\Users\vice\AppData\Roaming\mozilla\firefox\profiles\ezcijjos.default\extensions\[email protected]
[2012/10/14 22:58:19 | 001,626,141 | ---- | M] () (No name found) -- C:\Users\vice\AppData\Roaming\mozilla\firefox\profiles\ezcijjos.default\extensions\[email protected]
[2012/10/14 21:37:27 | 000,214,909 | ---- | M] () (No name found) -- C:\Users\vice\AppData\Roaming\mozilla\firefox\profiles\ezcijjos.default\extensions\[email protected]
[2012/10/13 03:31:31 | 000,004,544 | ---- | M] () (No name found) -- C:\Users\vice\AppData\Roaming\mozilla\firefox\profiles\ezcijjos.default\extensions\[email protected]
[2012/08/01 10:49:57 | 000,049,607 | ---- | M] () (No name found) -- C:\Users\vice\AppData\Roaming\mozilla\firefox\profiles\ezcijjos.default\extensions\{3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d}.xpi
[2012/10/14 22:23:24 | 000,031,339 | ---- | M] () (No name found) -- C:\Users\vice\AppData\Roaming\mozilla\firefox\profiles\ezcijjos.default\extensions\{7067a92c-1db4-4e5e-869c-25f841287f8b}.xpi
[2012/03/22 09:11:48 | 000,679,816 | ---- | M] () (No name found) -- C:\Users\vice\AppData\Roaming\mozilla\firefox\profiles\ezcijjos.default\extensions\{8479ade0-2eec-11de-8c30-0800200c9a66}.xpi
[2012/10/14 21:35:24 | 000,104,649 | ---- | M] () (No name found) -- C:\Users\vice\AppData\Roaming\mozilla\firefox\profiles\ezcijjos.default\extensions\{8743b663-b854-4f75-bc82-8f7e751e759f}.xpi
[2012/01/16 17:51:14 | 000,008,950 | ---- | M] () (No name found) -- C:\Users\vice\AppData\Roaming\mozilla\firefox\profiles\ezcijjos.default\extensions\{a3b3130e-3221-11a6-8ea8-43e1dbcc0a12}.xpi
[2012/07/25 12:28:25 | 000,177,357 | ---- | M] () (No name found) -- C:\Users\vice\AppData\Roaming\mozilla\firefox\profiles\ezcijjos.default\extensions\{c36177c0-224a-11da-8cd6-0800200c9a91}.xpi
[2012/10/12 10:19:38 | 001,268,546 | ---- | M] () (No name found) -- C:\Users\vice\AppData\Roaming\mozilla\firefox\profiles\ezcijjos.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi
[2012/01/16 14:29:49 | 000,042,336 | ---- | M] () (No name found) -- C:\Users\vice\AppData\Roaming\mozilla\firefox\profiles\ezcijjos.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi
[2012/01/16 17:51:14 | 000,053,873 | ---- | M] () (No name found) -- C:\Users\vice\AppData\Roaming\mozilla\firefox\profiles\ezcijjos.default\extensions\{F7D360DC-B8F8-11DA-86BD-3EC8728786A0}.xpi
[2012/01/09 16:21:06 | 000,002,059 | ---- | M] () -- C:\Users\vice\AppData\Roaming\mozilla\firefox\profiles\ezcijjos.default\searchplugins\absearch-search.xml
[2012/01/16 14:42:37 | 000,002,685 | ---- | M] () -- C:\Users\vice\AppData\Roaming\mozilla\firefox\profiles\ezcijjos.default\searchplugins\packetstorm-search-suggest.xml
[2012/04/28 10:00:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/04/18 07:46:18 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/08/30 09:32:21 | 000,000,000 | ---D | M] (AVG Do Not Track) -- C:\PROGRAM FILES (X86)\AVG\AVG2012\FIREFOX\DONOTTRACK
[2012/10/12 11:59:36 | 000,000,000 | ---D | M] (IDM CC) -- C:\USERS\VICE\APPDATA\ROAMING\IDM\IDMMZCC5
[2012/08/01 10:49:53 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/01/12 05:34:14 | 000,215,864 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files (x86)\mozilla firefox\plugins\npatgpc.dll
[2012/03/14 09:28:51 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/03/14 09:28:51 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Conduit (Enabled)
CHR - default_search_provider: search_url = http:\/\/search.conduit.com\/Results.aspx?q={searchTerms}&SearchSource=49&ctid=CT3220468
CHR - default_search_provider: suggest_url = http:\/\/search.conduit.com\/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\vice\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2210_0\plugins\/avgnpss.dll
CHR - plugin: Internet Download Manager (Enabled) = C:\Users\vice\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmolcgpienlcieaajfkkdamlngancncm\6.12.21_0\IDMGCExt.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\vice\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: ActiveTouch General Plugin Container (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npatgpc.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\vice\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\vice\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U5 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\windows\SysWOW64\npDeployJava1.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: uTorrentControl_v2 = C:\Users\vice\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\2.3.15.10_0\
CHR - Extension: AVG Safe Search = C:\Users\vice\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2210_0\
CHR - Extension: IDM Integration = C:\Users\vice\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmolcgpienlcieaajfkkdamlngancncm\6.12.21_0\
CHR - Extension: Skype Click to Call = C:\Users\vice\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\
CHR - Extension: AVG Do Not Track = C:\Users\vice\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\
CHR - Extension: uTorrentControl_v2 = C:\Users\vice\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\2.3.15.10_0\
CHR - Extension: AVG Safe Search = C:\Users\vice\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2210_0\
CHR - Extension: IDM Integration = C:\Users\vice\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmolcgpienlcieaajfkkdamlngancncm\6.12.21_0\
CHR - Extension: Skype Click to Call = C:\Users\vice\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\
CHR - Extension: AVG Do Not Track = C:\Users\vice\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\

O1 HOSTS File: ([2012/10/15 03:42:01 | 000,441,572 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15174 more lines...
O2:64bit: - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (ActiveMail) - {EF7AED5F-0C26-4820-A570-7DA8B6D93F4A} - C:\ProgramData\ActivePath\ActiveMail\ActiveMailBHO64.dll (ActivePath Ltd.)
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (DealCabby) - {B0541B5C-0D83-4069-AA9A-FAE6FD17ED20} - C:\Users\vice\AppData\Local\dealcabby\ie\dealcabby_20121013085501.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (ActiveMail) - {EF7AED5F-0C26-4820-A570-7DA8B6D93F4A} - C:\ProgramData\ActivePath\ActiveMail\ActiveMailBHO.dll (ActivePath Ltd.)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - {EFEED92A-A33D-4873-BA8F-32BAA631E54D} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - No CLSID value found.
O3 - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKU\.DEFAULT\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3:64bit: - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKU\S-1-5-18\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3:64bit: - HKU\S-1-5-21-254672792-3389915106-1260256797-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKU\S-1-5-21-254672792-3389915106-1260256797-1000\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O3 - HKU\S-1-5-21-254672792-3389915106-1260256797-1000\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Everything] C:\Program Files (x86)\Everything\Everything.exe ()
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKU\.DEFAULT..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKU\S-1-5-18..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-254672792-3389915106-1260256797-1000..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKU\S-1-5-21-254672792-3389915106-1260256797-1000..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStartupSound = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-254672792-3389915106-1260256797-1000\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-254672792-3389915106-1260256797-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-254672792-3389915106-1260256797-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThumbnailCache = 1
O7 - HKU\S-1-5-21-254672792-3389915106-1260256797-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableThumbnailsOnNetworkFolders = 1
O8:64bit: - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8:64bit: - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8:64bit: - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O8:64bit: - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8:64bit: - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8:64bit: - Extra context menu item: Show RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Show RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9:64bit: - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9:64bit: - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files (x86)\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=724 (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{18B2CA68-557A-43AD-9FC8-7D25FC095266}: DhcpNameServer = 66.174.92.14 69.78.96.14
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F95538B8-A754-4551-AE9E-3F4BD24042BF}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{df34a13e-154f-11e2-8e12-68a3c4b4dc7b}\Shell - "" = AutoRun
O33 - MountPoints2\{df34a13e-154f-11e2-8e12-68a3c4b4dc7b}\Shell\AutoRun\command - "" = E:\autoplay.exe
O33 - MountPoints2\{df34a143-154f-11e2-8e12-68a3c4b4dc7b}\Shell - "" = AutoRun
O33 - MountPoints2\{df34a143-154f-11e2-8e12-68a3c4b4dc7b}\Shell\AutoRun\command - "" = F:\autoplay.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgchsva.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/15 07:20:03 | 000,000,000 | ---D | C] -- C:\Users\vice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan
[2012/10/15 07:19:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012/10/15 07:19:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2012/10/15 07:07:07 | 000,208,216 | ---- | C] (Kaspersky Lab, GERT) -- C:\windows\SysNative\drivers\06947938.sys
[2012/10/15 07:07:05 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/10/15 07:03:39 | 000,000,000 | ---D | C] -- C:\Users\vice\Desktop\rkill
[2012/10/15 06:57:31 | 001,678,240 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\vice\Desktop\rkill.exe
[2012/10/15 06:51:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NT Registry Optimizer
[2012/10/15 06:51:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NT Registry Optimizer
[2012/10/15 06:48:54 | 000,000,000 | ---D | C] -- C:\Users\vice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Everything
[2012/10/15 06:48:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Everything
[2012/10/15 05:09:57 | 000,000,000 | ---D | C] -- C:\Users\vice\Desktop\RK_Quarantine
[2012/10/15 03:28:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Applian Technologies
[2012/10/15 03:08:58 | 000,000,000 | ---D | C] -- C:\Users\vice\Desktop\New Folder
[2012/10/15 02:10:01 | 000,000,000 | ---D | C] -- C:\Users\vice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OnlineHD.TV
[2012/10/15 01:32:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Applian
[2012/10/15 01:29:44 | 000,000,000 | ---D | C] -- C:\Users\vice\Documents\My Streaming Media
[2012/10/15 01:29:38 | 000,000,000 | ---D | C] -- C:\Users\vice\AppData\Local\Jaksta_Technologies_Pty_L
[2012/10/14 20:54:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012/10/13 09:32:03 | 000,139,264 | ---- | C] (Blizzard Entertainment) -- C:\windows\War3Unin.exe
[2012/10/13 09:32:03 | 000,000,000 | ---D | C] -- C:\Users\vice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Warcraft III
[2012/10/13 09:32:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Warcraft III
[2012/10/13 09:30:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Warcraft III
[2012/10/13 09:24:17 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\directx
[2012/10/13 09:05:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Amazon Browser Bar
[2012/10/13 09:01:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OnlineHD.TV
[2012/10/13 08:43:16 | 000,000,000 | ---D | C] -- C:\Users\vice\Desktop\wazr2
[2012/10/13 08:16:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Pro
[2012/10/13 08:15:50 | 000,283,200 | ---- | C] (DT Soft Ltd) -- C:\windows\SysNative\drivers\dtsoftbus01.sys
[2012/10/13 08:15:43 | 000,000,000 | ---D | C] -- C:\Users\vice\AppData\Roaming\DAEMON Tools Pro
[2012/10/13 08:15:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Pro
[2012/10/13 08:13:10 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Pro
[2012/10/13 06:04:04 | 000,000,000 | ---D | C] -- C:\Users\vice\AppData\Local\dealcabby
[2012/10/13 06:03:49 | 000,000,000 | ---D | C] -- C:\ProgramData\ActivePath
[2012/10/13 06:03:42 | 000,000,000 | ---D | C] -- C:\Users\vice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Uncompressor
[2012/10/13 06:03:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Uncompressor
[2012/10/13 04:56:48 | 000,000,000 | ---D | C] -- C:\Users\vice\AppData\Roaming\GarenaPlus
[2012/10/13 04:56:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garena
[2012/10/13 04:55:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Garena Plus
[2012/10/13 04:55:50 | 000,000,000 | ---D | C] -- C:\ProgramData\GarenaMessenger
[2012/10/13 04:44:37 | 000,000,000 | ---D | C] -- C:\Users\vice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2012/10/13 03:25:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Super Hide IP
[2012/10/13 03:25:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SuperHideIP
[2012/10/13 02:09:17 | 000,000,000 | ---D | C] -- C:\Users\vice\AppData\Local\DownTango
[2012/10/13 02:08:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Red Sky
[2012/10/12 23:29:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinZip registry Optimizer1
[2012/10/12 22:37:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinZip Registry Optimizer
[2012/10/12 22:07:14 | 000,000,000 | ---D | C] -- C:\Users\vice\AppData\Roaming\SuperHideIP
[2012/10/12 22:07:14 | 000,000,000 | ---D | C] -- C:\ProgramData\SuperHideIP
[2012/10/12 21:37:44 | 000,000,000 | ---D | C] -- C:\Users\vice\AppData\Roaming\ExpressFiles
[2012/10/12 21:34:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Uniblue
[2012/10/12 20:56:43 | 000,000,000 | ---D | C] -- C:\Users\vice\AppData\Local\CRE
[2012/10/12 20:56:11 | 000,000,000 | ---D | C] -- C:\Users\vice\AppData\Roaming\Nico Mak Computing
[2012/10/12 20:56:06 | 000,018,760 | ---- | C] (WinZip Computing, S.L.(WinZip Computing)) -- C:\windows\SysNative\roboot64.exe
[2012/10/12 20:55:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent
[2012/10/12 20:54:43 | 000,000,000 | ---D | C] -- C:\Users\vice\AppData\Roaming\uTorrent
[2012/10/12 20:27:44 | 000,000,000 | ---D | C] -- C:\Users\vice\AppData\Roaming\Uniblue
[2012/10/12 19:54:18 | 000,000,000 | ---D | C] -- C:\Users\vice\.myPhoneDesktop
[2012/10/12 14:48:44 | 000,000,000 | ---D | C] -- C:\Users\vice\Documents\My Received Files
[2012/10/12 13:02:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/10/12 12:12:58 | 000,000,000 | ---D | C] -- C:\Users\vice\AppData\Roaming\Paltalk
[2012/10/12 12:10:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Paltalk Messenger
[2012/10/12 11:09:00 | 000,000,000 | ---D | C] -- C:\Users\vice\AppData\Roaming\AVG LiveKive
[2012/10/12 11:08:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG LiveKive
[2012/10/12 10:54:48 | 000,000,000 | ---D | C] -- C:\Users\vice\Desktop\Txt file notes
[2012/10/12 10:51:49 | 000,000,000 | ---D | C] -- C:\Users\vice\Desktop\New Data Placments
[2012/10/12 10:44:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
[2012/10/12 10:44:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinPcap
[2012/10/10 02:36:33 | 000,160,992 | ---- | C] (Tonec Inc.) -- C:\windows\SysNative\drivers\idmwfp.sys
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/10/15 07:56:05 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/10/15 07:32:26 | 000,000,512 | ---- | M] () -- C:\Users\vice\Desktop\MBR.dat
[2012/10/15 07:29:04 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/15 07:29:04 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/15 07:27:05 | 001,678,240 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\vice\Desktop\rkill.exe
[2012/10/15 07:26:04 | 000,000,904 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-254672792-3389915106-1260256797-1000UA.job
[2012/10/15 07:26:01 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/15 07:21:51 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/15 07:21:29 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/10/15 07:21:26 | 3062,255,616 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/15 07:21:25 | 534,436,960 | ---- | M] () -- C:\windows\MEMORY.DMP
[2012/10/15 07:20:03 | 008,912,896 | ---- | M] () -- C:\Users\vice\ntuser.bak
[2012/10/15 07:19:32 | 000,001,046 | ---- | M] () -- C:\Users\vice\Desktop\Kaspersky Security Scan.lnk
[2012/10/15 07:07:07 | 000,208,216 | ---- | M] (Kaspersky Lab, GERT) -- C:\windows\SysNative\drivers\06947938.sys
[2012/10/15 06:59:23 | 097,409,665 | ---- | M] () -- C:\windows\SysNative\drivers\AVG\incavi.avm
[2012/10/15 06:51:30 | 000,000,977 | ---- | M] () -- C:\Users\vice\Desktop\NTREGOPT.lnk
[2012/10/15 06:48:57 | 000,001,000 | ---- | M] () -- C:\Users\vice\Desktop\Search Everything.lnk
[2012/10/15 04:42:53 | 000,001,948 | ---- | M] () -- C:\Users\vice\Desktop\Paltalk Messenger.lnk
[2012/10/15 03:42:01 | 000,441,572 | R--- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2012/10/15 03:27:11 | 000,041,595 | ---- | M] () -- C:\Users\vice\Desktop\PdaNet__1.1.2_.apk
[2012/10/14 23:12:08 | 000,012,671 | ---- | M] () -- C:\Users\vice\Desktop\UpdateClient.exe - Shortcut.lnk
[2012/10/14 11:26:03 | 000,000,852 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-254672792-3389915106-1260256797-1000Core.job
[2012/10/13 22:56:09 | 000,610,907 | ---- | M] () -- C:\windows\SysNative\drivers\AVG\iavichjg.avm
[2012/10/13 12:56:19 | 000,045,270 | ---- | M] () -- C:\Users\vice\AppData\Roaming\room_v3.dat
[2012/10/13 10:57:03 | 000,629,010 | ---- | M] () -- C:\windows\SysNative\drivers\AVG\iavifw.avm
[2012/10/13 09:53:21 | 000,107,167 | ---- | M] () -- C:\windows\War3Unin.dat
[2012/10/13 09:37:29 | 000,139,264 | ---- | M] (Blizzard Entertainment) -- C:\windows\War3Unin.exe
[2012/10/13 09:37:29 | 000,002,829 | ---- | M] () -- C:\windows\War3Unin.pif
[2012/10/13 09:13:10 | 000,783,418 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/10/13 09:13:10 | 000,663,472 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/10/13 09:13:10 | 000,122,308 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/10/13 09:08:52 | 000,283,200 | ---- | M] (DT Soft Ltd) -- C:\windows\SysNative\drivers\dtsoftbus01.sys
[2012/10/13 08:17:14 | 000,001,901 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Pro.lnk
[2012/10/13 05:20:48 | 1167,435,762 | ---- | M] () -- C:\Users\vice\Desktop\Warcraft III - Reing of Chaos + Warcraft III Frozen Throne + CD Key + ENG Patch 121B.zip
[2012/10/13 04:56:04 | 000,001,032 | ---- | M] () -- C:\Users\Public\Desktop\Garena Plus.lnk
[2012/10/13 03:25:14 | 000,001,012 | ---- | M] () -- C:\Users\Public\Desktop\Super Hide IP.lnk
[2012/10/12 23:50:16 | 020,200,914 | ---- | M] () -- C:\Users\vice\Desktop\WinZip Reg Optimizer pro Patch.Crack included.rar
[2012/10/12 23:12:32 | 003,917,054 | ---- | M] () -- C:\Users\vice\Desktop\Ccleaner Bussiness Edition Crack.Patch included.rar
[2012/10/12 22:06:03 | 005,704,735 | ---- | M] () -- C:\Users\vice\Desktop\UniBlue Power Suite Crack inculded.rar
[2012/10/12 20:56:08 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2012/10/12 20:49:09 | 000,000,954 | ---- | M] () -- C:\Users\Public\Desktop\iLivid.lnk
[2012/10/12 19:17:22 | 000,000,838 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/09/27 11:07:26 | 000,160,992 | ---- | M] (Tonec Inc.) -- C:\windows\SysNative\drivers\idmwfp.sys
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/10/15 07:32:26 | 000,000,512 | ---- | C] () -- C:\Users\vice\Desktop\MBR.dat
[2012/10/15 07:21:25 | 534,436,960 | ---- | C] () -- C:\windows\MEMORY.DMP
[2012/10/15 07:20:03 | 000,001,046 | ---- | C] () -- C:\Users\vice\Desktop\Kaspersky Security Scan.lnk
[2012/10/15 06:51:30 | 000,000,977 | ---- | C] () -- C:\Users\vice\Desktop\NTREGOPT.lnk
[2012/10/15 06:48:57 | 000,001,000 | ---- | C] () -- C:\Users\vice\Desktop\Search Everything.lnk
[2012/10/15 04:42:53 | 000,001,948 | ---- | C] () -- C:\Users\vice\Desktop\Paltalk Messenger.lnk
[2012/10/15 03:27:09 | 000,041,595 | ---- | C] () -- C:\Users\vice\Desktop\PdaNet__1.1.2_.apk
[2012/10/14 23:12:08 | 000,012,671 | ---- | C] () -- C:\Users\vice\Desktop\UpdateClient.exe - Shortcut.lnk
[2012/10/13 09:32:03 | 000,107,167 | ---- | C] () -- C:\windows\War3Unin.dat
[2012/10/13 09:32:03 | 000,002,829 | ---- | C] () -- C:\windows\War3Unin.pif
[2012/10/13 08:17:14 | 000,001,901 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Pro.lnk
[2012/10/13 08:08:04 | 015,385,152 | ---- | C] () -- C:\Users\vice\Documents\Atmn-Anywhere-setup500.exe
[2012/10/13 08:07:14 | 000,045,270 | ---- | C] () -- C:\Users\vice\AppData\Roaming\room_v3.dat
[2012/10/13 04:56:04 | 000,001,032 | ---- | C] () -- C:\Users\Public\Desktop\Garena Plus.lnk
[2012/10/13 04:12:43 | 1167,435,762 | ---- | C] () -- C:\Users\vice\Desktop\Warcraft III - Reing of Chaos + Warcraft III Frozen Throne + CD Key + ENG Patch 121B.zip
[2012/10/13 03:25:14 | 000,001,012 | ---- | C] () -- C:\Users\Public\Desktop\Super Hide IP.lnk
[2012/10/12 23:49:59 | 020,200,914 | ---- | C] () -- C:\Users\vice\Desktop\WinZip Reg Optimizer pro Patch.Crack included.rar
[2012/10/12 23:12:29 | 003,917,054 | ---- | C] () -- C:\Users\vice\Desktop\Ccleaner Bussiness Edition Crack.Patch included.rar
[2012/10/12 22:05:57 | 005,704,735 | ---- | C] () -- C:\Users\vice\Desktop\UniBlue Power Suite Crack inculded.rar
[2012/10/12 20:56:08 | 000,000,912 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2012/10/12 20:48:21 | 000,000,954 | ---- | C] () -- C:\Users\Public\Desktop\iLivid.lnk
[2012/10/12 19:17:22 | 000,000,838 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/10/12 11:08:56 | 000,001,049 | ---- | C] () -- C:\Users\vice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVG LiveKive.lnk
[2012/06/19 18:41:38 | 000,000,337 | ---- | C] () -- C:\Users\vice\AppData\Local\Perfmon.PerfmonCfg
[2012/06/18 23:28:17 | 000,037,837 | ---- | C] () -- C:\Users\vice\AppData\Roaming\Comma Separated Values (DOS).ADR
[2012/03/08 13:33:25 | 000,008,192 | ---- | C] () -- C:\Users\vice\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/13 15:01:24 | 000,000,600 | ---- | C] () -- C:\Users\vice\AppData\Local\PUTTY.RND
[2012/01/22 23:08:25 | 000,000,140 | ---- | C] () -- C:\windows\SysWow64\ptl5.dat.{B03B289B-C438-4D0F-B3B0-52F9FE7B661D}
[2012/01/22 16:44:02 | 000,000,016 | ---- | C] () -- C:\windows\SysWow64\ptlx55.dat.{5728B11F-B697-47AA-9C1B-8ECB545B5193}
[2012/01/19 12:36:27 | 000,000,197 | ---- | C] () -- C:\Users\vice\openvpn-connect.json
[2012/01/18 17:24:20 | 000,000,277 | ---- | C] () -- C:\Users\vice\.JavaPowUpload.properties
[2012/01/18 07:32:25 | 000,000,049 | ---- | C] () -- C:\Users\vice\.gtk-bookmarks
[2012/01/16 17:28:01 | 000,000,168 | ---- | C] () -- C:\Users\vice\AppData\Roaming\settings.set
[2012/01/16 07:26:48 | 000,000,600 | ---- | C] () -- C:\Users\vice\AppData\Roaming\winscp.rnd
[2011/09/26 10:56:51 | 000,038,427 | ---- | C] () -- C:\Users\vice\AppData\Roaming\Comma Separated Values (Windows).ADR
[2011/09/21 14:43:36 | 000,081,920 | ---- | C] () -- C:\windows\SysWow64\pwbsp.dll
[2011/09/21 14:43:35 | 000,094,208 | ---- | C] () -- C:\windows\SysWow64\bioapi100.dll
[2011/09/21 14:43:35 | 000,073,728 | ---- | C] () -- C:\windows\SysWow64\bioapi_dummy100.dll
[2011/09/21 14:43:34 | 000,131,072 | ---- | C] () -- C:\windows\SysWow64\bioapi_mds300.dll
[2011/09/21 14:42:27 | 000,159,744 | ---- | C] () -- C:\windows\SysWow64\zkemsdk.dll
[2011/09/21 14:42:27 | 000,126,976 | ---- | C] () -- C:\windows\SysWow64\rscomm.dll
[2011/09/21 14:42:27 | 000,110,592 | ---- | C] () -- C:\windows\SysWow64\rscagent.dll
[2011/09/21 14:42:27 | 000,110,592 | ---- | C] () -- C:\windows\SysWow64\rsagent.dll
[2011/09/21 14:42:27 | 000,100,352 | ---- | C] () -- C:\windows\SysWow64\plce.dll
[2011/09/21 14:42:27 | 000,045,056 | ---- | C] () -- C:\windows\SysWow64\comms.dll
[2011/09/21 14:42:27 | 000,040,960 | ---- | C] () -- C:\windows\SysWow64\rsagentlst.dll
[2011/09/21 14:42:26 | 000,147,456 | ---- | C] () -- C:\windows\SysWow64\ATRauthentec.dll
[2011/09/21 14:42:26 | 000,057,344 | ---- | C] () -- C:\windows\SysWow64\commpro.dll
[2011/09/09 09:29:40 | 000,072,080 | ---- | C] () -- C:\Users\vice\g2mdlhlpx.exe
[2011/07/28 15:20:57 | 001,589,248 | ---- | C] () -- C:\windows\SysWow64\libmysql_d.dll
[2011/07/18 10:36:16 | 000,007,626 | ---- | C] () -- C:\Users\vice\AppData\Local\resmon.resmoncfg
[2011/07/01 00:28:31 | 000,796,852 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/06/30 15:02:01 | 008,912,896 | ---- | C] () -- C:\Users\vice\ntuser.bak
[2011/05/16 12:31:44 | 000,008,592 | ---- | C] () -- C:\windows\SysWow64\ractrlkeyhook.dll

========== ZeroAccess Check ==========

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 22:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 21:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/01/12 09:52:41 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\DigiData
[2012/01/12 09:52:41 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\DigiData
[2011/07/17 22:54:38 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\.purple
[2012/02/14 19:52:50 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\Air Cam Live Video - PC Control
[2012/02/22 16:21:36 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\AVG
[2012/10/12 14:26:39 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\AVG LiveKive
[2011/10/28 09:45:27 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\AVG2012
[2012/10/15 03:17:56 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\BitTorrent
[2012/04/23 14:41:45 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\com.import.ResellerImporter
[2012/01/09 16:37:08 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\DAEMON Tools Lite
[2012/10/15 03:18:06 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\DAEMON Tools Pro
[2012/02/15 07:48:25 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\Devicescape
[2012/01/22 19:32:07 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\Digital Confidence
[2012/01/18 18:05:13 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\DiskAid
[2012/10/15 08:00:13 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\DMCache
[2011/07/19 23:04:53 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\Downloaded Installations
[2012/10/12 21:39:53 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\ExpressFiles
[2012/10/12 12:14:54 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\FileZilla
[2011/08/26 10:21:57 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\Five9
[2012/10/13 12:50:42 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\GarenaPlus
[2011/07/26 09:37:01 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\GSplit
[2012/02/13 06:53:51 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\gtk-2.0
[2012/10/15 04:43:11 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\IDM
[2012/10/12 10:40:16 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\MegaCloud
[2012/10/14 12:13:00 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\MegaCloudBackup
[2012/02/13 06:49:55 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\Netscape
[2012/10/12 23:37:06 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\Nico Mak Computing
[2012/02/13 06:53:53 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\Notepad++
[2011/07/16 16:50:22 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\OutWit
[2012/10/12 13:00:14 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\Paltalk
[2012/01/16 23:25:23 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\PE Explorer
[2011/07/08 10:15:28 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\QuickScan
[2012/02/13 06:49:59 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\Risingware
[2011/06/30 15:17:46 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\RoboForm
[2011/07/07 12:45:03 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\SoftGrid Client
[2012/10/12 22:07:14 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\SuperHideIP
[2011/08/30 14:05:26 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\TechWizard
[2011/06/30 16:35:12 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\Tific
[2011/07/07 03:35:07 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\Toshiba
[2011/07/01 00:29:19 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\TP
[2012/10/13 04:27:48 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\Uniblue
[2012/10/12 10:58:00 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\Usenet.nl
[2012/10/15 08:01:24 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\uTorrent
[2011/06/30 15:02:37 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\WinBatch
[2011/09/23 10:19:24 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\Windows Live Writer
[2012/02/15 10:58:45 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\Wireshark
[2012/06/18 23:53:19 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\WNR
[2011/07/17 23:53:32 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\YouSendIt

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 196 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >

Attached Files

RKreport16.txt 3.18KB 106 downloads
tdsskiller report.txt 70.82KB 119 downloads
Rkill.txt 4.4KB 136 downloads
AdwCleanerS3.txt 16.32KB 162 downloads
OTL.Txt 155.75KB 91 downloads

Edited by Essexboy, 15 October 2012 - 11:18 AM.

#2
godawgs

Posted 15 October 2012 - 12:21 PM

Teacher

Retired Staff
8,228 posts

Hello and welcome to the forums :wave:

. My name is godawgs and I will be assisting you with your Virus / Malware issues.
I will start working on your Malware issues. This may, or may not, solve other issues you have with your machine. The fixes are specific to your problem and should only be used for this issue on this machine!

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.
If you have not, please adhere to the guidelines below and then carefully follow all future instructions:

You must reply to posts within four days. If you haven't replied within that time, the topic will be closed! If you need additional time to complete things, just let me know.
If you're not sure, or if something unexpected happens, Do NOT continue! Stop and ask!

This board can notify you when a new reply is added to a topic. Please read this topic to find out how to do that.

Please do not run any tools unless instructed to do so.

We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability. Do as the instructions ask, nothing extra. Do Not run things twice unless instructed.
Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
If I ask a Question just answer it, don't run anything unless directed to.

Please read every post completely before doing anything.

Pay special attention to the NOTE: lines, or anything in red. These entries identify an individual issue or important step in the cleanup process.
Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. Some of the steps I will be asking you to do may require you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.
Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.

Logs from malware diagnostic or removal programs (OTL is one of them) can take some time to analyze.

I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forum, (sometimes )
Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.

Lastly, Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. Some infections are so severe that we might encounter situations where the only recourse is to re-format and re-install your operating system. Don't worry, this only happens in severe cases, but, sadly, it does happen.
In light of this be prepared to back up your data. Have means of backing up your data available.

I often download various software and go to sites that you could call less then safe but i am very diligent in checking each item i download and install but i realize [bleep] happens it is highly possible my computer is infected.

You might want to rethink that strategy. You have a variant of the zero access riootkit.

:alarm:

Warning: One or more of the identified infections on your computer is known to use a backdoor!
These are information stealing trojans installed on your computer.
Backdoor Trojans, IRCBots, keyloggers and Infostealers are very dangerous because they provide a way of accessing a computer system that bypasses security mechanisms and can steal sensitive information like passwords, personal and financial data which they send back to the hacker. Remote attackers use backdoor Trojans as part of an exploit to to gain unauthorized access to a computer and take control of it without your knowledge.

I would advise you to immediately disconnect this computer from the internet except when reading my posts, downloading the required tools and replying to this topic on this forum only.

If your computer was used for online banking, has credit card information or other sensitive data on it, I suggest you do the following:

All passwords should be changed to include those used for banking, email, eBay, Facebook ect; and forums. You should consider them to be compromised. They should be changed using a different computer and not the infected one. If you use the infected computer, an attacker may get the new passwords and transaction information.
Banking and credit card institutions should be notified of the possible security breach.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS.
Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterward. Let me know what you decide to do.

#3
V1CeE

Posted 15 October 2012 - 12:47 PM

Member

Topic Starter
Member
13 posts

I would like to move forward with the process, regardless of the out come i will get much benifit from the steps involved in reaching that solution. Also quick thing i am very worried about my roboform data its a password website manager that has just about every piece of info about me. The files are encrypted but i know anything is possible once it is transfer d to a new machine. How likely do you think it is that the all the folders content is compromised?

#4
godawgs

Posted 15 October 2012 - 12:55 PM

Teacher

Retired Staff
8,228 posts

I don't know that much about RoboForm. If the files are encrypted that will make it harder to get to them. I would still change ALL of my passwords. From a clean computer.
I'll be back with some 'structions.

#5
godawgs

Posted 15 October 2012 - 11:44 PM

Teacher

Retired Staff
8,228 posts

Hello again,

If you didn't run TDSSKiller from the desktop, delete the TDSSKiller.exe file from where it is and download a fresh copy to the desktop from here and follow the directions under Step 1 to run it. If TDSSKiller is already on the desktop you don't need to download a new copy. Just follow the directions under Step 1.

Step-1.

TDSSKiller

Please thoroughly read these instructions and carefully follow them. Pay particular attention to Setp 5

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
Check the boxes shown in the image below, then click OK.
Click the Start Scan button.
If a suspicious object is detected, the default action will be Skip. Leave the default action at Skip for all suspicious entries EXCEPT:
When you see the following entries change the default action of Skip to Delete and click on Continue
- \Device\Harddisk0\DR0 ( TDSS File System ) - warning
If malicious objects are found, they will show in the Scan results and offer three (3) options.
Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Step-2.

Posted Image

Run ComboFix
***Read through this entire procedure and if you have any questions, please ask them before you begin. Then either print out, or copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.***

If you have a previous version of Combofix.exe, delete it and download a fresh copy.

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications before downloading ComboFix. This is usually done via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

Download ComboFix from one of the following locations:

Link 1
Link 2

Double click on ComboFix.exe & follow the prompts.
Accept the disclaimer and allow to update if it asks
When finished, it shall produce a log for you.
Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" ComboFix. If you have a problem, reply back for further instructions.
3. If you recieve an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer. That will cure it.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use. ComboFix Should Not be used unless requested by a forum helper
Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
Don't forget to reenable your Anti-Virus

Step-3.

Run Farbar Service Scanner

Please download Farbar Service Scanner to the desktop.
Doubleclick the FSS.exe file to run it. (Vista and 7 users may need to right click the file and click Run as Administrator)

Make sure the following options are checked:
- Internet Services
- Windows Firewall
- System Restore
- Security Center
- Windows Update
- Windows Defender
- Other Services
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Step-4.

Things For Your Next Post:
1. The TDSSKiller log
2. The ComboFix log
3. The FSS.txt log

#6
V1CeE

Posted 17 October 2012 - 10:51 PM

Member

Topic Starter
Member
13 posts

Here are the logs you requested

Farbar Service Scanner Version: 07-10-2012
Ran by vice (administrator) on 17-10-2012 at 21:45:56
Running from "C:\Users\vice\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll
[2012-10-12 10:57] - [2012-06-01 22:41] - 0184320 ____A (Microsoft Corporation) 9C01375BE382E834CC26D1B7EAF2C4FE

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

ComboFix

ComboFix 12-10-17.05 - vice 10/17/2012 20:47:11.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3894.1678 [GMT -7:00]
Running from: c:\users\vice\Desktop\ComboFix_2.exe
AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Internet Security 2012 *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\vice\g2mdlhlpx.exe
c:\windows\svchost.exe
c:\windows\SysWow64\FlashPlayerInstaller.exe
c:\windows\SysWOW64\MSMAsk32.ocx
c:\windows\SysWow64\msstdfmt.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-09-18 to 2012-10-18 )))))))))))))))))))))))))))))))
.
.
2012-10-18 03:52 . 2012-10-18 03:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-17 20:43 . 2012-08-21 20:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-10-17 20:42 . 2012-10-17 20:42 -------- d-----w- c:\program files\iPod
2012-10-17 20:42 . 2012-10-17 20:43 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-10-17 20:42 . 2012-10-17 20:43 -------- d-----w- c:\program files\iTunes
2012-10-17 20:42 . 2012-10-17 20:43 -------- d-----w- c:\program files (x86)\iTunes
2012-10-17 18:40 . 2012-10-17 20:24 -------- d-----w- c:\program files (x86)\Driver Checker
2012-10-17 13:59 . 2012-10-17 13:59 -------- d-----w- c:\users\vice\AppData\Roaming\Reviversoft
2012-10-17 13:59 . 2012-10-17 13:59 -------- d-----w- c:\program files (x86)\Reviversoft
2012-10-17 07:23 . 2012-10-17 22:29 -------- d-----w- c:\users\vice\Warcraft III 1.21b ROC Installer enUS
2012-10-17 06:12 . 2012-10-17 23:42 -------- d-----w- c:\users\vice\Warcraft III 1.21b TFT Installer enUS
2012-10-17 01:03 . 2012-10-17 20:26 -------- d-----w- c:\users\Game Account
2012-10-16 22:51 . 2012-10-16 22:51 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs
2012-10-15 20:50 . 2012-10-17 20:24 -------- d-----w- C:\MGtools
2012-10-15 20:14 . 2012-10-15 20:14 -------- d-----w- c:\users\vice\AppData\Roaming\SUPERAntiSpyware.com
2012-10-15 18:11 . 2012-10-17 20:24 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-10-15 18:11 . 2012-10-15 18:11 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-10-15 14:19 . 2012-10-16 01:52 -------- d-----w- c:\programdata\Kaspersky Lab
2012-10-15 14:19 . 2012-10-15 14:19 -------- d-----w- c:\program files (x86)\Kaspersky Lab
2012-10-15 14:07 . 2012-10-18 03:40 -------- d-----w- C:\TDSSKiller_Quarantine
2012-10-15 13:51 . 2012-10-17 20:24 -------- d-----w- c:\program files (x86)\NT Registry Optimizer
2012-10-15 13:48 . 2012-10-15 16:18 -------- d-----w- c:\program files (x86)\Everything
2012-10-15 08:29 . 2012-10-15 11:01 -------- d-----w- c:\users\vice\AppData\Local\Jaksta_Technologies_Pty_L
2012-10-13 16:01 . 2012-10-15 09:10 -------- d-----w- c:\program files (x86)\OnlineHD.TV
2012-10-13 15:15 . 2012-10-17 20:24 -------- d-----w- c:\users\vice\AppData\Roaming\DAEMON Tools Pro
2012-10-13 15:15 . 2012-10-17 20:24 -------- d-----w- c:\program files (x86)\DAEMON Tools Pro
2012-10-13 15:13 . 2012-10-17 20:24 -------- d-----w- c:\programdata\DAEMON Tools Pro
2012-10-13 13:03 . 2012-10-15 16:17 -------- d-----w- c:\programdata\ActivePath
2012-10-13 13:03 . 2012-10-17 20:24 -------- d-----w- c:\program files (x86)\Uncompressor
2012-10-13 11:55 . 2012-10-17 20:24 -------- d-----w- c:\program files (x86)\Garena Plus
2012-10-13 11:55 . 2012-10-17 20:24 -------- d-----w- c:\programdata\GarenaMessenger
2012-10-13 09:09 . 2012-10-13 09:14 -------- d-----w- c:\users\vice\AppData\Local\DownTango
2012-10-13 09:08 . 2012-10-13 09:08 -------- d-----w- c:\program files (x86)\Red Sky
2012-10-13 06:29 . 2012-10-17 20:24 -------- d-----w- c:\program files (x86)\WinZip registry Optimizer1
2012-10-13 05:07 . 2012-10-13 05:07 -------- d-----w- c:\programdata\SuperHideIP
2012-10-13 04:37 . 2012-10-17 20:24 -------- d-----w- c:\users\vice\AppData\Roaming\ExpressFiles
2012-10-13 04:34 . 2012-10-13 04:34 -------- d-----w- c:\programdata\Uniblue
2012-10-13 03:56 . 2012-10-13 03:56 -------- d-----w- c:\users\vice\AppData\Local\CRE
2012-10-13 03:56 . 2012-10-15 16:22 -------- d-----w- c:\users\vice\AppData\Roaming\Nico Mak Computing
2012-10-13 03:54 . 2012-10-15 22:11 -------- d-----w- c:\users\vice\AppData\Roaming\uTorrent
2012-10-13 03:27 . 2012-10-13 11:27 -------- d-----w- c:\users\vice\AppData\Roaming\Uniblue
2012-10-13 02:54 . 2012-10-13 02:54 -------- d-----w- c:\users\vice\.myPhoneDesktop
2012-10-12 19:12 . 2012-10-12 20:00 -------- d-----w- c:\users\vice\AppData\Roaming\Paltalk
2012-10-12 19:10 . 2012-10-12 19:13 -------- d-----w- c:\program files (x86)\Paltalk Messenger
2012-10-12 18:09 . 2012-10-12 21:26 -------- d-----w- c:\users\vice\AppData\Roaming\AVG LiveKive
2012-10-12 18:08 . 2012-10-12 18:08 -------- d-----w- c:\program files (x86)\AVG LiveKive
2012-10-12 17:58 . 2012-08-31 18:19 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-10-12 17:58 . 2012-08-30 18:03 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-10-12 17:58 . 2012-08-30 17:12 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-10-12 17:58 . 2012-08-30 17:12 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-10-12 17:44 . 2012-10-12 17:44 -------- d-----w- c:\program files (x86)\WinPcap
2012-10-10 09:36 . 2012-09-27 18:07 160992 ----a-w- c:\windows\system32\drivers\idmwfp.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-15 22:06 . 2012-10-15 20:50 288887 ----a-w- C:\MGlogs.zip
2012-10-12 18:56 . 2012-04-06 20:24 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-12 18:56 . 2011-07-11 02:57 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-28 07:18 . 2011-07-06 20:15 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-08-24 22:43 . 2012-08-24 22:43 384352 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2012-08-21 20:01 . 2011-07-07 11:39 125872 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-08-21 20:01 . 2011-07-07 11:39 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2012-08-20 17:38 . 2012-10-12 17:57 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-07-26 10:21 . 2012-07-26 10:21 291680 ----a-w- c:\windows\system32\drivers\avgldx64.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2012-10-10 3536320]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2012-10-12 109336]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-02-11 1295736]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2012-10-12 109336]
.
c:\users\vice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MegaCloud Backup.lnk - c:\users\vice\AppData\Roaming\MegaCloudBackup\MegaCloudBackup.exe [2012-7-19 10986672]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableStartupSound"= 1 (0x1)
"DisableStatusMessages"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoThumbnailCache"= 1 (0x1)
"DisableThumbnailsOnNetworkFolders"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG10\avgchsva.exe /sync\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2012\avgfws.exe [2012-06-13 2321560]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-08-13 5167736]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-28 136176]
R2 OpenVPNAccessClient;OpenVPN Access Client;c:\program files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe [2011-08-05 24064]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-12 250808]
R3 appliand;Applian Network Service;c:\windows\system32\DRIVERS\appliand.sys [2011-06-26 33888]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-28 136176]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-08-01 113120]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2011-05-10 22528]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-02-01 232992]
R3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys [2010-10-07 30720]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-03 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [2011-05-23 48992]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-07-26 291680]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-08-24 384352]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AcuWVSSchedulerv6;Acunetix WVS Scheduler v6;c:\program files (x86)\Acunetix\Web Vulnerability Scanner 6\WVSScheduler.exe [2008-11-24 994952]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-06-27 2369960]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2012-09-27 160992]
S2 IHA_MessageCenter;IHA_MessageCenter;c:\program files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2012-06-12 335888]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-07-18 375208]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2012-04-02 15928]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35344]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-12-09 2320920]
S3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\appliand.sys [2011-06-26 33888]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2009-07-07 9216]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-10 158720]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-04-20 169584]
S3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-02-11 54136]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560]
S3 TS_AR5416;[CommView] Atheros AR5008 Wireless Network Adapter Service 7.7;c:\windows\system32\DRIVERS\ts_athwx.sys [2011-09-05 18:56 2156872]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 95219276
*Deregistered* - 95219276
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 18:56]
.
2012-10-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-28 01:36]
.
2012-10-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-28 01:36]
.
2012-10-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-254672792-3389915106-1260256797-1000Core.job
- c:\users\vice\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-01 16:59]
.
2012-10-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-254672792-3389915106-1260256797-1000UA.job
- c:\users\vice\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-01 16:59]
.
2012-10-12 c:\windows\Tasks\MegaCloud Backup.job
- c:\users\vice\AppData\Roaming\MegaCloudBackup\MegaCloudBackup.exe [2012-07-20 18:20]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0MegaCloudNormal]
@="{03FB4211-3964-44E8-97D7-A2FA49CF5576}"
[HKEY_CLASSES_ROOT\CLSID\{03FB4211-3964-44E8-97D7-A2FA49CF5576}]
2012-07-17 22:28 237232 ----a-w- c:\users\vice\AppData\Roaming\MegaCloud\MegaCloudShellExtx64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1MegaCloudModified]
@="{03FB4212-3964-44E8-97D7-A2FA49CF5576}"
[HKEY_CLASSES_ROOT\CLSID\{03FB4212-3964-44E8-97D7-A2FA49CF5576}]
2012-07-17 22:28 237232 ----a-w- c:\users\vice\AppData\Roaming\MegaCloud\MegaCloudShellExtx64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2MeagCloudError]
@="{03FB4213-3964-44E8-97D7-A2FA49CF5576}"
[HKEY_CLASSES_ROOT\CLSID\{03FB4213-3964-44E8-97D7-A2FA49CF5576}]
2012-07-17 22:28 237232 ----a-w- c:\users\vice\AppData\Roaming\MegaCloud\MegaCloudShellExtx64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-02-08 00:49 23432 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2010-03-22 521272]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.toshiba.com/
uInternet Settings,ProxyOverride = *.local
IE: Customize Menu - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: Fill Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Save Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Show RoboForm Toolbar - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\vice\AppData\Roaming\Mozilla\Firefox\Profiles\ezcijjos.default\
FF - prefs.js: network.proxy.http - 68.51.25.29
FF - prefs.js: network.proxy.http_port - 8085
FF - prefs.js: network.proxy.ssl - 68.51.25.29
FF - prefs.js: network.proxy.ssl_port - 8085
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2012-08-30 09:32; {F53C93F1-07D5-430c-86D4-C9531B27DFAF}; c:\program files (x86)\AVG\AVG2012\Firefox\DoNotTrack
FF - ExtSQL: 2012-10-12 22:08; [email protected]; c:\users\vice\AppData\Roaming\Mozilla\Firefox\Profiles\ezcijjos.default\extensions\[email protected]
FF - ExtSQL: 2012-10-14 21:35; {8743b663-b854-4f75-bc82-8f7e751e759f}; c:\users\vice\AppData\Roaming\Mozilla\Firefox\Profiles\ezcijjos.default\extensions\{8743b663-b854-4f75-bc82-8f7e751e759f}.xpi
FF - ExtSQL: 2012-10-14 22:23; {7067a92c-1db4-4e5e-869c-25f841287f8b}; c:\users\vice\AppData\Roaming\Mozilla\Firefox\Profiles\ezcijjos.default\extensions\{7067a92c-1db4-4e5e-869c-25f841287f8b}.xpi
FF - ExtSQL: 2012-10-14 22:58; [email protected]; c:\users\vice\AppData\Roaming\Mozilla\Firefox\Profiles\ezcijjos.default\extensions\[email protected]
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
Toolbar-{EFEED92A-A33D-4873-BA8F-32BAA631E54D} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{724D43A0-0D85-11D4-9908-00400523E39A}"=hex:51,66,7a,6c,4c,1d,38,12,ce,40,5e,
76,b7,43,ba,54,e6,1e,43,00,00,7d,a7,8e
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{0055C089-8582-441B-A0BF-17B458C2A3A8}"=hex:51,66,7a,6c,4c,1d,38,12,e7,c3,46,
04,b0,cb,75,01,df,a9,54,f4,5d,9c,e7,bc
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,
38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4
"{53707962-6F74-2D53-2644-206D7942484F}"=hex:51,66,7a,6c,4c,1d,38,12,0c,7a,63,
57,46,21,3d,68,59,52,63,2d,7c,1c,0c,5b
"{724D43A9-0D85-11D4-9908-00400523E39A}"=hex:51,66,7a,6c,4c,1d,38,12,c7,40,5e,
76,b7,43,ba,54,e6,1e,43,00,00,7d,a7,8e
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{F3C88694-EFFA-4D78-B409-54B7B2535B14}"=hex:51,66,7a,6c,4c,1d,38,12,fa,85,db,
f7,c8,a1,16,08,cb,1f,17,f7,b7,0d,1f,00
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:89,d3,4c,fa,ad,fc,cc,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,78,72,e2,b3,64,98,10,41,97,72,f7,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,78,72,e2,b3,64,98,10,41,97,72,f7,\
.
[HKEY_USERS\S-1-5-21-254672792-3389915106-1260256797-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):a0,e6,5f,70,06,e0,78,f2,d1,89,71,17,0c,42,7c,d4,0b,52,f4,9f,9c,
ac,ed,9c,b1,ed,fd,95,77,01,69,f9,96,fa,d5,c2,7c,62,46,e5,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-254672792-3389915106-1260256797-1000_Classes\Wow6432Node\CLSID\{846caa37-a98f-4e72-8a1f-510383bd0d5f}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000013b
"Therad"=dword:0000001d
"MData"=hex(0):60,30,27,fc,51,42,d1,67,ba,82,c3,bf,9e,88,cb,eb,9e,fe,a3,bf,43,
ff,06,6e,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-10-17 20:55:39
ComboFix-quarantined-files.txt 2012-10-18 03:55
.
Pre-Run: 199,935,672,320 bytes free
Post-Run: 199,550,607,360 bytes free
.
- - End Of File - - 8D65C22E12A13660642ED3CB2C3A54A5

21:49:20.0663 5724 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
21:49:21.0927 5724 ============================================================
21:49:21.0927 5724 Current date / time: 2012/10/17 21:49:21.0927
21:49:21.0927 5724 SystemInfo:
21:49:21.0927 5724
21:49:21.0927 5724 OS Version: 6.1.7601 ServicePack: 1.0
21:49:21.0927 5724 Product type: Workstation
21:49:21.0927 5724 ComputerName: NOTHING
21:49:21.0927 5724 UserName: vice
21:49:21.0927 5724 Windows directory: C:\windows
21:49:21.0927 5724 System windows directory: C:\windows
21:49:21.0927 5724 Running under WOW64
21:49:21.0927 5724 Processor architecture: Intel x64
21:49:21.0927 5724 Number of processors: 4
21:49:21.0927 5724 Page size: 0x1000
21:49:21.0927 5724 Boot type: Normal boot
21:49:21.0927 5724 ============================================================
21:49:22.0270 5724 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:49:22.0285 5724 ============================================================
21:49:22.0285 5724 \Device\Harddisk0\DR0:
21:49:22.0285 5724 MBR partitions:
21:49:22.0285 5724 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x23CA0000
21:49:22.0285 5724 ============================================================
21:49:22.0332 5724 C: <-> \Device\Harddisk0\DR0\Partition1
21:49:22.0332 5724 ============================================================
21:49:22.0332 5724 Initialize success
21:49:22.0332 5724 ============================================================
21:49:40.0147 3524 ============================================================
21:49:40.0147 3524 Scan started
21:49:40.0147 3524 Mode: Manual; SigCheck; TDLFS;
21:49:40.0147 3524 ============================================================
21:49:40.0381 3524 ================ Scan system memory ========================
21:49:40.0381 3524 System memory - ok
21:49:40.0381 3524 ================ Scan services =============================
21:49:40.0584 3524 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
21:49:40.0678 3524 1394ohci - ok
21:49:40.0725 3524 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys
21:49:40.0740 3524 ACPI - ok
21:49:40.0771 3524 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
21:49:40.0787 3524 AcpiPmi - ok
21:49:40.0896 3524 [ A410D17A1A278F391D2EC02243CC7B9A ] AcuWVSSchedulerv6 C:\Program Files (x86)\Acunetix\Web Vulnerability Scanner 6\WVSScheduler.exe
21:49:40.0943 3524 AcuWVSSchedulerv6 - ok
21:49:41.0021 3524 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:49:41.0052 3524 AdobeARMservice - ok
21:49:41.0177 3524 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:49:41.0208 3524 AdobeFlashPlayerUpdateSvc - ok
21:49:41.0255 3524 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\DRIVERS\adp94xx.sys
21:49:41.0271 3524 adp94xx - ok
21:49:41.0317 3524 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\DRIVERS\adpahci.sys
21:49:41.0333 3524 adpahci - ok
21:49:41.0364 3524 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\DRIVERS\adpu320.sys
21:49:41.0380 3524 adpu320 - ok
21:49:41.0411 3524 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
21:49:41.0442 3524 AeLookupSvc - ok
21:49:41.0505 3524 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys
21:49:41.0520 3524 AFD - ok
21:49:41.0551 3524 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys
21:49:41.0567 3524 agp440 - ok
21:49:41.0598 3524 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe
21:49:41.0614 3524 ALG - ok
21:49:41.0661 3524 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys
21:49:41.0692 3524 aliide - ok
21:49:41.0707 3524 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys
21:49:41.0723 3524 amdide - ok
21:49:41.0754 3524 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\DRIVERS\amdk8.sys
21:49:41.0770 3524 AmdK8 - ok
21:49:41.0785 3524 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys
21:49:41.0801 3524 AmdPPM - ok
21:49:41.0848 3524 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys
21:49:41.0879 3524 amdsata - ok
21:49:41.0910 3524 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\DRIVERS\amdsbs.sys
21:49:41.0926 3524 amdsbs - ok
21:49:41.0973 3524 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys
21:49:41.0988 3524 amdxata - ok
21:49:42.0051 3524 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys
21:49:42.0097 3524 AppID - ok
21:49:42.0129 3524 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll
21:49:42.0175 3524 AppIDSvc - ok
21:49:42.0222 3524 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll
21:49:42.0253 3524 Appinfo - ok
21:49:42.0331 3524 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:49:42.0347 3524 Apple Mobile Device - ok
21:49:42.0394 3524 [ 0EEFF7103E4F3E783F3D2B870AF67F1C ] appliand C:\windows\system32\DRIVERS\appliand.sys
21:49:42.0425 3524 appliand - ok
21:49:42.0425 3524 [ 0EEFF7103E4F3E783F3D2B870AF67F1C ] appliandMP C:\windows\system32\DRIVERS\appliand.sys
21:49:42.0441 3524 appliandMP - ok
21:49:42.0503 3524 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\DRIVERS\arc.sys
21:49:42.0519 3524 arc - ok
21:49:42.0534 3524 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\DRIVERS\arcsas.sys
21:49:42.0550 3524 arcsas - ok
21:49:42.0643 3524 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
21:49:42.0675 3524 aspnet_state - ok
21:49:42.0690 3524 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
21:49:42.0737 3524 AsyncMac - ok
21:49:42.0753 3524 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys
21:49:42.0799 3524 atapi - ok
21:49:42.0862 3524 [ D6CAD7E5B05055BB8226BDCB1644DA27 ] athr C:\windows\system32\DRIVERS\athrx.sys
21:49:42.0940 3524 athr - ok
21:49:42.0987 3524 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
21:49:43.0033 3524 AudioEndpointBuilder - ok
21:49:43.0049 3524 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll
21:49:43.0096 3524 AudioSrv - ok
21:49:43.0143 3524 [ 96B4456F1DCA4EDA506ED31C7D2D6B05 ] Avgfwfd C:\windows\system32\DRIVERS\avgfwd6a.sys
21:49:43.0158 3524 Avgfwfd - ok
21:49:43.0283 3524 [ BD5D11CEDBCDE4FA97D2387E7069B1FF ] avgfws C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
21:49:43.0345 3524 avgfws - ok
21:49:43.0470 3524 [ F6A528DE535396C2FB1A4E3C6F00CEC4 ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
21:49:43.0564 3524 AVGIDSAgent - ok
21:49:43.0611 3524 [ 1B2E9FCDC26DC7C81D4131430E2DC936 ] AVGIDSDriver C:\windows\system32\DRIVERS\avgidsdrivera.sys
21:49:43.0626 3524 AVGIDSDriver - ok
21:49:43.0657 3524 [ 0F293406F64B48D5D2F0D3A1117F3A83 ] AVGIDSFilter C:\windows\system32\DRIVERS\avgidsfiltera.sys
21:49:43.0673 3524 AVGIDSFilter - ok
21:49:43.0735 3524 [ CFFC3A4A638F462E0561CB368B9A7A3A ] AVGIDSHA C:\windows\system32\DRIVERS\avgidsha.sys
21:49:43.0751 3524 AVGIDSHA - ok
21:49:43.0798 3524 [ 221FEBAB02D6C97C95558348CC354A85 ] Avgldx64 C:\windows\system32\DRIVERS\avgldx64.sys
21:49:43.0813 3524 Avgldx64 - ok
21:49:43.0829 3524 [ A6AEC362AAE5E2DDA7445E7690CB0F33 ] Avgmfx64 C:\windows\system32\DRIVERS\avgmfx64.sys
21:49:43.0845 3524 Avgmfx64 - ok
21:49:43.0876 3524 [ 645C7F0A0E39758A0024A9B1748273C0 ] Avgrkx64 C:\windows\system32\DRIVERS\avgrkx64.sys
21:49:43.0891 3524 Avgrkx64 - ok
21:49:43.0923 3524 [ F8C3C7ED612A41B05C66358FC9786BFD ] Avgtdia C:\windows\system32\DRIVERS\avgtdia.sys
21:49:43.0938 3524 Avgtdia - ok
21:49:43.0969 3524 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
21:49:43.0985 3524 avgwd - ok
21:49:44.0016 3524 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll
21:49:44.0032 3524 AxInstSV - ok
21:49:44.0079 3524 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\DRIVERS\bxvbda.sys
21:49:44.0110 3524 b06bdrv - ok
21:49:44.0141 3524 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
21:49:44.0157 3524 b57nd60a - ok
21:49:44.0188 3524 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll
21:49:44.0203 3524 BDESVC - ok
21:49:44.0235 3524 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys
21:49:44.0313 3524 Beep - ok
21:49:44.0359 3524 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll
21:49:44.0453 3524 BFE - ok
21:49:44.0469 3524 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\system32\qmgr.dll
21:49:44.0515 3524 BITS - ok
21:49:44.0547 3524 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
21:49:44.0562 3524 blbdrive - ok
21:49:44.0687 3524 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
21:49:44.0718 3524 Bonjour Service - ok
21:49:44.0765 3524 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys
21:49:44.0781 3524 bowser - ok
21:49:44.0812 3524 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\DRIVERS\BrFiltLo.sys
21:49:44.0827 3524 BrFiltLo - ok
21:49:44.0843 3524 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\DRIVERS\BrFiltUp.sys
21:49:44.0859 3524 BrFiltUp - ok
21:49:44.0905 3524 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\windows\system32\DRIVERS\bridge.sys
21:49:44.0952 3524 BridgeMP - ok
21:49:44.0999 3524 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\windows\System32\browser.dll
21:49:45.0015 3524 Browser - ok
21:49:45.0046 3524 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys
21:49:45.0061 3524 Brserid - ok
21:49:45.0077 3524 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
21:49:45.0093 3524 BrSerWdm - ok
21:49:45.0124 3524 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
21:49:45.0139 3524 BrUsbMdm - ok
21:49:45.0171 3524 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
21:49:45.0186 3524 BrUsbSer - ok
21:49:45.0202 3524 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys
21:49:45.0217 3524 BTHMODEM - ok
21:49:45.0249 3524 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll
21:49:45.0295 3524 bthserv - ok
21:49:45.0420 3524 catchme - ok
21:49:45.0451 3524 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
21:49:45.0498 3524 cdfs - ok
21:49:45.0545 3524 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
21:49:45.0561 3524 cdrom - ok
21:49:45.0607 3524 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll
21:49:45.0654 3524 CertPropSvc - ok
21:49:45.0685 3524 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\DRIVERS\circlass.sys
21:49:45.0701 3524 circlass - ok
21:49:45.0748 3524 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys
21:49:45.0763 3524 CLFS - ok
21:49:45.0810 3524 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:49:45.0826 3524 clr_optimization_v2.0.50727_32 - ok
21:49:45.0873 3524 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:49:45.0888 3524 clr_optimization_v2.0.50727_64 - ok
21:49:45.0935 3524 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:49:45.0951 3524 clr_optimization_v4.0.30319_32 - ok
21:49:45.0982 3524 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:49:45.0997 3524 clr_optimization_v4.0.30319_64 - ok
21:49:46.0013 3524 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
21:49:46.0029 3524 CmBatt - ok
21:49:46.0060 3524 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys
21:49:46.0075 3524 cmdide - ok
21:49:46.0107 3524 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\windows\system32\Drivers\cng.sys
21:49:46.0138 3524 CNG - ok
21:49:46.0185 3524 [ 25C58EE97BE0416A373E3E4F855206B5 ] CnxtHdAudService C:\windows\system32\drivers\CHDRT64.sys
21:49:46.0216 3524 CnxtHdAudService - ok
21:49:46.0247 3524 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys
21:49:46.0263 3524 Compbatt - ok
21:49:46.0294 3524 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\drivers\CompositeBus.sys
21:49:46.0325 3524 CompositeBus - ok
21:49:46.0325 3524 COMSysApp - ok
21:49:46.0356 3524 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\DRIVERS\crcdisk.sys
21:49:46.0356 3524 crcdisk - ok
21:49:46.0419 3524 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\windows\system32\cryptsvc.dll
21:49:46.0465 3524 CryptSvc - ok
21:49:46.0528 3524 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll
21:49:46.0590 3524 DcomLaunch - ok
21:49:46.0621 3524 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll
21:49:46.0684 3524 defragsvc - ok
21:49:46.0699 3524 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys
21:49:46.0746 3524 DfsC - ok
21:49:46.0793 3524 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll
21:49:46.0840 3524 Dhcp - ok
21:49:46.0871 3524 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys
21:49:46.0902 3524 discache - ok
21:49:46.0933 3524 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\DRIVERS\disk.sys
21:49:46.0965 3524 Disk - ok
21:49:46.0996 3524 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll
21:49:47.0027 3524 Dnscache - ok
21:49:47.0058 3524 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll
21:49:47.0121 3524 dot3svc - ok
21:49:47.0136 3524 [ B42ED0320C6E41102FDE0005154849BB ] dot4 C:\windows\system32\DRIVERS\Dot4.sys
21:49:47.0167 3524 dot4 - ok
21:49:47.0183 3524 [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print C:\windows\system32\DRIVERS\Dot4Prt.sys
21:49:47.0214 3524 Dot4Print - ok
21:49:47.0245 3524 [ 488669CD1CD3BDCFDD9A5FDA72209069 ] Dot4Scan C:\windows\system32\DRIVERS\Dot4Scan.sys
21:49:47.0261 3524 Dot4Scan - ok
21:49:47.0277 3524 [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb C:\windows\system32\DRIVERS\dot4usb.sys
21:49:47.0308 3524 dot4usb - ok
21:49:47.0339 3524 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll
21:49:47.0386 3524 DPS - ok
21:49:47.0417 3524 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
21:49:47.0448 3524 drmkaud - ok
21:49:47.0479 3524 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
21:49:47.0526 3524 DXGKrnl - ok
21:49:47.0557 3524 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll
21:49:47.0604 3524 EapHost - ok
21:49:47.0698 3524 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\DRIVERS\evbda.sys
21:49:47.0791 3524 ebdrv - ok
21:49:47.0823 3524 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe
21:49:47.0838 3524 EFS - ok
21:49:47.0901 3524 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe
21:49:47.0947 3524 ehRecvr - ok
21:49:47.0979 3524 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe
21:49:48.0010 3524 ehSched - ok
21:49:48.0041 3524 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\DRIVERS\elxstor.sys
21:49:48.0072 3524 elxstor - ok
21:49:48.0103 3524 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys
21:49:48.0119 3524 ErrDev - ok
21:49:48.0166 3524 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll
21:49:48.0213 3524 EventSystem - ok
21:49:48.0228 3524 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys
21:49:48.0275 3524 exfat - ok
21:49:48.0306 3524 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys
21:49:48.0353 3524 fastfat - ok
21:49:48.0384 3524 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe
21:49:48.0415 3524 Fax - ok
21:49:48.0431 3524 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\DRIVERS\fdc.sys
21:49:48.0447 3524 fdc - ok
21:49:48.0478 3524 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll
21:49:48.0509 3524 fdPHost - ok
21:49:48.0525 3524 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll
21:49:48.0556 3524 FDResPub - ok
21:49:48.0603 3524 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
21:49:48.0618 3524 FileInfo - ok
21:49:48.0618 3524 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys
21:49:48.0665 3524 Filetrace - ok
21:49:48.0681 3524 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\DRIVERS\flpydisk.sys
21:49:48.0696 3524 flpydisk - ok
21:49:48.0727 3524 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
21:49:48.0743 3524 FltMgr - ok
21:49:48.0774 3524 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\windows\system32\FntCache.dll
21:49:48.0821 3524 FontCache - ok
21:49:48.0868 3524 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:49:48.0883 3524 FontCache3.0.0.0 - ok
21:49:48.0915 3524 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys
21:49:48.0930 3524 FsDepends - ok
21:49:48.0961 3524 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
21:49:48.0977 3524 Fs_Rec - ok
21:49:49.0024 3524 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
21:49:49.0055 3524 fvevol - ok
21:49:49.0086 3524 [ 60ACB128E64C35C2B4E4AAB1B0A5C293 ] FwLnk C:\windows\system32\DRIVERS\FwLnk.sys
21:49:49.0102 3524 FwLnk - ok
21:49:49.0133 3524 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\DRIVERS\gagp30kx.sys
21:49:49.0149 3524 gagp30kx - ok
21:49:49.0164 3524 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\windows\system32\DRIVERS\GEARAspiWDM.sys
21:49:49.0180 3524 GEARAspiWDM - ok
21:49:49.0227 3524 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll
21:49:49.0289 3524 gpsvc - ok
21:49:49.0351 3524 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:49:49.0367 3524 gupdate - ok
21:49:49.0398 3524 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:49:49.0429 3524 gupdatem - ok
21:49:49.0476 3524 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
21:49:49.0492 3524 gusvc - ok
21:49:49.0523 3524 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\windows\system32\DRIVERS\hamachi.sys
21:49:49.0539 3524 hamachi - ok
21:49:49.0663 3524 [ 21D24138B736983F6E23823E092E9428 ] Hamachi2Svc C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
21:49:49.0726 3524 Hamachi2Svc - ok
21:49:49.0757 3524 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
21:49:49.0757 3524 hcw85cir - ok
21:49:49.0804 3524 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
21:49:49.0819 3524 HdAudAddService - ok
21:49:49.0866 3524 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\drivers\HDAudBus.sys
21:49:49.0882 3524 HDAudBus - ok
21:49:49.0913 3524 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\windows\system32\DRIVERS\HECIx64.sys
21:49:49.0929 3524 HECIx64 - ok
21:49:49.0960 3524 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\DRIVERS\HidBatt.sys
21:49:49.0975 3524 HidBatt - ok
21:49:50.0007 3524 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\DRIVERS\hidbth.sys
21:49:50.0022 3524 HidBth - ok
21:49:50.0038 3524 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\DRIVERS\hidir.sys
21:49:50.0053 3524 HidIr - ok
21:49:50.0085 3524 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\System32\hidserv.dll
21:49:50.0116 3524 hidserv - ok
21:49:50.0147 3524 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
21:49:50.0163 3524 HidUsb - ok
21:49:50.0194 3524 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll
21:49:50.0225 3524 hkmsvc - ok
21:49:50.0256 3524 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
21:49:50.0272 3524 HomeGroupListener - ok
21:49:50.0303 3524 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
21:49:50.0319 3524 HomeGroupProvider - ok
21:49:50.0365 3524 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
21:49:50.0381 3524 HpSAMD - ok
21:49:50.0428 3524 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys
21:49:50.0490 3524 HTTP - ok
21:49:50.0521 3524 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
21:49:50.0537 3524 hwpolicy - ok
21:49:50.0568 3524 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\drivers\i8042prt.sys
21:49:50.0584 3524 i8042prt - ok
21:49:50.0631 3524 [ 85977CD13FC16069CE0AF7943A811775 ] iaStor C:\windows\system32\DRIVERS\iaStor.sys
21:49:50.0646 3524 iaStor - ok
21:49:50.0677 3524 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
21:49:50.0693 3524 iaStorV - ok
21:49:50.0755 3524 [ 6F37465EAF6E043A20B432228FED2BF5 ] IDMWFP C:\windows\system32\DRIVERS\idmwfp.sys
21:49:50.0787 3524 IDMWFP - ok
21:49:50.0833 3524 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:49:50.0865 3524 idsvc - ok
21:49:51.0083 3524 [ 898AB5BFED7040D7AB07AF01885EB944 ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys
21:49:51.0333 3524 igfx - ok
21:49:51.0426 3524 [ 5CAB9D1AB5C9384D28DFF89DBE7A72BB ] IHA_MessageCenter C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
21:49:51.0442 3524 IHA_MessageCenter ( UnsignedFile.Multi.Generic ) - warning
21:49:51.0457 3524 IHA_MessageCenter - detected UnsignedFile.Multi.Generic (1)
21:49:51.0473 3524 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\DRIVERS\iirsp.sys
21:49:51.0504 3524 iirsp - ok
21:49:51.0535 3524 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll
21:49:51.0598 3524 IKEEXT - ok
21:49:51.0629 3524 [ 4B6363CD4610BB848531BB260B15DFCC ] Impcd C:\windows\system32\DRIVERS\Impcd.sys
21:49:51.0645 3524 Impcd - ok
21:49:51.0676 3524 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys
21:49:51.0676 3524 intelide - ok
21:49:51.0707 3524 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
21:49:51.0738 3524 intelppm - ok
21:49:51.0769 3524 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll
21:49:51.0801 3524 IPBusEnum - ok
21:49:51.0832 3524 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
21:49:51.0863 3524 IpFilterDriver - ok
21:49:51.0894 3524 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\windows\System32\iphlpsvc.dll
21:49:51.0941 3524 iphlpsvc - ok
21:49:51.0972 3524 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
21:49:51.0988 3524 IPMIDRV - ok
21:49:52.0019 3524 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys
21:49:52.0050 3524 IPNAT - ok
21:49:52.0113 3524 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
21:49:52.0128 3524 iPod Service - ok
21:49:52.0159 3524 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys
21:49:52.0175 3524 IRENUM - ok
21:49:52.0206 3524 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys
21:49:52.0206 3524 isapnp - ok
21:49:52.0237 3524 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
21:49:52.0253 3524 iScsiPrt - ok
21:49:52.0269 3524 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\drivers\kbdclass.sys
21:49:52.0284 3524 kbdclass - ok
21:49:52.0315 3524 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\drivers\kbdhid.sys
21:49:52.0331 3524 kbdhid - ok
21:49:52.0347 3524 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe
21:49:52.0362 3524 KeyIso - ok
21:49:52.0393 3524 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
21:49:52.0440 3524 KSecDD - ok
21:49:52.0471 3524 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
21:49:52.0487 3524 KSecPkg - ok
21:49:52.0503 3524 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
21:49:52.0534 3524 ksthunk - ok
21:49:52.0581 3524 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll
21:49:52.0643 3524 KtmRm - ok
21:49:52.0674 3524 [ 655A5D8E80869781CCE23760ADA7E695 ] L1C C:\windows\system32\DRIVERS\L1C62x64.sys
21:49:52.0690 3524 L1C - ok
21:49:52.0752 3524 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\System32\srvsvc.dll
21:49:52.0830 3524 LanmanServer - ok
21:49:52.0893 3524 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
21:49:52.0939 3524 LanmanWorkstation - ok
21:49:52.0986 3524 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
21:49:53.0017 3524 lltdio - ok
21:49:53.0064 3524 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll
21:49:53.0142 3524 lltdsvc - ok
21:49:53.0158 3524 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll
21:49:53.0189 3524 lmhosts - ok
21:49:53.0298 3524 [ 98B0FCC176DFB711B67651BECB88C445 ] LMIGuardianSvc C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
21:49:53.0314 3524 LMIGuardianSvc - ok
21:49:53.0361 3524 [ 0317335B15FF3BDA8E10197E3434CFC0 ] LMIInfo C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys
21:49:53.0376 3524 LMIInfo - ok
21:49:53.0423 3524 [ B712511029CBD68645A90A241FD6AE43 ] LMIMaint C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
21:49:53.0439 3524 LMIMaint - ok
21:49:53.0485 3524 [ 413ECDCFAD9A82804D3674C8D7EEC24E ] lmimirr C:\windows\system32\DRIVERS\lmimirr.sys
21:49:53.0501 3524 lmimirr - ok
21:49:53.0532 3524 LMIRfsClientNP - ok
21:49:53.0563 3524 [ C57D3FAA50E6F395759FFB7C709BD944 ] LMIRfsDriver C:\windows\system32\drivers\LMIRfsDriver.sys
21:49:53.0579 3524 LMIRfsDriver - ok
21:49:53.0673 3524 [ 259E9D38F7CABB068530101F87B6C202 ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
21:49:53.0688 3524 LMS - ok
21:49:53.0735 3524 [ D3760BC17E1755091B7120CF32DBF56B ] LogMeIn C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
21:49:53.0751 3524 LogMeIn - ok
21:49:53.0782 3524 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\DRIVERS\lsi_fc.sys
21:49:53.0797 3524 LSI_FC - ok
21:49:53.0829 3524 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\DRIVERS\lsi_sas.sys
21:49:53.0844 3524 LSI_SAS - ok
21:49:53.0875 3524 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\DRIVERS\lsi_sas2.sys
21:49:53.0875 3524 LSI_SAS2 - ok
21:49:53.0922 3524 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\DRIVERS\lsi_scsi.sys
21:49:53.0922 3524 LSI_SCSI - ok
21:49:53.0938 3524 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys
21:49:53.0985 3524 luafv - ok
21:49:54.0000 3524 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
21:49:54.0016 3524 Mcx2Svc - ok
21:49:54.0031 3524 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\DRIVERS\megasas.sys
21:49:54.0047 3524 megasas - ok
21:49:54.0063 3524 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\DRIVERS\MegaSR.sys
21:49:54.0078 3524 MegaSR - ok
21:49:54.0141 3524 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
21:49:54.0156 3524 Microsoft Office Groove Audit Service - ok
21:49:54.0187 3524 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll
21:49:54.0234 3524 MMCSS - ok
21:49:54.0265 3524 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys
21:49:54.0297 3524 Modem - ok
21:49:54.0328 3524 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys
21:49:54.0343 3524 monitor - ok
21:49:54.0390 3524 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
21:49:54.0406 3524 mouclass - ok
21:49:54.0453 3524 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
21:49:54.0468 3524 mouhid - ok
21:49:54.0484 3524 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys
21:49:54.0499 3524 mountmgr - ok
21:49:54.0593 3524 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
21:49:54.0609 3524 MozillaMaintenance - ok
21:49:54.0640 3524 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys
21:49:54.0655 3524 mpio - ok
21:49:54.0687 3524 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
21:49:54.0718 3524 mpsdrv - ok
21:49:54.0765 3524 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\windows\system32\mpssvc.dll
21:49:54.0811 3524 MpsSvc - ok
21:49:54.0827 3524 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
21:49:54.0858 3524 MRxDAV - ok
21:49:54.0889 3524 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
21:49:54.0905 3524 mrxsmb - ok
21:49:54.0936 3524 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
21:49:54.0967 3524 mrxsmb10 - ok
21:49:54.0999 3524 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
21:49:55.0030 3524 mrxsmb20 - ok
21:49:55.0045 3524 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\drivers\msahci.sys
21:49:55.0061 3524 msahci - ok
21:49:55.0077 3524 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys
21:49:55.0092 3524 msdsm - ok
21:49:55.0123 3524 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe
21:49:55.0139 3524 MSDTC - ok
21:49:55.0170 3524 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys
21:49:55.0217 3524 Msfs - ok
21:49:55.0217 3524 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
21:49:55.0264 3524 mshidkmdf - ok
21:49:55.0295 3524 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys
21:49:55.0295 3524 msisadrv - ok
21:49:55.0342 3524 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll
21:49:55.0404 3524 MSiSCSI - ok
21:49:55.0404 3524 msiserver - ok
21:49:55.0420 3524 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
21:49:55.0467 3524 MSKSSRV - ok
21:49:55.0482 3524 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
21:49:55.0513 3524 MSPCLOCK - ok
21:49:55.0545 3524 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
21:49:55.0576 3524 MSPQM - ok
21:49:55.0607 3524 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys
21:49:55.0623 3524 MsRPC - ok
21:49:55.0638 3524 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\drivers\mssmbios.sys
21:49:55.0654 3524 mssmbios - ok
21:49:55.0685 3524 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
21:49:55.0716 3524 MSTEE - ok
21:49:55.0732 3524 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\DRIVERS\MTConfig.sys
21:49:55.0747 3524 MTConfig - ok
21:49:55.0763 3524 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys
21:49:55.0779 3524 Mup - ok
21:49:55.0810 3524 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll
21:49:55.0857 3524 napagent - ok
21:49:55.0903 3524 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
21:49:55.0935 3524 NativeWifiP - ok
21:49:55.0981 3524 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\windows\system32\drivers\ndis.sys
21:49:56.0013 3524 NDIS - ok
21:49:56.0044 3524 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
21:49:56.0106 3524 NdisCap - ok
21:49:56.0137 3524 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
21:49:56.0169 3524 NdisTapi - ok
21:49:56.0184 3524 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
21:49:56.0215 3524 Ndisuio - ok
21:49:56.0247 3524 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
21:49:56.0278 3524 NdisWan - ok
21:49:56.0309 3524 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
21:49:56.0340 3524 NDProxy - ok
21:49:56.0387 3524 [ 6F4607E2333FE21E9E3FF8133A88B35B ] Netaapl C:\windows\system32\DRIVERS\netaapl64.sys
21:49:56.0418 3524 Netaapl - ok
21:49:56.0449 3524 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
21:49:56.0496 3524 NetBIOS - ok
21:49:56.0527 3524 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
21:49:56.0574 3524 NetBT - ok
21:49:56.0574 3524 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe
21:49:56.0590 3524 Netlogon - ok
21:49:56.0637 3524 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll
21:49:56.0699 3524 Netman - ok
21:49:56.0730 3524 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:49:56.0746 3524 NetMsmqActivator - ok
21:49:56.0746 3524 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:49:56.0761 3524 NetPipeActivator - ok
21:49:56.0793 3524 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll
21:49:56.0839 3524 netprofm - ok
21:49:56.0855 3524 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:49:56.0871 3524 NetTcpActivator - ok
21:49:56.0871 3524 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:49:56.0886 3524 NetTcpPortSharing - ok
21:49:56.0902 3524 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\DRIVERS\nfrd960.sys
21:49:56.0917 3524 nfrd960 - ok
21:49:56.0949 3524 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\windows\System32\nlasvc.dll
21:49:56.0995 3524 NlaSvc - ok
21:49:57.0042 3524 [ 351533ACC2A069B94E80BBFC177E8FDF ] NPF C:\windows\system32\drivers\npf.sys
21:49:57.0058 3524 NPF - ok
21:49:57.0058 3524 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys
21:49:57.0105 3524 Npfs - ok
21:49:57.0105 3524 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll
21:49:57.0151 3524 nsi - ok
21:49:57.0167 3524 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
21:49:57.0198 3524 nsiproxy - ok
21:49:57.0261 3524 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
21:49:57.0354 3524 Ntfs - ok
21:49:57.0385 3524 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys
21:49:57.0417 3524 Null - ok
21:49:57.0463 3524 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys
21:49:57.0479 3524 nvraid - ok
21:49:57.0495 3524 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys
21:49:57.0510 3524 nvstor - ok
21:49:57.0526 3524 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys
21:49:57.0541 3524 nv_agp - ok
21:49:57.0619 3524 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:49:57.0666 3524 odserv - ok
21:49:57.0682 3524 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
21:49:57.0713 3524 ohci1394 - ok
21:49:57.0791 3524 [ 6FF6EF1CC25E558CF0335928B658D11E ] OpenVPNAccessClient C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe
21:49:57.0807 3524 OpenVPNAccessClient ( UnsignedFile.Multi.Generic ) - warning
21:49:57.0807 3524 OpenVPNAccessClient - detected UnsignedFile.Multi.Generic (1)
21:49:57.0853 3524 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:49:57.0885 3524 ose - ok
21:49:57.0916 3524 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll
21:49:57.0931 3524 p2pimsvc - ok
21:49:57.0947 3524 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll
21:49:57.0963 3524 p2psvc - ok
21:49:57.0994 3524 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\DRIVERS\parport.sys
21:49:58.0009 3524 Parport - ok
21:49:58.0041 3524 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys
21:49:58.0041 3524 partmgr - ok
21:49:58.0072 3524 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll
21:49:58.0087 3524 PcaSvc - ok
21:49:58.0103 3524 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys
21:49:58.0119 3524 pci - ok
21:49:58.0134 3524 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\drivers\pciide.sys
21:49:58.0150 3524 pciide - ok
21:49:58.0181 3524 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\DRIVERS\pcmcia.sys
21:49:58.0197 3524 pcmcia - ok
21:49:58.0212 3524 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys
21:49:58.0228 3524 pcw - ok
21:49:58.0243 3524 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys
21:49:58.0306 3524 PEAUTH - ok
21:49:58.0384 3524 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe
21:49:58.0415 3524 PerfHost - ok
21:49:58.0462 3524 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll
21:49:58.0524 3524 pla - ok
21:49:58.0571 3524 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll
21:49:58.0587 3524 PlugPlay - ok
21:49:58.0633 3524 [ 64CA1485214340CACC315FFDFDED73EF ] Pml Driver HPZ12 C:\windows\system32\HPZipm12.dll
21:49:58.0633 3524 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
21:49:58.0633 3524 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
21:49:58.0649 3524 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
21:49:58.0665 3524 PNRPAutoReg - ok
21:49:58.0680 3524 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll
21:49:58.0696 3524 PNRPsvc - ok
21:49:58.0727 3524 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
21:49:58.0774 3524 PolicyAgent - ok
21:49:58.0789 3524 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll
21:49:58.0836 3524 Power - ok
21:49:58.0867 3524 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
21:49:58.0914 3524 PptpMiniport - ok
21:49:58.0945 3524 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\DRIVERS\processr.sys
21:49:58.0961 3524 Processor - ok
21:49:58.0992 3524 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll
21:49:59.0008 3524 ProfSvc - ok
21:49:59.0023 3524 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
21:49:59.0039 3524 ProtectedStorage - ok
21:49:59.0086 3524 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys
21:49:59.0117 3524 Psched - ok
21:49:59.0179 3524 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\DRIVERS\ql2300.sys
21:49:59.0211 3524 ql2300 - ok
21:49:59.0257 3524 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\DRIVERS\ql40xx.sys
21:49:59.0257 3524 ql40xx - ok
21:49:59.0289 3524 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll
21:49:59.0304 3524 QWAVE - ok
21:49:59.0320 3524 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
21:49:59.0335 3524 QWAVEdrv - ok
21:49:59.0367 3524 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
21:49:59.0398 3524 RasAcd - ok
21:49:59.0445 3524 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
21:49:59.0476 3524 RasAgileVpn - ok
21:49:59.0507 3524 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll
21:49:59.0554 3524 RasAuto - ok
21:49:59.0569 3524 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
21:49:59.0601 3524 Rasl2tp - ok
21:49:59.0647 3524 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll
21:49:59.0679 3524 RasMan - ok
21:49:59.0710 3524 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
21:49:59.0741 3524 RasPppoe - ok
21:49:59.0772 3524 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
21:49:59.0803 3524 RasSstp - ok
21:49:59.0835 3524 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
21:49:59.0866 3524 rdbss - ok
21:49:59.0897 3524 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\DRIVERS\rdpbus.sys
21:49:59.0913 3524 rdpbus - ok
21:49:59.0928 3524 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
21:49:59.0959 3524 RDPCDD - ok
21:49:59.0975 3524 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
21:50:00.0022 3524 RDPENCDD - ok
21:50:00.0037 3524 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
21:50:00.0069 3524 RDPREFMP - ok
21:50:00.0084 3524 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys
21:50:00.0147 3524 RDPWD - ok
21:50:00.0193 3524 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
21:50:00.0225 3524 rdyboost - ok
21:50:00.0256 3524 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll
21:50:00.0303 3524 RemoteAccess - ok
21:50:00.0334 3524 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll
21:50:00.0381 3524 RemoteRegistry - ok
21:50:00.0459 3524 [ B60F58F175DE20A6739194E85B035178 ] rpcapd C:\Program Files (x86)\WinPcap\rpcapd.exe
21:50:00.0474 3524 rpcapd - ok
21:50:00.0521 3524 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
21:50:00.0583 3524 RpcEptMapper - ok
21:50:00.0599 3524 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe
21:50:00.0615 3524 RpcLocator - ok
21:50:00.0646 3524 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\system32\rpcss.dll
21:50:00.0693 3524 RpcSs - ok
21:50:00.0708 3524 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
21:50:00.0755 3524 rspndr - ok
21:50:00.0786 3524 [ 907C4464381B5EBDFDC60F6C7D0DEDFC ] RSUSBSTOR C:\windows\system32\Drivers\RtsUStor.sys
21:50:00.0817 3524 RSUSBSTOR - ok
21:50:00.0817 3524 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe
21:50:00.0833 3524 SamSs - ok
21:50:00.0849 3524 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys
21:50:00.0864 3524 sbp2port - ok
21:50:00.0958 3524 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
21:50:00.0989 3524 SBSDWSCService - ok
21:50:01.0020 3524 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll
21:50:01.0067 3524 SCardSvr - ok
21:50:01.0083 3524 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
21:50:01.0129 3524 scfilter - ok
21:50:01.0176 3524 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll
21:50:01.0239 3524 Schedule - ok
21:50:01.0254 3524 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll
21:50:01.0285 3524 SCPolicySvc - ok
21:50:01.0301 3524 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll
21:50:01.0317 3524 SDRSVC - ok
21:50:01.0348 3524 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
21:50:01.0379 3524 secdrv - ok
21:50:01.0410 3524 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll
21:50:01.0457 3524 seclogon - ok
21:50:01.0473 3524 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\system32\sens.dll
21:50:01.0519 3524 SENS - ok
21:50:01.0519 3524 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll
21:50:01.0535 3524 SensrSvc - ok
21:50:01.0566 3524 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\DRIVERS\serenum.sys
21:50:01.0582 3524 Serenum - ok
21:50:01.0597 3524 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\DRIVERS\serial.sys
21:50:01.0613 3524 Serial - ok
21:50:01.0660 3524 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\DRIVERS\sermouse.sys
21:50:01.0675 3524 sermouse - ok
21:50:01.0707 3524 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll
21:50:01.0753 3524 SessionEnv - ok
21:50:01.0785 3524 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys
21:50:01.0800 3524 sffdisk - ok
21:50:01.0816 3524 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
21:50:01.0831 3524 sffp_mmc - ok
21:50:01.0847 3524 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
21:50:01.0863 3524 sffp_sd - ok
21:50:01.0878 3524 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\DRIVERS\sfloppy.sys
21:50:01.0894 3524 sfloppy - ok
21:50:01.0925 3524 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll
21:50:01.0972 3524 SharedAccess - ok
21:50:01.0987 3524 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
21:50:02.0034 3524 ShellHWDetection - ok
21:50:02.0050 3524 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\DRIVERS\SiSRaid2.sys
21:50:02.0065 3524 SiSRaid2 - ok
21:50:02.0097 3524 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\DRIVERS\sisraid4.sys
21:50:02.0112 3524 SiSRaid4 - ok
21:50:02.0190 3524 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
21:50:02.0206 3524 SkypeUpdate - ok
21:50:02.0237 3524 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys
21:50:02.0284 3524 Smb - ok
21:50:02.0331 3524 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe
21:50:02.0346 3524 SNMPTRAP - ok
21:50:02.0377 3524 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys
21:50:02.0377 3524 spldr - ok
21:50:02.0424 3524 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\windows\System32\spoolsv.exe
21:50:02.0455 3524 Spooler - ok
21:50:02.0565 3524 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe
21:50:02.0689 3524 sppsvc - ok
21:50:02.0721 3524 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll
21:50:02.0767 3524 sppuinotify - ok
21:50:02.0799 3524 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys
21:50:02.0845 3524 srv - ok
21:50:02.0877 3524 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
21:50:02.0908 3524 srv2 - ok
21:50:02.0939 3524 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
21:50:02.0955 3524 srvnet - ok
21:50:02.0986 3524 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
21:50:03.0017 3524 SSDPSRV - ok
21:50:03.0033 3524 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll
21:50:03.0064 3524 SstpSvc - ok
21:50:03.0095 3524 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\DRIVERS\stexstor.sys
21:50:03.0111 3524 stexstor - ok
21:50:03.0142 3524 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll
21:50:03.0173 3524 stisvc - ok
21:50:03.0189 3524 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\drivers\swenum.sys
21:50:03.0204 3524 swenum - ok
21:50:03.0251 3524 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll
21:50:03.0298 3524 swprv - ok
21:50:03.0345 3524 [ 470C47DABA9CA3966F0AB3F835D7D135 ] SynTP C:\windows\system32\DRIVERS\SynTP.sys
21:50:03.0360 3524 SynTP - ok
21:50:03.0407 3524 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll
21:50:03.0454 3524 SysMain - ok
21:50:03.0485 3524 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
21:50:03.0532 3524 TabletInputService - ok
21:50:03.0547 3524 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll
21:50:03.0594 3524 TapiSrv - ok
21:50:03.0641 3524 [ 927D0CDB3F96EFC1E98FB1A2C9FB67AD ] tapoas C:\windows\system32\DRIVERS\tapoas.sys
21:50:03.0657 3524 tapoas - ok
21:50:03.0672 3524 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll
21:50:03.0719 3524 TBS - ok
21:50:03.0781 3524 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\windows\system32\drivers\tcpip.sys
21:50:03.0813 3524 Tcpip - ok
21:50:03.0906 3524 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
21:50:03.0969 3524 TCPIP6 - ok
21:50:03.0984 3524 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
21:50:04.0031 3524 tcpipreg - ok
21:50:04.0078 3524 [ FD542B661BD22FA69CA789AD0AC58C29 ] tdcmdpst C:\windows\system32\DRIVERS\tdcmdpst.sys
21:50:04.0078 3524 tdcmdpst - ok
21:50:04.0109 3524 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
21:50:04.0125 3524 TDPIPE - ok
21:50:04.0156 3524 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
21:50:04.0171 3524 TDTCP - ok
21:50:04.0203 3524 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys
21:50:04.0249 3524 tdx - ok
21:50:04.0265 3524 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\drivers\termdd.sys
21:50:04.0281 3524 TermDD - ok
21:50:04.0312 3524 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll
21:50:04.0359 3524 TermService - ok
21:50:04.0374 3524 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll
21:50:04.0390 3524 Themes - ok
21:50:04.0405 3524 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll
21:50:04.0452 3524 THREADORDER - ok
21:50:04.0530 3524 [ F120967184A27E927052E8DDBB727851 ] TMachInfo C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
21:50:04.0561 3524 TMachInfo - ok
21:50:04.0593 3524 [ ED32035BDFECED1AD66D459FD9CC1140 ] TODDSrv C:\windows\system32\TODDSrv.exe
21:50:04.0593 3524 TODDSrv - ok
21:50:04.0671 3524 [ DB9719688C08F42705FEB3F6A0C98B91 ] TosCoSrv C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
21:50:04.0702 3524 TosCoSrv - ok
21:50:04.0749 3524 [ 74C2FA8C3765EE71A9C22182EC108457 ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
21:50:04.0764 3524 TOSHIBA HDD SSD Alert Service - ok
21:50:04.0795 3524 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll
21:50:04.0842 3524 TrkWks - ok
21:50:04.0889 3524 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
21:50:04.0951 3524 TrustedInstaller - ok
21:50:04.0983 3524 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
21:50:05.0029 3524 tssecsrv - ok
21:50:05.0061 3524 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
21:50:05.0076 3524 TsUsbFlt - ok
21:50:05.0170 3524 [ F9A3D658BD06DB5EC490E3D75EB4980E ] TS_AR5416 C:\windows\system32\DRIVERS\ts_athwx.sys
21:50:05.0263 3524 TS_AR5416 - ok
21:50:05.0295 3524 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
21:50:05.0341 3524 tunnel - ok
21:50:05.0357 3524 [ 550B567F9364D8F7684C3FB3EA665A72 ] TVALZ C:\windows\system32\DRIVERS\TVALZ_O.SYS
21:50:05.0357 3524 TVALZ - ok
21:50:05.0388 3524 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\DRIVERS\uagp35.sys
21:50:05.0404 3524 uagp35 - ok
21:50:05.0419 3524 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys
21:50:05.0466 3524 udfs - ok
21:50:05.0482 3524 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe
21:50:05.0497 3524 UI0Detect - ok
21:50:05.0544 3524 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
21:50:05.0575 3524 uliagpkx - ok
21:50:05.0607 3524 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\DRIVERS\umbus.sys
21:50:05.0622 3524 umbus - ok
21:50:05.0669 3524 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\DRIVERS\umpass.sys
21:50:05.0700 3524 UmPass - ok
21:50:05.0825 3524 [ 48E114762941941D5821EAAE29D75E9E ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
21:50:05.0887 3524 UNS - ok
21:50:05.0903 3524 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll
21:50:05.0950 3524 upnphost - ok
21:50:05.0981 3524 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\windows\system32\Drivers\usbaapl64.sys
21:50:05.0981 3524 USBAAPL64 ( UnsignedFile.Multi.Generic ) - warning
21:50:05.0981 3524 USBAAPL64 - detected UnsignedFile.Multi.Generic (1)
21:50:06.0028 3524 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\windows\system32\drivers\usbaudio.sys
21:50:06.0059 3524 usbaudio - ok
21:50:06.0090 3524 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
21:50:06.0106 3524 usbccgp - ok
21:50:06.0137 3524 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys
21:50:06.0153 3524 usbcir - ok
21:50:06.0168 3524 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\drivers\usbehci.sys
21:50:06.0184 3524 usbehci - ok
21:50:06.0199 3524 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
21:50:06.0231 3524 usbhub - ok
21:50:06.0246 3524 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\drivers\usbohci.sys
21:50:06.0246 3524 usbohci - ok
21:50:06.0277 3524 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
21:50:06.0293 3524 usbprint - ok
21:50:06.0309 3524 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
21:50:06.0324 3524 USBSTOR - ok
21:50:06.0340 3524 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\drivers\usbuhci.sys
21:50:06.0355 3524 usbuhci - ok
21:50:06.0402 3524 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\system32\Drivers\usbvideo.sys
21:50:06.0418 3524 usbvideo - ok
21:50:06.0449 3524 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll
21:50:06.0496 3524 UxSms - ok
21:50:06.0496 3524 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe
21:50:06.0511 3524 VaultSvc - ok
21:50:06.0543 3524 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
21:50:06.0558 3524 vdrvroot - ok
21:50:06.0589 3524 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe
21:50:06.0636 3524 vds - ok
21:50:06.0667 3524 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys
21:50:06.0683 3524 vga - ok
21:50:06.0699 3524 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys
21:50:06.0730 3524 VgaSave - ok
21:50:06.0761 3524 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys
21:50:06.0777 3524 vhdmp - ok
21:50:06.0792 3524 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys
21:50:06.0792 3524 viaide - ok
21:50:06.0823 3524 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys
21:50:06.0823 3524 volmgr - ok
21:50:06.0855 3524 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys
21:50:06.0870 3524 volmgrx - ok
21:50:06.0886 3524 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\windows\system32\drivers\volsnap.sys
21:50:06.0901 3524 volsnap - ok
21:50:06.0933 3524 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\DRIVERS\vsmraid.sys
21:50:06.0948 3524 vsmraid - ok
21:50:06.0995 3524 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe
21:50:07.0042 3524 VSS - ok
21:50:07.0057 3524 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
21:50:07.0089 3524 vwifibus - ok
21:50:07.0104 3524 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
21:50:07.0120 3524 vwififlt - ok
21:50:07.0135 3524 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll
21:50:07.0182 3524 W32Time - ok
21:50:07.0213 3524 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\DRIVERS\wacompen.sys
21:50:07.0213 3524 WacomPen - ok
21:50:07.0338 3524 [ D70A492306861004A0DB1024CE634837 ] wampapache c:\wamp\bin\apache\apache2.2.17\bin\httpd.exe
21:50:07.0338 3524 wampapache ( UnsignedFile.Multi.Generic ) - warning
21:50:07.0338 3524 wampapache - detected UnsignedFile.Multi.Generic (1)
21:50:07.0416 3524 wampmysqld - ok
21:50:07.0463 3524 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
21:50:07.0510 3524 WANARP - ok
21:50:07.0525 3524 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
21:50:07.0557 3524 Wanarpv6 - ok
21:50:07.0635 3524 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
21:50:07.0697 3524 WatAdminSvc - ok
21:50:07.0759 3524 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe
21:50:07.0806 3524 wbengine - ok
21:50:07.0837 3524 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
21:50:07.0853 3524 WbioSrvc - ok
21:50:07.0884 3524 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll
21:50:07.0915 3524 wcncsvc - ok
21:50:07.0947 3524 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
21:50:07.0947 3524 WcsPlugInService - ok
21:50:07.0978 3524 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\DRIVERS\wd.sys
21:50:07.0993 3524 Wd - ok
21:50:08.0009 3524 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
21:50:08.0025 3524 Wdf01000 - ok
21:50:08.0056 3524 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll
21:50:08.0071 3524 WdiServiceHost - ok
21:50:08.0087 3524 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll
21:50:08.0103 3524 WdiSystemHost - ok
21:50:08.0134 3524 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll
21:50:08.0149 3524 WebClient - ok
21:50:08.0181 3524 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll
21:50:08.0227 3524 Wecsvc - ok
21:50:08.0243 3524 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll
21:50:08.0290 3524 wercplsupport - ok
21:50:08.0321 3524 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll
21:50:08.0352 3524 WerSvc - ok
21:50:08.0383 3524 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
21:50:08.0415 3524 WfpLwf - ok
21:50:08.0446 3524 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys
21:50:08.0461 3524 WIMMount - ok
21:50:08.0477 3524 WinDefend - ok
21:50:08.0493 3524 WinHttpAutoProxySvc - ok
21:50:08.0539 3524 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
21:50:08.0602 3524 Winmgmt - ok
21:50:08.0664 3524 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll
21:50:08.0727 3524 WinRM - ok
21:50:08.0758 3524 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys
21:50:08.0773 3524 WinUsb - ok
21:50:08.0820 3524 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll
21:50:08.0867 3524 Wlansvc - ok
21:50:08.0929 3524 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
21:50:08.0945 3524 wlcrasvc - ok
21:50:09.0039 3524 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:50:09.0085 3524 wlidsvc - ok
21:50:09.0101 3524 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys
21:50:09.0117 3524 WmiAcpi - ok
21:50:09.0148 3524 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
21:50:09.0163 3524 wmiApSrv - ok
21:50:09.0195 3524 WMPNetworkSvc - ok
21:50:09.0226 3524 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll
21:50:09.0241 3524 WPCSvc - ok
21:50:09.0257 3524 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
21:50:09.0273 3524 WPDBusEnum - ok
21:50:09.0304 3524 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
21:50:09.0335 3524 ws2ifsl - ok
21:50:09.0382 3524 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\system32\wscsvc.dll
21:50:09.0413 3524 wscsvc - ok
21:50:09.0413 3524 WSearch - ok
21:50:09.0475 3524 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll
21:50:09.0538 3524 wuauserv - ok
21:50:09.0569 3524 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\windows\system32\drivers\WudfPf.sys
21:50:09.0600 3524 WudfPf - ok
21:50:09.0616 3524 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
21:50:09.0663 3524 WUDFRd - ok
21:50:09.0694 3524 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\windows\System32\WUDFSvc.dll
21:50:09.0725 3524 wudfsvc - ok
21:50:09.0741 3524 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\windows\System32\wwansvc.dll
21:50:09.0756 3524 WwanSvc - ok
21:50:09.0787 3524 ================ Scan global ===============================
21:50:09.0819 3524 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
21:50:09.0850 3524 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\windows\system32\winsrv.dll
21:50:09.0865 3524 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\windows\system32\winsrv.dll
21:50:09.0881 3524 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
21:50:09.0928 3524 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
21:50:09.0928 3524 [Global] - ok
21:50:09.0928 3524 ================ Scan MBR ==================================
21:50:09.0943 3524 [ 5B5E648D12FCADC244C1EC30318E1EB9 ] \Device\Harddisk0\DR0
21:50:10.0271 3524 \Device\Harddisk0\DR0 - ok
21:50:10.0271 3524 ================ Scan VBR ==================================
21:50:10.0302 3524 [ 987CEAD4C33BBB61AF74FEF0ADFD0C31 ] \Device\Harddisk0\DR0\Partition1
21:50:10.0302 3524 \Device\Harddisk0\DR0\Partition1 - ok
21:50:10.0302 3524 ============================================================
21:50:10.0302 3524 Scan finished
21:50:10.0302 3524 ============================================================
21:50:10.0318 0412 Detected object count: 5
21:50:10.0318 0412 Actual detected object count: 5
21:50:29.0054 0412 IHA_MessageCenter ( UnsignedFile.Multi.Generic ) - skipped by user
21:50:29.0069 0412 IHA_MessageCenter ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:50:29.0069 0412 OpenVPNAccessClient ( UnsignedFile.Multi.Generic ) - skipped by user
21:50:29.0069 0412 OpenVPNAccessClient ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:50:29.0069 0412 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
21:50:29.0069 0412 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:50:29.0069 0412 USBAAPL64 ( UnsignedFile.Multi.Generic ) - skipped by user
21:50:29.0069 0412 USBAAPL64 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:50:29.0069 0412 wampapache ( UnsignedFile.Multi.Generic ) - skipped by user
21:50:29.0069 0412 wampapache ( UnsignedFile.Multi.Generic ) - User select action: Skip

#7
godawgs

Posted 18 October 2012 - 03:11 PM

Teacher

Retired Staff
8,228 posts

Let's get some fresh scans.

Is your ISP provider Verizon Wireless or is it Comcast Cable?
If your ISP provider is Comcast, do they require you to use a proxy?

Please run the scans in the order requested and provide the logs/answers in the order requested.

Step-1.

Posted Image

OTL Custom Scan

1. Please copy the text in the Quote box below, (Do Not copy the word Quote), and paste it in the Posted Image

box in OTL. To do that:

Highlight everything inside the quote box, (except the word Quote), right click the mouse and click Copy.

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
cryptsvc.dll
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
qmgr.dll
services.*
consrv.dll
wshelper.dll
/md5stop
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
DRIVES
>C:\commands.txt echo list vol /raw /hide /c
/wait
>C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
/wait
type c:\diskreport.txt /c
/wait
del c:\commands.txt^|y /hide /c
/wait
del c:\diskreport.txt^|y /hide /c

2. Re-open OTL . To do that:

Double click on the OTL icon to run it. (Vista / 7 Users:Right click on the icon and click Run as Administrator)
Make sure all other windows are closed.
You will see a console like the one below:
Check the box beside Scan All Users and Include 64bit Scans at the top of the console
Make sure the Output box at the top is set to Standard Output.
In the Extra Registry section, click the radio button beside Use SafeList<---Very Important
Check the boxes beside LOP Check and Purity Check.
Place the mouse pointer inside the box, right click and click Paste. This will put the above script inside OTL
Click the button. Do not change any settings unless otherwise told to do so.
Let the scan run uninterrupted. .
When the scan completes, it will open OTL.Txt on the desktop. The Extras.txt file will be minimized. These files are also saved in the same location as OTL.
Please copy the contents of these files and paste them into your reply. To do that:
On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
Right click inside the forum post window then click Paste.This will paste the contents of the OTL.txt file in the in the post window.

. Repeat for the Extras.txt file.

Step-2.

Run RogueKiller

NOTE: If using IE8 or better Smartscreen Filter will need to be disabled

Quit all programs
Start RogueKiller.exe. (Vista / 7 Users:Right click on the icon and click Run as Administrator)
Wait until Prescan has finished ...
Click on Scan

Wait for the end of the scan.

Please post:

The most recent RKreport.txt text file.
NOTE: If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Step-3.

AdwCleaner by Xplode

(Vista and 7 users)right click The adwcleaner.exe, click Run as administrator and accept the UAC prompt to run AdwCleaner.
Click the Search button and wait for the scan to finish.
Once done it will ask to reboot, allow this.
On reboot a log will be produced please attach that. This report is also saved to C:\AdwCleaner[R?].txt

NOTE: In this case the file will probably be C:\AdwCleaner[R3].txt, unless you have run the program since you ran it last. In any case post the most recent AdwCleaner[R?].txt file.

Step-4.

Things For Your Next Post:
1. Answers to my questions above.
2. The new OTL.txt log
3. The Extras.txt log
4. The new RKReport.txt log
5. The new AdwCleaner[R?].txt log
6. How is the computer running now?

#8
V1CeE

Posted 19 October 2012 - 02:40 AM

Member

Topic Starter
Member
13 posts

I believe my ISP is time Warner road runner cable and they do not require me to use a proxy also i am connected to the internet via a net gear router. In regards to the proxy question i do use proxys quite frequently and have various tools on my computer for them ..i have posted a more detailed report about my ISP below for you to review, also when i use the MBRcheck tool i no longer get the infected result i did before i get a green txt stating all is well just though i would let you know. My computer seems to be running ok there has only been one small problem i cannot get a pc game to run. the game is Warcraft 3 i first acquired this game through a torrent which involved using and iso and demon tools to mount and image that allowed me to install the game. I had to then acquire a key generator to verify the games authenticity, the process went smooth as i have done this many times. However when i went to play the game it had problems ..about every 30 seconds it freezes for awhile then repeats that process indefinitely rendering it impossible to play the game. I decided to uninstall and whip out all traces of it from my computer even going into the registry to delete any left over traces there... i wanted to make sure the previous install would not inter fear with the new one. So i downloaded the game from the Vendors host site and installed the game the correct way with purchased game keys and valid game client downloads. However i still get the same glitching happening when i try to play the game, The Game i also installed on another computer which works with no issues at all. I don't know if this has anything to do with the issue my computers having but i thought i should let you you know any problems with my computer. The game problem has been the only real issue i have noticed. Also you never stated in your post if i was supposed to use the tools you had me download to clean the problems they found i did use the cleaner with rouge killer and the adwcleaner tool wouldn't let me exit unless i fixed what it found so i had to use that one but i didn't use the OTL tool to clean what it found. There was Also an error that occurred while running the adwcleaner tool (which i ran as Admin) ... there was no problem starting the tool it was when the scan was completed.. a note pad file poped up and at the same time a box stating access denied appeared. I ignored the warning and let the program reboot my computer when it booted up again a report was displayed which i have included in my post furthermore my antivirus software which is AVG stated that adwcleaner tool was a virus i marked it as a false response and continued on. There is something i noticed with rouge killer as well, i will scan and use the fix host option and it shows that the item was corrected however when i run the scan shortly after the same problem that was detected the first scan will be found again, Its seems that the tool is not being able to fix the problem. This only happens with the fix hosts option that i have noticed. i think it might be a result of the host file being a read only file, so i don't think the tool can make the corrections its supposed to with out me changing the hosts files attributes temporarily while i run the program. Please let me know if that is the case or what the issue might be. You will also noticed that there are 2 RKiller reports in the post the first one which is in italics shows the scan results before i used the tool to fix the problems. The second one is the report from after i used the tool.

OrgName: Road Runner HoldCo LLC
OrgId: RRWE
Address: 13820 Sunrise Valley Drive
City: Herndon
StateProv: VA
PostalCode: 20171
Country: US
RegDate: 2000-10-05
Updated: 2011-07-06
Comment: Allocations for this OrgID serve Road Runner residential customers out of
the Honolulu, HI, Kansas City, KS, Orange, CA and San Diego, CA RDCs.
Ref: http://whois.arin.net/rest/org/RRWE

ReferralServer: rwhois://ipmt.rr.com:4321

OrgAbuseHandle: ABUSE10-ARIN
OrgAbuseName: Abuse
OrgAbusePhone: +1-703-345-3416
OrgAbuseEmail: [email protected]
OrgAbuseRef: http://whois.arin.ne...oc/ABUSE10-ARIN

OrgTechHandle: IPTEC-ARIN
OrgTechName: IP Tech
OrgTechPhone: +1-703-345-3416
OrgTechEmail: [email protected]
OrgTechRef: http://whois.arin.ne.../poc/IPTEC-ARIN

OTL logfile created on: 10/19/2012 12:13:02 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\vice\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 1.61 Gb Available Physical Memory | 42.39% Memory free
7.60 Gb Paging File | 5.18 Gb Available in Paging File | 68.12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286.31 Gb Total Space | 185.97 Gb Free Space | 64.95% Space Free | Partition Type: NTFS

Computer Name: NOTHING | User Name: vice | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/19 00:09:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\vice\Desktop\OTL.exe
PRC - [2012/10/12 11:56:16 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
PRC - [2012/10/12 11:38:39 | 000,109,336 | ---- | M] (Siber Systems) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2012/10/10 02:16:38 | 003,536,320 | ---- | M] (Tonec Inc.) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe
PRC - [2012/10/04 10:27:26 | 000,079,384 | ---- | M] (Google) -- C:\Users\vice\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2012/08/14 11:20:10 | 010,986,672 | ---- | M] () -- C:\Users\vice\AppData\Roaming\MegaCloudBackup\MegaCloudBackup.exe
PRC - [2012/08/13 03:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
PRC - [2012/08/01 10:49:53 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/07/31 03:37:02 | 002,596,984 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2012/07/27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/06/13 03:48:50 | 002,321,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2012/01/10 12:47:48 | 000,091,648 | ---- | M] (The Wireshark developer community) -- C:\Program Files (x86)\Wireshark\dumpcap.exe
PRC - [2010/11/20 05:17:55 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2010/05/25 05:28:58 | 000,263,600 | ---- | M] (Tonec Inc.) -- C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
PRC - [2009/12/09 16:21:56 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2009/12/09 16:21:52 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/11/24 13:46:26 | 000,994,952 | ---- | M] (Acunetix Ltd.) -- C:\Program Files (x86)\Acunetix\Web Vulnerability Scanner 6\WVSScheduler.exe

========== Modules (No Company Name) ==========

MOD - [2012/10/12 11:56:16 | 009,814,968 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
MOD - [2012/08/14 11:20:10 | 010,986,672 | ---- | M] () -- C:\Users\vice\AppData\Roaming\MegaCloudBackup\MegaCloudBackup.exe
MOD - [2012/08/01 10:49:53 | 002,003,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

========== Services (SafeList) ==========

SRV:64bit: - [2010/09/28 12:30:28 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/02/05 17:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/07/28 15:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/10/12 11:56:17 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/08/13 03:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/08/01 10:49:53 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/18 14:12:51 | 000,147,368 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\ramaint.exe -- (LMIMaint)
SRV - [2012/07/18 14:12:28 | 000,375,208 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/06/27 12:29:24 | 002,369,960 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012/06/13 03:48:50 | 002,321,560 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgfws.exe -- (avgfws)
SRV - [2012/06/11 17:59:44 | 000,335,888 | ---- | M] (Verizon) [Auto | Running] -- C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter)
SRV - [2012/04/02 12:17:40 | 000,407,424 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/08/05 14:01:08 | 000,024,064 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe -- (OpenVPNAccessClient)
SRV - [2011/02/11 13:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/11/24 16:00:16 | 007,669,760 | ---- | M] () [On_Demand | Stopped] -- c:\wamp\bin\mysql\mysql5.1.53\bin\mysqld.exe -- (wampmysqld)
SRV - [2010/10/24 14:34:38 | 000,021,504 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- c:\wamp\bin\apache\Apache2.2.17\bin\httpd.exe -- (wampapache)
SRV - [2010/06/25 10:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/09 16:21:56 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009/12/09 16:21:52 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/24 13:46:26 | 000,994,952 | ---- | M] (Acunetix Ltd.) [Auto | Running] -- C:\Program Files (x86)\Acunetix\Web Vulnerability Scanner 6\WVSScheduler.exe -- (AcuWVSSchedulerv6)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/09/27 11:07:26 | 000,160,992 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\idmwfp.sys -- (IDMWFP)
DRV:64bit: - [2012/08/24 15:43:16 | 000,384,352 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/26 03:21:28 | 000,291,680 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/07/18 14:12:29 | 000,087,488 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2012/04/19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/04/02 12:17:40 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2012/04/02 12:17:18 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/01/31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/12/23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/12/23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/12/23 13:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/09/05 11:56:38 | 002,156,872 | ---- | M] (TamoSoft) [CommView] Atheros AR5008 Wireless Network Adapter Service 7.7 [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ts_athwx.sys -- (TS_AR5416)
DRV:64bit: - [2011/06/25 17:56:44 | 000,033,888 | ---- | M] (Applian Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\appliand.sys -- (appliandMP)
DRV:64bit: - [2011/06/25 17:56:44 | 000,033,888 | ---- | M] (Applian Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\appliand.sys -- (appliand)
DRV:64bit: - [2011/05/23 01:03:28 | 000,048,992 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgfwd6a.sys -- (Avgfwfd)
DRV:64bit: - [2011/05/10 08:06:14 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2011/04/20 09:24:56 | 000,169,584 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/10/06 19:47:18 | 000,030,720 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tapoas.sys -- (tapoas)
DRV:64bit: - [2010/06/25 10:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2010/03/31 14:50:16 | 000,724,536 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2010/03/10 18:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/02/20 08:24:34 | 010,300,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/02/10 15:01:58 | 000,158,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/01 10:29:48 | 000,232,992 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/01/15 12:22:08 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/11/06 12:56:06 | 001,550,848 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/09/17 12:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/30 20:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 15:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:00:13 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Dot4Scan.sys -- (Dot4Scan)
DRV:64bit: - [2009/07/07 08:51:42 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FwLnk.sys -- (FwLnk)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2012/04/02 12:17:40 | 000,015,928 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.toshiba.com/
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {8D40F87F-3D0F-4E0A-B0C3-1F48BA4A4C0D}
IE:64bit: - HKLM\..\SearchScopes\{8D40F87F-3D0F-4E0A-B0C3-1F48BA4A4C0D}: "URL" = http://www.google.co...ng}&rlz=1I7TSNF
IE - HKLM\..\SearchScopes,DefaultScope = {B9392CD0-27B1-4A09-A802-1C172F508BF6}
IE - HKLM\..\SearchScopes\{B9392CD0-27B1-4A09-A802-1C172F508BF6}: "URL" = http://www.google.co...ng}&rlz=1I7TSNF

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-254672792-3389915106-1260256797-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-254672792-3389915106-1260256797-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.toshiba.com/
IE - HKU\S-1-5-21-254672792-3389915106-1260256797-1000\..\SearchScopes,DefaultScope = {5C443326-F55B-4901-9795-D516DAD7DB0F}
IE - HKU\S-1-5-21-254672792-3389915106-1260256797-1000\..\SearchScopes\{5C443326-F55B-4901-9795-D516DAD7DB0F}: "URL" = http://www.google.co...&rlz=1I7TSNF_en
IE - HKU\S-1-5-21-254672792-3389915106-1260256797-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-254672792-3389915106-1260256797-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: {e968fc70-8f95-4ab9-9e79-304de2a71ee1}:0.7.3
FF - prefs.js..extensions.enabledAddons: {c36177c0-224a-11da-8cd6-0800200c9a91}:3.9.81
FF - prefs.js..extensions.enabledAddons: {3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d}:1.8.1
FF - prefs.js..extensions.enabledAddons: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.2.2
FF - prefs.js..extensions.enabledAddons: [email protected]:1.0
FF - prefs.js..extensions.enabledAddons: {8743b663-b854-4f75-bc82-8f7e751e759f}:1.7.5
FF - prefs.js..extensions.enabledAddons: [email protected]:1.2.0.2
FF - prefs.js..extensions.enabledAddons: {7067a92c-1db4-4e5e-869c-25f841287f8b}:0.2.4
FF - prefs.js..extensions.enabledAddons: [email protected]:4.0.2
FF - prefs.js..extensions.enabledAddons: [email protected]:7.3.29
FF - prefs.js..extensions.enabledAddons: {F53C93F1-07D5-430c-86D4-C9531B27DFAF}:12.0.0.2189
FF - prefs.js..extensions.enabledAddons: {8479ade0-2eec-11de-8c30-0800200c9a66}:3.0.6
FF - prefs.js..network.proxy.http: "68.51.25.29"
FF - prefs.js..network.proxy.http_port: 8085
FF - prefs.js..network.proxy.ssl: "68.51.25.29"
FF - prefs.js..network.proxy.ssl_port: 8085
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\vice\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\vice\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\vice\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\vice\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/10/12 13:02:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/10/17 13:14:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2012/10/12 11:39:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/01 10:49:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/10/17 13:24:30 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\vice\AppData\Roaming\IDM\idmmzcc5 [2012/10/12 11:59:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/01 10:49:53 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/10/17 13:24:30 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Users\vice\AppData\Roaming\IDM\idmmzcc5 [2012/10/12 11:59:36 | 000,000,000 | ---D | M]

[2011/07/21 11:04:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\vice\AppData\Roaming\mozilla\Extensions
[2012/10/17 13:32:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\vice\AppData\Roaming\mozilla\Firefox\Profiles\ezcijjos.default\extensions
[2012/10/17 13:24:44 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\vice\AppData\Roaming\mozilla\Firefox\Profiles\ezcijjos.default\extensions\[email protected]
[2012/10/14 21:38:47 | 000,016,275 | ---- | M] () (No name found) -- C:\Users\vice\AppData\Roaming\mozilla\firefox\profiles\ezcijjos.default\extensions\[email protected]
[2012/10/14 22:58:19 | 001,626,141 | ---- | M] () (No name found) -- C:\Users\vice\AppData\Roaming\mozilla\firefox\profiles\ezcijjos.default\extensions\[email protected]
[2012/10/13 03:31:31 | 000,004,544 | ---- | M] () (No name found) -- C:\Users\vice\AppData\Roaming\mozilla\firefox\profiles\ezcijjos.default\extensions\[email protected]
[2012/08/01 10:49:57 | 000,049,607 | ---- | M] () (No name found) -- C:\Users\vice\AppData\Roaming\mozilla\firefox\profiles\ezcijjos.default\extensions\{3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d}.xpi
[2012/10/14 22:23:24 | 000,031,339 | ---- | M] () (No name found) -- C:\Users\vice\AppData\Roaming\mozilla\firefox\profiles\ezcijjos.default\extensions\{7067a92c-1db4-4e5e-869c-25f841287f8b}.xpi
[2012/03/22 09:11:48 | 000,679,816 | ---- | M] () (No name found) -- C:\Users\vice\AppData\Roaming\mozilla\firefox\profiles\ezcijjos.default\extensions\{8479ade0-2eec-11de-8c30-0800200c9a66}.xpi
[2012/10/14 21:35:24 | 000,104,649 | ---- | M] () (No name found) -- C:\Users\vice\AppData\Roaming\mozilla\firefox\profiles\ezcijjos.default\extensions\{8743b663-b854-4f75-bc82-8f7e751e759f}.xpi
[2012/07/25 12:28:25 | 000,177,357 | ---- | M] () (No name found) -- C:\Users\vice\AppData\Roaming\mozilla\firefox\profiles\ezcijjos.default\extensions\{c36177c0-224a-11da-8cd6-0800200c9a91}.xpi
[2012/10/12 10:19:38 | 001,268,546 | ---- | M] () (No name found) -- C:\Users\vice\AppData\Roaming\mozilla\firefox\profiles\ezcijjos.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi
[2012/01/16 14:29:49 | 000,042,336 | ---- | M] () (No name found) -- C:\Users\vice\AppData\Roaming\mozilla\firefox\profiles\ezcijjos.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi
[2012/01/09 16:21:06 | 000,002,059 | ---- | M] () -- C:\Users\vice\AppData\Roaming\mozilla\firefox\profiles\ezcijjos.default\searchplugins\absearch-search.xml
[2012/01/16 14:42:37 | 000,002,685 | ---- | M] () -- C:\Users\vice\AppData\Roaming\mozilla\firefox\profiles\ezcijjos.default\searchplugins\packetstorm-search-suggest.xml
[2012/04/28 10:00:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/04/18 07:46:18 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/10/17 13:14:40 | 000,000,000 | ---D | M] (AVG Do Not Track) -- C:\PROGRAM FILES (X86)\AVG\AVG2012\FIREFOX\DONOTTRACK
[2012/10/12 11:59:36 | 000,000,000 | ---D | M] (IDM CC) -- C:\USERS\VICE\APPDATA\ROAMING\IDM\IDMMZCC5
[2012/08/01 10:49:53 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/01/12 05:34:14 | 000,215,864 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files (x86)\mozilla firefox\plugins\npatgpc.dll
[2012/03/14 09:28:51 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/03/14 09:28:51 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Conduit (Enabled)
CHR - default_search_provider: search_url = http://search.condui...&ctid=CT3220468
CHR - default_search_provider: suggest_url = http://search.conduit.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\vice\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2210_0\plugins/avgnpss.dll
CHR - plugin: Internet Download Manager (Enabled) = C:\Users\vice\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmolcgpienlcieaajfkkdamlngancncm\6.12.21_0\IDMGCExt.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\vice\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: ActiveTouch General Plugin Container (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npatgpc.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\vice\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\vice\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U5 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\windows\SysWOW64\npDeployJava1.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: AVG Safe Search = C:\Users\vice\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2210_0\
CHR - Extension: IDM Integration = C:\Users\vice\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmolcgpienlcieaajfkkdamlngancncm\6.12.21_0\
CHR - Extension: Skype Click to Call = C:\Users\vice\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\
CHR - Extension: AVG Do Not Track = C:\Users\vice\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\
CHR - Extension: AVG Safe Search = C:\Users\vice\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2210_0\
CHR - Extension: IDM Integration = C:\Users\vice\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmolcgpienlcieaajfkkdamlngancncm\6.12.21_0\
CHR - Extension: Skype Click to Call = C:\Users\vice\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\
CHR - Extension: AVG Do Not Track = C:\Users\vice\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\

O1 HOSTS File: ([2012/10/17 20:52:10 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - {EFEED92A-A33D-4873-BA8F-32BAA631E54D} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - No CLSID value found.
O3 - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKU\.DEFAULT\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3:64bit: - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKU\S-1-5-18\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3:64bit: - HKU\S-1-5-21-254672792-3389915106-1260256797-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKU\S-1-5-21-254672792-3389915106-1260256797-1000\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O3 - HKU\S-1-5-21-254672792-3389915106-1260256797-1000\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKU\.DEFAULT..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKU\S-1-5-18..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKU\S-1-5-21-254672792-3389915106-1260256797-1000..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKU\S-1-5-21-254672792-3389915106-1260256797-1000..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - Startup: C:\Users\vice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MegaCloud Backup.lnk = C:\Users\vice\AppData\Roaming\MegaCloudBackup\MegaCloudBackup.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStartupSound = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-254672792-3389915106-1260256797-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-254672792-3389915106-1260256797-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-254672792-3389915106-1260256797-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThumbnailCache = 1
O7 - HKU\S-1-5-21-254672792-3389915106-1260256797-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableThumbnailsOnNetworkFolders = 1
O7 - HKU\S-1-5-21-254672792-3389915106-1260256797-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8:64bit: - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8:64bit: - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O8:64bit: - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8:64bit: - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8:64bit: - Extra context menu item: Show RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Show RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9:64bit: - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9:64bit: - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files (x86)\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=724 (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{18B2CA68-557A-43AD-9FC8-7D25FC095266}: DhcpNameServer = 66.174.92.14 69.78.96.14
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F95538B8-A754-4551-AE9E-3F4BD24042BF}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgchsva.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/19 00:09:19 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\vice\Desktop\OTL.exe
[2012/10/17 22:10:55 | 000,000,000 | ---D | C] -- C:\Users\vice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Eurobattle.net
[2012/10/17 22:03:08 | 000,000,000 | ---D | C] -- C:\Warcraft III
[2012/10/17 22:03:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Warcraft III
[2012/10/17 21:45:28 | 000,694,287 | ---- | C] (Farbar) -- C:\Users\vice\Desktop\FSS.exe
[2012/10/17 20:55:41 | 000,000,000 | ---D | C] -- C:\windows\temp
[2012/10/17 20:45:30 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2012/10/17 20:45:30 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2012/10/17 20:45:30 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2012/10/17 20:45:27 | 000,000,000 | ---D | C] -- C:\ComboFix_2
[2012/10/17 20:45:23 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/10/17 20:45:11 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2012/10/17 20:44:24 | 004,982,045 | R--- | C] (Swearware) -- C:\Users\vice\Desktop\ComboFix_2.exe
[2012/10/17 20:39:06 | 002,213,464 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\vice\Desktop\tdsskiller_2.exe
[2012/10/17 20:26:15 | 000,809,769 | ---- | C] (Blizzard Entertainment) -- C:\Users\vice\Desktop\War3TFT_121a_121b_English.exe
[2012/10/17 20:25:32 | 000,000,000 | ---D | C] -- C:\Users\vice\Desktop\war3 patch
[2012/10/17 19:54:05 | 000,000,000 | ---D | C] -- C:\Users\vice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2012/10/17 13:43:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
[2012/10/17 13:43:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/10/17 13:43:03 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\windows\SysNative\drivers\GEARAspiWDM.sys
[2012/10/17 13:42:12 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/10/17 13:42:11 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/10/17 13:42:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/10/17 13:42:11 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2012/10/17 11:57:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Verizon
[2012/10/17 11:40:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Driver Checker
[2012/10/17 07:45:30 | 000,000,000 | ---D | C] -- C:\Users\vice\Desktop\New Folder (4)
[2012/10/17 06:59:21 | 000,000,000 | ---D | C] -- C:\Users\vice\AppData\Roaming\Reviversoft
[2012/10/17 06:59:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Reviversoft
[2012/10/17 00:23:02 | 000,000,000 | ---D | C] -- C:\Users\vice\Warcraft III 1.21b ROC Installer enUS
[2012/10/16 23:12:28 | 000,000,000 | ---D | C] -- C:\Users\vice\Warcraft III 1.21b TFT Installer enUS
[2012/10/16 17:13:53 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\DAEMON Tools Images
[2012/10/16 15:51:58 | 000,000,000 | ---D | C] -- C:\Tweaking.com_Windows_Repair_Logs
[2012/10/15 15:30:49 | 000,000,000 | ---D | C] -- C:\Users\vice\Desktop\New folder (2)
[2012/10/15 13:50:34 | 000,000,000 | ---D | C] -- C:\MGtools
[2012/10/15 13:14:30 | 000,000,000 | ---D | C] -- C:\Users\vice\AppData\Roaming\SUPERAntiSpyware.com
[2012/10/15 11:11:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/10/15 11:11:26 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/10/15 11:11:26 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/10/15 07:19:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012/10/15 07:19:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2012/10/15 07:07:05 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/10/15 06:51:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NT Registry Optimizer
[2012/10/15 06:48:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Everything
[2012/10/15 05:09:57 | 000,000,000 | ---D | C] -- C:\Users\vice\Desktop\RK_Quarantine
[2012/10/15 01:29:44 | 000,000,000 | ---D | C] -- C:\Users\vice\Documents\My Streaming Media
[2012/10/15 01:29:38 | 000,000,000 | ---D | C] -- C:\Users\vice\AppData\Local\Jaksta_Technologies_Pty_L
[2012/10/13 09:01:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OnlineHD.TV
[2012/10/13 08:16:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Pro
[2012/10/13 08:15:43 | 000,000,000 | ---D | C] -- C:\Users\vice\AppData\Roaming\DAEMON Tools Pro
[2012/10/13 08:15:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Pro
[2012/10/13 08:13:10 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Pro
[2012/10/13 06:03:49 | 000,000,000 | ---D | C] -- C:\ProgramData\ActivePath
[2012/10/13 06:03:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Uncompressor
[2012/10/13 04:55:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Garena Plus
[2012/10/13 04:55:50 | 000,000,000 | ---D | C] -- C:\ProgramData\GarenaMessenger
[2012/10/13 02:09:17 | 000,000,000 | ---D | C] -- C:\Users\vice\AppData\Local\DownTango
[2012/10/13 02:08:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Red Sky
[2012/10/12 23:29:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinZip registry Optimizer1
[2012/10/12 22:07:14 | 000,000,000 | ---D | C] -- C:\ProgramData\SuperHideIP
[2012/10/12 21:37:44 | 000,000,000 | ---D | C] -- C:\Users\vice\AppData\Roaming\ExpressFiles
[2012/10/12 21:34:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Uniblue
[2012/10/12 20:56:43 | 000,000,000 | ---D | C] -- C:\Users\vice\AppData\Local\CRE
[2012/10/12 20:56:11 | 000,000,000 | ---D | C] -- C:\Users\vice\AppData\Roaming\Nico Mak Computing
[2012/10/12 20:54:43 | 000,000,000 | ---D | C] -- C:\Users\vice\AppData\Roaming\uTorrent
[2012/10/12 20:27:44 | 000,000,000 | ---D | C] -- C:\Users\vice\AppData\Roaming\Uniblue
[2012/10/12 19:54:18 | 000,000,000 | ---D | C] -- C:\Users\vice\.myPhoneDesktop
[2012/10/12 14:48:44 | 000,000,000 | ---D | C] -- C:\Users\vice\Documents\My Received Files
[2012/10/12 13:02:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/10/12 12:12:58 | 000,000,000 | ---D | C] -- C:\Users\vice\AppData\Roaming\Paltalk
[2012/10/12 12:10:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Paltalk Messenger
[2012/10/12 11:09:00 | 000,000,000 | ---D | C] -- C:\Users\vice\AppData\Roaming\AVG LiveKive
[2012/10/12 11:08:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG LiveKive
[2012/10/12 11:00:45 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2012/10/12 11:00:44 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2012/10/12 11:00:44 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2012/10/12 11:00:43 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2012/10/12 11:00:43 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2012/10/12 11:00:43 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2012/10/12 11:00:43 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2012/10/12 11:00:43 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2012/10/12 11:00:43 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2012/10/12 11:00:43 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2012/10/12 11:00:43 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2012/10/12 11:00:43 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2012/10/12 11:00:41 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2012/10/12 11:00:41 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2012/10/12 11:00:41 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
[2012/10/12 10:58:05 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe
[2012/10/12 10:58:04 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe
[2012/10/12 10:58:04 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe
[2012/10/12 10:57:54 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kernel32.dll
[2012/10/12 10:57:54 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KernelBase.dll
[2012/10/12 10:57:54 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\conhost.exe
[2012/10/12 10:57:54 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64.dll
[2012/10/12 10:57:54 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winsrv.dll
[2012/10/12 10:57:53 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64win.dll
[2012/10/12 10:57:53 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\setup16.exe
[2012/10/12 10:57:53 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntvdm64.dll
[2012/10/12 10:57:53 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntvdm64.dll
[2012/10/12 10:57:53 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64cpu.dll
[2012/10/12 10:57:53 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\instnm.exe
[2012/10/12 10:57:53 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wow32.dll
[2012/10/12 10:57:53 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012/10/12 10:57:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/10/12 10:57:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012/10/12 10:57:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012/10/12 10:57:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012/10/12 10:57:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012/10/12 10:57:52 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012/10/12 10:57:52 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012/10/12 10:57:52 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012/10/12 10:57:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012/10/12 10:57:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/10/12 10:57:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/10/12 10:57:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012/10/12 10:57:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012/10/12 10:57:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/12 10:57:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012/10/12 10:57:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012/10/12 10:57:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012/10/12 10:57:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/10/12 10:57:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012/10/12 10:57:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012/10/12 10:57:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012/10/12 10:57:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012/10/12 10:57:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012/10/12 10:57:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/10/12 10:57:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012/10/12 10:57:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012/10/12 10:57:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012/10/12 10:57:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012/10/12 10:57:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012/10/12 10:57:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012/10/12 10:57:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012/10/12 10:57:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/10/12 10:57:50 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012/10/12 10:57:50 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012/10/12 10:57:50 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012/10/12 10:57:50 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012/10/12 10:57:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012/10/12 10:57:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/10/12 10:57:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/10/12 10:57:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012/10/12 10:57:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/12 10:57:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012/10/12 10:57:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012/10/12 10:57:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012/10/12 10:57:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012/10/12 10:57:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012/10/12 10:57:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012/10/12 10:57:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012/10/12 10:57:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012/10/12 10:57:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/10/12 10:57:49 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/10/12 10:57:49 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012/10/12 10:57:49 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012/10/12 10:57:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012/10/12 10:57:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012/10/12 10:57:49 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\user.exe
[2012/10/12 10:57:37 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3d10level9.dll
[2012/10/12 10:57:37 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\RNDISMP.sys
[2012/10/12 10:57:36 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\netio.sys
[2012/10/12 10:57:36 | 000,288,624 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\FWPKCLNT.SYS
[2012/10/12 10:57:36 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wintrust.dll
[2012/10/12 10:57:25 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\OxpsConverter.exe
[2012/10/12 10:57:20 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\crypt32.dll
[2012/10/12 10:57:20 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cryptnet.dll
[2012/10/12 10:54:48 | 000,000,000 | ---D | C] -- C:\Users\vice\Desktop\Txt file notes
[2012/10/12 10:51:49 | 000,000,000 | ---D | C] -- C:\Users\vice\Desktop\New Data Placments
[2012/10/12 10:44:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
[2012/10/12 10:44:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinPcap
[2012/10/10 02:36:33 | 000,160,992 | ---- | C] (Tonec Inc.) -- C:\windows\SysNative\drivers\idmwfp.sys
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/10/19 00:16:34 | 000,538,941 | ---- | M] () -- C:\Users\vice\Desktop\adwcleaner.exe
[2012/10/19 00:15:34 | 001,425,920 | ---- | M] () -- C:\Users\vice\Desktop\RogueKiller.exe
[2012/10/19 00:09:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\vice\Desktop\OTL.exe
[2012/10/18 23:56:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/10/18 23:26:00 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/18 23:26:00 | 000,000,904 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-254672792-3389915106-1260256797-1000UA.job
[2012/10/18 15:38:33 | 098,101,843 | ---- | M] () -- C:\windows\SysNative\drivers\AVG\incavi.avm
[2012/10/18 15:38:04 | 000,610,357 | ---- | M] () -- C:\windows\SysNative\drivers\AVG\iavichjg.avm
[2012/10/18 12:12:00 | 000,000,400 | ---- | M] () -- C:\windows\tasks\MegaCloud Backup.job
[2012/10/18 11:26:00 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/18 11:26:00 | 000,000,852 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-254672792-3389915106-1260256797-1000Core.job
[2012/10/17 22:10:56 | 000,001,475 | ---- | M] () -- C:\Users\vice\Desktop\gproxy.lnk
[2012/10/17 22:10:55 | 000,001,539 | ---- | M] () -- C:\Users\vice\Desktop\Euroloader.lnk
[2012/10/17 22:06:59 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/17 22:06:59 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/17 22:04:22 | 000,000,742 | ---- | M] () -- C:\Users\Public\Desktop\Warcraft III - The Frozen Throne.lnk
[2012/10/17 22:03:27 | 000,000,697 | ---- | M] () -- C:\Users\Public\Desktop\Warcraft III.lnk
[2012/10/17 22:00:07 | 000,001,029 | ---- | M] () -- C:\Users\vice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MegaCloud Backup.lnk
[2012/10/17 21:59:42 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/10/17 21:59:41 | 3062,255,616 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/17 21:45:23 | 000,694,287 | ---- | M] (Farbar) -- C:\Users\vice\Desktop\FSS.exe
[2012/10/17 20:52:10 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2012/10/17 20:44:21 | 004,982,045 | R--- | M] (Swearware) -- C:\Users\vice\Desktop\ComboFix_2.exe
[2012/10/17 20:38:59 | 002,213,464 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\vice\Desktop\tdsskiller_2.exe
[2012/10/17 13:43:05 | 000,001,752 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/10/17 13:33:32 | 000,783,418 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/10/17 13:33:32 | 000,663,472 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/10/17 13:33:32 | 000,122,308 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/10/17 13:31:49 | 000,629,010 | ---- | M] () -- C:\windows\SysNative\drivers\AVG\iavifw.avm
[2012/10/16 17:43:06 | 000,007,620 | ---- | M] () -- C:\Users\vice\AppData\Local\resmon.resmoncfg
[2012/10/15 16:59:44 | 000,003,791 | ---- | M] () -- C:\Users\vice\Desktop\iTunes Diagnostics.rtf
[2012/10/15 15:31:11 | 000,000,600 | ---- | M] () -- C:\Users\vice\AppData\Roaming\winscp.rnd
[2012/10/15 15:06:54 | 000,288,887 | ---- | M] () -- C:\MGlogs.zip
[2012/10/15 07:20:03 | 008,912,896 | ---- | M] () -- C:\Users\vice\ntuser.bak
[2012/10/15 03:27:11 | 000,041,595 | ---- | M] () -- C:\Users\vice\Desktop\PdaNet__1.1.2_.apk
[2012/10/13 12:56:19 | 000,045,270 | ---- | M] () -- C:\Users\vice\AppData\Roaming\room_v3.dat
[2012/10/13 05:20:48 | 1167,435,762 | ---- | M] () -- C:\Users\vice\Desktop\Warcraft III - Reing of Chaos + Warcraft III Frozen Throne + CD Key + ENG Patch 121B.zip
[2012/10/12 23:50:16 | 020,200,914 | ---- | M] () -- C:\Users\vice\Desktop\WinZip Reg Optimizer pro Patch.Crack included.rar
[2012/10/12 23:12:32 | 003,917,054 | ---- | M] () -- C:\Users\vice\Desktop\Ccleaner Bussiness Edition Crack.Patch included.rar
[2012/10/12 22:06:03 | 005,704,735 | ---- | M] () -- C:\Users\vice\Desktop\UniBlue Power Suite Crack inculded.rar
[2012/10/12 12:13:02 | 000,001,948 | ---- | M] () -- C:\Users\vice\Desktop\Paltalk Messenger.lnk
[2012/10/12 12:13:01 | 000,001,224 | ---- | M] () -- C:\Users\vice\Desktop\Upgrade to Paltalk Extreme.lnk
[2012/10/12 11:56:16 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2012/10/12 11:56:16 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/10/12 11:08:56 | 000,001,019 | ---- | M] () -- C:\Users\vice\Desktop\AVG LiveKive.lnk
[2012/10/12 10:57:30 | 000,001,858 | ---- | M] () -- C:\Users\vice\Desktop\Usenet.nl.lnk
[2012/09/27 11:07:26 | 000,160,992 | ---- | M] (Tonec Inc.) -- C:\windows\SysNative\drivers\idmwfp.sys
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/10/17 22:10:56 | 000,001,475 | ---- | C] () -- C:\Users\vice\Desktop\gproxy.lnk
[2012/10/17 22:10:55 | 000,001,539 | ---- | C] () -- C:\Users\vice\Desktop\Euroloader.lnk
[2012/10/17 22:03:58 | 000,000,742 | ---- | C] () -- C:\Users\Public\Desktop\Warcraft III - The Frozen Throne.lnk
[2012/10/17 22:03:08 | 000,000,697 | ---- | C] () -- C:\Users\Public\Desktop\Warcraft III.lnk
[2012/10/17 20:45:30 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2012/10/17 20:45:30 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2012/10/17 20:45:30 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2012/10/17 20:45:30 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2012/10/17 20:45:30 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2012/10/17 13:43:05 | 000,001,752 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/10/15 16:59:43 | 000,003,791 | ---- | C] () -- C:\Users\vice\Desktop\iTunes Diagnostics.rtf
[2012/10/15 13:50:41 | 000,288,887 | ---- | C] () -- C:\MGlogs.zip
[2012/10/15 03:27:09 | 000,041,595 | ---- | C] () -- C:\Users\vice\Desktop\PdaNet__1.1.2_.apk
[2012/10/13 08:07:14 | 000,045,270 | ---- | C] () -- C:\Users\vice\AppData\Roaming\room_v3.dat
[2012/10/13 04:12:43 | 1167,435,762 | ---- | C] () -- C:\Users\vice\Desktop\Warcraft III - Reing of Chaos + Warcraft III Frozen Throne + CD Key + ENG Patch 121B.zip
[2012/10/12 23:49:59 | 020,200,914 | ---- | C] () -- C:\Users\vice\Desktop\WinZip Reg Optimizer pro Patch.Crack included.rar
[2012/10/12 23:12:29 | 003,917,054 | ---- | C] () -- C:\Users\vice\Desktop\Ccleaner Bussiness Edition Crack.Patch included.rar
[2012/10/12 22:05:57 | 005,704,735 | ---- | C] () -- C:\Users\vice\Desktop\UniBlue Power Suite Crack inculded.rar
[2012/10/12 12:13:02 | 000,001,948 | ---- | C] () -- C:\Users\vice\Desktop\Paltalk Messenger.lnk
[2012/10/12 12:13:01 | 000,001,224 | ---- | C] () -- C:\Users\vice\Desktop\Upgrade to Paltalk Extreme.lnk
[2012/10/12 12:11:45 | 000,000,400 | ---- | C] () -- C:\windows\tasks\MegaCloud Backup.job
[2012/10/12 11:08:56 | 000,001,049 | ---- | C] () -- C:\Users\vice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVG LiveKive.lnk
[2012/10/12 11:08:56 | 000,001,019 | ---- | C] () -- C:\Users\vice\Desktop\AVG LiveKive.lnk
[2012/06/19 18:41:38 | 000,000,337 | ---- | C] () -- C:\Users\vice\AppData\Local\Perfmon.PerfmonCfg
[2012/06/18 23:28:17 | 000,037,837 | ---- | C] () -- C:\Users\vice\AppData\Roaming\Comma Separated Values (DOS).ADR
[2012/03/08 13:33:25 | 000,008,192 | ---- | C] () -- C:\Users\vice\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/13 15:01:24 | 000,000,600 | ---- | C] () -- C:\Users\vice\AppData\Local\PUTTY.RND
[2012/01/22 23:08:25 | 000,000,140 | ---- | C] () -- C:\windows\SysWow64\ptl5.dat.{B03B289B-C438-4D0F-B3B0-52F9FE7B661D}
[2012/01/22 16:44:02 | 000,000,016 | ---- | C] () -- C:\windows\SysWow64\ptlx55.dat.{5728B11F-B697-47AA-9C1B-8ECB545B5193}
[2012/01/19 12:36:27 | 000,000,197 | ---- | C] () -- C:\Users\vice\openvpn-connect.json
[2012/01/18 17:24:20 | 000,000,277 | ---- | C] () -- C:\Users\vice\.JavaPowUpload.properties
[2012/01/18 07:32:25 | 000,000,049 | ---- | C] () -- C:\Users\vice\.gtk-bookmarks
[2012/01/16 17:28:01 | 000,000,168 | ---- | C] () -- C:\Users\vice\AppData\Roaming\settings.set
[2012/01/16 07:26:48 | 000,000,600 | ---- | C] () -- C:\Users\vice\AppData\Roaming\winscp.rnd
[2011/09/26 10:56:51 | 000,038,427 | ---- | C] () -- C:\Users\vice\AppData\Roaming\Comma Separated Values (Windows).ADR
[2011/09/21 14:43:36 | 000,081,920 | ---- | C] () -- C:\windows\SysWow64\pwbsp.dll
[2011/09/21 14:43:35 | 000,094,208 | ---- | C] () -- C:\windows\SysWow64\bioapi100.dll
[2011/09/21 14:43:35 | 000,073,728 | ---- | C] () -- C:\windows\SysWow64\bioapi_dummy100.dll
[2011/09/21 14:43:34 | 000,131,072 | ---- | C] () -- C:\windows\SysWow64\bioapi_mds300.dll
[2011/09/21 14:42:27 | 000,159,744 | ---- | C] () -- C:\windows\SysWow64\zkemsdk.dll
[2011/09/21 14:42:27 | 000,126,976 | ---- | C] () -- C:\windows\SysWow64\rscomm.dll
[2011/09/21 14:42:27 | 000,110,592 | ---- | C] () -- C:\windows\SysWow64\rscagent.dll
[2011/09/21 14:42:27 | 000,110,592 | ---- | C] () -- C:\windows\SysWow64\rsagent.dll
[2011/09/21 14:42:27 | 000,100,352 | ---- | C] () -- C:\windows\SysWow64\plce.dll
[2011/09/21 14:42:27 | 000,045,056 | ---- | C] () -- C:\windows\SysWow64\comms.dll
[2011/09/21 14:42:27 | 000,040,960 | ---- | C] () -- C:\windows\SysWow64\rsagentlst.dll
[2011/09/21 14:42:26 | 000,147,456 | ---- | C] () -- C:\windows\SysWow64\ATRauthentec.dll
[2011/09/21 14:42:26 | 000,057,344 | ---- | C] () -- C:\windows\SysWow64\commpro.dll
[2011/07/28 15:20:57 | 001,589,248 | ---- | C] () -- C:\windows\SysWow64\libmysql_d.dll
[2011/07/18 10:36:16 | 000,007,620 | ---- | C] () -- C:\Users\vice\AppData\Local\resmon.resmoncfg
[2011/07/01 00:28:31 | 000,796,852 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/06/30 15:02:01 | 008,912,896 | ---- | C] () -- C:\Users\vice\ntuser.bak
[2011/05/16 12:31:44 | 000,008,592 | ---- | C] () -- C:\windows\SysWow64\ractrlkeyhook.dll
[2011/02/09 17:54:58 | 003,973,120 | ---- | C] () -- C:\windows\SysWow64\ffmpeg2.exe

========== ZeroAccess Check ==========

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 22:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 21:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/01/12 09:52:41 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\DigiData
[2012/01/12 09:52:41 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\DigiData
[2012/10/17 13:24:15 | 000,000,000 | ---D | M] -- C:\Users\Game Account\AppData\Roaming\AVG2012
[2012/10/16 18:03:53 | 000,000,000 | ---D | M] -- C:\Users\Game Account\AppData\Roaming\DAEMON Tools Pro
[2012/01/12 09:52:41 | 000,000,000 | ---D | M] -- C:\Users\Game Account\AppData\Roaming\DigiData
[2012/10/16 21:41:10 | 000,000,000 | ---D | M] -- C:\Users\Game Account\AppData\Roaming\Notepad++
[2012/10/17 11:45:03 | 000,000,000 | ---D | M] -- C:\Users\Game Account\AppData\Roaming\Reviversoft
[2011/07/17 22:54:38 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\.purple
[2012/02/14 19:52:50 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\Air Cam Live Video - PC Control
[2012/02/22 16:21:36 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\AVG
[2012/10/12 14:26:39 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\AVG LiveKive
[2011/10/28 09:45:27 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\AVG2012
[2012/10/15 03:17:56 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\BitTorrent
[2012/04/23 14:41:45 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\com.import.ResellerImporter
[2012/01/09 16:37:08 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\DAEMON Tools Lite
[2012/10/17 13:24:06 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\DAEMON Tools Pro
[2012/02/15 07:48:25 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\Devicescape
[2012/01/22 19:32:07 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\Digital Confidence
[2012/01/18 18:05:13 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\DiskAid
[2012/10/19 00:16:35 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\DMCache
[2011/07/19 23:04:53 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\Downloaded Installations
[2012/10/17 13:24:05 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\ExpressFiles
[2012/10/12 12:14:54 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\FileZilla
[2011/08/26 10:21:57 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\Five9
[2011/07/26 09:37:01 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\GSplit
[2012/02/13 06:53:51 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\gtk-2.0
[2012/10/17 13:17:26 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\IDM
[2012/10/17 13:17:26 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\MegaCloud
[2012/10/18 13:31:32 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\MegaCloudBackup
[2012/02/13 06:49:55 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\Netscape
[2012/10/15 09:22:15 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\Nico Mak Computing
[2012/10/17 13:24:44 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\Notepad++
[2012/10/17 13:24:44 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\OpenCandy
[2011/07/16 16:50:22 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\OutWit
[2012/10/12 13:00:14 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\Paltalk
[2012/01/16 23:25:23 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\PE Explorer
[2011/07/08 10:15:28 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\QuickScan
[2012/10/17 06:59:21 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\Reviversoft
[2012/02/13 06:49:59 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\Risingware
[2011/06/30 15:17:46 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\RoboForm
[2011/07/07 12:45:03 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\SoftGrid Client
[2011/08/30 14:05:26 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\TechWizard
[2011/06/30 16:35:12 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\Tific
[2011/07/07 03:35:07 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\Toshiba
[2011/07/01 00:29:19 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\TP
[2012/10/13 04:27:48 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\Uniblue
[2012/10/15 15:11:02 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\uTorrent
[2011/06/30 15:02:37 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\WinBatch
[2011/09/23 10:19:24 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\Windows Live Writer
[2012/02/15 10:58:45 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\Wireshark
[2012/06/18 23:53:19 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\WNR
[2011/07/17 23:53:32 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\YouSendIt

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: CRYPTSVC.DLL >
[2012/06/01 21:52:32 | 000,142,336 | ---- | M] (Microsoft Corporation) MD5=063DD65889D21035311463337BD268E7 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22010_none_788c7cc71232cc19\cryptsvc.dll
[2012/04/23 21:36:42 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=06E771AA596B8761107AB57E99F128D7 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17827_none_77ff39f3f916c65f\cryptsvc.dll
[2010/11/20 06:25:59 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=15597883FBE9B056F276ADA3AD87D9AF -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_d4259ed3b16ed82a\cryptsvc.dll
[2012/04/23 21:28:22 | 000,142,336 | ---- | M] (Microsoft Corporation) MD5=21993009E0CCB9B4FA195F14D3408626 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.21979_none_7854c7b7125b248c\cryptsvc.dll
[2012/06/01 22:32:25 | 000,183,808 | ---- | M] (Microsoft Corporation) MD5=456107D69D4EE850A559434F19EFEE65 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.21225_none_d2beeccacd6d6c07\cryptsvc.dll
[2012/04/23 22:37:37 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=4F5414602E2544A4554D95517948B705 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17827_none_d41dd577b1743795\cryptsvc.dll
[2012/04/23 21:47:04 | 000,139,264 | ---- | M] (Microsoft Corporation) MD5=520A108A2657F4BCA7FCED9CA7D885DE -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.17008_none_762f534bfbdf7203\cryptsvc.dll
[2012/06/04 00:52:35 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=7E7D2DACF65D750D466F36BD3D09AE20 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22010_none_d4ab184aca903d4f\cryptsvc.dll
[2009/07/13 18:40:24 | 000,175,104 | ---- | M] (Microsoft Corporation) MD5=8C57411B66282C01533CB776F98AD384 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_d1f48b0bb4805490\cryptsvc.dll
[2012/06/01 21:36:29 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=96C0E38905CFD788313BE8E11DAE3F2F -- C:\Windows\erdnt\cache86\cryptsvc.dll
[2012/06/01 21:36:29 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=96C0E38905CFD788313BE8E11DAE3F2F -- C:\Windows\SysWOW64\cryptsvc.dll
[2012/06/01 21:36:29 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=96C0E38905CFD788313BE8E11DAE3F2F -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17856_none_77ddc9e5f93000db\cryptsvc.dll
[2012/06/01 22:41:28 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=9C01375BE382E834CC26D1B7EAF2C4FE -- C:\Windows\erdnt\cache64\cryptsvc.dll
[2012/06/01 22:41:28 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=9C01375BE382E834CC26D1B7EAF2C4FE -- C:\windows\SysNative\cryptsvc.dll
[2012/06/01 22:41:28 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=9C01375BE382E834CC26D1B7EAF2C4FE -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17856_none_d3fc6569b18d7211\cryptsvc.dll
[2009/07/13 18:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_75d5ef87fc22e35a\cryptsvc.dll
[2010/11/20 05:18:24 | 000,136,192 | ---- | M] (Microsoft Corporation) MD5=A585BEBF7D054BD9618EDA0922D5484A -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_7807034ff91166f4\cryptsvc.dll
[2012/04/23 22:22:32 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=B7337E9C9E5936355BB700AA33E0936E -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.21979_none_d473633acab895c2\cryptsvc.dll
[2012/06/01 22:25:12 | 000,182,272 | ---- | M] (Microsoft Corporation) MD5=BAF19B633933A9FB4883D27D66C39E9A -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.17035_none_d22a7e2db457eb07\cryptsvc.dll
[2012/04/23 22:36:46 | 000,183,808 | ---- | M] (Microsoft Corporation) MD5=CE8BF1423AEE47DA5275FBC8AD3BD642 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.21199_none_d2773c98cda297d3\cryptsvc.dll
[2012/06/01 21:41:59 | 000,141,312 | ---- | M] (Microsoft Corporation) MD5=EA8C26ECF1656D9647EF044F115EC6DA -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.21225_none_76a05147150ffad1\cryptsvc.dll
[2012/04/23 22:59:45 | 000,182,272 | ---- | M] (Microsoft Corporation) MD5=F02786B66375292E58C8777082D4396D -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.17008_none_d24deecfb43ce339\cryptsvc.dll
[2012/06/01 21:45:21 | 000,139,264 | ---- | M] (Microsoft Corporation) MD5=F2FDE6C8DBAAD44CC58D1E07E4AF4EED -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.17035_none_760be2a9fbfa79d1\cryptsvc.dll
[2012/04/23 21:33:53 | 000,141,312 | ---- | M] (Microsoft Corporation) MD5=F522279B4717E2BFF269C771FAC2B78E -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.21199_none_7658a1151545269d\cryptsvc.dll

< MD5 for: EXPLORER.EXE >
[2011/02/25 23:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/25 22:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 18:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/25 22:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/30 22:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/25 22:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\erdnt\cache86\explorer.exe
[2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/25 23:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 05:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/02 23:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/30 23:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/02 22:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 06:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/30 23:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/02 22:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 18:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/30 23:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/25 23:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/02 23:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: QMGR.DLL >
[2010/11/20 06:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\erdnt\cache64\qmgr.dll
[2010/11/20 06:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\windows\SysNative\qmgr.dll
[2010/11/20 06:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7601.17514_none_81b6ca5c101195cd\qmgr.dll
[2009/07/13 18:41:53 | 000,848,384 | ---- | M] (Microsoft Corporation) MD5=7F0C323FE3DA28AA4AA1BDA3F575707F -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7600.16385_none_7f85b69413231233\qmgr.dll

< MD5 for: SERVICES >
[2012/01/08 08:40:20 | 002,351,921 | ---- | M] () MD5=6CC4C95DC67C4FEC259AE9308DE6A010 -- C:\Program Files (x86)\Wireshark\services
[2009/06/10 14:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services

< MD5 for: SERVICES.CFG >
[2012/07/27 13:51:34 | 000,586,083 | ---- | M] () MD5=6DE4EA437EC1FE6DB27CADB0A7EA8DC2 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2011/06/06 13:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg

< MD5 for: SERVICES.EXE >
[2009/07/13 18:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\erdnt\cache64\services.exe
[2009/07/13 18:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\windows\SysNative\services.exe
[2009/07/13 18:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2009/07/13 19:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\windows\SysNative\en-US\services.exe.mui
[2009/07/13 19:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui

< MD5 for: SERVICES.LNK >
[2009/07/13 21:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 21:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2009/06/10 13:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\windows\SysNative\wbem\services.mof
[2009/06/10 13:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof

< MD5 for: SERVICES.MSC >
[2009/07/13 19:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\windows\SysNative\en-US\services.msc
[2009/06/10 13:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\windows\SysNative\services.msc
[2009/07/13 19:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/06/10 14:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2009/07/13 19:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 13:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2009/07/13 19:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 14:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PTXML >
[2009/07/13 13:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 13:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml

< MD5 for: SERVICES.SBS >
[2011/03/01 00:58:46 | 000,034,818 | ---- | M] () MD5=62AFD4B2025CE6D4706B36F4C4808F9B -- C:\Program Files (x86)\Spybot - Search & Destroy\Includes\Services.sbs

< MD5 for: SERVICES.TXT >
[2010/03/15 11:10:46 | 000,000,978 | ---- | M] () MD5=FBBD4A9A3BD635843571EA8E7C061C9A -- C:\Program Files\Microsoft Baseline Security Analyzer 2\Services.txt

< MD5 for: SVCHOST.EXE >
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache86\svchost.exe
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\erdnt\cache64\svchost.exe
[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\windows\SysNative\svchost.exe
[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 05:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache86\userinit.exe
[2010/11/20 05:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 05:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 18:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 18:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 06:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\erdnt\cache64\userinit.exe
[2010/11/20 06:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\windows\SysNative\userinit.exe
[2010/11/20 06:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 06:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\erdnt\cache64\winlogon.exe
[2010/11/20 06:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\windows\SysNative\winlogon.exe
[2010/11/20 06:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 18:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 00:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/27 23:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< MD5 for: WSHELPER.DLL >
[2009/07/13 18:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\SysWOW64\wshelper.dll
[2009/07/13 18:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\winsxs\wow64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6ace9e67456cc40b\wshelper.dll
[2009/07/13 18:41:58 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=D314DA4B0B8DCD023D547FC568E34FB6 -- C:\windows\SysNative\wshelper.dll
[2009/07/13 18:41:58 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=D314DA4B0B8DCD023D547FC568E34FB6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\wshelper.dll

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Exp+.exe\InstallInfo\\HideIconsCommand: C:\Program Files (x86)\Risingware\Exp+\Exp+.exe -hideIconsCommand [2011/02/07 13:51:46 | 000,176,128 | ---- | M] (Risingware Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Exp+.exe\InstallInfo\\ShowIconsCommand: C:\Program Files (x86)\Risingware\Exp+\Exp+.exe -ShowIconsCommand [2011/02/07 13:51:46 | 000,176,128 | ---- | M] (Risingware Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Exp+.exe\InstallInfo\\ReinstallCommand: C:\Program Files (x86)\Risingware\Exp+\Exp+.exe -ReinstallCommand [2011/02/07 13:51:46 | 000,176,128 | ---- | M] (Risingware Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Exp+.exe\shell\open\command\\: C:\Program Files (x86)\Risingware\Exp+\Exp+.exe [2011/02/07 13:51:46 | 000,176,128 | ---- | M] (Risingware Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/08/01 10:49:52 | 000,865,776 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/08/01 10:49:52 | 000,865,776 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/08/01 10:49:52 | 000,865,776 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2012/08/01 10:49:53 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2012/08/01 10:49:53 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2012/08/01 10:49:53 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --show-icons [2012/10/10 03:06:17 | 001,239,064 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --hide-icons [2012/10/10 03:06:17 | 001,239,064 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/10/10 03:06:17 | 001,239,064 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [2012/10/10 03:06:17 | 001,239,064 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/07/06 13:11:15 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/07/06 13:11:15 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/07/06 13:11:15 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2012/08/24 00:34:41 | 000,748,680 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" [2012/08/24 00:34:41 | 000,748,680 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Safari\Safari.exe" /reinstall [2012/04/25 10:36:36 | 002,388,336 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Safari\Safari.exe" /hideicons [2012/04/25 10:36:36 | 002,388,336 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Safari\Safari.exe" /showicons [2012/04/25 10:36:36 | 002,388,336 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files (x86)\Safari\Safari.exe" [2012/04/25 10:36:36 | 002,388,336 | ---- | M] (Apple Inc.)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Exp+.exe\InstallInfo\\HideIconsCommand: C:\PROGRAM FILES (X86)\RISINGWARE\EXP+\EXP+.EXE -HIDEICONSCOMMAND [2011/02/07 13:51:46 | 000,176,128 | ---- | M] (Risingware Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Exp+.exe\InstallInfo\\ShowIconsCommand: C:\PROGRAM FILES (X86)\RISINGWARE\EXP+\EXP+.EXE -SHOWICONSCOMMAND [2011/02/07 13:51:46 | 000,176,128 | ---- | M] (Risingware Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Exp+.exe\InstallInfo\\ReinstallCommand: C:\PROGRAM FILES (X86)\RISINGWARE\EXP+\EXP+.EXE -REINSTALLCOMMAND [2011/02/07 13:51:46 | 000,176,128 | ---- | M] (Risingware Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Exp+.exe\shell\open\command\\: C:\PROGRAM FILES (X86)\RISINGWARE\EXP+\EXP+.EXE [2011/02/07 13:51:46 | 000,176,128 | ---- | M] (Risingware Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2012/08/01 10:49:52 | 000,865,776 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2012/08/01 10:49:52 | 000,865,776 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2012/08/01 10:49:52 | 000,865,776 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE [2012/08/01 10:49:53 | 000,913,888 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES [2012/08/01 10:49:53 | 000,913,888 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE [2012/08/01 10:49:53 | 000,913,888 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2012/10/10 03:06:17 | 001,239,064 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2012/10/10 03:06:17 | 001,239,064 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2012/10/10 03:06:17 | 001,239,064 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2012/10/10 03:06:17 | 001,239,064 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2011/07/06 13:11:14 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2011/07/06 13:11:14 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2011/07/06 13:11:14 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2012/08/24 00:34:41 | 000,748,680 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" [2012/08/24 00:34:41 | 000,748,680 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\SAFARI\SAFARI.EXE" /REINSTALL [2012/04/25 10:36:36 | 002,388,336 | ---- | M] (Apple Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\SAFARI\SAFARI.EXE" /HIDEICONS [2012/04/25 10:36:36 | 002,388,336 | ---- | M] (Apple Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\SAFARI\SAFARI.EXE" /SHOWICONS [2012/04/25 10:36:36 | 002,388,336 | ---- | M] (Apple Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\PROGRAM FILES (X86)\SAFARI\SAFARI.EXE" [2012/04/25 10:36:36 | 002,388,336 | ---- | M] (Apple Inc.)

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: TOSHIBA MK3265GSXN
Partitions: 3
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Unknown
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 1.00GB
Starting Offset: 1048576
Hidden sectors: 0

DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 286.00GB
Starting Offset: 1573912576
Hidden sectors: 0

DeviceID: Disk #0, Partition #2
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 10.00GB
Starting Offset: 308999618560
Hidden sectors: 0

< type c:\diskreport.txt /c >
Microsoft DiskPart version 6.1.7601
Copyright © 1999-2008 Microsoft Corporation.
On computer: NOTHING
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 D DVD-ROM 0 B No Media
Volume 1 C THE place NTFS Partition 286 GB Healthy Boot
Volume 2 System NTFS Partition 1500 MB Healthy Hidden

========== Alternate Data Streams ==========

@Alternate Data Stream - 181 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >

OTL Extras logfile created on: 10/19/2012 12:13:02 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\vice\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 1.61 Gb Available Physical Memory | 42.39% Memory free
7.60 Gb Paging File | 5.18 Gb Available in Paging File | 68.12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286.31 Gb Total Space | 185.97 Gb Free Space | 64.95% Space Free | Partition Type: NTFS

Computer Name: NOTHING | User Name: vice | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Exp+HTML] -- C:\Program Files (x86)\Risingware\Exp+\Exp+.exe (Risingware Corporation)
.url[@ = Exp+HTML] -- C:\Program Files (x86)\Risingware\Exp+\Exp+.exe (Risingware Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Exp+HTML] -- C:\Program Files (x86)\Risingware\Exp+\Exp+.exe (Risingware Corporation)
.url [@ = Exp+HTML] -- C:\Program Files (x86)\Risingware\Exp+\Exp+.exe (Risingware Corporation)

[HKEY_USERS\S-1-5-21-254672792-3389915106-1260256797-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03F5723D-9C82-4D0E-9A00-D34E2E65F890}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{0E6634E2-38CB-4D92-96EE-417635887B9C}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{117B677C-5BBF-44A1-AD00-DFED81CC6B2D}" = rport=139 | protocol=6 | dir=out | app=system |
"{184D4941-28F8-4158-8F22-1FBD97A4F490}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{19AFB71F-D094-4DBC-9B6A-4804A587C110}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{1F77BB58-FCBE-4E16-91FB-6BD88D00FF9F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2D697E49-B75D-46B1-A6B4-A4DF244A1731}" = lport=50000 | protocol=17 | dir=in | name=iha_messagecenter |
"{2E9DE63C-5F28-41A0-82EC-62BE8A325AA5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{3BAAC7D1-EF7D-417B-86A7-4BA587D20A64}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{3E66F7AE-A216-4EFB-A573-16B967E77E56}" = rport=445 | protocol=6 | dir=out | app=system |
"{4DB360EE-4D48-4464-A27A-9171F1286AB9}" = rport=137 | protocol=17 | dir=out | app=system |
"{4EB6BD26-2301-4DF0-8967-6415926D0C23}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5714FBE2-A90A-4EDA-AEA6-E026C7338900}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5741F088-17C9-4204-99CC-4725E0D1B7F2}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{68674D74-3659-46AD-9EB1-894E4AAD23E5}" = rport=138 | protocol=17 | dir=out | app=system |
"{68868396-3DEF-4DEC-971C-D1B056EA3160}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6D091EC8-1E6A-4A42-9011-39F172902C74}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{87EE2FA1-95D7-499F-9625-EC0A20D1B9F4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{89B4EF1E-D69C-476D-95D2-F38E9B623751}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{927A9BCB-0431-4F91-ADDB-3F9EBBAD7D72}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{9D2588F9-BFD7-447B-9580-5CED2DF76EA5}" = lport=445 | protocol=6 | dir=in | app=system |
"{9E201097-1AF4-45E9-8A58-4740A238571E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A0FE22CE-5835-407E-91F6-8219031E03F9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A116B44B-B995-404E-AEDF-BEFC4CCFB56E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A8350D0A-1F72-4A83-859F-7646098239B6}" = lport=137 | protocol=17 | dir=in | app=system |
"{AAF394E6-65EA-4976-971A-53E007E3C061}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AD04E8FB-B30E-4CB8-ABC2-14EC30F722FA}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BC6A8F52-99D7-407E-B7CE-A2F17A95BB60}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{BCBCF6E3-728B-4736-8C7A-1733397460E0}" = lport=50000 | protocol=17 | dir=in | name=iha_messagecenter |
"{C45DAA44-A1C3-4636-A2DC-E85BBAF4A4DA}" = lport=138 | protocol=17 | dir=in | app=system |
"{D40EB44A-0E13-4F29-9D10-25C1ECDAF319}" = rport=10243 | protocol=6 | dir=out | app=system |
"{D561EDF3-121C-462C-9873-74406EFF3933}" = lport=10243 | protocol=6 | dir=in | app=system |
"{DD49E78B-F1E8-45EB-832A-EF3010E3DD1C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{E34DA8CA-9351-404D-B797-4953623FC526}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E3AB4C07-64A8-43B2-A8C2-DA336B768A04}" = lport=139 | protocol=6 | dir=in | app=system |
"{E683C229-AF42-455A-9DA8-705BE6A0CC1D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{ECD5FDDF-98E5-46A8-9F9C-57EF8F04EADE}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{024F6D75-6242-41A6-91A7-85C8F38FCB17}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{049D8BE2-517B-4AB1-841D-20F53AA3ACEA}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{04D9696B-FE89-466E-89FA-737363968B49}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{077D76FE-3484-4488-A254-18E9A52E9BC4}" = protocol=17 | dir=in | app=c:\program files (x86)\kismet\kismetrunner.exe |
"{092456B8-05AF-47E4-8215-851103EF133F}" = protocol=1 | dir=out | [email protected],-28544 |
"{0D3090C2-97B0-4E26-AE66-2313CD6E976C}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{125BDA23-9ECE-42E8-8A8C-7528A5B3BF84}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{13BB094D-CE28-42A1-86F4-69D77E373713}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{18FEE148-18EB-4862-99A3-F716DB96199E}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{1D614F6C-A555-44E5-8CC3-7A041872D9DB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2C3923C1-8673-4471-B2B5-F00F69615B40}" = protocol=58 | dir=out | [email protected],-28546 |
"{313EC3CB-B7F3-4879-AADA-211B844328D2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{383072A0-49BE-4A06-8721-35B5FE89B6DD}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{45FF3D40-630B-4A25-B1CF-E521459281CB}" = protocol=58 | dir=in | [email protected],-28545 |
"{4868E4D6-7BA3-4126-8B10-C3575389F67C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{48D67FC0-0654-4273-8406-077BEEBACBB7}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{49F17035-8992-4AB8-B289-0AED096C6E29}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4BEC9707-B444-4A45-83D2-92ADC9E9D93B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{54E3BF77-1E5C-4F4E-9935-650BF831BF14}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{579F6D95-6A5A-4BD5-902F-5FD51990E269}" = protocol=6 | dir=in | app=c:\program files (x86)\kismet\kismetrunner.exe |
"{5E5698F1-8853-4765-90C2-906D57416C22}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{5ECF70DA-AD0E-461C-B0E7-3AF5F977CD1F}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{604E7AE3-1A93-4A99-8678-01D52DA527E0}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{638EF55D-CBE5-4CD8-A475-AADA928844DD}" = protocol=1 | dir=in | [email protected],-28543 |
"{6533193C-E557-46A8-943F-7DA534081B93}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{699913A7-F3C3-47C4-AF3E-11095403B84E}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{69BFED51-958C-45B9-8A3F-0BDFADEDE5CB}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{6E736F50-4C1D-4A2B-87AE-1861945ADEF9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6FD574C6-CF87-423B-9169-6157DB1FFAB4}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{731043B6-D0E0-41D9-A9A5-67C96321797A}" = protocol=17 | dir=in | app=c:\users\vice\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{755EC692-483A-4BB8-B3DC-C6083884B6D5}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{76233525-AEC8-4044-A74F-D6B801391AD7}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{781DA9EB-7D45-4019-88BF-0E54438DFCD4}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{79EA3646-AB8F-434A-B0B0-D78E94741744}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{8930843E-C505-4188-8EF3-2D0EA7EA8E0B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{8C06A734-2093-4F27-8521-D39C1B4CDDA9}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{8F6A44EA-AD77-4EB5-8E9D-311F755B5FF3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{93A7BE71-782E-4FF8-B492-9479582E0EE8}" = protocol=17 | dir=in | app=c:\program files (x86)\my-proxy\elite proxy switcher\eps.exe |
"{A0605FA6-1B88-4C23-B0C8-7748B85CEC3D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A517403C-CDF6-4D6B-98D8-F30CF7E39BF0}" = protocol=6 | dir=in | app=c:\program files (x86)\my-proxy\elite proxy switcher\eps.exe |
"{A5C781AF-85E7-4CFE-AA16-7079EA08D13C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A6341904-5A74-4148-8F72-29E0B35C920C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{AAC39A29-5A73-489A-BFF8-291D95E9EA1A}" = protocol=58 | dir=out | [email protected],-503 |
"{B5075C67-E3A0-45DE-B89D-7C7ED968953A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B62F2AF5-F8F8-4AE3-B89F-7145356EB804}" = protocol=6 | dir=in | app=c:\users\vice\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{BF737C49-4715-4470-B0BF-48E19FC23AA5}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{C261A811-81AE-435D-BFAA-710C57A3B626}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{C5998B3C-31EA-4BED-8974-DBD190CA5191}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C7C34653-A2B7-4E4D-B85C-4F41CF8800C0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CA3CD612-BA15-4B6A-A865-BF414F7B8298}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{CC9288DB-3CD3-45CD-8FBF-0FDBF469844D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D04EE1A9-BA3B-44A6-855A-7F32E13088EB}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{D1811018-92B5-46A0-9047-203F945FE6CD}" = protocol=58 | dir=in | app=system |
"{D7B73C95-0799-452F-87AE-06908F12B056}" = protocol=6 | dir=out | app=system |
"{DD4E0E6C-1F1B-4E79-994F-D480EC6AC8C9}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{DE54373F-E253-42D1-BE79-86A217281BFC}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{E6F3FC14-6D15-40F5-A0F1-3CA804795D92}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{F0008930-F617-436F-9E89-C837A99C913F}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{F03292A7-6A25-4792-9EA0-FB97C11A418E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F9290AF3-0352-473E-972B-65C3A079E44D}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"TCP Query User{11442E19-1C0D-4CF4-B65F-92D26C266025}C:\program files (x86)\kismet\kismet_server.exe" = protocol=6 | dir=in | app=c:\program files (x86)\kismet\kismet_server.exe |
"TCP Query User{B392D9B0-A702-4E75-8C1C-1E9D5CE4A5D9}C:\program files (x86)\senstic\air cam\aircamwin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\senstic\air cam\aircamwin.exe |
"UDP Query User{391F2FE0-7A09-4095-992B-09CE384E0C23}C:\program files (x86)\senstic\air cam\aircamwin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\senstic\air cam\aircamwin.exe |
"UDP Query User{7C9E3B7C-631B-4D55-ADA6-B3997C01FC9D}C:\program files (x86)\kismet\kismet_server.exe" = protocol=17 | dir=in | app=c:\program files (x86)\kismet\kismet_server.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{08C3441C-4FAF-48D3-A551-70DD6031734F}" = Microsoft Baseline Security Analyzer 2.2
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416031FF}" = Java™ 6 Update 31 (64-bit)
"{344C0D46-2EF4-4BC8-AE03-3DACDA9B9485}" = AVG 2012
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4BC310C4-B898-46E2-B5FB-B85A30AA7142}" = iCloud
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}" = MobileMe Control Panel
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A0E99122-25C1-4CA4-9063-499A2A814EB6}" = TOSHIBA ReelTime
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{BF46C84D-1AC3-4CC3-A45C-EF6257B80984}" = AVG 2012
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AVG" = AVG 2012
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"PDF Creator" = PDF Creator
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.01 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03ABA728-1102-4DDD-833E-75B4F991F204}" = Air Cam
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{073B89C3-BA88-41B5-965F-B35A88EAE838}" = TOSHIBA Supervisor Password
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D795777-9D60-4692-8386-F2B3F2B5E5BF}" = Label@Once 1.0
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = TOSHIBA Assist
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java™ 7 Update 5
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{39187A4B-7538-4BE7-8BAD-9E83303793AA}" = Toshiba Book Place
"{3C38FA6C-AC09-47A4-99AA-02EAB41310CF}" = Time&Attendance
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB97AF3-C76E-4F06-86DA-CF85A52A1B48}" = Exp+
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup 2011
"{50B62367-6210-45E4-AA1E-A0532926E429}" = Cisco WebEx Meeting Center for Firefox or Chrome
"{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = ToshibaRegistration
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{645B21E3-D9DE-8669-B7A5-AE88B044EB5E}" = 0 Structure Reseller Importer
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{730EF0E8-8B8E-4054-B2CE-5D4BA3BCE510}" = Vz In Home Agent
"{7FB413C8-3CAD-49F7-A67C-6EFEB4B04050}" = LogMeIn Hamachi
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}" = iLivid
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E9CEA3B-EBD1-439C-A01D-830CB39613C6}" = TOSHIBA Hardware Setup
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92C43AC3-61AC-4376-BE2D-2C0BC87E7C93}" = MetadataTouch
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = TOSHIBA Application Installer
"{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}" = TOSHIBA Media Controller
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB5F756A-F9DA-4FCF-A9B3-86965BAA8805}" = OpenVPN Connect
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BE2DDF55-4C42-44CC-A56E-C8E4A65CB2FF}" = IHA_MessageCenter
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Toshiba Online Backup
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CDED9EF0-D072-11DF-2EA6-0104A00B0BB3}" = CommView for WiFi
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D90AD053-6F8D-4658-9EB8-D57C8BE39092}" = QBFC 7.0
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DED11593-A4C6-4D6C-385A-5A5EB044A045}" = Intouch Importer
"{DFD30824-6BD0-34E1-ABE8-308AD3CBB9A0}" = Google Talk Plugin
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E60BFE17-F44C-4A28-9ACF-1DD7362B0278}_is1" = Acunetix Web Vulnerability Scanner 6.0
"{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}" = Toshiba App Place
"{EE4CA5AF-4A55-418C-8CB8-74435814207B}" = LogMeIn
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in
"{F32A47C6-E1DB-45c0-A389-AEEB528496EF}" = TurboCap Software v1.4
"{FC7BACF0-1FFA-4605-B3B4-A66AB382752D}" = XML Notepad 2007
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AI RoboForm" = RoboForm 7-8-3-5 (All Users)
"airpcapinst" = AirPcap software 4.1.1
"Applian Director2.11" = Applian Director
"Astroburn Lite" = Astroburn Lite
"AVG LiveKive" = AVG LiveKive
"BitTorrent" = BitTorrent
"com.import.Importer" = Intouch Importer
"com.import.ResellerImporter" = 0 Structure Reseller Importer
"Elite Proxy Switcher_is1" = Elite Proxy Switcher 1.18
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Eurobattle.net1.26" = Eurobattle.net
"FileZilla Client" = FileZilla Client 3.5.3
"GoldWave v5.58" = GoldWave v5.58
"Google Chrome" = Google Chrome
"iLivid" = iLivid
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{A0E99122-25C1-4CA4-9063-499A2A814EB6}" = TOSHIBA ReelTime
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"Internet Download Manager" = Internet Download Manager
"kismetinst" = Kismet 2008-05-R1 for Windows
"LogMeIn Hamachi" = LogMeIn Hamachi
"MAILERS+4_is1" = ListWare 6.0 build #418
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NortonPCCheckup" = Toshiba Laptop Checkup
"Notepad++" = Notepad++
"Paltalk Messenger" = Paltalk Messenger 10.2
"PE Explorer_is1" = PE Explorer 1.99 R6
"PremiumSoft Navicat Premium_is1" = PremiumSoft Navicat Premium 9.1
"ProxySwitcher Standard_is1" = ProxySwitcher Standard
"Replay Converter 4" = Replay Converter 4
"Replay Media Catcher 4" = Replay Media Catcher 4 (4.2.9)
"Replay Music4.02" = Replay Music
"Replay Telecorder for Skype_is1" = Replay Telecorder for Skype 1.2.0.4
"Replay Video Capture5.2.1" = Replay Video Capture 5
"Replay_AV_807" = Replay AV 8
"SopCast" = SopCast 3.4.8
"Usenet.nl_is1" = Usenet.nl
"VLC media player" = VLC media player 1.1.11
"WampServer 2_is1" = WampServer 2.1
"Warcraft III" = Warcraft III
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2
"winscp3_is1" = WinSCP 4.3.6
"Wireshark" = Wireshark 1.6.5

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-254672792-3389915106-1260256797-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f656457a3fa8a571" = LeadExec 3.1
"Five9 Administrator" = Five9 Administrator
"Five9 Agent" = Five9 Agent
"Five9 Supervisor" = Five9 Supervisor
"JoinMe" = join.me
"MegaCloud" = MegaCloud

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 10/17/2012 9:57:14 AM | Computer Name = Nothing | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\vice\Downloads\Programs\esetsmartinstaller_enu.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 10/17/2012 10:15:11 AM | Computer Name = Nothing | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\vice\Downloads\Programs\SoftonicDownloader_for_maketorrent.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component
2: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error - 10/17/2012 10:15:11 AM | Computer Name = Nothing | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\vice\Downloads\Programs\SoftonicDownloader_for_commview-for-wifi.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component
2: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error - 10/17/2012 10:15:12 AM | Computer Name = Nothing | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\vice\Downloads\Programs\SoftonicDownloader_for_warcraft-iii-the-frozen-throne.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component
2: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error - 10/17/2012 10:15:49 AM | Computer Name = Nothing | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\vice\Downloads\Programs\SoftonicDownloader_for_ccleaner-auto-updater.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component
2: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error - 10/17/2012 6:31:07 PM | Computer Name = Nothing | Source = Bonjour Service | ID = 100
Description = Client application bug: DNSServiceResolve(BZDN1777797771-QkxaMDAwMjkyVkMzRjQ1RDg4RENFeUUwREFERkJFRTc=._bzdn._tcp.local.)
active for over two minutes. This places considerable burden on the network.

Error - 10/18/2012 1:12:29 AM | Computer Name = Nothing | Source = Application Error | ID = 1000
Description = Faulting application name: war3.exe, version: 1.21.1.6300, time stamp:
0x469fb048 Faulting module name: w3lh.dll_unloaded, version: 0.0.0.0, time stamp:
0x4db3611d Exception code: 0xc0000005 Fault offset: 0x0030461b Faulting process id:
0x1350 Faulting application start time: 0x01cdacef2acb6a70 Faulting application path:
C:\Warcraft III\war3.exe Faulting module path: w3lh.dll Report Id: 693b9389-18e2-11e2-afd2-68a3c4b4dc7b

Error - 10/18/2012 1:17:11 AM | Computer Name = Nothing | Source = Application Error | ID = 1000
Description = Faulting application name: war3.exe, version: 1.21.1.6300, time stamp:
0x469fb048 Faulting module name: w3lh.dll_unloaded, version: 0.0.0.0, time stamp:
0x4db3611d Exception code: 0xc0000005 Fault offset: 0x0029461b Faulting process id:
0x1720 Faulting application start time: 0x01cdacefd1dbf182 Faulting application path:
C:\Warcraft III\war3.exe Faulting module path: w3lh.dll Report Id: 115bc596-18e3-11e2-afd2-68a3c4b4dc7b

Error - 10/18/2012 1:18:17 AM | Computer Name = Nothing | Source = Application Error | ID = 1000
Description = Faulting application name: war3.exe, version: 1.21.1.6300, time stamp:
0x469fb048 Faulting module name: w3lh.dll_unloaded, version: 0.0.0.0, time stamp:
0x4db3611d Exception code: 0xc0000005 Fault offset: 0x0028461b Faulting process id:
0x16f8 Faulting application start time: 0x01cdaceffaa6a5b9 Faulting application path:
C:\Warcraft III\war3.exe Faulting module path: w3lh.dll Report Id: 39079c34-18e3-11e2-afd2-68a3c4b4dc7b

Error - 10/18/2012 1:18:29 AM | Computer Name = Nothing | Source = Application Error | ID = 1000
Description = Faulting application name: war3.exe, version: 1.21.1.6300, time stamp:
0x469fb048 Faulting module name: w3lh.dll_unloaded, version: 0.0.0.0, time stamp:
0x4db3611d Exception code: 0xc0000005 Fault offset: 0x0029461b Faulting process id:
0x474 Faulting application start time: 0x01cdacf001fb448e Faulting application path:
C:\Warcraft III\war3.exe Faulting module path: w3lh.dll Report Id: 402b6705-18e3-11e2-afd2-68a3c4b4dc7b

Error - 10/18/2012 3:33:29 AM | Computer Name = Nothing | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

[ System Events ]
Error - 10/17/2012 8:07:41 PM | Computer Name = Nothing | Source = WMPNetworkSvc | ID = 866306
Description =

Error - 10/17/2012 8:07:41 PM | Computer Name = Nothing | Source = WMPNetworkSvc | ID = 866306
Description =

Error - 10/17/2012 11:04:22 PM | Computer Name = Nothing | Source = bowser | ID = 8003
Description =

Error - 10/17/2012 11:49:51 PM | Computer Name = Nothing | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 10/17/2012 11:51:40 PM | Computer Name = Nothing | Source = Application Popup | ID = 1060
Description = \??\C:\ComboFix_2\catchme.sys has been blocked from loading due to
incompatibility with this system. Please contact your software vendor for a compatible
version of the driver.

Error - 10/17/2012 11:52:12 PM | Computer Name = Nothing | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 10/18/2012 12:59:48 AM | Computer Name = Nothing | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the OpenVPN
Access Client service to connect.

Error - 10/18/2012 12:59:48 AM | Computer Name = Nothing | Source = Service Control Manager | ID = 7000
Description = The OpenVPN Access Client service failed to start due to the following
error: %%1053

Error - 10/18/2012 1:01:59 AM | Computer Name = Nothing | Source = WMPNetworkSvc | ID = 866306
Description =

Error - 10/18/2012 1:01:59 AM | Computer Name = Nothing | Source = WMPNetworkSvc | ID = 866306
Description =

< End of report >

RogueKiller V8.1.1 [10/01/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Website: http://tigzy.geeksto...roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : vice [Admin rights]
Mode : Scan -- Date : 10/19/2012 00:30:01

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] MegaCloudBackup.exe -- C:\Users\vice\AppData\Roaming\MegaCloudBackup\MegaCloudBackup.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 12 ¤¤¤
[TASK][SUSP PATH] MegaCloud Backup.job : C:\Users\vice\AppData\Roaming\MegaCloudBackup\MegaCloudBackup.exe -> FOUND
[TASK][SUSP PATH] MegaCloud Backup : C:\Users\vice\AppData\Roaming\MegaCloudBackup\MegaCloudBackup.exe /scheduler -> FOUND
[TASK][SUSP PATH] {08AA1AFD-F0BC-43FB-BE0F-54CA025B9638} : C:\Users\vice\Desktop\Facebook_Hacker.exe -> FOUND
[TASK][SUSP PATH] {11EC5C11-4542-4792-9625-F5BBC9657E69} : C:\Users\vice\Desktop\Facebook_Hacker.exe -> FOUND
[TASK][SUSP PATH] {22ACC874-3CD4-4C2E-A993-567D7757830C} : C:\Users\vice\Desktop\Facebook_Hacker.exe -> FOUND
[TASK][PREVRUN] {30DB88FE-A18F-4AE8-92AA-A83C445D00A4} : C:\windows\system32\pcalua.exe -a C:\Users\vice\Downloads\Programs\ethereal-setup-0.99.0.exe -d C:\Users\vice\Downloads\Programs -> FOUND
[TASK][PREVRUN] {B68550FC-EEA4-4110-A2DA-97BF0F0B76F1} : C:\windows\system32\pcalua.exe -a C:\Users\vice\Desktop\atrx25-70.exe -d C:\Users\vice\Desktop -> FOUND
[STARTUP][SUSP PATH] MegaCloud Backup.lnk @vice : C:\Users\vice\AppData\Roaming\MegaCloudBackup\MegaCloudBackup.exe -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\windows\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK3265GSXN +++++
--- User ---
[MBR] 4bea93d34d9e49269add3a18835bcd14
[BSP] 132a6e70842b1cd2b5f212f0048c8e09 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 293184 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 603514880 | Size: 10560 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt

RogueKiller V8.1.1 [10/01/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Website: http://tigzy.geeksto...roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : vice [Admin rights]
Mode : Scan -- Date : 10/19/2012 00:59:19

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\windows\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK3265GSXN +++++
--- User ---
[MBR] 4bea93d34d9e49269add3a18835bcd14
[BSP] 132a6e70842b1cd2b5f212f0048c8e09 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 293184 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 603514880 | Size: 10560 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[5].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt

# AdwCleaner v2.005 - Logfile created 10/19/2012 at 00:49:46
# Updated 14/10/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : vice - NOTHING
# Boot Mode : Normal
# Running from : C:\Users\vice\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Ilivid
Folder Deleted : C:\Program Files (x86)\Windows iLivid Toolbar
Folder Deleted : C:\ProgramData\{B49A644A-1076-4A3D-B124-DAA7862F2318}
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ilivid
Folder Deleted : C:\Users\vice\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\vice\AppData\Roaming\OpenCandy

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2790392
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\ilivid
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ilivid
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Software

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (en-US)

Profile name : default
File : C:\Users\vice\AppData\Roaming\Mozilla\Firefox\Profiles\ezcijjos.default\prefs.js

Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Mon Jan 09 2012 15:41:4[...]
Deleted : user_pref("extensions.foxlingo.addit.defaultAddons", "{ \"software\": {\"64\": {\"id\": \"64\",\"tit[...]

-\\ Google Chrome v [Unable to get version]

File : C:\Users\vice\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.35] : icon_url = "hxxp://search.conduit.com/fav.ico",
Deleted [l.38] : keyword = "search.conduit.com",
Deleted [l.41] : search_url = "hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&ctid=CT3220468",
Deleted [l.42] : suggest_url = "hxxp://search.conduit.com/"

*************************

AdwCleaner[R1].txt - [19027 octets] - [15/10/2012 04:52:28]
AdwCleaner[R2].txt - [19088 octets] - [15/10/2012 04:55:16]
AdwCleaner[S3].txt - [16713 octets] - [15/10/2012 04:55:54]
AdwCleaner[R3].txt - [1611 octets] - [15/10/2012 06:24:16]
AdwCleaner[S1].txt - [2926 octets] - [19/10/2012 00:49:46]

########## EOF - C:\AdwCleaner[S1].txt - [2986 octets] ##########

#9
godawgs

Posted 19 October 2012 - 10:45 AM

Teacher

Retired Staff
8,228 posts

Hello V1CeE,

I'm not sure where to start here. This is from my first post:

Please do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability. Do as the instructions ask, nothing extra. Do Not run things twice unless instructed.
Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
If I ask a Question just answer it, don't run anything unless directed to.

...also when i use the MBRcheck tool i no longer get the infected result i did before...

I did not ask you to run it.

...Also you never stated in your post if i was supposed to use the tools you had me download to clean the problems they found

See the first quote box above. I don't start removing things until I have a clear understanding of what is going on in the system.

...i did use the cleaner with rouge killer...

And that could have been an unfortunate thing. RogueKiller looks for definite malware and entries with Suspected paths. Some time those suspected paths and other entries are legitimate and it's up to the person using the tool to remove them from the fix. In this case RougeKiller found several entries for MegaCloudBackup:

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] MegaCloudBackup.exe -- C:\Users\vice\AppData\Roaming\MegaCloudBackup\MegaCloudBackup.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 12 ¤¤¤
[TASK][SUSP PATH] MegaCloud Backup.job : C:\Users\vice\AppData\Roaming\MegaCloudBackup\MegaCloudBackup.exe -> FOUND
[TASK][SUSP PATH] MegaCloud Backup : C:\Users\vice\AppData\Roaming\MegaCloudBackup\MegaCloudBackup.exe /scheduler -> FOUND

This is legitimate. You need to check the backup service to see it is still functioning.

...the adwcleaner tool wouldn't let me exit unless i fixed what it found so i had to use that one...

The only way that AdwCleaner would do that is if the Delete button was clicked on instead of the Scan button.

...There is something i noticed with rouge killer as well, i will scan and use the fix host option and it shows that the item was corrected however when i run the scan shortly after the same problem that was detected the first scan will be found again, Its seems that the tool is not being able to fix the problem...

The only thing I see between the first RKRepost[16].txt you attached and the last two RKReport.txt files that you posted (RKReport[1].txt and RKReport[5].txt) is that you had Rogukiller reset a hosts file that would have protected the computer from known malware and adware and spyware sites. So I don't know what problem you refer to. It looks like the fix host option did exactly what it was supposed to do.

As for the game you downloaded, I don't know anything about them. When we are finished here you can start a topic in the Games sub-forum of the Software forum and a Tech will look at it.

Then we come to these entries:

[2012/10/17 20:44:24 | 004,982,045 | R--- | C] (Swearware) -- C:\Users\vice\Desktop\ComboFix_2.exe
[2012/10/17 20:39:06 | 002,213,464 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\vice\Desktop\tdsskiller_2.exe
this indicates that you have two copies of ComboFix.exe and TDSSKiller.exe

The log headers below are from the two OTL.txt logs you posted:

OTL logfile created on: 10/15/2012 8:15:59 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\vice\Downloads\Programs
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

OTL logfile created on: 10/19/2012 12:13:02 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\vice\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

The header on top is from the first OTL scan that you posted. It shows that it is the 1st run, and was run from the C:\Users\vice\Downloads\Programs folder.
The second header is from the last OTL log you posted. It shows that it is also the 1st run, but it was run from the C:\Users\vice\Desktop folder. So you have either moved the OTL.exe file or downloaded a second copy to the desktop.

The last RKReport.txt and AdwCleaner.txt logs show that the fixes you ran were after the time of the last OTL scan, so the information in that scan has most likely changed and there's no point in creating a fix based on that information.

The point I'm trying to make here is as long as you keep running tools and fixes on your own I am never going to know what is going on with the computer.

It is evident that you want to understand what the tools are and how they work. You should consider applying to the GeeksToGo malware removal program. There is a link to GeekU under the Security image in my signature. We need all the help we can get.

I believe there are still things on your system that need to be removed. You are going to need to stop running fixes on your own and downloading programs that might add to the problems.

Let me know what you want to do.

#10
V1CeE

Posted 19 October 2012 - 01:49 PM

Member

Topic Starter
Member
13 posts

If you are still willing to put time into this fix i will follow the steps that you layout. I usually am able to figure out any issue that might arise on my own so this is a new approach for me. i do still want my computer fixed if you think can salvage what i have done. I have a side note i was looking at some log traffic on my network and found that there had been multiple remote lo gins from about 7 different ip address. I have since changed the security settings of my router to only let specific mac address log onto the network. I also blocked all services from the network ip they were being assigned. Since i made this adjustment there have been many more attempts to lo gin with remote admin as well as blocked services warnings from the addresses. anyway i have rid the ppl that where on my network i think... just wanted to let u know

#11
godawgs

Posted 19 October 2012 - 09:16 PM

Teacher

Retired Staff
8,228 posts

If you are still willing to put time into this fix i will follow the steps that you layout.

Fair enough. :thumbsup:

I will be back later today, after I've had a chance to see where we are, with the next instructions.

#12
V1CeE

Posted 19 October 2012 - 11:22 PM

Member

Topic Starter
Member
13 posts

Awesome, thanks for your patience i appreciate this more then you know. I wanted to bring something to your attention that i know is damaging to my system. For one i have 2 profiles for windows one account is an administrator and the other is standard. The admin account quite often has problems running commands or programs windows states that in order for me to do the action i am requesting i would need to have my level increased to admin. This just started happening im not sure what benefit one might have to impersonate a lower level user account. When i investigate into the matter all permissions, credentials and variables seem to be in order. None the less there is something altering my profile to make it a lower status while impersonating a true admin user account. Another random small issues with one of my virus tools, [AVG tune up]the software has expired once this happened the software started having issues, the software displayed a menu giving me an option to up-date my subscription if i wanted to continue to use the tool. I discarded the prompt but was still allowed to use every function available to me as though nothing had happened. Further more i have removed the program from the start up lists for windows yet for some reason it continues to defy my commands. I disabled it with a 3rd party program and with its own option setup. There is no reason for it to continue to boot up at the start of windows but it does and i think the only course of action available to me now is going to be a uninstall. which I had not wanted to do because i still have the full functionality of the program and once installed I fear that i wont be so lucky the second time around. I also have multiple windows user account profiles that shouldn't be there along with quite a few unknown users attached to key folders and files through out my system that are implementing the sharing option, these unknown accounts are also privileged with full system access most time more then what i my self even have.In regards to the Network hijackers i mentioned earlier.. I scanned there ip address and they all originate from country's like Germany balguria India... etc. I have some reporting applications that send me reports whenever there is a failed attempt or any suspicious network activity.. I have also found files that are very basic dos command scripts that once opened contain dos commands that look like are written to send out emails of log files that are saved through out my computer. i am working on gathering as much information i can.. not that it will really amount to much even if i did have there location anyway i know this is not completely on track with my original post but i thought i would mention it to you in case you had any interest in looking further into the matter. There are yet even more issues with my system i find Specific windows services will be disabled that where once enabled and active before, to take it one step further once some of the services are turned off i am not able to get them started again even with all the correct services running. my windows security audit logs are full of warnings and security violations. There were that is before i implemented the mac address block to my network random computers sometimes 3 at at a time that would suddenly appear acting like they had every right to be there .. all i could really do is record what information i could gather then boot them off using my router. Another thing i noticed is sometimes it seems that my ip address is being spoofed because i receive log reports detailing actions that i never did. I am constantly changing my passwords however eventually i will get a report stating there was a successful admin lo gin that was not me and am im the only person who would access the router menu. There are many attempts that fail trying to login remotely to my network and i recently discovered that the option to control my computer remotely had been checked with the option to be controlled for 33 hrs at a time. Ports will be enabled to my system that i never enabled.... random network disconnects and incorrect status displays appear. There are hidden files and folders on my system that i am constantly seeking out and eradicating. however as time passes other ones will take there place most of which contain log files written in Chinese or some other foreign language... [bleep] even my MBR record report i got from MBRchecker was written in Chinese that when translated said some very random [bleep]. I am hopeful that with the mac address network limitations in place now it will make it much more difficult to infiltrate my system. I do realize that i will most likely format my computer in the end but this is teaching me some valuable things that i might have not had the opportunity to learn otherwise. I always did enjoy searching through systems to seek out problems and correct them so this really is not all that bad. Of course if my identity is stolen down the line here i most likely wont have the same optimistic outlook on the situation.

#13
godawgs

Posted 20 October 2012 - 07:06 AM

Teacher

Retired Staff
8,228 posts

Hello,

...For one i have 2 profiles for windows one account is an administrator and the other is standard. The admin account quite often has problems running commands or programs windows states that in order for me to do the action i am requesting i would need to have my level increased to admin. This just started happening im not sure what benefit one might have to impersonate a lower level user account...

And

...I also have multiple windows user account profiles that shouldn't be there along with quite a few unknown users attached to key folders and files through out my system that are implementing the sharing option, these unknown accounts are also privileged with full system access most time more then what i my self even have...

So which is it? Are you are saying that you have two user accounts in your name and then multiple user accounts that you didn't create?

From my original post:

I would advise you to immediately disconnect this computer from the internet except when reading my posts, downloading the required tools and replying to this topic on this forum only.

If there are still parts of the backdoor infection on the system, leaving it connected to the internet allows the virus to do more damage to the system.

Let's begin with this:

You have the following Peer-to-Peer program(s) installed:

BitTorrent

GeeksToGo does not recommend using such programs, but you should read the description of Peer-to-Peer programs below before deciding for yourself.

Description of Peer-to-Peer (P2P) software.
P2P(Peer-to-Peer) may be a great way to get lots of seemingly freeware, but it is a great way to get infected as well. The program(s) may be safe, but there's no way to tell if the file being shared is infected. P2P programs, more often than not, install adware and/or spyware and worse still, some worms spread via P2P networks, infecting you as well.
Once upon a time, P2P file sharing was fairly safe. This is no longer true. P2P programs form a direct conduit inside your computer, their security measures are easily circumvented, and malware writers are increasingly exploiting them to spread their wares on to your computer. If your P2P program is not configured correctly, your computer may also be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

If you need convincing, please read these short reports on the dangers of peer-2-peer programs and file sharing.

We advise removing any P2P programs you have now and avoiding this type of software application. Whether you remove them or not is your decision. But if you decide to keep and use Peer-to-Peer programs I can guarantee that you will be coming back to this forum or another malware forum. If you do choose to keep the program(s), please do not use it / them until the computer is clean and I give the all clear.

All programs, folders and files listed below in this color are optional removals, but if you uninstall the program(s) you must delete the folders and files in the corresponding colors. All programs in black are malware, viruses or out of date programs and must be deleted, along with the corresponding folders and files in red.

Step-1.

Malicious program and Out of Date uninstalls and Optional Removals

1. Please click the Start Orb, click Control Panel. Under the Programs heading click Uninstall a program
2. In the list of programs installed, locate the following program(s):

BitTorrent
iLivid
Java™ 6 Update 31 (64-bit)

3. Click on each program to highlight it and click Change/Remove. (Vista/7 users: right click the program and click Uninstall
4. After the programs have been uninstalled, close the Installed Programs window and the Control Panel.
5. Reboot the computer.

Delete the folders associated with the uninstalled programs.(Only do this if you uninstalled the program)

1. Using Windows Explorer (to get there right-click your Start button and click "Explore"), please delete the following folders(s) (if present):

C:\program files (x86)\BitTorrent
C:\Users\vice\AppData\Roaming\BitTorrent
C:\Users\vice\AppData\Roaming\uTorrent
C:\Program Files (x86)\uTorrent
C:\Program Files (x86)\ilivid
C:\Program Files (x86)\Windows iLivid Toolbar
C:\ProgramData\{B49A644A-1076-4A3D-B124-DAA7862F2318}
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ilivid

NOTE: You may not be able to uninstall ilivid or find any folders to delete as AdwCleaner shows it has already deleted the folders.

2. Close Windows Explorer.

Step-2.

Posted Image

OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the quote box below (Do Not copy the word Quote. To do this, highlight everything
inside the quote box (except the word Quote) , right click and click Copy.

:COMMANDS
[CREATERESTOREPOINT]

:OTL
FF - prefs.js..network.proxy.http: "68.51.25.29"
FF - prefs.js..network.proxy.http_port: 8085
FF - prefs.js..network.proxy.ssl: "68.51.25.29"
FF - prefs.js..network.proxy.ssl_port: 8085
CHR - default_search_provider: Conduit (Enabled)
CHR - default_search_provider: search_url = http://search.condui...&ctid=CT3220468
CHR - default_search_provider: suggest_url = http://search.conduit.com/
O3:64bit: - HKLM\..\Toolbar: (no name) - {EFEED92A-A33D-4873-BA8F-32BAA631E54D} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - No CLSID value found.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStartupSound = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 1
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=724 (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{18B2CA68-557A-43AD-9FC8-7D25FC095266}: DhcpNameServer = 66.174.92.14 69.78.96.14
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

:FILES
ipconfig /flushdns /c

:COMMANDS
[EMPTYTEMP]

Warning: This fix is relevant for this system and no other. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

2. Please re-open Posted Image

on your desktop.
3. Place the mouse pointer inside the Posted Image

textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image

button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image

button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).
10. Run OTL again and click the Posted Image

button. Post the log it produces in your next reply.

Step-3.

Virustotal File Upload:

To use Virustotal go Here
Posted Image

Click the Choose File button in the middle of the screen. This will open a File Upload window.
On the File Upload window, in the File name box, type, or copy and paste the following and click Open:
NOTE.. Only one file per scan
- C:\Windows\SysWOW64\cryptsvc.dll
- C:\windows\SysNative\cryptsvc.dll
.
This will put the file in the box on the Virustotal page.
Click the Scan it! button.
Please be patient while the file is scanned. It may take several minutes.
Once the scan results appear, please provide them in your next reply, or copy and paste the Virustotal link(s) (URL) in your next reply
Repeat 1 thru 6 for each file listed.

Step-4.

Things For Your Next Post:
1. Let me know how the uninstalls went.
2. The OTL fixes log
3. The new OTL.txt log
4. The VirusTotal results or links
5. How is the computer running now?

#14
V1CeE

Posted 20 October 2012 - 11:05 AM

Member

Topic Starter
Member
13 posts

o clarify the question regarding the user accounts statement. I have 2 user accounts of which both were knowingly created by me. With the Admin user account i have found several unknown users with access to folders on my system that shouldn't be there. I came across the various malicious accounts though the following steps... lets use the Directory active path i navigate to C:\ProgramData\ActivePath right click the folder and select the security tab the display box shows accounts with access to this directory i have found as many as 4 users Labeled unknown accounts they also had a different icon image next to them i had never seen before. was unknown account with a different icon i had ever seen there before. I wanted to see if i could find them with a location scan so i would click the edit button following with add then the advanced button. This panel allows you to utilize a Find function that searchers for user accounts that are available to be given permission to use the directory. I never could get the Unknown accounts to populate in the scan results so I deleted the users access and kept on the look out for more which i found many more times, i tired some queries to see if i could find any traces of them with no success. I know windows has a large list of user accounts that appear with the find now search function everything from a system user to anon accounts. These users were not any of those, these were user accounts created by someone infiltrating my system. Also The Admin account gets denial of access due to non admin privileges here and there, sometimes even when i alter the files attributes to run as admin via the property menu and use the right click run as admin feature as the admin of the system. I would get errors saying i need to be a admin to do that command....

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Prefs.js: "68.51.25.29" removed from network.proxy.http
Prefs.js: 8085 removed from network.proxy.http_port
Prefs.js: "68.51.25.29" removed from network.proxy.ssl
Prefs.js: 8085 removed from network.proxy.ssl_port
Use Chrome's Settings page to remove the default_search_provider items.
Use Chrome's Settings page to remove the default_search_provider items.
Use Chrome's Settings page to remove the default_search_provider items.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EFEED92A-A33D-4873-BA8F-32BAA631E54D} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EFEED92A-A33D-4873-BA8F-32BAA631E54D}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableStartupSound deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableStatusMessages deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9}
C:\Windows\Downloaded Program Files\RACtrl.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9}\ not found.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{18B2CA68-557A-43AD-9FC8-7D25FC095266}\\DhcpNameServer| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\vice\Desktop\cmd.bat deleted successfully.
C:\Users\vice\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56466 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: New folder
->Temp folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: vice
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 25018939 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 61011644 bytes
->Google Chrome cache emptied: 7927516 bytes
->Flash cache emptied: 2578 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 284 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 1294379219 bytes

Total Files Cleaned = 1,324.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 10202012_091008

Files\Folders moved on Reboot...
C:\Users\vice\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

OTL logfile created on: 10/20/2012 9:48:39 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\vice\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 1.95 Gb Available Physical Memory | 51.23% Memory free
7.60 Gb Paging File | 5.46 Gb Available in Paging File | 71.76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286.31 Gb Total Space | 182.49 Gb Free Space | 63.74% Space Free | Partition Type: NTFS

Computer Name: VICELAPTOP | User Name: vice | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/19 00:09:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\vice\Desktop\OTL.exe
PRC - [2012/10/12 11:56:16 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
PRC - [2012/10/12 11:38:39 | 000,109,336 | ---- | M] (Siber Systems) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2012/10/10 02:16:38 | 003,536,320 | ---- | M] (Tonec Inc.) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe
PRC - [2012/10/04 10:27:26 | 000,079,384 | ---- | M] (Google) -- C:\Users\vice\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2012/08/13 03:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
PRC - [2012/08/01 10:49:53 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/07/31 03:37:02 | 002,596,984 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2012/07/27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/06/13 03:48:50 | 002,321,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/05/27 15:58:48 | 000,793,416 | ---- | M] (AVG) -- C:\Program Files (x86)\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
PRC - [2010/11/20 05:17:55 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2010/05/25 05:28:58 | 000,263,600 | ---- | M] (Tonec Inc.) -- C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
PRC - [2009/12/09 16:21:56 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2009/12/09 16:21:52 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/11/24 13:46:26 | 000,994,952 | ---- | M] (Acunetix Ltd.) -- C:\Program Files (x86)\Acunetix\Web Vulnerability Scanner 6\WVSScheduler.exe

========== Modules (No Company Name) ==========

MOD - [2012/10/12 11:56:16 | 009,814,968 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
MOD - [2012/08/01 10:49:53 | 002,003,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/05/25 10:53:14 | 000,350,024 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG PC Tuneup 2011\madExcept_.bpl
MOD - [2011/05/25 10:53:12 | 000,184,136 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG PC Tuneup 2011\madBasic_.bpl
MOD - [2011/05/25 10:53:12 | 000,050,504 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG PC Tuneup 2011\madDisAsm_.bpl

========== Services (SafeList) ==========

SRV:64bit: - [2010/09/28 12:30:28 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/02/05 17:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/07/28 15:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/10/12 11:56:17 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/08/13 03:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/08/03 16:22:18 | 000,352,248 | ---- | M] (Verizon) [Auto | Running] -- C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter)
SRV - [2012/08/01 10:49:53 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/06/13 03:48:50 | 002,321,560 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgfws.exe -- (avgfws)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/02/11 13:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/09 16:21:56 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009/12/09 16:21:52 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/24 13:46:26 | 000,994,952 | ---- | M] (Acunetix Ltd.) [Auto | Running] -- C:\Program Files (x86)\Acunetix\Web Vulnerability Scanner 6\WVSScheduler.exe -- (AcuWVSSchedulerv6)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/10/19 18:33:44 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/10/18 17:09:06 | 000,131,416 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2012/09/27 11:07:26 | 000,160,992 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\idmwfp.sys -- (IDMWFP)
DRV:64bit: - [2012/08/24 15:43:16 | 000,384,352 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/26 03:21:28 | 000,291,680 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/07/18 14:12:29 | 000,087,488 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2012/07/09 13:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/04/19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/04/02 12:17:40 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2012/04/02 12:17:18 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/12/23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/12/23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/12/23 13:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/09/05 11:56:38 | 002,156,872 | ---- | M] (TamoSoft) [CommView] Atheros AR5008 Wireless Network Adapter Service 7.7 [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ts_athwx.sys -- (TS_AR5416)
DRV:64bit: - [2011/06/25 17:56:44 | 000,033,888 | ---- | M] (Applian Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\appliand.sys -- (appliandMP)
DRV:64bit: - [2011/06/25 17:56:44 | 000,033,888 | ---- | M] (Applian Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\appliand.sys -- (appliand)
DRV:64bit: - [2011/05/23 01:03:28 | 000,048,992 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgfwd6a.sys -- (Avgfwfd)
DRV:64bit: - [2011/05/10 08:06:14 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2011/04/20 09:24:56 | 000,169,584 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/10/06 19:47:18 | 000,030,720 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tapoas.sys -- (tapoas)
DRV:64bit: - [2010/03/31 14:50:16 | 000,724,536 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2010/03/10 18:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/02/20 08:24:34 | 010,300,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/02/10 15:01:58 | 000,158,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/01 10:29:48 | 000,232,992 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/01/15 12:22:08 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/11/06 12:56:06 | 001,550,848 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/09/17 12:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/30 20:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 15:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:00:13 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Dot4Scan.sys -- (Dot4Scan)
DRV:64bit: - [2009/07/07 08:51:42 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FwLnk.sys -- (FwLnk)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.toshiba.com/
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{8D40F87F-3D0F-4E0A-B0C3-1F48BA4A4C0D}: "URL" = http://www.google.co...ng}&rlz=1I7TSNF
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{B9392CD0-27B1-4A09-A802-1C172F508BF6}: "URL" = http://www.google.co...ng}&rlz=1I7TSNF

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.toshiba.com/
IE - HKCU\..\SearchScopes,DefaultScope = {5C443326-F55B-4901-9795-D516DAD7DB0F}
IE - HKCU\..\SearchScopes\{5C443326-F55B-4901-9795-D516DAD7DB0F}: "URL" = http://www.google.co...&rlz=1I7TSNF_en
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: {e968fc70-8f95-4ab9-9e79-304de2a71ee1}:0.7.3
FF - prefs.js..extensions.enabledAddons: {c36177c0-224a-11da-8cd6-0800200c9a91}:3.9.81
FF - prefs.js..extensions.enabledAddons: {3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d}:1.8.1
FF - prefs.js..extensions.enabledAddons: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.2.2
FF - prefs.js..extensions.enabledAddons: [email protected]:1.0
FF - prefs.js..extensions.enabledAddons: {8743b663-b854-4f75-bc82-8f7e751e759f}:1.7.5
FF - prefs.js..extensions.enabledAddons: [email protected]:1.2.0.2
FF - prefs.js..extensions.enabledAddons: {7067a92c-1db4-4e5e-869c-25f841287f8b}:0.2.4
FF - prefs.js..extensions.enabledAddons: [email protected]:4.0.2
FF - prefs.js..extensions.enabledAddons: [email protected]:7.3.29
FF - prefs.js..extensions.enabledAddons: {F53C93F1-07D5-430c-86D4-C9531B27DFAF}:12.0.0.2189
FF - prefs.js..extensions.enabledAddons: {9c51bd27-6ed8-4000-a2bf-36cb95c0c947}:11.0.1
FF - prefs.js..extensions.enabledAddons: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:1.4
FF - prefs.js..extensions.enabledAddons: {8479ade0-2eec-11de-8c30-0800200c9a66}:3.0.6
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\vice\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\vice\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\vice\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\vice\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/10/12 13:02:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/10/17 13:14:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2012/10/12 11:39:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/01 10:49:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/10/19 22:54:43 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\vice\AppData\Roaming\IDM\idmmzcc5 [2012/10/12 11:59:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/01 10:49:53 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/10/19 22:54:43 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Users\vice\AppData\Roaming\IDM\idmmzcc5 [2012/10/12 11:59:36 | 000,000,000 | ---D | M]

[2011/07/21 11:04:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\vice\AppData\Roaming\mozilla\Extensions
[2012/10/20 02:40:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\vice\AppData\Roaming\mozilla\Firefox\Profiles\ezcijjos.default\extensions
[2012/10/17 13:24:44 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\vice\AppData\Roaming\mozilla\Firefox\Profiles\ezcijjos.default\extensions\[email protected]
[2012/10/14 21:38:47 | 000,016,275 | ---- | M] () (No name found) -- C:\Users\vice\AppData\Roaming\mozilla\firefox\profiles\ezcijjos.default\extensions\[email protected]
[2012/10/14 22:58:19 | 001,626,141 | ---- | M] () (No name found) -- C:\Users\vice\AppData\Roaming\mozilla\firefox\profiles\ezcijjos.default\extensions\[email protected]
[2012/10/13 03:31:31 | 000,004,544 | ---- | M] () (No name found) -- C:\Users\vice\AppData\Roaming\mozilla\firefox\profiles\ezcijjos.default\extensions\[email protected]
[2012/08/01 10:49:57 | 000,049,607 | ---- | M] () (No name found) -- C:\Users\vice\AppData\Roaming\mozilla\firefox\profiles\ezcijjos.default\extensions\{3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d}.xpi
[2012/10/14 22:23:24 | 000,031,339 | ---- | M] () (No name found) -- C:\Users\vice\AppData\Roaming\mozilla\firefox\profiles\ezcijjos.default\extensions\{7067a92c-1db4-4e5e-869c-25f841287f8b}.xpi
[2012/03/22 09:11:48 | 000,679,816 | ---- | M] () (No name found) -- C:\Users\vice\AppData\Roaming\mozilla\firefox\profiles\ezcijjos.default\extensions\{8479ade0-2eec-11de-8c30-0800200c9a66}.xpi
[2012/10/14 21:35:24 | 000,104,649 | ---- | M] () (No name found) -- C:\Users\vice\AppData\Roaming\mozilla\firefox\profiles\ezcijjos.default\extensions\{8743b663-b854-4f75-bc82-8f7e751e759f}.xpi
[2012/10/19 16:47:46 | 000,080,872 | ---- | M] () (No name found) -- C:\Users\vice\AppData\Roaming\mozilla\firefox\profiles\ezcijjos.default\extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}.xpi
[2012/07/25 12:28:25 | 000,177,357 | ---- | M] () (No name found) -- C:\Users\vice\AppData\Roaming\mozilla\firefox\profiles\ezcijjos.default\extensions\{c36177c0-224a-11da-8cd6-0800200c9a91}.xpi
[2012/10/12 10:19:38 | 001,268,546 | ---- | M] () (No name found) -- C:\Users\vice\AppData\Roaming\mozilla\firefox\profiles\ezcijjos.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi
[2012/10/20 02:40:40 | 000,252,340 | ---- | M] () (No name found) -- C:\Users\vice\AppData\Roaming\mozilla\firefox\profiles\ezcijjos.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2012/01/16 14:29:49 | 000,042,336 | ---- | M] () (No name found) -- C:\Users\vice\AppData\Roaming\mozilla\firefox\profiles\ezcijjos.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi
[2012/01/09 16:21:06 | 000,002,059 | ---- | M] () -- C:\Users\vice\AppData\Roaming\mozilla\firefox\profiles\ezcijjos.default\searchplugins\absearch-search.xml
[2012/01/16 14:42:37 | 000,002,685 | ---- | M] () -- C:\Users\vice\AppData\Roaming\mozilla\firefox\profiles\ezcijjos.default\searchplugins\packetstorm-search-suggest.xml
[2012/04/28 10:00:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/04/18 07:46:18 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/10/17 13:14:40 | 000,000,000 | ---D | M] (AVG Do Not Track) -- C:\PROGRAM FILES (X86)\AVG\AVG2012\FIREFOX\DONOTTRACK
[2012/10/12 11:59:36 | 000,000,000 | ---D | M] (IDM CC) -- C:\USERS\VICE\APPDATA\ROAMING\IDM\IDMMZCC5
[2012/08/01 10:49:53 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/03/14 09:28:51 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/03/14 09:28:51 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Conduit (Enabled)
CHR - default_search_provider: search_url = http://search.condui...&ctid=CT3220468
CHR - default_search_provider: suggest_url = http://search.conduit.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: ActiveTouch General Plugin Container (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npatgpc.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\vice\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\vice\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U5 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\windows\SysWOW64\npDeployJava1.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: AVG Safe Search = C:\Users\vice\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2210_0\
CHR - Extension: IDM Integration = C:\Users\vice\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmolcgpienlcieaajfkkdamlngancncm\6.12.21_0\
CHR - Extension: Skype Click to Call = C:\Users\vice\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\
CHR - Extension: AVG Do Not Track = C:\Users\vice\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\
CHR - Extension: AVG Safe Search = C:\Users\vice\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2210_0\
CHR - Extension: IDM Integration = C:\Users\vice\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmolcgpienlcieaajfkkdamlngancncm\6.12.21_0\
CHR - Extension: Skype Click to Call = C:\Users\vice\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\
CHR - Extension: AVG Do Not Track = C:\Users\vice\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\

O1 HOSTS File: ([2012/10/19 19:50:39 | 000,000,067 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 199.188.206.118 www.voicebridge.org
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3:64bit: - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKCU..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKCU..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThumbnailCache = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableThumbnailsOnNetworkFolders = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8:64bit: - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8:64bit: - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O8:64bit: - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8:64bit: - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8:64bit: - Extra context menu item: Show RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Show RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9:64bit: - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9:64bit: - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files (x86)\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F95538B8-A754-4551-AE9E-3F4BD24042BF}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgchsva.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/20 09:38:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Verizon
[2012/10/20 09:10:08 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/10/20 04:38:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Affiliate Creator
[2012/10/20 04:38:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Affiliate Creator
[2012/10/20 04:38:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegUtility
[2012/10/20 04:38:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RegUtility
[2012/10/20 04:37:35 | 000,000,000 | ---D | C] -- C:\Users\vice\AppData\Roaming\Mael
[2012/10/20 04:36:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HxD Hex Editor
[2012/10/20 04:36:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HxD
[2012/10/20 02:53:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GnuWin32
[2012/10/20 02:53:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GnuWin32
[2012/10/19 19:03:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DiskAid
[2012/10/19 18:34:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2012/10/19 18:33:44 | 000,283,200 | ---- | C] (DT Soft Ltd) -- C:\windows\SysNative\drivers\dtsoftbus01.sys
[2012/10/19 18:33:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2012/10/19 18:20:41 | 000,000,000 | ---D | C] -- C:\Users\vice\VirtualBox VMs
[2012/10/19 18:19:56 | 000,000,000 | ---D | C] -- C:\Users\vice\.VirtualBox
[2012/10/19 17:45:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
[2012/10/19 17:43:43 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012/10/19 17:35:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sublime Text 2
[2012/10/19 11:25:27 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/10/19 09:47:21 | 000,000,000 | ---D | C] -- C:\Users\vice\New folder
[2012/10/19 06:21:34 | 000,000,000 | ---D | C] -- C:\Users\vice\AppData\Roaming\redsn0w
[2012/10/19 00:09:19 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\vice\Desktop\OTL.exe
[2012/10/17 22:10:55 | 000,000,000 | ---D | C] -- C:\Users\vice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Eurobattle.net
[2012/10/17 22:03:08 | 000,000,000 | ---D | C] -- C:\Warcraft III
[2012/10/17 22:03:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Warcraft III
[2012/10/17 20:55:41 | 000,000,000 | ---D | C] -- C:\windows\temp
[2012/10/17 20:45:30 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2012/10/17 20:45:30 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2012/10/17 20:45:30 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2012/10/17 20:45:27 | 000,000,000 | ---D | C] -- C:\ComboFix_2
[2012/10/17 20:45:23 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/10/17 20:45:11 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2012/10/17 20:25:32 | 000,000,000 | ---D | C] -- C:\Users\vice\Desktop\war3 patch
[2012/10/17 19:54:05 | 000,000,000 | ---D | C] -- C:\Users\vice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2012/10/17 13:43:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
[2012/10/17 13:43:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/10/17 13:42:12 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/10/17 13:42:11 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/10/17 13:42:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/10/17 13:42:11 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2012/10/17 11:40:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Driver Checker
[2012/10/17 06:59:21 | 000,000,000 | ---D | C] -- C:\Users\vice\AppData\Roaming\Reviversoft
[2012/10/17 06:59:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Reviversoft
[2012/10/17 00:23:02 | 000,000,000 | ---D | C] -- C:\Users\vice\Warcraft III 1.21b ROC Installer enUS
[2012/10/16 23:12:28 | 000,000,000 | ---D | C] -- C:\Users\vice\Warcraft III 1.21b TFT Installer enUS
[2012/10/16 17:13:53 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\DAEMON Tools Images
[2012/10/16 15:51:58 | 000,000,000 | ---D | C] -- C:\Tweaking.com_Windows_Repair_Logs
[2012/10/15 15:30:49 | 000,000,000 | ---D | C] -- C:\Users\vice\Desktop\New folder (2)
[2012/10/15 13:50:34 | 000,000,000 | ---D | C] -- C:\MGtools
[2012/10/15 13:14:30 | 000,000,000 | ---D | C] -- C:\Users\vice\AppData\Roaming\SUPERAntiSpyware.com
[2012/10/15 11:11:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/10/15 11:11:26 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/10/15 11:11:26 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/10/15 07:19:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012/10/15 07:19:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2012/10/15 07:07:05 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/10/15 06:51:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NT Registry Optimizer
[2012/10/15 06:48:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Everything
[2012/10/15 05:09:57 | 000,000,000 | ---D | C] -- C:\Users\vice\Desktop\RK_Quarantine
[2012/10/15 01:29:44 | 000,000,000 | ---D | C] -- C:\Users\vice\Documents\My Streaming Media
[2012/10/15 01:29:38 | 000,000,000 | ---D | C] -- C:\Users\vice\AppData\Local\Jaksta_Technologies_Pty_L
[2012/10/13 09:01:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OnlineHD.TV
[2012/10/13 08:16:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Pro
[2012/10/13 08:15:43 | 000,000,000 | ---D | C] -- C:\Users\vice\AppData\Roaming\DAEMON Tools Pro
[2012/10/13 08:15:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Pro
[2012/10/13 08:13:10 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Pro
[2012/10/13 06:03:49 | 000,000,000 | ---D | C] -- C:\ProgramData\ActivePath
[2012/10/13 06:03:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Uncompressor
[2012/10/13 04:55:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Garena Plus
[2012/10/13 04:55:50 | 000,000,000 | ---D | C] -- C:\ProgramData\GarenaMessenger
[2012/10/13 02:09:17 | 000,000,000 | ---D | C] -- C:\Users\vice\AppData\Local\DownTango
[2012/10/13 02:08:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Red Sky
[2012/10/12 23:29:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinZip registry Optimizer1
[2012/10/12 22:07:14 | 000,000,000 | ---D | C] -- C:\ProgramData\SuperHideIP
[2012/10/12 21:37:44 | 000,000,000 | ---D | C] -- C:\Users\vice\AppData\Roaming\ExpressFiles
[2012/10/12 21:34:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Uniblue
[2012/10/12 20:56:43 | 000,000,000 | ---D | C] -- C:\Users\vice\AppData\Local\CRE
[2012/10/12 20:56:11 | 000,000,000 | ---D | C] -- C:\Users\vice\AppData\Roaming\Nico Mak Computing
[2012/10/12 20:54:43 | 000,000,000 | ---D | C] -- C:\Users\vice\AppData\Roaming\uTorrent
[2012/10/12 20:27:44 | 000,000,000 | ---D | C] -- C:\Users\vice\AppData\Roaming\Uniblue
[2012/10/12 19:54:18 | 000,000,000 | ---D | C] -- C:\Users\vice\.myPhoneDesktop
[2012/10/12 14:48:44 | 000,000,000 | ---D | C] -- C:\Users\vice\Documents\My Received Files
[2012/10/12 13:02:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/10/12 12:12:58 | 000,000,000 | ---D | C] -- C:\Users\vice\AppData\Roaming\Paltalk
[2012/10/12 12:10:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Paltalk Messenger
[2012/10/12 11:09:00 | 000,000,000 | ---D | C] -- C:\Users\vice\AppData\Roaming\AVG LiveKive
[2012/10/12 11:08:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG LiveKive
[2012/10/12 10:54:48 | 000,000,000 | ---D | C] -- C:\Users\vice\Desktop\Txt file notes
[2012/10/12 10:51:49 | 000,000,000 | ---D | C] -- C:\Users\vice\Desktop\New Data Placments
[2012/10/10 02:36:33 | 000,160,992 | ---- | C] (Tonec Inc.) -- C:\windows\SysNative\drivers\idmwfp.sys

========== Files - Modified Within 30 Days ==========

[2012/10/20 09:35:42 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/20 09:35:42 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/20 09:32:48 | 000,783,418 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/10/20 09:32:48 | 000,663,472 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/10/20 09:32:48 | 000,122,308 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/10/20 09:30:43 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/20 09:28:27 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/10/20 09:28:26 | 3062,255,616 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/20 09:26:00 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/20 09:26:00 | 000,000,904 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-254672792-3389915106-1260256797-1000UA.job
[2012/10/20 08:56:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/10/20 08:34:09 | 098,192,039 | ---- | M] () -- C:\windows\SysNative\drivers\AVG\incavi.avm
[2012/10/19 23:20:14 | 000,007,619 | ---- | M] () -- C:\Users\vice\AppData\Local\resmon.resmoncfg
[2012/10/19 22:56:44 | 000,610,884 | ---- | M] () -- C:\windows\SysNative\drivers\AVG\iavichjg.avm
[2012/10/19 19:50:39 | 000,000,067 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2012/10/19 18:33:44 | 000,283,200 | ---- | M] (DT Soft Ltd) -- C:\windows\SysNative\drivers\dtsoftbus01.sys
[2012/10/19 11:26:06 | 000,000,852 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-254672792-3389915106-1260256797-1000Core.job
[2012/10/19 00:09:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\vice\Desktop\OTL.exe
[2012/10/17 13:31:49 | 000,629,010 | ---- | M] () -- C:\windows\SysNative\drivers\AVG\iavifw.avm
[2012/10/15 15:31:11 | 000,000,600 | ---- | M] () -- C:\Users\vice\AppData\Roaming\winscp.rnd
[2012/10/15 15:06:54 | 000,288,887 | ---- | M] () -- C:\MGlogs.zip
[2012/10/15 07:20:03 | 008,912,896 | ---- | M] () -- C:\Users\vice\ntuser.bak
[2012/10/15 03:27:11 | 000,041,595 | ---- | M] () -- C:\Users\vice\Desktop\PdaNet__1.1.2_.apk
[2012/10/13 12:56:19 | 000,045,270 | ---- | M] () -- C:\Users\vice\AppData\Roaming\room_v3.dat
[2012/10/13 05:20:48 | 1167,435,762 | ---- | M] () -- C:\Users\vice\Desktop\Warcraft III - Reing of Chaos + Warcraft III Frozen Throne + CD Key + ENG Patch 121B.zip
[2012/09/27 11:07:26 | 000,160,992 | ---- | M] (Tonec Inc.) -- C:\windows\SysNative\drivers\idmwfp.sys

========== Files Created - No Company Name ==========

[2012/10/19 17:35:19 | 000,000,974 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sublime Text 2.lnk
[2012/10/19 03:11:31 | 000,028,002 | ---- | C] () -- C:\Users\vice\Desktop\asciifull.gif
[2012/10/17 20:45:30 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2012/10/17 20:45:30 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2012/10/17 20:45:30 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2012/10/17 20:45:30 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2012/10/17 20:45:30 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2012/10/15 13:50:41 | 000,288,887 | ---- | C] () -- C:\MGlogs.zip
[2012/10/15 03:27:09 | 000,041,595 | ---- | C] () -- C:\Users\vice\Desktop\PdaNet__1.1.2_.apk
[2012/10/13 08:07:14 | 000,045,270 | ---- | C] () -- C:\Users\vice\AppData\Roaming\room_v3.dat
[2012/10/13 04:12:43 | 1167,435,762 | ---- | C] () -- C:\Users\vice\Desktop\Warcraft III - Reing of Chaos + Warcraft III Frozen Throne + CD Key + ENG Patch 121B.zip
[2012/10/12 11:08:56 | 000,001,049 | ---- | C] () -- C:\Users\vice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVG LiveKive.lnk
[2012/06/19 18:41:38 | 000,000,337 | ---- | C] () -- C:\Users\vice\AppData\Local\Perfmon.PerfmonCfg
[2012/06/18 23:28:17 | 000,037,837 | ---- | C] () -- C:\Users\vice\AppData\Roaming\Comma Separated Values (DOS).ADR
[2012/03/08 13:33:25 | 000,008,192 | ---- | C] () -- C:\Users\vice\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/13 15:01:24 | 000,000,600 | ---- | C] () -- C:\Users\vice\AppData\Local\PUTTY.RND
[2012/01/22 23:08:25 | 000,000,140 | ---- | C] () -- C:\windows\SysWow64\ptl5.dat.{B03B289B-C438-4D0F-B3B0-52F9FE7B661D}
[2012/01/22 16:44:02 | 000,000,016 | ---- | C] () -- C:\windows\SysWow64\ptlx55.dat.{5728B11F-B697-47AA-9C1B-8ECB545B5193}
[2012/01/19 12:36:27 | 000,000,197 | ---- | C] () -- C:\Users\vice\openvpn-connect.json
[2012/01/18 17:24:20 | 000,000,277 | ---- | C] () -- C:\Users\vice\.JavaPowUpload.properties
[2012/01/18 07:32:25 | 000,000,049 | ---- | C] () -- C:\Users\vice\.gtk-bookmarks
[2012/01/16 17:28:01 | 000,000,168 | ---- | C] () -- C:\Users\vice\AppData\Roaming\settings.set
[2012/01/16 07:26:48 | 000,000,600 | ---- | C] () -- C:\Users\vice\AppData\Roaming\winscp.rnd
[2011/09/26 10:56:51 | 000,038,427 | ---- | C] () -- C:\Users\vice\AppData\Roaming\Comma Separated Values (Windows).ADR
[2011/09/21 14:43:36 | 000,081,920 | ---- | C] () -- C:\windows\SysWow64\pwbsp.dll
[2011/09/21 14:43:35 | 000,094,208 | ---- | C] () -- C:\windows\SysWow64\bioapi100.dll
[2011/09/21 14:43:35 | 000,073,728 | ---- | C] () -- C:\windows\SysWow64\bioapi_dummy100.dll
[2011/09/21 14:43:34 | 000,131,072 | ---- | C] () -- C:\windows\SysWow64\bioapi_mds300.dll
[2011/09/21 14:42:27 | 000,159,744 | ---- | C] () -- C:\windows\SysWow64\zkemsdk.dll
[2011/09/21 14:42:27 | 000,126,976 | ---- | C] () -- C:\windows\SysWow64\rscomm.dll
[2011/09/21 14:42:27 | 000,110,592 | ---- | C] () -- C:\windows\SysWow64\rscagent.dll
[2011/09/21 14:42:27 | 000,110,592 | ---- | C] () -- C:\windows\SysWow64\rsagent.dll
[2011/09/21 14:42:27 | 000,100,352 | ---- | C] () -- C:\windows\SysWow64\plce.dll
[2011/09/21 14:42:27 | 000,045,056 | ---- | C] () -- C:\windows\SysWow64\comms.dll
[2011/09/21 14:42:27 | 000,040,960 | ---- | C] () -- C:\windows\SysWow64\rsagentlst.dll
[2011/09/21 14:42:26 | 000,147,456 | ---- | C] () -- C:\windows\SysWow64\ATRauthentec.dll
[2011/09/21 14:42:26 | 000,057,344 | ---- | C] () -- C:\windows\SysWow64\commpro.dll
[2011/07/28 15:20:57 | 001,589,248 | ---- | C] () -- C:\windows\SysWow64\libmysql_d.dll
[2011/07/18 10:36:16 | 000,007,619 | ---- | C] () -- C:\Users\vice\AppData\Local\resmon.resmoncfg
[2011/07/01 00:28:31 | 000,796,852 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/06/30 15:02:01 | 008,912,896 | ---- | C] () -- C:\Users\vice\ntuser.bak
[2011/05/16 12:31:44 | 000,008,592 | ---- | C] () -- C:\windows\SysWow64\ractrlkeyhook.dll
[2011/02/09 17:54:58 | 003,973,120 | ---- | C] () -- C:\windows\SysWow64\ffmpeg2.exe

========== ZeroAccess Check ==========

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 22:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 21:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011/07/17 22:54:38 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\.purple
[2012/02/14 19:52:50 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\Air Cam Live Video - PC Control
[2012/02/22 16:21:36 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\AVG
[2012/10/12 14:26:39 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\AVG LiveKive
[2011/10/28 09:45:27 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\AVG2012
[2012/04/23 14:41:45 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\com.import.ResellerImporter
[2012/10/19 18:31:56 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\DAEMON Tools Lite
[2012/10/19 11:25:31 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\DAEMON Tools Pro
[2012/02/15 07:48:25 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\Devicescape
[2012/01/22 19:32:07 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\Digital Confidence
[2012/10/19 19:14:40 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\DiskAid
[2012/10/20 05:00:18 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\DMCache
[2011/07/19 23:04:53 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\Downloaded Installations
[2012/10/17 13:24:05 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\ExpressFiles
[2012/10/12 12:14:54 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\FileZilla
[2011/08/26 10:21:57 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\Five9
[2011/07/26 09:37:01 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\GSplit
[2012/02/13 06:53:51 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\gtk-2.0
[2012/10/17 13:17:26 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\IDM
[2012/10/20 04:37:35 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\Mael
[2012/02/13 06:49:55 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\Netscape
[2012/10/15 09:22:15 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\Nico Mak Computing
[2012/10/17 13:24:44 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\Notepad++
[2011/07/16 16:50:22 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\OutWit
[2012/10/12 13:00:14 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\Paltalk
[2012/01/16 23:25:23 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\PE Explorer
[2011/07/08 10:15:28 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\QuickScan
[2012/10/19 06:21:34 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\redsn0w
[2012/10/17 06:59:21 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\Reviversoft
[2012/02/13 06:49:59 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\Risingware
[2011/06/30 15:17:46 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\RoboForm
[2011/07/07 12:45:03 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\SoftGrid Client
[2011/08/30 14:05:26 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\TechWizard
[2011/06/30 16:35:12 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\Tific
[2011/07/07 03:35:07 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\Toshiba
[2011/07/01 00:29:19 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\TP
[2012/10/13 04:27:48 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\Uniblue
[2011/06/30 15:02:37 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\WinBatch
[2011/09/23 10:19:24 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\Windows Live Writer
[2012/06/18 23:53:19 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\WNR
[2011/07/17 23:53:32 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\YouSendIt

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 196 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 181 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >

Links to Virus total

C:\Windows\SysWOW64\cryptsvc.dll

C:\windows\SysNative\cryptsvc.dll

#15
V1CeE

Posted 21 October 2012 - 11:54 AM

Member

Topic Starter
Member
13 posts

here are some logs from my router...192.168.1.6 is my ip ... the other ones i have no idea

[LAN access from remote] from 95.211.178.104:54921 to 192.168.1.6:8080 Saturday, Oct 202,012 19:28:44
[LAN access from remote] from 46.137.131.163:35275 to 192.168.1.6:8080 Saturday, Oct 202,012 19:08:13
[LAN access from remote] from 187.16.29.138:1299 to 192.168.1.6:8080 Saturday, Oct 202,012 17:14:28