Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Is my computer infected or network compromised

Started by V1CeE , Oct 15 2012 07:23 AM

This topic is locked

#16
godawgs

Posted 21 October 2012 - 03:43 PM

Teacher

Retired Staff
8,228 posts

...I have 2 user accounts of which both were knowingly created by me. With the Admin user account i have found several unknown users with access to folders on my system that shouldn't be there. I came across the various malicious accounts though the following steps... lets use the Directory active path i navigate to C:\ProgramData\ActivePath right click the folder and select the security tab the display box shows accounts with access to this directory i have found as many as 4 users Labeled unknown accounts they also had a different icon image next to them i had never seen before...

Would you take a screenshot of that and post it. I'm not sure what you mean.
How many user accounts do you have in the User Accounts in the Control Panel?

here are some logs from my router...192.168.1.6 is my ip ... the other ones i have no idea

[LAN access from remote] from 95.211.178.104:54921 to 192.168.1.6:8080 Saturday, Oct 202,012 19:28:44
[LAN access from remote] from 46.137.131.163:35275 to 192.168.1.6:8080 Saturday, Oct 202,012 19:08:13
[LAN access from remote] from 187.16.29.138:1299 to 192.168.1.6:8080 Saturday, Oct 202,012 17:14:28

95.211.178.104 is:
netname: LEASEWEB
descr: LeaseWeb
descr: P.O. Box 93054
descr: 1090BB AMSTERDAM
descr: Netherlands
descr: www.leaseweb.com

46.137.131.163 is:
netname: AMAZON-EU-AWS
descr: Amazon Web Services, Elastic Compute Cloud, EC2, EU in Ireland

187.16.29.138 is:
owner: Universo Online S.A.
ownerid: 001.109.184/0004-38
responsible: Contato da Entidade UOL
country: BR

The last OTL scan looks good except the Conduit entries in Chrome are still there. Let's see if we can manuall remove them.

Step-1

Google Chrome automatically saves a list of the search engines you've come across while browsing the web. For example, if you visit youtube.com, the browser automatically detects and adds the YouTube search engine to the list of search engines that you can access. You’ll then be able to search YouTube directly from the address bar without even visiting the site.

To manually remove search engines from the browser, follow the steps below.

If search.conduit. pages are opening up each time you start up Chrome:

Click the Wrench icon in Chrome on the top right of the browser
Click Settings
Click On Startup
Next to the radio button for Open a specific page or set of pages, click on Set pages
Remove any Conduit URLs by hovering over the URL until you see an X appear to the right side of the URL. Click the X to remove it/them.

If all searches that you perform in the omnibox is returning with results from search.conduit.(com) instead of your preferred search engine:

Click the Wrench
Click Settings
Click Search
Click Manage search engines
Check the list of Default search engines, [/b]Other search engines[/b], and Search engines added by extensions, and remove any Conduit entries by clicking the entry and clicking the X at the end of the line.
Depending on your extensions, you may not see the last section for Search engines added by extensions.

If search.conduit.(com) is opening up when you click on the Home button:

Check the Wrench
Click Settings, then Appearance
Select the Show Home button checkbox
Check if the URL that appears below it references search.conduit.(com). If it does, change it to the search engine of your choice.

Step-2.

Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from Here or Here

Once downloaded, close all programs and browsers on your computer.

Double Click the mbam-setup.exe file to install the application. (Windows Vista/7 users will need to right click on the file and click Run As Administrator, then click the Continue button on the UAC window.)
- When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings.
- When the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
- MBAM will now automatically start and you will see a message stating that you should update the program before performing a scan.
- As MBAM will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main program as shown below.
  
  NOTE: When the program loads, Decline the Malwarebytes' Anti-Malware Trial (You can activate this when we've finished, if you so wish)
- On the Scanner tab, make sure the the Perform full scan option is selected and then click on the Scan button to start scanning your computer.
- MBAM will now start scanning your computer for malware. This process can take quite a while, so I suggest you go and do something else and periodically check on the status of the scan. When MBAM is scanning it will look like the image below.
- When the scan is finished a message box will appear as shown in the image below.
  
  You should click on the OK button to close the message box and continue with the removal process.
- You will now be back at the main Scanner screen. At this point you should click on the Show Results button.
- A screen displaying all the malware that the program found will be shown as seen in the image below. Please note that the infections found may be different than what is shown in the image.
- Make sure that everything is checked, and click Remove Selected.<---Very Important
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

I would suggest that you keep this antimalware program. Run a Quick Scan frequently and a Full Scan every week or so. Update the definition files before running a scan. Click the Update tab and update from there.

Step-3.

Run ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista / 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
- Please go here then click on:
  
  Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
  All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
- Select the option YES, I accept the Terms of Use then click on:
- When prompted allow the Add-On/Active X to install.
- Uncheck the box beside Remove Found Threats
- Make sure that the option Scan archives is checked.
- Now click on Advanced Settings and select the following:[list]
- Scan for potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth Technology
Now click on:
The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
When completed the Online Scan will begin automatically. The scan may take several hours.
Wait for the scan to finish. Do not touch either the Mouse or keyboard during the scan. Otherwise it may stall.

When The Scan is Complete:

If No Threats Were Found:
- Put a checkmark in "Uninstall application on close"
- Close the program
- Report to me that nothing was found
If Threats Were Found:
- Click on "list of threats found"
- Click on "export to text file" and save it to the desktop as ESET SCAN.txt
- Click on Back
- Put a checkmark in "Uninstall application on close" (Be sure you have saved the file first)
- Click on Finish
- Close the program
- Copy and paste the report here

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

Step-4.

Posted Image

OTL Scan

Please re-open OTL

Double click the on your desktop. Vista /7 users right click and click Run as Administrator. Make sure all other windows are closed .
You will see a console like the one below:
Click the button.
Let the scan run uninterrupted. The scan won't take long.
When the scan completes, it will open OTL.Txt. This file is saved in the same location as OTL.
Please copy the contents of this file and paste it into your reply. To do that:
On the .txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
Right-click inside the forum post window then click Paste.This will paste the contents of the .txt file in the in the post window.

Step-5.

Things For Your Next Post:
1. The MalwareBytes log
2. The ESET log (If threats were found)
3. The new OTL.txt log
4. How is the computer running now?

#17
V1CeE

Posted 24 October 2012 - 02:58 AM

Member

Topic Starter
Member
13 posts

I have 2 user accounts in the control panel

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.10.24.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
vice :: VICELAPTOP [administrator]

10/23/2012 9:52:14 PM
mbam-log-2012-10-23 (21-52-14).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 408173
Time elapsed: 56 minute(s), 57 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 6
C:\$RECYCLE.BIN\S-1-5-21-254672792-3389915106-1260256797-1000\$RJH0IIT\WirelessKeyView.exe (PUP.WirelessKeyView) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Acunetix\Web Vulnerability Scanner 6\Manager.exe (Trojan.VBKrypt) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Replay AV 8\AtomicParsley.exe (Trojan.Zbot.Gen) -> Quarantined and deleted successfully.
C:\Users\vice\Desktop\New folder (2)\PasswordsPro.exe (PUP.PasswordsPro) -> Quarantined and deleted successfully.
C:\Users\vice\Downloads\Programs\ca_setup.exe (PUP.PasswordTool) -> Quarantined and deleted successfully.
C:\Users\vice\Downloads\Programs\FreeFileViewer2011Setup.exe (PUP.BundleOffers.IIQ) -> Quarantined and deleted successfully.

(end)

OTL logfile created on: 10/24/2012 1:30:49 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\vice\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 1.47 Gb Available Physical Memory | 38.77% Memory free
7.60 Gb Paging File | 4.85 Gb Available in Paging File | 63.84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286.31 Gb Total Space | 189.62 Gb Free Space | 66.23% Space Free | Partition Type: NTFS
Drive D: | 2.30 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: VICELAPTOP | User Name: vice | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/19 00:09:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\vice\Desktop\OTL.exe
PRC - [2012/10/12 11:56:16 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
PRC - [2012/10/12 11:38:39 | 000,109,336 | ---- | M] (Siber Systems) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2012/10/10 02:16:38 | 003,536,320 | ---- | M] (Tonec Inc.) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe
PRC - [2012/10/04 10:27:26 | 000,079,384 | ---- | M] (Google) -- C:\Users\vice\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2012/08/13 03:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
PRC - [2012/08/01 10:49:53 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/07/31 03:37:02 | 002,596,984 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2012/07/27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/06/13 03:48:50 | 002,321,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2012/02/14 04:52:56 | 000,493,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgcfgex.exe
PRC - [2011/09/30 09:28:08 | 000,546,464 | ---- | M] (ESET) -- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe
PRC - [2011/09/30 09:28:06 | 000,884,304 | ---- | M] () -- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
PRC - [2010/05/25 05:28:58 | 000,263,600 | ---- | M] (Tonec Inc.) -- C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
PRC - [2009/12/09 16:21:56 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2009/12/09 16:21:52 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/11/24 13:46:26 | 000,994,952 | ---- | M] (Acunetix Ltd.) -- C:\Program Files (x86)\Acunetix\Web Vulnerability Scanner 6\WVSScheduler.exe

========== Modules (No Company Name) ==========

MOD - [2012/10/12 11:56:16 | 009,814,968 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
MOD - [2012/08/01 10:49:53 | 002,003,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/09/30 09:28:06 | 000,884,304 | ---- | M] () -- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

========== Services (SafeList) ==========

SRV:64bit: - [2010/09/28 12:30:28 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/02/05 17:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/07/28 15:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 18:41:13 | 000,029,184 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\windows\SysNative\keyiso.dll -- (KeyIso)
SRV - [2012/10/12 11:56:17 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/17 12:01:54 | 002,365,792 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2012/08/13 03:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/08/03 16:22:18 | 000,352,248 | ---- | M] (Verizon) [Auto | Running] -- C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter)
SRV - [2012/08/01 10:49:53 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/06/13 03:48:50 | 002,321,560 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgfws.exe -- (avgfws)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/02/11 13:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/09 16:21:56 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009/12/09 16:21:52 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/24 13:46:26 | 000,994,952 | ---- | M] (Acunetix Ltd.) [Auto | Running] -- C:\Program Files (x86)\Acunetix\Web Vulnerability Scanner 6\WVSScheduler.exe -- (AcuWVSSchedulerv6)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/10/19 18:33:44 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/10/18 17:09:06 | 000,131,416 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2012/09/27 11:07:26 | 000,160,992 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\windows\SysNative\drivers\idmwfp.sys -- (IDMWFP)
DRV:64bit: - [2012/08/24 15:43:16 | 000,384,352 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/26 03:21:28 | 000,291,680 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/07/18 14:12:29 | 000,087,488 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2012/07/09 13:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/04/19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/04/02 12:17:40 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2012/04/02 12:17:18 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\windows\SysNative\drivers\lmimirr.sys -- (lmimirr)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/12/23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/10/06 19:47:18 | 000,030,720 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\drivers\tapoas.sys -- (tapoas)
DRV:64bit: - [2010/03/10 18:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/02/10 15:01:58 | 000,158,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/01/15 12:22:08 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/09/17 12:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/30 20:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:00:13 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\drivers\Dot4Scan.sys -- (Dot4Scan)
DRV:64bit: - [2009/07/07 08:51:42 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\windows\SysNative\drivers\FwLnk.sys -- (FwLnk)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/06/10 14:28:14 | 000,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)
DRV - [2009/06/10 14:15:18 | 000,003,066 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.toshiba.com/
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{8D40F87F-3D0F-4E0A-B0C3-1F48BA4A4C0D}: "URL" = http://www.google.co...ng}&rlz=1I7TSNF
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.microsof...arch/search.asp
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://home.microsof...obby/search.asp
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{B9392CD0-27B1-4A09-A802-1C172F508BF6}: "URL" = http://www.google.co...ng}&rlz=1I7TSNF

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-254672792-3389915106-1260256797-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.microsof...arch/search.asp
IE - HKU\S-1-5-21-254672792-3389915106-1260256797-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKU\S-1-5-21-254672792-3389915106-1260256797-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://home.microsof...obby/search.asp
IE - HKU\S-1-5-21-254672792-3389915106-1260256797-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-254672792-3389915106-1260256797-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
IE - HKU\S-1-5-21-254672792-3389915106-1260256797-1000\..\SearchScopes,DefaultScope = {5C443326-F55B-4901-9795-D516DAD7DB0F}
IE - HKU\S-1-5-21-254672792-3389915106-1260256797-1000\..\SearchScopes\{5C443326-F55B-4901-9795-D516DAD7DB0F}: "URL" = http://www.google.co...&rlz=1I7TSNF_en
IE - HKU\S-1-5-21-254672792-3389915106-1260256797-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-254672792-3389915106-1260256797-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: {e968fc70-8f95-4ab9-9e79-304de2a71ee1}:0.7.3
FF - prefs.js..extensions.enabledAddons: {c36177c0-224a-11da-8cd6-0800200c9a91}:3.9.81
FF - prefs.js..extensions.enabledAddons: {3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d}:1.8.1
FF - prefs.js..extensions.enabledAddons: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.2.2
FF - prefs.js..extensions.enabledAddons: [email protected]:1.0
FF - prefs.js..extensions.enabledAddons: {8743b663-b854-4f75-bc82-8f7e751e759f}:1.7.5
FF - prefs.js..extensions.enabledAddons: [email protected]:1.2.0.2
FF - prefs.js..extensions.enabledAddons: {7067a92c-1db4-4e5e-869c-25f841287f8b}:0.2.4
FF - prefs.js..extensions.enabledAddons: [email protected]:7.3.29
FF - prefs.js..extensions.enabledAddons: {F53C93F1-07D5-430c-86D4-C9531B27DFAF}:12.0.0.2189
FF - prefs.js..extensions.enabledAddons: {9c51bd27-6ed8-4000-a2bf-36cb95c0c947}:11.0.1
FF - prefs.js..extensions.enabledAddons: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:1.4
FF - prefs.js..extensions.enabledAddons: SkipScreen@SkipScreen:0.7.0
FF - prefs.js..extensions.enabledAddons: [email protected]:4.0.2
FF - prefs.js..extensions.enabledAddons: {8479ade0-2eec-11de-8c30-0800200c9a66}:3.0.6
FF - prefs.js..network.proxy.http: "68.51.25.29"
FF - prefs.js..network.proxy.http_port: 8085
FF - prefs.js..network.proxy.ssl: "68.51.25.29"
FF - prefs.js..network.proxy.ssl_port: 8085
FF - prefs.js..network.proxy.type: 0

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\vice\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\vice\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\vice\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\vice\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/10/12 13:02:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/10/17 13:14:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2012/10/12 11:39:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/01 10:49:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/10/19 22:54:43 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\vice\AppData\Roaming\IDM\idmmzcc5 [2012/10/12 11:59:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/01 10:49:53 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/10/19 22:54:43 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Users\vice\AppData\Roaming\IDM\idmmzcc5 [2012/10/12 11:59:36 | 000,000,000 | ---D | M]

[2011/07/21 11:04:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\vice\AppData\Roaming\mozilla\Extensions
[2012/10/24 00:53:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\vice\AppData\Roaming\mozilla\Firefox\Profiles\ezcijjos.default\extensions
[2012/10/17 13:24:44 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\vice\AppData\Roaming\mozilla\Firefox\Profiles\ezcijjos.default\extensions\[email protected]
[2012/10/14 21:38:47 | 000,016,275 | ---- | M] () (No name found) -- C:\Users\vice\AppData\Roaming\mozilla\firefox\profiles\ezcijjos.default\extensions\[email protected]
[2012/10/14 22:58:19 | 001,626,141 | ---- | M] () (No name found) -- C:\Users\vice\AppData\Roaming\mozilla\firefox\profiles\ezcijjos.default\extensions\[email protected]
[2012/10/20 16:34:41 | 000,071,037 | ---- | M] () (No name found) -- C:\Users\vice\AppData\Roaming\mozilla\firefox\profiles\ezcijjos.default\extensions\[email protected]
[2012/10/13 03:31:31 | 000,004,544 | ---- | M] () (No name found) -- C:\Users\vice\AppData\Roaming\mozilla\firefox\profiles\ezcijjos.default\extensions\[email protected]
[2012/08/01 10:49:57 | 000,049,607 | ---- | M] () (No name found) -- C:\Users\vice\AppData\Roaming\mozilla\firefox\profiles\ezcijjos.default\extensions\{3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d}.xpi
[2012/10/14 22:23:24 | 000,031,339 | ---- | M] () (No name found) -- C:\Users\vice\AppData\Roaming\mozilla\firefox\profiles\ezcijjos.default\extensions\{7067a92c-1db4-4e5e-869c-25f841287f8b}.xpi
[2012/03/22 09:11:48 | 000,679,816 | ---- | M] () (No name found) -- C:\Users\vice\AppData\Roaming\mozilla\firefox\profiles\ezcijjos.default\extensions\{8479ade0-2eec-11de-8c30-0800200c9a66}.xpi
[2012/10/14 21:35:24 | 000,104,649 | ---- | M] () (No name found) -- C:\Users\vice\AppData\Roaming\mozilla\firefox\profiles\ezcijjos.default\extensions\{8743b663-b854-4f75-bc82-8f7e751e759f}.xpi
[2012/10/19 16:47:46 | 000,080,872 | ---- | M] () (No name found) -- C:\Users\vice\AppData\Roaming\mozilla\firefox\profiles\ezcijjos.default\extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}.xpi
[2012/07/25 12:28:25 | 000,177,357 | ---- | M] () (No name found) -- C:\Users\vice\AppData\Roaming\mozilla\firefox\profiles\ezcijjos.default\extensions\{c36177c0-224a-11da-8cd6-0800200c9a91}.xpi
[2012/10/12 10:19:38 | 001,268,546 | ---- | M] () (No name found) -- C:\Users\vice\AppData\Roaming\mozilla\firefox\profiles\ezcijjos.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi
[2012/10/24 00:53:26 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\vice\AppData\Roaming\mozilla\firefox\profiles\ezcijjos.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/10/20 02:40:40 | 000,252,340 | ---- | M] () (No name found) -- C:\Users\vice\AppData\Roaming\mozilla\firefox\profiles\ezcijjos.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2012/01/16 14:29:49 | 000,042,336 | ---- | M] () (No name found) -- C:\Users\vice\AppData\Roaming\mozilla\firefox\profiles\ezcijjos.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi
[2012/01/09 16:21:06 | 000,002,059 | ---- | M] () -- C:\Users\vice\AppData\Roaming\mozilla\firefox\profiles\ezcijjos.default\searchplugins\absearch-search.xml
[2012/01/16 14:42:37 | 000,002,685 | ---- | M] () -- C:\Users\vice\AppData\Roaming\mozilla\firefox\profiles\ezcijjos.default\searchplugins\packetstorm-search-suggest.xml
[2012/04/28 10:00:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/04/18 07:46:18 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/10/17 13:14:40 | 000,000,000 | ---D | M] (AVG Do Not Track) -- C:\PROGRAM FILES (X86)\AVG\AVG2012\FIREFOX\DONOTTRACK
[2012/10/12 11:59:36 | 000,000,000 | ---D | M] (IDM CC) -- C:\USERS\VICE\APPDATA\ROAMING\IDM\IDMMZCC5
[2012/08/01 10:49:53 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/03/14 09:28:51 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/03/14 09:28:51 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: https://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: https://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: ActiveTouch General Plugin Container (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npatgpc.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\vice\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\vice\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U5 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\windows\SysWOW64\npDeployJava1.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: AVG Safe Search = C:\Users\vice\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2210_0\
CHR - Extension: IDM Integration = C:\Users\vice\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmolcgpienlcieaajfkkdamlngancncm\6.12.21_0\
CHR - Extension: Skype Click to Call = C:\Users\vice\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\
CHR - Extension: AVG Do Not Track = C:\Users\vice\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\
CHR - Extension: AVG Safe Search = C:\Users\vice\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2210_0\
CHR - Extension: IDM Integration = C:\Users\vice\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmolcgpienlcieaajfkkdamlngancncm\6.12.21_0\
CHR - Extension: Skype Click to Call = C:\Users\vice\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\
CHR - Extension: AVG Do Not Track = C:\Users\vice\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\

O1 HOSTS File: ([2012/10/19 19:50:39 | 000,000,067 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 199.188.206.118 www.voicebridge.org
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3:64bit: - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - {EFEED92A-A33D-4873-BA8F-32BAA631E54D} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - No CLSID value found.
O3 - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3:64bit: - HKU\.DEFAULT\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3:64bit: - HKU\S-1-5-18\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3:64bit: - HKU\S-1-5-21-254672792-3389915106-1260256797-1000\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O3 - HKU\S-1-5-21-254672792-3389915106-1260256797-1000\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKU\.DEFAULT..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKU\S-1-5-18..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKU\S-1-5-21-254672792-3389915106-1260256797-1000..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKU\S-1-5-21-254672792-3389915106-1260256797-1000..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKLM..\RunOnce: [InnoSetupRegFile.0000000001] C:\windows\is-MG28Q.exe ()
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStartupSound = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0
O7 - HKU\S-1-5-21-254672792-3389915106-1260256797-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-254672792-3389915106-1260256797-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThumbnailCache = 1
O7 - HKU\S-1-5-21-254672792-3389915106-1260256797-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableThumbnailsOnNetworkFolders = 1
O7 - HKU\S-1-5-21-254672792-3389915106-1260256797-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8:64bit: - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8:64bit: - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O8:64bit: - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8:64bit: - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8:64bit: - Extra context menu item: Show RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Show RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9:64bit: - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9:64bit: - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files (x86)\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=724 (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{18B2CA68-557A-43AD-9FC8-7D25FC095266}: DhcpNameServer = 66.174.92.14 69.78.96.14
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F95538B8-A754-4551-AE9E-3F4BD24042BF}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/09/22 06:35:35 | 000,091,464 | R--- | M] () - D:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2010/08/24 23:14:07 | 000,000,051 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgchsva.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/24 01:18:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Verizon
[2012/10/24 01:04:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/10/23 23:01:04 | 000,000,000 | ---D | C] -- C:\windows\Prefetch
[2012/10/23 22:59:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013
[2012/10/23 22:59:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2013
[2012/10/23 22:03:47 | 000,034,656 | ---- | C] (TuneUp Software) -- C:\windows\SysNative\TURegOpt.exe
[2012/10/23 22:03:40 | 000,025,952 | ---- | C] (TuneUp Software) -- C:\windows\SysNative\authuitu.dll
[2012/10/23 22:03:40 | 000,021,344 | ---- | C] (TuneUp Software) -- C:\windows\SysWow64\authuitu.dll
[2012/10/23 22:03:26 | 000,000,000 | ---D | C] -- C:\Users\vice\AppData\Roaming\TuneUp Software
[2012/10/23 22:02:54 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2012/10/23 22:02:32 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2012/10/23 21:37:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/10/23 21:37:00 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2012/10/20 20:57:14 | 000,000,000 | ---D | C] -- C:\Users\vice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ManageEngine OpManager
[2012/10/20 20:57:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ManageEngine
[2012/10/20 10:19:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7M
[2012/10/20 10:18:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Guard-ICQ
[2012/10/20 10:18:09 | 000,000,000 | ---D | C] -- C:\Users\vice\AppData\Roaming\ICQ
[2012/10/20 10:18:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ7M
[2012/10/20 09:10:08 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/10/20 04:38:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Affiliate Creator
[2012/10/20 04:38:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Affiliate Creator
[2012/10/20 04:38:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegUtility
[2012/10/20 04:38:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RegUtility
[2012/10/20 04:37:35 | 000,000,000 | ---D | C] -- C:\Users\vice\AppData\Roaming\Mael
[2012/10/20 04:36:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HxD Hex Editor
[2012/10/20 04:36:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HxD
[2012/10/20 02:53:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GnuWin32
[2012/10/20 02:53:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GnuWin32
[2012/10/19 19:03:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DiskAid
[2012/10/19 18:34:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2012/10/19 18:33:44 | 000,283,200 | ---- | C] (DT Soft Ltd) -- C:\windows\SysNative\drivers\dtsoftbus01.sys
[2012/10/19 18:33:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2012/10/19 18:20:41 | 000,000,000 | ---D | C] -- C:\Users\vice\VirtualBox VMs
[2012/10/19 18:19:56 | 000,000,000 | ---D | C] -- C:\Users\vice\.VirtualBox
[2012/10/19 17:45:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
[2012/10/19 17:43:43 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012/10/19 17:35:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sublime Text 2
[2012/10/19 11:25:27 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/10/19 09:47:21 | 000,000,000 | ---D | C] -- C:\Users\vice\New folder
[2012/10/19 06:21:34 | 000,000,000 | ---D | C] -- C:\Users\vice\AppData\Roaming\redsn0w
[2012/10/19 00:09:19 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\vice\Desktop\OTL.exe
[2012/10/17 22:10:55 | 000,000,000 | ---D | C] -- C:\Users\vice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Eurobattle.net
[2012/10/17 22:03:08 | 000,000,000 | ---D | C] -- C:\Warcraft III
[2012/10/17 22:03:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Warcraft III
[2012/10/17 20:55:41 | 000,000,000 | ---D | C] -- C:\windows\temp
[2012/10/17 20:45:30 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2012/10/17 20:45:30 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2012/10/17 20:45:30 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2012/10/17 20:45:27 | 000,000,000 | ---D | C] -- C:\ComboFix_2
[2012/10/17 20:45:23 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/10/17 20:45:11 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2012/10/17 20:25:32 | 000,000,000 | ---D | C] -- C:\Users\vice\Desktop\war3 patch
[2012/10/17 19:54:05 | 000,000,000 | ---D | C] -- C:\Users\vice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2012/10/17 13:43:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
[2012/10/17 13:43:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/10/17 13:42:12 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/10/17 13:42:11 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/10/17 13:42:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/10/17 13:42:11 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2012/10/17 11:40:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Driver Checker
[2012/10/17 06:59:21 | 000,000,000 | ---D | C] -- C:\Users\vice\AppData\Roaming\Reviversoft
[2012/10/17 06:59:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Reviversoft
[2012/10/17 00:23:02 | 000,000,000 | ---D | C] -- C:\Users\vice\Warcraft III 1.21b ROC Installer enUS
[2012/10/16 23:12:28 | 000,000,000 | ---D | C] -- C:\Users\vice\Warcraft III 1.21b TFT Installer enUS
[2012/10/16 17:13:53 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\DAEMON Tools Images
[2012/10/16 15:51:58 | 000,000,000 | ---D | C] -- C:\Tweaking.com_Windows_Repair_Logs
[2012/10/15 15:30:49 | 000,000,000 | ---D | C] -- C:\Users\vice\Desktop\New folder (2)
[2012/10/15 13:50:34 | 000,000,000 | ---D | C] -- C:\MGtools
[2012/10/15 13:14:30 | 000,000,000 | ---D | C] -- C:\Users\vice\AppData\Roaming\SUPERAntiSpyware.com
[2012/10/15 11:11:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/10/15 11:11:26 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/10/15 11:11:26 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/10/15 07:19:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012/10/15 07:19:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2012/10/15 07:07:05 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/10/15 06:51:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NT Registry Optimizer
[2012/10/15 06:48:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Everything
[2012/10/15 05:09:57 | 000,000,000 | ---D | C] -- C:\Users\vice\Desktop\RK_Quarantine
[2012/10/15 01:29:44 | 000,000,000 | ---D | C] -- C:\Users\vice\Documents\My Streaming Media
[2012/10/15 01:29:38 | 000,000,000 | ---D | C] -- C:\Users\vice\AppData\Local\Jaksta_Technologies_Pty_L
[2012/10/13 09:01:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OnlineHD.TV
[2012/10/13 08:16:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Pro
[2012/10/13 08:15:43 | 000,000,000 | ---D | C] -- C:\Users\vice\AppData\Roaming\DAEMON Tools Pro
[2012/10/13 08:15:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Pro
[2012/10/13 08:13:10 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Pro
[2012/10/13 06:03:49 | 000,000,000 | ---D | C] -- C:\ProgramData\ActivePath
[2012/10/13 06:03:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Uncompressor
[2012/10/13 04:55:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Garena Plus
[2012/10/13 04:55:50 | 000,000,000 | ---D | C] -- C:\ProgramData\GarenaMessenger
[2012/10/13 02:09:17 | 000,000,000 | ---D | C] -- C:\Users\vice\AppData\Local\DownTango
[2012/10/13 02:08:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Red Sky
[2012/10/12 23:29:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinZip registry Optimizer1
[2012/10/12 21:34:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Uniblue
[2012/10/12 20:56:43 | 000,000,000 | ---D | C] -- C:\Users\vice\AppData\Local\CRE
[2012/10/12 20:56:11 | 000,000,000 | ---D | C] -- C:\Users\vice\AppData\Roaming\Nico Mak Computing
[2012/10/12 20:54:43 | 000,000,000 | ---D | C] -- C:\Users\vice\AppData\Roaming\uTorrent
[2012/10/12 20:27:44 | 000,000,000 | ---D | C] -- C:\Users\vice\AppData\Roaming\Uniblue
[2012/10/12 19:54:18 | 000,000,000 | ---D | C] -- C:\Users\vice\.myPhoneDesktop
[2012/10/12 14:48:44 | 000,000,000 | ---D | C] -- C:\Users\vice\Documents\My Received Files
[2012/10/12 13:02:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/10/12 12:12:58 | 000,000,000 | ---D | C] -- C:\Users\vice\AppData\Roaming\Paltalk
[2012/10/12 12:10:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Paltalk Messenger
[2012/10/12 11:09:00 | 000,000,000 | ---D | C] -- C:\Users\vice\AppData\Roaming\AVG LiveKive
[2012/10/12 11:08:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG LiveKive
[2012/10/12 10:54:48 | 000,000,000 | ---D | C] -- C:\Users\vice\Desktop\Txt file notes
[2012/10/12 10:51:49 | 000,000,000 | ---D | C] -- C:\Users\vice\Desktop\New Data Placments
[2012/10/10 02:36:33 | 000,160,992 | ---- | C] (Tonec Inc.) -- C:\windows\SysNative\drivers\idmwfp.sys

========== Files - Modified Within 30 Days ==========

[2012/10/24 01:26:00 | 000,000,904 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-254672792-3389915106-1260256797-1000UA.job
[2012/10/24 00:56:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/10/24 00:46:14 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/24 00:46:14 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/23 23:00:25 | 000,002,178 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Click Maintenance.lnk
[2012/10/23 23:00:25 | 000,002,152 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2013.lnk
[2012/10/23 21:37:55 | 000,001,443 | ---- | M] () -- C:\Users\vice\Desktop\Regutility.exe - Shortcut.lnk
[2012/10/23 21:37:02 | 000,711,240 | ---- | M] () -- C:\windows\is-MG28Q.exe
[2012/10/23 21:37:02 | 000,010,550 | ---- | M] () -- C:\windows\is-MG28Q.msg
[2012/10/23 21:37:02 | 000,001,078 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/23 21:37:02 | 000,000,382 | ---- | M] () -- C:\windows\is-MG28Q.lst
[2012/10/23 21:13:39 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/23 21:13:39 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/23 21:11:27 | 000,783,418 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/10/23 21:11:27 | 000,663,472 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/10/23 21:11:27 | 000,122,308 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/10/23 21:10:21 | 098,451,300 | ---- | M] () -- C:\windows\SysNative\drivers\AVG\incavi.avm
[2012/10/23 21:06:15 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/10/23 15:11:12 | 002,486,282 | ---- | M] () -- C:\Users\vice\Desktop\RegUtility4.1 crack inc..rar
[2012/10/19 23:20:14 | 000,007,619 | ---- | M] () -- C:\Users\vice\AppData\Local\resmon.resmoncfg
[2012/10/19 22:56:44 | 000,610,884 | ---- | M] () -- C:\windows\SysNative\drivers\AVG\iavichjg.avm
[2012/10/19 22:44:29 | 000,000,000 | ---- | M] () -- C:\windows\LogMeIn_uninstall_reboot
[2012/10/19 19:50:39 | 000,000,067 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2012/10/19 18:33:44 | 000,283,200 | ---- | M] (DT Soft Ltd) -- C:\windows\SysNative\drivers\dtsoftbus01.sys
[2012/10/19 11:26:06 | 000,000,852 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-254672792-3389915106-1260256797-1000Core.job
[2012/10/19 00:09:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\vice\Desktop\OTL.exe
[2012/10/17 13:31:49 | 000,629,010 | ---- | M] () -- C:\windows\SysNative\drivers\AVG\iavifw.avm
[2012/10/15 15:31:11 | 000,000,600 | ---- | M] () -- C:\Users\vice\AppData\Roaming\winscp.rnd
[2012/10/15 15:06:54 | 000,288,887 | ---- | M] () -- C:\MGlogs.zip
[2012/10/15 07:20:03 | 008,912,896 | ---- | M] () -- C:\Users\vice\ntuser.bak
[2012/10/15 03:27:11 | 000,041,595 | ---- | M] () -- C:\Users\vice\Desktop\PdaNet__1.1.2_.apk
[2012/10/13 12:56:19 | 000,045,270 | ---- | M] () -- C:\Users\vice\AppData\Roaming\room_v3.dat
[2012/10/13 05:20:48 | 1167,435,762 | ---- | M] () -- C:\Users\vice\Desktop\Warcraft III - Reing of Chaos + Warcraft III Frozen Throne + CD Key + ENG Patch 121B.zip
[2012/09/29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2012/09/27 11:07:26 | 000,160,992 | ---- | M] (Tonec Inc.) -- C:\windows\SysNative\drivers\idmwfp.sys

========== Files Created - No Company Name ==========

[2012/10/23 23:00:25 | 000,002,178 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Click Maintenance.lnk
[2012/10/23 23:00:25 | 000,002,152 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2013.lnk
[2012/10/23 22:59:54 | 000,002,164 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013.lnk
[2012/10/23 21:37:55 | 000,001,443 | ---- | C] () -- C:\Users\vice\Desktop\Regutility.exe - Shortcut.lnk
[2012/10/23 21:37:02 | 000,711,240 | ---- | C] () -- C:\windows\is-MG28Q.exe
[2012/10/23 21:37:02 | 000,010,550 | ---- | C] () -- C:\windows\is-MG28Q.msg
[2012/10/23 21:37:02 | 000,001,078 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/23 21:37:02 | 000,000,382 | ---- | C] () -- C:\windows\is-MG28Q.lst
[2012/10/23 15:08:14 | 002,486,282 | ---- | C] () -- C:\Users\vice\Desktop\RegUtility4.1 crack inc..rar
[2012/10/19 22:44:29 | 000,000,000 | ---- | C] () -- C:\windows\LogMeIn_uninstall_reboot
[2012/10/19 17:35:19 | 000,000,974 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sublime Text 2.lnk
[2012/10/17 20:45:30 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2012/10/17 20:45:30 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2012/10/17 20:45:30 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2012/10/17 20:45:30 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2012/10/17 20:45:30 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2012/10/15 13:50:41 | 000,288,887 | ---- | C] () -- C:\MGlogs.zip
[2012/10/15 03:27:09 | 000,041,595 | ---- | C] () -- C:\Users\vice\Desktop\PdaNet__1.1.2_.apk
[2012/10/13 08:07:14 | 000,045,270 | ---- | C] () -- C:\Users\vice\AppData\Roaming\room_v3.dat
[2012/10/13 04:12:43 | 1167,435,762 | ---- | C] () -- C:\Users\vice\Desktop\Warcraft III - Reing of Chaos + Warcraft III Frozen Throne + CD Key + ENG Patch 121B.zip
[2012/10/12 11:08:56 | 000,001,049 | ---- | C] () -- C:\Users\vice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVG LiveKive.lnk
[2012/06/19 18:41:38 | 000,000,337 | ---- | C] () -- C:\Users\vice\AppData\Local\Perfmon.PerfmonCfg
[2012/06/18 23:28:17 | 000,037,837 | ---- | C] () -- C:\Users\vice\AppData\Roaming\Comma Separated Values (DOS).ADR
[2012/03/08 13:33:25 | 000,008,192 | ---- | C] () -- C:\Users\vice\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/13 15:01:24 | 000,000,600 | ---- | C] () -- C:\Users\vice\AppData\Local\PUTTY.RND
[2012/01/22 23:08:25 | 000,000,140 | ---- | C] () -- C:\windows\SysWow64\ptl5.dat.{B03B289B-C438-4D0F-B3B0-52F9FE7B661D}
[2012/01/22 16:44:02 | 000,000,016 | ---- | C] () -- C:\windows\SysWow64\ptlx55.dat.{5728B11F-B697-47AA-9C1B-8ECB545B5193}
[2012/01/19 12:36:27 | 000,000,197 | ---- | C] () -- C:\Users\vice\openvpn-connect.json
[2012/01/18 17:24:20 | 000,000,277 | ---- | C] () -- C:\Users\vice\.JavaPowUpload.properties
[2012/01/18 07:32:25 | 000,000,049 | ---- | C] () -- C:\Users\vice\.gtk-bookmarks
[2012/01/16 17:28:01 | 000,000,168 | ---- | C] () -- C:\Users\vice\AppData\Roaming\settings.set
[2012/01/16 07:26:48 | 000,000,600 | ---- | C] () -- C:\Users\vice\AppData\Roaming\winscp.rnd
[2011/09/26 10:56:51 | 000,038,427 | ---- | C] () -- C:\Users\vice\AppData\Roaming\Comma Separated Values (Windows).ADR
[2011/09/21 14:43:36 | 000,081,920 | ---- | C] () -- C:\windows\SysWow64\pwbsp.dll
[2011/09/21 14:43:35 | 000,094,208 | ---- | C] () -- C:\windows\SysWow64\bioapi100.dll
[2011/09/21 14:43:35 | 000,073,728 | ---- | C] () -- C:\windows\SysWow64\bioapi_dummy100.dll
[2011/09/21 14:43:34 | 000,131,072 | ---- | C] () -- C:\windows\SysWow64\bioapi_mds300.dll
[2011/09/21 14:42:27 | 000,159,744 | ---- | C] () -- C:\windows\SysWow64\zkemsdk.dll
[2011/09/21 14:42:27 | 000,126,976 | ---- | C] () -- C:\windows\SysWow64\rscomm.dll
[2011/09/21 14:42:27 | 000,110,592 | ---- | C] () -- C:\windows\SysWow64\rscagent.dll
[2011/09/21 14:42:27 | 000,110,592 | ---- | C] () -- C:\windows\SysWow64\rsagent.dll
[2011/09/21 14:42:27 | 000,100,352 | ---- | C] () -- C:\windows\SysWow64\plce.dll
[2011/09/21 14:42:27 | 000,045,056 | ---- | C] () -- C:\windows\SysWow64\comms.dll
[2011/09/21 14:42:27 | 000,040,960 | ---- | C] () -- C:\windows\SysWow64\rsagentlst.dll
[2011/09/21 14:42:26 | 000,147,456 | ---- | C] () -- C:\windows\SysWow64\ATRauthentec.dll
[2011/09/21 14:42:26 | 000,057,344 | ---- | C] () -- C:\windows\SysWow64\commpro.dll
[2011/07/28 15:20:57 | 001,589,248 | ---- | C] () -- C:\windows\SysWow64\libmysql_d.dll
[2011/07/18 10:36:16 | 000,007,619 | ---- | C] () -- C:\Users\vice\AppData\Local\resmon.resmoncfg
[2011/07/01 00:28:31 | 000,796,852 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/06/30 15:02:01 | 008,912,896 | ---- | C] () -- C:\Users\vice\ntuser.bak
[2011/05/16 12:31:44 | 000,008,592 | ---- | C] () -- C:\windows\SysWow64\ractrlkeyhook.dll
[2011/02/09 17:54:58 | 003,973,120 | ---- | C] () -- C:\windows\SysWow64\ffmpeg2.exe

========== ZeroAccess Check ==========

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 22:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 21:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/01/12 09:52:41 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\DigiData
[2012/01/12 09:52:41 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\DigiData
[2011/07/17 22:54:38 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\.purple
[2012/02/14 19:52:50 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\Air Cam Live Video - PC Control
[2012/02/22 16:21:36 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\AVG
[2012/10/12 14:26:39 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\AVG LiveKive
[2011/10/28 09:45:27 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\AVG2012
[2012/10/20 13:36:40 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\BitTorrent
[2012/04/23 14:41:45 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\com.import.ResellerImporter
[2012/10/19 18:31:56 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\DAEMON Tools Lite
[2012/10/19 11:25:31 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\DAEMON Tools Pro
[2012/02/15 07:48:25 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\Devicescape
[2012/01/22 19:32:07 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\Digital Confidence
[2012/10/19 19:14:40 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\DiskAid
[2012/10/24 01:04:30 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\DMCache
[2011/07/19 23:04:53 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\Downloaded Installations
[2012/10/12 12:14:54 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\FileZilla
[2011/08/26 10:21:57 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\Five9
[2011/07/26 09:37:01 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\GSplit
[2012/02/13 06:53:51 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\gtk-2.0
[2012/10/21 17:11:31 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\ICQ
[2012/10/23 22:02:56 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\IDM
[2012/10/23 22:02:56 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\Mael
[2012/02/13 06:49:55 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\Netscape
[2012/10/15 09:22:15 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\Nico Mak Computing
[2012/10/23 22:04:09 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\Notepad++
[2011/07/16 16:50:22 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\OutWit
[2012/10/12 13:00:14 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\Paltalk
[2012/01/16 23:25:23 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\PE Explorer
[2011/07/08 10:15:28 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\QuickScan
[2012/10/19 06:21:34 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\redsn0w
[2012/10/17 06:59:21 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\Reviversoft
[2012/02/13 06:49:59 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\Risingware
[2011/06/30 15:17:46 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\RoboForm
[2011/07/07 12:45:03 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\SoftGrid Client
[2011/08/30 14:05:26 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\TechWizard
[2011/06/30 16:35:12 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\Tific
[2011/07/07 03:35:07 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\Toshiba
[2011/07/01 00:29:19 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\TP
[2012/10/23 22:03:26 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\TuneUp Software
[2012/10/13 04:27:48 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\Uniblue
[2011/06/30 15:02:37 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\WinBatch
[2011/09/23 10:19:24 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\Windows Live Writer
[2012/06/18 23:53:19 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\WNR
[2011/07/17 23:53:32 | 000,000,000 | ---D | M] -- C:\Users\vice\AppData\Roaming\YouSendIt
[2012/01/12 09:52:41 | 000,000,000 | ---D | M] -- C:\Users\ViceDarkBox\AppData\Roaming\DigiData
[2012/10/20 21:41:51 | 000,000,000 | ---D | M] -- C:\Users\ViceDarkBox\AppData\Roaming\DMCache
[2012/10/23 22:03:41 | 000,000,000 | ---D | M] -- C:\Users\ViceDarkBox\AppData\Roaming\IDM

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 181 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >

#18
godawgs

Posted 24 October 2012 - 11:34 AM

Teacher

Retired Staff
8,228 posts

1. You didn't post the ESET online scan log or tell me if it didn't find anything.

2. Did you disable the Windows StartUp sound?

3. Have you installed the RegUtility program?
I noticed a new file on the desktop:
RegUtility4.1 crack inc..rar

The last OTL log is strange. Back on 10/20/2012 you ran a scan that had the following header:

OTL logfile created on: 10/20/2012 9:48:39 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\vice\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

The log you just posted has the following header:

OTL logfile created on: 10/24/2012 1:30:49 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\vice\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

The run numbers shouldn't be the same. The only thing I can think of that would cause that is deleting all of the OTL files and folders and then downloading the tool again and running it twice. I'm gonna need to check with the tool developer and see if he knows what's going on here.

The proxies are back in FF and the toolbar entries with no information are back. I want you to look in the FF program an see if it has set proxies:

Step-1.

Open the Fifefox browser
Click the Firefox tab in the upper left of the browser or if you have the Menu Bar, click Tools and then Options. The Options page will come up.
Click the Advanced icon.
Click the Network tab.
Under the Connections heading, click the Settings button. The Connection Settings page will open.
Make sure there is a blue dot in the radio button beside No Proxy

Next check IE

Click the Start Orb and click Control Panel
Click the [n]Network and Internet[/b] categoty.
Click the Internet Options category. A Internet Properties window will open.
Click the Connections tab
Click the Lan Settings button.
Under the Proxy Server heading, make sure there is Not a check mark in the box next to Use a proxy server for your LAN. If there is, click the box to uncheck it and click OK. Then click OK again the close the Internet Properties window and close the Control Panel

And I've got some more files we need to scan. It looks like they were put on the system at the same time that MalwareBytes was installed, but I've never seen them before and can't find anything on them.

Step-2.

Virustotal File Upload:

To use Virustotal go Here
Posted Image

Click the Choose File button in the middle of the screen. This will open a File Upload window.
On the File Upload window, in the File name box, type, or copy and paste the following and click Open:
NOTE.. Only one file per scan
- C:\windows\is-MG28Q.exe
- C:\windows\is-MG28Q.msg
- C:\windows\is-MG28Q.lst
This will put the file in the box on the Virustotal page.
Click the Scan it! button.
Please be patient while the file is scanned. It may take several minutes.
Once the scan results appear, please provide them in your next reply, or copy and paste the Virustotal link(s) (URL) in your next reply
Repeat 1 thru 6 for each file listed.

Step-3.

Things For Your Next Post:
1. Answer my questions above
2. The VirusTotal results or links

#19
V1CeE

Posted 25 October 2012 - 06:06 PM

Member

Topic Starter
Member
13 posts

i couldn't get the ESET online scan to work.. i tired for quite some time but the download of the virus database kept stopping on 4% no matter what browser i used. I didnt disable my windows start up sound and a check of the proxys in FF and IE was good there were non enabled ... they were some proxys in FF but the dot next to no proxy was checked. i could not find any of these files anywhere on my computer

C:\windows\is-MG28Q.exe
C:\windows\is-MG28Q.msg
C:\windows\is-MG28Q.lst

#20
godawgs

Posted 25 October 2012 - 11:12 PM

Teacher

Retired Staff
8,228 posts

CKScanner:

Please download CKScanner from here to your Desktop.

Make sure that CKScanner.exe is on the your Desktop before running the application!

Right-click on CKScanner.exe and select Run as Administrator then click on Search For Files.
After a very short time, when the cursor hourglass disappears, click Save List To File.
A message box will verify the file saved
Double-click on the CKFiles.txt icon on your Desktop and copy/paste the contents in your next reply.

Run WVCheck

Please download WVCheck by Artellos from the mirror below and save it to the desktop;

Artellos.com (exe)
After the download, right click the WVCheck.exe file and click Run as Administrator to run WVCheck.exe
As indicated by the prompt, This program can take a while depending on your hard drive space.
Once the program is done, copy the contents of the notepad file and paste it in your next reply.

Things For Your Next Post:
1. The CKFiles.txt log
2. The WVCheck log

#21
V1CeE

Posted 25 October 2012 - 11:34 PM

Member

Topic Starter
Member
13 posts

CKScanner 2.1 - Additional Security Risks - These are not necessarily bad
c:\users\vice\desktop\new folder (2)\ip\crack\extender.exe
c:\users\vice\desktop\new folder (2)\ip\crack\hidemyip.exe
c:\users\vice\downloads\hide_my_ip_5_2_inc_keygen_full_version.rar
c:\users\vice\downloads\regutility4.1 crack inc..rar
c:\users\vice\downloads\[kat.ph]warcraft.iii.reign.of.chaos.warcraft.iii.frozen.throne.full.cracked.eng.patch.121b.cd.key.torrent
c:\users\vice\downloads\compressed\adobe.dreamweaver.cs5..keygen.part1.rar
c:\users\vice\downloads\compressed\aircrack-ng-1.1-win.zip
c:\users\vice\downloads\compressed\driver.checker.v2.7.4.dc.151010.incl.keygen-lz0.rar
c:\users\vice\downloads\compressed\iphone.blacklist.incl.crack.rar
c:\users\vice\downloads\compressed\premiumsoft.navicat.premium.enterprise.edition.v9.1.11.incl.keygen-lz0.rar
c:\users\vice\downloads\compressed\replay-capture-suite-1-0_incl_crack.zip
c:\users\vice\downloads\compressed\winrar.v4.0.1.x86.x64.final.incl.keygen-fff.zip
c:\users\vice\downloads\compressed\winrar.v4.0.1.x86.x64.final.incl.keygen-fff_2.zip
scanner sequence 3.EH.11.FHNAQF
----- EOF -----

Windows Validation Check
Version: 1.9.12.5
Log Created On: 2228_25-10-2012
-----------------------

Windows Information
-----------------------
Windows Version: Windows 7 Service Pack 1
Windows Mode: Normal
Systemroot Path: C:\windows

WVCheck's Auto Update Check
-----------------------
Auto-Update Option: Download updates and install them automatically.
-----------------------
Last success time for Automatic Updates for 'Detect', 'Download' and 'Install' could not be found.

WVCheck's Registry Check Check
-----------------------
Antiwpa: Not Found
-----------------------
Chew7Hale: Not Found
-----------------------

WVCheck's File Dump
-----------------------
C:\Windows\System32\slwga.dll
Size: 14336 bytes
Creation; 6/7/2011 15:18:41
Modification; 20/11/2010 4:21:24
MD5; 19f75d71e4256f5113d64ce2bb66b838
Matched: slwga.dll
-----------------------
C:\Windows\SysWOW64\slwga.dll
Size: 14336 bytes
Creation; 6/7/2011 15:18:41
Modification; 20/11/2010 4:21:24
MD5; 19f75d71e4256f5113d64ce2bb66b838
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\amd64_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7600.16385_none_5b467ba9bd0679bb\slwga.dll
Size: 14848 bytes
Creation; 13/7/2009 16:52:11
Modification; 13/7/2009 18:41:54
MD5; cc03cf9f24946dcbd70acb3e1b2f05bf
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\amd64_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7600.16723_none_5b856235bcd79403\slwga.dll
Size: 15360 bytes
Creation; 2/7/2011 21:28:54
Modification; 20/12/2010 22:15:31
MD5; b7213e92b270761b88b313b62ba0e13b
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\amd64_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7600.20862_none_5be2bf06d6168a3a\slwga.dll
Size: 15360 bytes
Creation; 2/7/2011 21:28:54
Modification; 20/12/2010 22:9:5
MD5; 86b7d4d7a87ecb9e6bded44c52c8d5d9
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\amd64_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7601.17514_none_5d778f71b9f4fd55\slwga.dll
Size: 15360 bytes
Creation; 6/7/2011 15:18:45
Modification; 20/11/2010 5:27:26
MD5; b6d6886149573278cba6abd44c4317f5
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\x86_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7600.16385_none_ff27e02604a90885\slwga.dll
Size: 13824 bytes
Creation; 13/7/2009 16:36:22
Modification; 13/7/2009 18:16:15
MD5; 01fe4bdd0b47a7d8bf34d78d2bc23ddb
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\x86_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7600.16723_none_ff66c6b2047a22cd\slwga.dll
Size: 14336 bytes
Creation; 2/7/2011 21:28:54
Modification; 20/12/2010 21:38:16
MD5; 2008845b41d561fb77b77bbe0045099e
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\x86_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7600.20862_none_ffc423831db91904\slwga.dll
Size: 14336 bytes
Creation; 2/7/2011 21:28:54
Modification; 20/12/2010 21:29:6
MD5; 2332de32759ebcc691850e092b2564a6
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\x86_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7601.17514_none_0158f3ee01978c1f\slwga.dll
Size: 14336 bytes
Creation; 6/7/2011 15:18:41
Modification; 20/11/2010 4:21:24
MD5; 19f75d71e4256f5113d64ce2bb66b838
Matched: slwga.dll
-----------------------

WVCheck's Dir Dump
-----------------------
WVCheck found no known bad directories.

WVCheck's Missing File Check
-----------------------
WVCheck found no missing Windows files.

WVCheck's MBAM Quarantine Check
-----------------------
There were no bad files quarantined by MBAM.

WVCheck's HOSTS File Check
-----------------------
WVCheck found no bad lines in the hosts file.

WVCheck's MD5 Check
EXPERIMENTAL!!
-----------------------
user32.dll - 5e0db2d8b2750543cd2ebb9ea8e6cdd3

-------- End of File, program close at 2230_25-10-2012 --------

#22
godawgs

Posted 26 October 2012 - 12:45 PM

Teacher

Retired Staff
8,228 posts

Step-1.

Please delete the following cracks and keygen files:

c:\users\vice\desktop\new folder (2)\ip\crack\extender.exe
c:\users\vice\desktop\new folder (2)\ip\crack\hidemyip.exe
c:\users\vice\downloads\hide_my_ip_5_2_inc_keygen_full_version.rar
c:\users\vice\downloads\regutility4.1 crack inc..rar
c:\users\vice\downloads\[kat.ph]warcraft.iii.reign.of.chaos.warcraft.iii.frozen.throne.full.cracked.eng.patch.121b.cd.key.torrent
c:\users\vice\downloads\compressed\adobe.dreamweaver.cs5..keygen.part1.rar
c:\users\vice\downloads\compressed\aircrack-ng-1.1-win.zip
c:\users\vice\downloads\compressed\driver.checker.v2.7.4.dc.151010.incl.keygen-lz0.rar
c:\users\vice\downloads\compressed\iphone.blacklist.incl.crack.rar
c:\users\vice\downloads\compressed\premiumsoft.navicat.premium.enterprise.edition.v9.1.11.incl.keygen-lz0.rar
c:\users\vice\downloads\compressed\replay-capture-suite-1-0_incl_crack.zip
c:\users\vice\downloads\compressed\winrar.v4.0.1.x86.x64.final.incl.keygen-fff.zip
c:\users\vice\downloads\compressed\winrar.v4.0.1.x86.x64.final.incl.keygen-fff_2.zip

Step-2.

Re-run CKScanner using the directions in post #20 and post the new CKFiles.txt log.

#23
V1CeE

Posted 26 October 2012 - 01:41 PM

Member

Topic Starter
Member
13 posts

Ok all the key gens u listed are gone... also when i run the CK program it always stalls in not responding for a good 20 mins.... it eventually kicks out the report but i thought maybe you should know... i thought it might give incorrect results or something.

CKScanner 2.1 - Additional Security Risks - These are not necessarily bad
c:\users\vice\desktop\download\super.email.harvester.v5.63.winall.cracked-hs.rar
c:\users\vice\desktop\new folder (2)\new folder (2)\new folder\super.email.spider.v2.85\keygen\keygen.exe
c:\users\vice\desktop\new folder (2)\new folder (3)\seo powersuite enterprise full crack 2012\install.txt
c:\users\vice\desktop\new folder (2)\new folder (3)\seo powersuite enterprise full crack 2012\seopowersuite.exe
c:\users\vice\desktop\new folder (2)\reg utility 4.1 crack included\read me.txt
c:\users\vice\desktop\new folder (2)\reg utility 4.1 crack included\regutility v4.1_patch.exe
c:\users\vice\desktop\new folder (2)\reg utility 4.1 crack included\regutility_setup.exe
c:\users\vice\downloads\seo_powersuite_enterprise_1.0__crack.rar
c:\users\vice\downloads\compressed\seo powersuite enterprise full crack 2012.zip
c:\users\vice\downloads\programs\seo.spyglass.5.1.1.crack_downloader_99110.exe
c:\users\vice\downloads\programs\seo.spyglass.5.1.1.keygen_downloader_99110.exe
c:\users\vice\downloads\programs\super_email_spider_v2_0_0_72_working_crack_rar.exe
scanner sequence 3.FF.11.AMAARS
----- EOF -----

#24
Dakeyras

Posted 27 October 2012 - 12:40 PM

Anti-Malware Mammoth

Expert
9,772 posts

This service is provided to you, without charge, by people who volunteer their own time to help.
There is an implied trust that you will respect that donated time, and provide all the information possible to bring the dialogue to a successful conclusion.
If false information is provided, that trust is violated, and it is no longer the obligation of the volunteer to continue assistance.
This site will no longer help with this topic.

This Topic is now Closed.