Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

unresponsive and BSOD [Solved]


  • This topic is locked This topic is locked

#1
Techminator

Techminator

    Member

  • Member
  • PipPip
  • 15 posts
I have two issues:

Issue1:

Whenever I wake up my computer from sleep, the computer is very slow. Infact windows explorer almost freezes. No new applications can be started, task manager does not start and I can't even shut down my computer using the Start--->Shutdown procedure.

If the browser is up, then can surf the internet but that is it. Anything else I click in Windwows Explorer does not open. The only way to get everything back to normal is to press and hold the power button of the laptop computer and restart.

Issue 2:

I use a software called HitMan Pro. Its a pretty good one at detecting and removing malware. It has detected stuff that even BitDefender Total Seccurity Suite failed to detect. However, of late when it is scanning my computer, mid way, I get a Blue Screen of Death and the computer restarts.

The error messages in the BSOD are of two types:

1. Page Faulat in Non-Paged Area
or
2. IRQ Not less then Equal

I have scanned my system fully and also using Microsoft Defender Offline in boot mode and it did detect and remove a backdoor but the two issues still persist. I also have scanned my system using MBAM and it too detected stuff that should not have been on my system and cleaned it but not the issues.

Here is the log file:


OTL logfile created on: 11/3/2012 4:26:16 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = D:\
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.77 Gb Available Physical Memory | 58.96% Memory free
5.99 Gb Paging File | 4.07 Gb Available in Paging File | 67.89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111.44 Gb Total Space | 20.74 Gb Free Space | 18.61% Space Free | Partition Type: NTFS
Drive D: | 107.90 Gb Total Space | 10.02 Gb Free Space | 9.28% Space Free | Partition Type: NTFS

Computer Name: VANQUISHER-PC | User Name: Vanquisher | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/03 16:26:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\OTL.exe
PRC - [2012/10/27 14:59:22 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/10/26 16:27:22 | 000,105,832 | ---- | M] (SurfRight B.V.) -- C:\Program Files\HitmanPro\hmpsched.exe
PRC - [2012/10/24 20:08:18 | 000,055,544 | ---- | M] (Bitdefender) -- C:\Program Files\BitDefender\Bitdefender 2013\updatesrv.exe
PRC - [2012/10/24 20:05:52 | 001,335,840 | ---- | M] (Bitdefender) -- C:\Program Files\BitDefender\Bitdefender 2013\vsserv.exe
PRC - [2012/10/24 19:51:14 | 001,609,272 | ---- | M] (Bitdefender) -- C:\Program Files\BitDefender\Bitdefender 2013\bdagent.exe
PRC - [2012/10/16 22:37:01 | 004,762,496 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2012/10/09 18:37:25 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
PRC - [2012/10/03 03:50:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/10/03 00:59:14 | 000,864,616 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2012/09/17 11:56:40 | 001,869,152 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe
PRC - [2012/09/17 11:56:38 | 001,699,680 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe
PRC - [2012/09/13 01:44:42 | 000,196,112 | ---- | M] (Nitro PDF Software) -- C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe
PRC - [2012/09/09 23:50:53 | 000,045,056 | ---- | M] () -- C:\Windows\System32\UTSCSI.EXE
PRC - [2012/08/16 20:51:56 | 000,152,576 | ---- | M] (CrashPlan) -- C:\Program Files\CrashPlan\CrashPlanService.exe
PRC - [2012/07/12 00:24:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2012/07/04 19:08:08 | 001,607,040 | ---- | M] (IObit) -- C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe
PRC - [2012/06/25 18:45:14 | 000,082,824 | ---- | M] (Bitdefender) -- C:\Program Files\BitDefender\Bitdefender Safebox\safeboxservice.exe
PRC - [2012/03/04 21:57:28 | 001,027,544 | ---- | M] (Crystal Dew World) -- C:\Program Files\CrystalDiskInfo\DiskInfo.exe
PRC - [2011/02/25 11:00:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/02/15 21:31:48 | 000,019,968 | ---- | M] (Fork Ltd.) -- C:\Program Files\Prey\platform\windows\cronsvc.exe
PRC - [2010/11/20 17:47:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/12/16 00:41:48 | 001,115,728 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2009/11/20 15:34:08 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2009/09/05 21:46:54 | 003,452,928 | ---- | M] (Egis Technology Inc.) -- C:\Program Files\Acer Bio Protection\BASVC.exe
PRC - [2009/09/05 21:46:40 | 003,407,360 | ---- | M] (Egis Technology Inc.) -- C:\Program Files\Acer Bio Protection\CompPtcVUI.exe
PRC - [2009/08/29 11:30:12 | 000,966,656 | RHS- | M] () -- C:\Users\Vanquisher\Local Settings\Apps\F.lux\flux.exe
PRC - [2009/08/24 03:11:16 | 001,528,624 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2009/07/14 06:44:41 | 000,354,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\StikyNot.exe
PRC - [2009/06/05 00:33:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/06/03 07:42:50 | 000,599,344 | ---- | M] (Validity Sensors, Inc.) -- C:\Windows\System32\vfsFPService.exe
PRC - [2007/12/11 16:45:04 | 000,012,800 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2007/05/25 09:38:20 | 000,537,520 | ---- | M] ( ) -- C:\Windows\System32\lxdccoms.exe
PRC - [2005/12/01 03:04:18 | 000,068,608 | ---- | M] () -- C:\Program Files\ClipX\clipx.exe


========== Modules (No Company Name) ==========

MOD - [2012/10/27 14:59:21 | 002,295,264 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/10/24 19:55:00 | 000,203,840 | ---- | M] () -- C:\Program Files\BitDefender\Bitdefender 2013\txmlutil.dll
MOD - [2012/10/09 18:37:24 | 009,814,968 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_4_402_287.dll
MOD - [2012/07/18 01:32:20 | 000,970,240 | ---- | M] () -- C:\Users\Vanquisher\AppData\Roaming\Mozilla\Firefox\Profiles\7l6q5dm8.default-1351026847965\extensions\[email protected]\platform\WINNT_x86-msvc\components\lpxpcom.dll
MOD - [2012/04/27 16:08:08 | 000,092,600 | ---- | M] () -- C:\Program Files\BitDefender\Bitdefender 2013\bdmetrics.dll
MOD - [2011/08/19 16:33:28 | 000,047,960 | ---- | M] () -- C:\Program Files\IObit\Smart Defrag 2\NtfsData.dll
MOD - [2010/01/21 06:04:10 | 008,793,952 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/01/10 00:48:18 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2009/11/20 15:34:08 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
MOD - [2009/08/29 11:30:12 | 000,966,656 | RHS- | M] () -- C:\Users\Vanquisher\Local Settings\Apps\F.lux\flux.exe
MOD - [2008/11/18 16:40:30 | 000,270,336 | ---- | M] () -- C:\Program Files\S2 PCSync\PCExplorer.dll
MOD - [2008/11/18 16:40:14 | 000,245,760 | ---- | M] () -- C:\Program Files\S2 PCSync\VCard.dll
MOD - [2008/11/18 16:40:02 | 000,258,048 | ---- | M] () -- C:\Program Files\S2 PCSync\VCalendar.dll
MOD - [2008/11/18 16:40:00 | 000,753,664 | ---- | M] () -- C:\Program Files\S2 PCSync\PCSuiteProcess.dll
MOD - [2008/11/18 16:39:52 | 000,065,536 | ---- | M] () -- C:\Program Files\S2 PCSync\HandlerManager.dll
MOD - [2008/11/18 16:39:52 | 000,049,152 | ---- | M] () -- C:\Program Files\S2 PCSync\StringResource.dll
MOD - [2008/11/18 16:39:50 | 000,057,344 | ---- | M] () -- C:\Program Files\S2 PCSync\ShareFileManager.dll
MOD - [2005/12/01 03:04:18 | 000,068,608 | ---- | M] () -- C:\Program Files\ClipX\clipx.exe


========== Services (SafeList) ==========

SRV - [2012/10/27 14:59:21 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/10/26 16:27:22 | 000,105,832 | ---- | M] (SurfRight B.V.) [Auto | Stopped] -- C:\Program Files\HitmanPro\hmpsched.exe -- (HitmanProScheduler)
SRV - [2012/10/24 20:08:18 | 000,055,544 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe -- (Updatesrv)
SRV - [2012/10/24 20:07:35 | 000,059,152 | ---- | M] (Bitdefender) [Disabled | Stopped] -- C:\Program Files\BitDefender\Bitdefender 2013\bdparentalservice.exe -- (BdDesktopParental)
SRV - [2012/10/24 20:05:52 | 001,335,840 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe -- (vsserv)
SRV - [2012/10/10 06:30:44 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/10/03 03:50:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/09/17 11:56:38 | 001,699,680 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2012/09/13 01:44:42 | 000,196,112 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe -- (NitroReaderDriverReadSpool2)
SRV - [2012/09/09 23:50:53 | 000,045,056 | ---- | M] () [Auto | Running] -- C:\Windows\System32\UTSCSI.EXE -- (UTSCSI)
SRV - [2012/08/31 19:32:02 | 002,754,984 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012/08/18 01:21:32 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/08/16 20:51:56 | 000,152,576 | ---- | M] (CrashPlan) [Auto | Running] -- C:\Program Files\CrashPlan\CrashPlanService.exe -- (CrashPlanService)
SRV - [2012/08/13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Disabled | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/07/12 00:24:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2012/06/25 18:45:14 | 000,082,824 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\BitDefender\Bitdefender Safebox\safeboxservice.exe -- (SafeBox)
SRV - [2012/06/19 16:21:24 | 001,646,608 | ---- | M] (Rosetta Stone Ltd.) [Disabled | Stopped] -- C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe -- (RosettaStoneDaemon)
SRV - [2012/05/30 00:16:46 | 000,029,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2012/04/05 15:48:02 | 000,255,376 | ---- | M] (Acer Incorporated) [Disabled | Stopped] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service)
SRV - [2012/01/04 07:39:09 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/08/08 03:10:00 | 003,804,120 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2011/07/15 06:33:00 | 000,021,488 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Roxio\BackOnTrack\App\BService.exe -- (BOT4Service)
SRV - [2011/07/13 13:11:52 | 000,340,976 | ---- | M] (Rovi Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe -- (RoxWatch12)
SRV - [2011/07/13 13:11:30 | 001,095,664 | ---- | M] (Rovi Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe -- (RoxMediaDB13)
SRV - [2011/05/29 01:54:28 | 000,135,168 | ---- | M] (Airytec) [Auto | Stopped] -- C:\Program Files\Airytec\Switch Off\swoff.exe -- (SwOffWeb)
SRV - [2011/05/29 01:54:28 | 000,135,168 | ---- | M] (Airytec) [Auto | Stopped] -- C:\Program Files\Airytec\Switch Off\swoff.exe -- (SwOffScheduler)
SRV - [2011/02/15 21:31:48 | 000,019,968 | ---- | M] (Fork Ltd.) [Auto | Running] -- C:\Program Files\Prey\platform\windows\cronsvc.exe -- (CronService)
SRV - [2011/02/09 23:06:58 | 000,457,200 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Roxio\BackOnTrack\App\SaibSVC.exe -- (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269)
SRV - [2010/07/14 11:53:42 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\srvany.exe -- (KMService)
SRV - [2010/04/30 04:23:41 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/01/21 22:21:12 | 030,963,576 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2009/09/05 21:46:54 | 003,452,928 | ---- | M] (Egis Technology Inc.) [Auto | Running] -- C:\Program Files\Acer Bio Protection\BASVC.exe -- (IGBASVC)
SRV - [2009/08/24 22:16:36 | 000,406,016 | ---- | M] (mst software GmbH, Germany) [On_Demand | Stopped] -- C:\Program Files\Ashampoo\Ashampoo WinOptimizer 2012\DfSdkS.exe -- (DfSdkS)
SRV - [2009/08/24 03:11:16 | 001,528,624 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2009/07/14 06:46:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/14 06:46:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 06:46:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 06:45:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/06/05 00:33:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2009/06/03 07:42:50 | 000,599,344 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\System32\vfsFPService.exe -- (vfsFPService)
SRV - [2008/03/21 17:52:52 | 000,024,576 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2007/12/11 16:45:04 | 000,012,800 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2007/05/25 09:38:20 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxdccoms.exe -- (lxdc_device)


========== Driver Services (SafeList) ==========

DRV - File not found [File_System | Auto | Stopped] -- C:\Program Files\IObit\Protected Folder\pffilter.sys -- (PfFilter)
DRV - File not found [Kernel | Boot | Unknown] -- system32\drivers\Partizan.sys -- (Partizan)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Program Files\LogMeIn\x86\RaInfo.sys -- (LMIInfo)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\JiaoCap.sys -- (JiaoCap)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleNT.sys -- (EagleNT)
DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\VANQUI~1\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012/11/03 14:52:57 | 000,027,976 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hitmanpro36.sys -- (hitmanpro36)
DRV - [2012/11/01 05:14:42 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012/10/24 20:07:47 | 000,622,616 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avc3.sys -- (avc3)
DRV - [2012/10/24 19:50:29 | 000,066,392 | ---- | M] (BitDefender SRL) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\bdsandbox.sys -- (BDSandBox)
DRV - [2012/10/24 19:49:59 | 000,481,464 | ---- | M] (BitDefender) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\avckf.sys -- (avckf)
DRV - [2012/10/24 19:49:05 | 000,134,136 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\BitDefender\Bitdefender 2013\bdselfpr.sys -- (bdselfpr)
DRV - [2012/10/18 11:19:38 | 000,051,144 | ---- | M] (Soluto LTD.) [File_System | Boot | Stopped] -- C:\Windows\System32\drivers\Soluto.sys -- (Soluto)
DRV - [2012/10/15 16:32:12 | 000,147,768 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2012/10/03 03:50:00 | 010,837,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012/08/29 18:24:08 | 000,161,312 | ---- | M] (BitDefender LLC) [File_System | Boot | Running] -- C:\Windows\System32\drivers\gzflt.sys -- (gzflt)
DRV - [2012/08/29 16:42:28 | 000,010,088 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2012/08/23 20:14:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012/08/23 20:10:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2012/07/06 15:13:12 | 000,077,192 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- c:\Program Files\Common Files\BitDefender\Bitdefender Firewall\bdfndisf6.sys -- (BdfNdisf)
DRV - [2012/07/03 20:55:17 | 000,149,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2012/07/02 22:08:46 | 000,609,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\timntr.sys -- (timounter)
DRV - [2012/07/02 22:08:28 | 000,084,512 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vsflt58.sys -- (vidsflt58)
DRV - [2012/07/02 22:08:18 | 000,076,768 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\fltsrv.sys -- (fltsrv)
DRV - [2012/07/02 15:21:35 | 000,343,456 | ---- | M] (BitDefender S.R.L.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\trufos.sys -- (trufos)
DRV - [2012/04/17 14:40:22 | 000,072,704 | ---- | M] (BitDefender) [Kernel | System | Running] -- C:\Windows\System32\drivers\bdvedisk.sys -- (BDVEDISK)
DRV - [2012/03/05 10:35:43 | 000,126,112 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vididr.sys -- (vididr)
DRV - [2012/02/22 16:04:36 | 000,022,400 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcaudrv.sys -- (mcaudrv_simple)
DRV - [2012/01/24 03:13:06 | 007,523,840 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETwNs32.sys -- (NETwNs32)
DRV - [2012/01/11 11:41:20 | 000,032,000 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcvidrv.sys -- (ManyCam)
DRV - [2011/12/07 23:52:16 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2011/11/25 19:29:40 | 000,240,184 | ---- | M] (BitDefender) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avchv.sys -- (avchv)
DRV - [2011/11/14 20:16:27 | 000,090,704 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Common Files\BitDefender\Bitdefender Firewall\bdfwfpf.sys -- (bdfwfpf)
DRV - [2011/09/21 15:55:34 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cpuz135_x32.sys -- (cpuz135)
DRV - [2011/09/16 19:40:50 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2011/08/19 07:16:06 | 000,026,112 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tapoas.sys -- (tapoas)
DRV - [2011/07/22 21:57:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/13 03:25:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/06/02 11:08:34 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2011/04/27 18:49:28 | 000,020,032 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dgderdrv.sys -- (dgderdrv)
DRV - [2011/03/22 11:10:56 | 000,023,656 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ITECIRfilter.sys -- (ITECIRfilter)
DRV - [2011/02/09 06:30:00 | 000,025,584 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\Windows\System32\drivers\SaibVd32.sys -- (SaibVd32)
DRV - [2011/02/09 06:30:00 | 000,021,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SahdIa32.sys -- (SahdIa32)
DRV - [2011/02/09 06:30:00 | 000,015,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SaibIa32.sys -- (SaibIa32)
DRV - [2011/01/03 14:08:36 | 000,136,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011/01/03 14:08:36 | 000,121,192 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus)
DRV - [2011/01/03 14:08:36 | 000,114,152 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadserd.sys -- (ssadserd)
DRV - [2011/01/03 14:08:36 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV - [2010/12/21 11:25:02 | 000,132,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2010/12/21 11:25:02 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus)
DRV - [2010/12/21 11:25:02 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadadb.sys -- (androidusb)
DRV - [2010/12/21 11:25:02 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2010/11/26 18:02:20 | 000,015,672 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2010/11/20 18:00:17 | 000,296,064 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm)
DRV - [2010/11/20 18:00:17 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)
DRV - [2010/11/20 18:00:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 18:00:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 18:00:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 16:20:38 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)
DRV - [2010/11/20 16:20:37 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV - [2010/11/20 15:29:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2010/11/20 14:44:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 14:44:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/11/09 10:36:02 | 007,265,792 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETwNv32.sys -- (NETwNv32)
DRV - [2010/11/01 06:08:46 | 000,014,416 | ---- | M] (OpenLibSys.org) [File_System | On_Demand | Stopped] -- C:\Program Files\IObit\Game Booster\Driver\WinRing0.sys -- (WinRing0_1_2_0)
DRV - [2010/07/13 14:26:36 | 000,065,640 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\itecir.sys -- (itecir)
DRV - [2010/07/09 18:48:56 | 000,020,328 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cpuz134_x32.sys -- (cpuz134)
DRV - [2010/05/24 01:17:08 | 000,081,904 | ---- | M] (Sonic Solutions) [File_System | Boot | Running] -- C:\Windows\System32\drivers\syscow32v.sys -- (SysCow)
DRV - [2010/03/29 11:15:36 | 000,055,848 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1E62x86.sys -- (L1E)
DRV - [2010/02/25 23:21:02 | 000,025,216 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2010/01/19 17:19:48 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2010/01/19 17:19:48 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2010/01/19 17:19:48 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2010/01/19 17:19:48 | 000,009,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2009/12/30 11:21:18 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/09/16 01:10:18 | 006,114,816 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32)
DRV - [2009/08/24 03:10:32 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2009/07/14 05:22:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/14 05:15:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009/07/14 03:32:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)
DRV - [2009/03/18 22:05:40 | 000,026,176 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2009/02/03 21:06:58 | 000,059,000 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfdrv01.sys -- (sfdrv01)
DRV - [2008/11/17 00:09:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2008/08/26 13:56:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/03/21 15:18:24 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2008/03/20 09:41:52 | 000,103,680 | ---- | M] (AMOI Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\S2usbser.sys -- (S2usbser)
DRV - [2008/02/29 20:43:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/01/25 14:42:34 | 000,025,088 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV - [2007/01/19 01:58:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/06/14 20:26:56 | 000,013,680 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02)
DRV - [2005/01/31 14:50:04 | 000,211,712 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV561AV.SYS -- (PID_0928)
DRV - [2005/01/31 14:42:46 | 000,022,016 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2004/03/24 07:42:34 | 000,017,280 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\nsndis5.sys -- (NSNDIS5)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Reg Error: Value error.
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Reg Error: Value error.
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://search.babylo...0000022fa0e5887
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1me10IE9ENUS/110
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.claro-sea...0000022fa0e5887
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.autoco...?si=7981&bi=400
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://search.autoco...?si=7981&bi=400
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.claro-sea...0000022fa0e5887
IE - HKCU\..\SearchScopes\{D6ABDD7C-AEE2-4EA4-92D6-B767ED049473}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://search.babylo...000022fa0e5887"
FF - prefs.js..extensions.enabledAddons: {64161300-e22b-11db-8314-0800200c9a66}:0.9.6.10
FF - prefs.js..extensions.enabledAddons: [email protected]:0.4
FF - prefs.js..extensions.enabledAddons: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.2.2
FF - prefs.js..extensions.enabledAddons: {4BBDD651-70CF-4821-84F8-2B918CF89CA3}:7.0.3.5
FF - prefs.js..extensions.enabledAddons: [email protected]:2.0.0
FF - prefs.js..extensions.enabledAddons: [email protected]:2.7.7
FF - prefs.js..extensions.enabledAddons: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.4.8.5
FF - prefs.js..extensions.enabledAddons: {210249CE-F888-11DD-B868-4CB456D89593}:3.2.2
FF - prefs.js..extensions.enabledAddons: [email protected]:2.8.3
FF - prefs.js..extensions.enabledAddons: [email protected]:2.2.1.611
FF - prefs.js..extensions.enabledAddons: {37fa1426-b82d-11db-8314-0800200c9a66}:3.0
FF - prefs.js..extensions.enabledAddons: [email protected]:2.1.0.3
FF - prefs.js..extensions.enabledAddons: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145
FF - prefs.js..network.proxy.type: 0

FF - user.js..browser.search.openintab: false

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.4: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files\Nitro PDF\Reader 2\npnitromozilla.dll ( )
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.609: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.5: File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Vanquisher\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: File not found
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Vanquisher\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Vanquisher\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Vanquisher\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Vanquisher\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/12/26 08:07:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/10/27 14:59:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/10/27 14:59:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\Bitdefender\Bitdefender 2013\bdtbext [2012/10/11 23:51:54 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension [2012/11/02 20:32:06 | 000,000,000 | ---D | M]

[2012/10/17 21:58:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vanquisher\AppData\Roaming\Mozilla\Extensions
[2012/10/29 13:23:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vanquisher\AppData\Roaming\Mozilla\Firefox\Profiles\7l6q5dm8.default-1351026847965\extensions
[2012/10/24 10:41:28 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Vanquisher\AppData\Roaming\Mozilla\Firefox\Profiles\7l6q5dm8.default-1351026847965\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2012/10/24 20:01:57 | 000,000,000 | ---D | M] (OpenDownload²) -- C:\Users\Vanquisher\AppData\Roaming\Mozilla\Firefox\Profiles\7l6q5dm8.default-1351026847965\extensions\{210249CE-F888-11DD-B868-4CB456D89593}
[2012/10/24 10:41:28 | 000,000,000 | ---D | M] (FEBE) -- C:\Users\Vanquisher\AppData\Roaming\Mozilla\Firefox\Profiles\7l6q5dm8.default-1351026847965\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2012/10/24 11:07:41 | 000,000,000 | ---D | M] (QuickFox Notes) -- C:\Users\Vanquisher\AppData\Roaming\Mozilla\Firefox\Profiles\7l6q5dm8.default-1351026847965\extensions\[email protected]
[2012/10/25 00:50:48 | 000,000,000 | ---D | M] (DoNotTrackPlus) -- C:\Users\Vanquisher\AppData\Roaming\Mozilla\Firefox\Profiles\7l6q5dm8.default-1351026847965\extensions\[email protected]
[2012/10/25 00:50:51 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\Vanquisher\AppData\Roaming\Mozilla\Firefox\Profiles\7l6q5dm8.default-1351026847965\extensions\[email protected]
[2012/10/24 10:53:42 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Vanquisher\AppData\Roaming\Mozilla\Firefox\Profiles\7l6q5dm8.default-1351026847965\extensions\[email protected]
[2012/11/02 20:37:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vanquisher\AppData\Roaming\Mozilla\Firefox\Profiles\jbpabe9m.default-1351026400281\extensions
[2012/10/24 10:41:23 | 000,109,964 | ---- | M] () (No name found) -- C:\Users\Vanquisher\AppData\Roaming\Mozilla\Firefox\Profiles\7l6q5dm8.default-1351026847965\extensions\[email protected]
[2012/10/28 14:14:16 | 000,060,290 | ---- | M] () (No name found) -- C:\Users\Vanquisher\AppData\Roaming\Mozilla\Firefox\Profiles\7l6q5dm8.default-1351026847965\extensions\[email protected]
[2012/10/24 12:50:51 | 000,340,272 | ---- | M] () (No name found) -- C:\Users\Vanquisher\AppData\Roaming\Mozilla\Firefox\Profiles\7l6q5dm8.default-1351026847965\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
[2012/10/27 18:30:39 | 000,194,530 | ---- | M] () (No name found) -- C:\Users\Vanquisher\AppData\Roaming\Mozilla\Firefox\Profiles\7l6q5dm8.default-1351026847965\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}.xpi
[2012/10/24 09:46:10 | 000,281,285 | ---- | M] () (No name found) -- C:\Users\Vanquisher\AppData\Roaming\Mozilla\Firefox\Profiles\7l6q5dm8.default-1351026847965\extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi
[2012/10/24 12:05:35 | 000,199,396 | ---- | M] () (No name found) -- C:\Users\Vanquisher\AppData\Roaming\Mozilla\Firefox\Profiles\7l6q5dm8.default-1351026847965\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
[2012/10/24 10:25:07 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Vanquisher\AppData\Roaming\Mozilla\Firefox\Profiles\7l6q5dm8.default-1351026847965\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/06/12 00:02:25 | 000,007,915 | ---- | M] () (No name found) -- C:\Users\Vanquisher\AppData\Roaming\Mozilla\Firefox\Profiles\7l6q5dm8.default-1351026847965\extensions\[email protected]\chrome\content\ff\view_expiry.js
[2012/11/02 20:33:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/11/02 20:33:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2011/12/26 08:07:42 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012/11/02 20:32:06 | 000,000,000 | ---D | M] (Browser Manager) -- C:\PROGRAMDATA\BROWSER MANAGER\2.3.796.11\{16CDFF19-861D-48E3-A751-D99A27784753}\FIREFOXEXTENSION
[2012/10/27 14:59:22 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/10/12 14:56:50 | 000,225,360 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\mozilla firefox\plugins\npatgpc.dll
[2011/07/12 03:18:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012/10/14 10:14:28 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/11/02 20:32:39 | 000,006,520 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012/10/14 10:14:28 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/10/14 10:14:28 | 000,000,935 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/10/14 10:14:28 | 000,001,166 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/10/14 10:14:28 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012/10/14 10:14:28 | 000,001,121 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Claro Search (Enabled)
CHR - default_search_provider: search_url = http://www.claro-sea...0000022fa0e5887
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Vanquisher\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Vanquisher\AppData\Local\Google\Chrome\Application\22.0.1229.94\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Vanquisher\AppData\Local\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\Vanquisher\AppData\Local\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: Skype Click to Call (Enabled) = C:\Users\Vanquisher\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.2.0.10687_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Vanquisher\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Vanquisher\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.10 (Enabled) = C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll
CHR - plugin: Java™ Platform SE 7 U7 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonEU\NGM\npNxGameeu.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Vanquisher\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw_1166636.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Vanquisher\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Webmail Ad Blocker = C:\Users\Vanquisher\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbhfdchmklhpcngcgjmpdbjakdggkkjp\3.1_0\
CHR - Extension: X-notifier (for Gmail\u2122,Hotmail,Yahoo,AOL...) = C:\Users\Vanquisher\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdfjbkbddpfnoplfhceolpopfoepleco\3.0.6_0\
CHR - Extension: Adblock Plus = C:\Users\Vanquisher\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.3_0\
CHR - Extension: Google Search = C:\Users\Vanquisher\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Flag for Chrome = C:\Users\Vanquisher\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbpojpfdiliekbbiplijcphappgcgjfn\0.4.1_0\
CHR - Extension: Do Not Track Plus = C:\Users\Vanquisher\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd\2.2.0.510_0\
CHR - Extension: AdBlock = C:\Users\Vanquisher\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.46_0\
CHR - Extension: LastPass = C:\Users\Vanquisher\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\2.0.14_0\
CHR - Extension: Speed Dial 2 = C:\Users\Vanquisher\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpfpebmajhhopeonhlcgidhclcccjcik\1.6.1.3_0\
CHR - Extension: Best Video Downloader = C:\Users\Vanquisher\AppData\Local\Google\Chrome\User Data\Default\Extensions\magllcifjcllaafcdplnajmobccbcdlo\2.5.0.0_0\
CHR - Extension: Quick Note = C:\Users\Vanquisher\AppData\Local\Google\Chrome\User Data\Default\Extensions\mijlebbfndhelmdpmllgcfadlkankhok\1.4.2_0\
CHR - Extension: Ghostery = C:\Users\Vanquisher\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\4.0.0_0\
CHR - Extension: Yontoo = C:\Users\Vanquisher\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.3_0\
CHR - Extension: Settings Protector = C:\Users\Vanquisher\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0_0\
CHR - Extension: Gmail = C:\Users\Vanquisher\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: YouTube = C:\Users\Vanquisher\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Webmail Ad Blocker = C:\Users\Vanquisher\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbhfdchmklhpcngcgjmpdbjakdggkkjp\3.1_0\
CHR - Extension: X-notifier (for Gmail\u2122,Hotmail,Yahoo,AOL...) = C:\Users\Vanquisher\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdfjbkbddpfnoplfhceolpopfoepleco\3.0.6_0\
CHR - Extension: Adblock Plus = C:\Users\Vanquisher\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.3_0\
CHR - Extension: Google Search = C:\Users\Vanquisher\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Flag for Chrome = C:\Users\Vanquisher\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbpojpfdiliekbbiplijcphappgcgjfn\0.4.1_0\
CHR - Extension: Do Not Track Plus = C:\Users\Vanquisher\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd\2.2.0.510_0\
CHR - Extension: AdBlock = C:\Users\Vanquisher\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.46_0\
CHR - Extension: LastPass = C:\Users\Vanquisher\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\2.0.14_0\
CHR - Extension: Speed Dial 2 = C:\Users\Vanquisher\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpfpebmajhhopeonhlcgidhclcccjcik\1.6.1.3_0\
CHR - Extension: Best Video Downloader = C:\Users\Vanquisher\AppData\Local\Google\Chrome\User Data\Default\Extensions\magllcifjcllaafcdplnajmobccbcdlo\2.5.0.0_0\
CHR - Extension: Quick Note = C:\Users\Vanquisher\AppData\Local\Google\Chrome\User Data\Default\Extensions\mijlebbfndhelmdpmllgcfadlkankhok\1.4.2_0\
CHR - Extension: Ghostery = C:\Users\Vanquisher\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\4.0.0_0\
CHR - Extension: Yontoo = C:\Users\Vanquisher\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.3_0\
CHR - Extension: Settings Protector = C:\Users\Vanquisher\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0_0\
CHR - Extension: Gmail = C:\Users\Vanquisher\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/10/22 21:13:07 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - No CLSID value found.
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Free Download Manager) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [Bdagent] C:\Program Files\BitDefender\Bitdefender 2013\bdagent.exe (Bitdefender)
O4 - HKLM..\Run: [eAudio] C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated)
O4 - HKLM..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKCU..\Run: [F.lux] C:\Users\Vanquisher\Local Settings\Apps\F.lux\flux.exe ()
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\Vanquisher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\clipx.lnk = C:\Program Files\ClipX\clipx.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 181
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarNoThumbnail = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - Reg Error: Key error. File not found
O9 - Extra Button: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)
O9 - Extra 'Tools' menuitem : Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4D562BFB-A1F7-441A-B359-4EA9D929F803}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4D562BFB-A1F7-441A-B359-4EA9D929F803}: NameServer = 4.2.2.2,4.2.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DE5A9892-8B4C-49D1-AD01-271DD9DFCEB7}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 03:12:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2012/10/19 22:07:26 | 000,000,000 | ---D | M] - D:\Autoruns -- [ NTFS ]
O32 - AutoRun File - [2012/10/19 22:05:58 | 000,540,921 | ---- | M] () - D:\Autoruns.zip -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (SmartDefragBootTime.exe)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/03 15:25:22 | 000,000,000 | ---D | C] -- C:\Users\Vanquisher\temp
[2012/11/03 10:43:04 | 000,000,000 | ---D | C] -- C:\Users\Vanquisher\Documents\Calibre Library
[2012/11/03 10:42:59 | 000,000,000 | ---D | C] -- C:\Users\Vanquisher\AppData\Roaming\calibre
[2012/11/03 10:42:38 | 000,000,000 | ---D | C] -- C:\Program Files\Calibre2
[2012/11/03 09:20:09 | 000,000,000 | ---D | C] -- C:\Users\Vanquisher\Desktop\Games
[2012/11/02 21:45:44 | 000,000,000 | ---D | C] -- C:\Users\Vanquisher\AppData\Local\Microsoft Help
[2012/11/02 20:32:09 | 000,000,000 | ---D | C] -- C:\Users\Vanquisher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager
[2012/11/02 20:32:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser Manager
[2012/11/02 20:30:35 | 000,000,000 | ---D | C] -- C:\Users\Vanquisher\AppData\Roaming\Babylon
[2012/11/02 20:30:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012/11/02 20:30:18 | 000,000,000 | ---D | C] -- C:\Program Files\Yontoo
[2012/11/02 01:59:14 | 000,000,000 | ---D | C] -- C:\Users\Vanquisher\AppData\Roaming\InstallShield
[2012/11/01 19:44:42 | 000,000,000 | ---D | C] -- C:\Users\Vanquisher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ashampoo
[2012/11/01 19:44:33 | 000,028,160 | ---- | C] (mst software GmbH, Germany) -- C:\Windows\System32\DfSdkBt.exe
[2012/11/01 19:44:26 | 000,000,000 | ---D | C] -- C:\Program Files\Ashampoo
[2012/11/01 19:41:09 | 000,000,000 | ---D | C] -- C:\Users\Vanquisher\AppData\Local\Programs
[2012/11/01 17:30:44 | 000,021,768 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Windows\System32\drivers\PROCEXP141.SYS
[2012/11/01 05:10:15 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012/11/01 02:43:12 | 000,000,000 | ---D | C] -- C:\Program Files\JMicron
[2012/11/01 02:40:52 | 000,000,000 | ---D | C] -- C:\Windows\System32\SDA
[2012/11/01 02:40:23 | 000,203,352 | ---- | C] (JMicron Technology Corporation) -- C:\Windows\System32\jmcricon.dll
[2012/11/01 02:40:23 | 000,147,768 | ---- | C] (JMicron Technology Corporation) -- C:\Windows\System32\drivers\jmcr.sys
[2012/11/01 01:27:22 | 000,061,440 | ---- | C] (PcWinTech.com) -- C:\Windows\System32\CleanMem.exe
[2012/11/01 01:27:20 | 000,000,000 | ---D | C] -- C:\Users\Vanquisher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CleanMem
[2012/11/01 01:27:16 | 000,000,000 | ---D | C] -- C:\Windows\CleanMem
[2012/11/01 01:27:16 | 000,000,000 | ---D | C] -- C:\Program Files\CleanMem
[2012/11/01 01:19:07 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/11/01 01:08:09 | 000,000,000 | ---D | C] -- C:\Users\Vanquisher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RAM Def
[2012/11/01 01:08:09 | 000,000,000 | ---D | C] -- C:\Program Files\RAM Def
[2012/10/30 20:33:05 | 000,000,000 | ---D | C] -- C:\Users\Vanquisher\Desktop\Tools
[2012/10/30 20:28:40 | 000,000,000 | ---D | C] -- C:\Program Files\Roadkil.Net
[2012/10/30 19:44:31 | 000,000,000 | ---D | C] -- C:\ProgramData\RegRun
[2012/10/30 13:34:36 | 000,000,000 | ---D | C] -- C:\bd_logs
[2012/10/30 12:45:05 | 000,000,000 | ---D | C] -- C:\Users\Vanquisher\AppData\Local\ElevatedDiagnostics
[2012/10/30 12:04:32 | 000,000,000 | ---D | C] -- C:\Users\Vanquisher\AppData\Local\ShamurShamur
[2012/10/29 16:49:57 | 000,000,000 | ---D | C] -- C:\Windows\Microsoft Antimalware
[2012/10/29 12:41:55 | 000,000,000 | ---D | C] -- C:\Users\Vanquisher\AppData\Roaming\enchant
[2012/10/28 23:20:49 | 000,000,000 | ---D | C] -- C:\Windows\en
[2012/10/28 23:18:04 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SkyDrive
[2012/10/28 23:18:02 | 000,000,000 | R--D | C] -- C:\Users\Vanquisher\SkyDrive
[2012/10/28 23:17:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft SkyDrive
[2012/10/27 18:10:51 | 000,000,000 | ---D | C] -- C:\Users\Vanquisher\AppData\Roaming\cspa
[2012/10/27 17:54:17 | 000,000,000 | ---D | C] -- C:\Users\Vanquisher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MagicDisc
[2012/10/27 17:53:48 | 000,116,736 | ---- | C] (MagicISO, Inc.) -- C:\Windows\System32\drivers\mcdbus.sys
[2012/10/27 17:53:47 | 000,000,000 | ---D | C] -- C:\Program Files\MagicDisc
[2012/10/27 14:58:50 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/10/26 15:58:08 | 000,062,312 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvshext.dll
[2012/10/26 15:58:06 | 002,557,288 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvsvcr.dll
[2012/10/26 15:58:05 | 003,965,288 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcpl.dll
[2012/10/26 15:58:05 | 002,853,224 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvsvc.dll
[2012/10/26 15:58:05 | 000,108,392 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvmctray.dll
[2012/10/26 15:56:26 | 000,052,584 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2012/10/26 15:56:07 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2012/10/26 15:53:28 | 000,884,072 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvhdagenco3220103.dll
[2012/10/26 15:53:28 | 000,149,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvhda32v.sys
[2012/10/26 15:53:28 | 000,067,432 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvapo32v.dll
[2012/10/26 15:53:28 | 000,028,008 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvhdap32.dll
[2012/10/26 15:53:24 | 012,501,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvwgf2um.dll
[2012/10/26 15:53:22 | 019,906,920 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll
[2012/10/26 15:53:22 | 010,837,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys
[2012/10/26 15:53:21 | 006,127,464 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvopencl.dll
[2012/10/26 15:53:21 | 000,888,168 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispgenco32.dll
[2012/10/26 15:53:18 | 001,009,512 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispco32.dll
[2012/10/26 15:53:16 | 015,309,160 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvd3dum.dll
[2012/10/26 15:53:16 | 002,574,696 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll
[2012/10/26 15:53:16 | 001,867,112 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll
[2012/10/26 15:53:15 | 007,697,768 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll
[2012/10/26 15:53:09 | 017,559,912 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll
[2012/10/26 15:53:09 | 002,428,776 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvapi.dll
[2012/10/26 15:40:20 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
[2012/10/26 15:40:18 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rdpvideominiport.sys
[2012/10/26 15:40:17 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
[2012/10/26 15:40:16 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RdpGroupPolicyExtension.dll
[2012/10/26 15:40:14 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\TsUsbFlt.sys
[2012/10/26 15:40:10 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll
[2012/10/26 15:40:10 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpudd.dll
[2012/10/26 15:40:10 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSWbPrxy.exe
[2012/10/26 15:40:10 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsRdpWebAccess.dll
[2012/10/26 15:40:10 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll
[2012/10/26 15:40:10 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbGDCoInstaller.dll
[2012/10/26 15:40:10 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wksprtPS.dll
[2012/10/26 15:40:09 | 000,317,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wksprt.exe
[2012/10/26 15:40:09 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpendp_winip.dll
[2012/10/26 15:40:06 | 002,739,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorets.dll
[2012/10/26 14:41:31 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2012/10/25 22:47:46 | 000,000,000 | ---D | C] -- C:\Users\Vanquisher\AppData\Roaming\SUPERAntiSpyware.com
[2012/10/25 22:47:27 | 000,000,000 | ---D | C] -- C:\Users\Vanquisher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/10/25 22:47:21 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/10/25 22:47:21 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/10/25 20:19:02 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012/10/24 23:46:15 | 000,000,000 | ---D | C] -- C:\Users\Vanquisher\AppData\Local\Paint.NET
[2012/10/24 21:42:50 | 000,000,000 | ---D | C] -- C:\Users\Vanquisher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
[2012/10/24 20:51:33 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2012/10/24 20:51:29 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012/10/24 20:15:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Soluto
[2012/10/24 20:07:47 | 000,622,616 | ---- | C] (BitDefender) -- C:\Windows\System32\drivers\avc3.sys
[2012/10/24 20:07:41 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Users\Vanquisher\Desktop\TFC.exe
[2012/10/24 19:58:47 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/10/24 15:36:29 | 000,000,000 | -HSD | C] -- C:\Boot
[2012/10/22 21:10:11 | 000,000,000 | ---D | C] -- C:\Users\Vanquisher\AppData\Local\temp
[2012/10/22 14:06:09 | 000,000,000 | R--D | C] -- C:\Users\Vanquisher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/10/22 14:05:30 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/10/22 10:20:15 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/10/22 10:20:15 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/10/22 10:20:15 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2012/10/22 10:04:13 | 000,082,696 | ---- | C] (Microsoft Corporation.) -- C:\Windows\System32\lmdimon8.dll
[2012/10/22 10:03:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Applications
[2012/10/20 12:13:28 | 000,000,000 | ---D | C] -- C:\Users\Vanquisher\Tracing
[2012/10/19 18:10:02 | 000,051,144 | ---- | C] (Soluto LTD.) -- C:\Windows\System32\drivers\Soluto.sys
[2012/10/19 17:08:01 | 000,000,000 | ---D | C] -- C:\Users\Vanquisher\AppData\Local\Apple
[2012/10/19 14:07:09 | 000,000,000 | ---D | C] -- C:\Users\Vanquisher\AppData\Roaming\Nitro PDF
[2012/10/19 14:06:27 | 000,027,152 | ---- | C] (Nitro PDF Software) -- C:\Windows\System32\nitrolocalmon2.dll
[2012/10/19 14:06:27 | 000,018,448 | ---- | C] (Nitro PDF Software) -- C:\Windows\System32\nitrolocalui2.dll
[2012/10/19 14:06:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Nitro PDF
[2012/10/19 14:06:14 | 000,000,000 | ---D | C] -- C:\Program Files\Nitro PDF
[2012/10/19 14:06:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nitro PDF
[2012/10/19 13:40:57 | 000,000,000 | ---D | C] -- C:\Users\Vanquisher\AppData\Roaming\OpenCandy
[2012/10/19 13:40:56 | 000,000,000 | ---D | C] -- C:\Program Files\IZArc
[2012/10/19 12:48:26 | 000,000,000 | ---D | C] -- C:\Program Files\Activision
[2012/10/18 00:10:16 | 000,000,000 | ---D | C] -- C:\Program Files\gs
[2012/10/17 22:01:02 | 000,000,000 | ---D | C] -- C:\Users\Vanquisher\AppData\Local\Macromedia
[2012/10/17 18:12:25 | 000,000,000 | ---D | C] -- C:\Users\Vanquisher\AppData\Local\daulat.raikar
[2012/10/16 11:35:18 | 000,000,000 | ---D | C] -- C:\Windows\M Y! Banner Killer
[2012/10/15 13:25:29 | 000,000,000 | ---D | C] -- C:\Users\Vanquisher\Documents\RegRun2
[2012/10/14 21:44:26 | 000,000,000 | ---D | C] -- C:\Users\Vanquisher\AppData\Roaming\Malwarebytes
[2012/10/14 21:44:11 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/10/14 21:44:11 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/10/14 10:59:58 | 000,000,000 | ---D | C] -- C:\Users\Vanquisher\AppData\Roaming\Thunderbird
[2012/10/14 10:59:58 | 000,000,000 | ---D | C] -- C:\Users\Vanquisher\AppData\Local\Thunderbird
[2012/10/12 14:56:50 | 000,000,000 | ---D | C] -- C:\ProgramData\WebEx
[2012/10/11 23:52:46 | 000,072,704 | ---- | C] (BitDefender) -- C:\Windows\System32\drivers\bdvedisk.sys
[2012/10/11 23:49:33 | 000,077,192 | ---- | C] (BitDefender LLC) -- C:\Windows\System32\drivers\BdfNdisf6.sys
[2012/10/11 23:49:30 | 000,066,392 | ---- | C] (BitDefender SRL) -- C:\Windows\System32\drivers\bdsandbox.sys
[2012/10/11 23:49:24 | 000,481,464 | ---- | C] (BitDefender) -- C:\Windows\System32\drivers\avckf.sys
[2012/10/11 22:00:39 | 000,000,000 | ---D | C] -- C:\Users\Vanquisher\AppData\Roaming\Bitdefender
[2012/10/11 21:30:39 | 000,161,312 | ---- | C] (BitDefender LLC) -- C:\Windows\System32\drivers\gzflt.sys
[2012/10/11 21:30:36 | 000,343,456 | ---- | C] (BitDefender S.R.L.) -- C:\Windows\System32\drivers\trufos.sys
[2012/10/10 17:33:49 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012/10/10 17:33:40 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2012/10/10 17:33:40 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2012/10/10 17:33:40 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2012/10/10 17:33:40 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2012/10/10 17:33:40 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/10/10 17:33:40 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2012/10/10 17:33:40 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2012/10/10 17:33:40 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2012/10/10 17:33:40 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/10/10 17:33:40 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/10/10 17:33:40 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2012/10/10 17:33:40 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/10 17:33:40 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2012/10/10 17:33:40 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2012/10/10 17:33:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2012/10/10 17:33:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/10/10 17:33:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2012/10/10 17:33:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2012/10/10 17:33:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2012/10/10 17:33:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2012/10/10 17:33:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/10/10 17:33:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2012/10/10 17:33:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2012/10/10 17:33:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2012/10/10 17:33:39 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2012/10/10 17:33:39 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2012/10/10 17:33:39 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2012/10/10 17:33:39 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2012/10/10 17:33:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2012/10/10 17:33:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2012/10/10 17:33:18 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/10/10 17:33:17 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/10/10 12:28:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Bitdefender
[2012/10/09 18:10:46 | 000,000,000 | ---D | C] -- C:\Users\Vanquisher\AppData\Roaming\liQeNSoft
[2012/10/09 18:10:46 | 000,000,000 | ---D | C] -- C:\Users\Vanquisher\AppData\Local\liQeNSoft
[2012/10/07 07:45:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Logs
[2012/10/07 07:45:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Licenses

========== Files - Modified Within 30 Days ==========

[2012/11/03 16:32:36 | 000,000,029 | ---- | M] () -- C:\Windows\System32\TempWmicBatchFile.bat
[2012/11/03 16:22:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/11/03 15:10:15 | 000,025,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/03 15:10:15 | 000,025,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/03 15:01:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/03 14:52:57 | 000,027,976 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro36.sys
[2012/11/03 14:47:00 | 000,000,520 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task a46e60f9-0999-4b9a-a64d-eccd56caa16f.job
[2012/11/03 12:02:10 | 000,001,242 | ---- | M] () -- C:\Windows\System32\.crusader
[2012/11/03 10:42:51 | 000,000,894 | ---- | M] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2012/11/03 02:00:00 | 000,000,520 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 44915f6c-598a-49a7-bc77-23d2d8aeeccb.job
[2012/11/02 23:21:21 | 000,034,880 | ---- | M] () -- C:\Users\Vanquisher\Desktop\zpro2.jpg
[2012/11/02 23:06:37 | 000,043,068 | ---- | M] () -- C:\Users\Vanquisher\Desktop\zpro.jpg
[2012/11/02 14:46:21 | 000,007,603 | ---- | M] () -- C:\Users\Vanquisher\AppData\Local\Resmon.ResmonCfg
[2012/11/02 13:07:28 | 000,670,082 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/11/02 13:07:28 | 000,127,716 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/11/01 19:44:43 | 000,002,192 | ---- | M] () -- C:\Users\Vanquisher\Desktop\One-Click-Optimizer (WO2012).lnk
[2012/11/01 19:44:43 | 000,001,178 | ---- | M] () -- C:\Users\Vanquisher\Desktop\Ashampoo WinOptimizer 2012.lnk
[2012/11/01 17:30:45 | 000,021,768 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Windows\System32\drivers\PROCEXP141.SYS
[2012/11/01 05:14:42 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012/11/01 01:27:50 | 000,000,022 | ---- | M] () -- C:\Windows\cmm.dat
[2012/11/01 01:08:10 | 000,001,790 | ---- | M] () -- C:\Users\Vanquisher\Desktop\RAM Def 26XT (silent).lnk
[2012/11/01 01:08:10 | 000,001,786 | ---- | M] () -- C:\Users\Vanquisher\Desktop\RAM Def 26XT (tray).lnk
[2012/11/01 01:08:10 | 000,001,774 | ---- | M] () -- C:\Users\Vanquisher\Desktop\RAM Def 26XT.lnk
[2012/10/30 19:44:15 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/10/30 19:44:15 | 000,001,688 | ---- | M] () -- C:\Windows\System32\autoexec.nt
[2012/10/30 19:44:15 | 000,000,002 | RHS- | M] () -- C:\Windows\winstart.bat
[2012/10/30 12:40:28 | 372,629,449 | ---- | M] () -- C:\Windows\System32\UKRPBRQ
[2012/10/30 10:41:10 | 002,664,400 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/10/28 23:18:00 | 000,002,141 | ---- | M] () -- C:\Users\Vanquisher\Desktop\Microsoft SkyDrive.lnk
[2012/10/28 20:21:52 | 000,000,565 | ---- | M] () -- C:\Windows\Spidey.ini
[2012/10/28 00:21:56 | 000,000,552 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012/10/27 20:23:40 | 000,001,238 | ---- | M] () -- C:\Users\Vanquisher\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
[2012/10/27 20:23:40 | 000,001,214 | ---- | M] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2012/10/25 22:47:28 | 000,001,929 | ---- | M] () -- C:\Users\Vanquisher\Desktop\SUPERAntiSpyware Professional.lnk
[2012/10/25 20:19:16 | 000,060,304 | ---- | M] () -- C:\Users\Vanquisher\g2mdlhlpx.exe
[2012/10/24 20:53:29 | 000,001,861 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2012/10/24 20:07:49 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Users\Vanquisher\Desktop\TFC.exe
[2012/10/24 20:07:47 | 000,622,616 | ---- | M] (BitDefender) -- C:\Windows\System32\drivers\avc3.sys
[2012/10/24 19:50:29 | 000,066,392 | ---- | M] (BitDefender SRL) -- C:\Windows\System32\drivers\bdsandbox.sys
[2012/10/24 19:49:59 | 000,481,464 | ---- | M] (BitDefender) -- C:\Windows\System32\drivers\avckf.sys
[2012/10/22 21:13:07 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/10/19 18:10:16 | 000,000,098 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2012/10/18 11:19:38 | 000,051,144 | ---- | M] (Soluto LTD.) -- C:\Windows\System32\drivers\Soluto.sys
[2012/10/18 00:28:23 | 000,001,053 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/15 16:32:12 | 000,147,768 | ---- | M] (JMicron Technology Corporation) -- C:\Windows\System32\drivers\jmcr.sys
[2012/10/13 14:36:03 | 000,047,685 | ---- | M] () -- C:\Users\Vanquisher\Desktop\fbemotions.jpg
[2012/10/11 23:55:47 | 000,253,404 | -H-- | M] () -- C:\bdr-ld01
[2012/10/11 23:55:47 | 000,009,216 | -H-- | M] () -- C:\bdr-ld01.mbr
[2012/10/11 23:55:47 | 000,000,308 | -H-- | M] () -- C:\bdr-cf01
[2012/10/10 08:34:33 | 000,040,181 | ---- | M] () -- C:\Program Files\message.wav
[2012/10/10 06:30:27 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/10/10 06:30:26 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

========== Files Created - No Company Name ==========

[2012/11/03 14:52:57 | 000,027,976 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro36.sys
[2012/11/03 10:42:51 | 000,000,894 | ---- | C] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2012/11/02 23:19:46 | 000,034,880 | ---- | C] () -- C:\Users\Vanquisher\Desktop\zpro2.jpg
[2012/11/02 23:06:36 | 000,043,068 | ---- | C] () -- C:\Users\Vanquisher\Desktop\zpro.jpg
[2012/11/02 01:59:41 | 000,020,480 | ---- | C] () -- C:\Windows\USB_VIDEO_REG.exe
[2012/11/01 19:44:43 | 000,002,192 | ---- | C] () -- C:\Users\Vanquisher\Desktop\One-Click-Optimizer (WO2012).lnk
[2012/11/01 19:44:43 | 000,001,178 | ---- | C] () -- C:\Users\Vanquisher\Desktop\Ashampoo WinOptimizer 2012.lnk
[2012/11/01 01:27:50 | 000,000,022 | ---- | C] () -- C:\Windows\cmm.dat
[2012/11/01 01:27:22 | 000,000,187 | ---- | C] () -- C:\Windows\System32\CleanMem.ini
[2012/11/01 01:08:10 | 000,001,790 | ---- | C] () -- C:\Users\Vanquisher\Desktop\RAM Def 26XT (silent).lnk
[2012/11/01 01:08:10 | 000,001,786 | ---- | C] () -- C:\Users\Vanquisher\Desktop\RAM Def 26XT (tray).lnk
[2012/11/01 01:08:10 | 000,001,774 | ---- | C] () -- C:\Users\Vanquisher\Desktop\RAM Def 26XT.lnk
[2012/10/30 12:27:06 | 372,629,449 | ---- | C] () -- C:\Windows\System32\UKRPBRQ
[2012/10/29 11:15:43 | 000,002,141 | ---- | C] () -- C:\Users\Vanquisher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
[2012/10/28 23:17:59 | 000,002,141 | ---- | C] () -- C:\Users\Vanquisher\Desktop\Microsoft SkyDrive.lnk
[2012/10/27 20:23:40 | 000,001,238 | ---- | C] () -- C:\Users\Vanquisher\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
[2012/10/26 15:53:17 | 000,012,865 | ---- | C] () -- C:\Windows\System32\nvinfo.pb
[2012/10/25 22:47:50 | 000,000,520 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task a46e60f9-0999-4b9a-a64d-eccd56caa16f.job
[2012/10/25 22:47:49 | 000,000,520 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 44915f6c-598a-49a7-bc77-23d2d8aeeccb.job
[2012/10/25 22:47:28 | 000,001,929 | ---- | C] () -- C:\Users\Vanquisher\Desktop\SUPERAntiSpyware Professional.lnk
[2012/10/25 20:19:14 | 000,060,304 | ---- | C] () -- C:\Users\Vanquisher\g2mdlhlpx.exe
[2012/10/25 20:08:25 | 000,001,242 | ---- | C] () -- C:\Windows\System32\.crusader
[2012/10/24 20:53:29 | 000,001,861 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2012/10/22 10:22:19 | 000,000,029 | ---- | C] () -- C:\Windows\System32\TempWmicBatchFile.bat
[2012/10/19 18:10:16 | 000,000,098 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2012/10/19 12:47:54 | 000,000,565 | ---- | C] () -- C:\Windows\Spidey.ini
[2012/10/18 00:28:23 | 000,001,053 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/15 13:25:32 | 000,000,002 | RHS- | C] () -- C:\Windows\winstart.bat
[2012/10/13 14:36:02 | 000,047,685 | ---- | C] () -- C:\Users\Vanquisher\Desktop\fbemotions.jpg
[2012/10/11 23:55:47 | 000,000,308 | -H-- | C] () -- C:\bdr-cf01
[2012/10/11 22:00:24 | 035,188,281 | -H-- | C] () -- C:\bdr-im01.gz
[2012/10/11 22:00:24 | 002,294,848 | -H-- | C] () -- C:\bdr-bz01
[2012/10/11 22:00:24 | 000,253,404 | -H-- | C] () -- C:\bdr-ld01
[2012/10/11 22:00:24 | 000,009,216 | -H-- | C] () -- C:\bdr-ld01.mbr
[2012/10/10 08:34:33 | 000,040,181 | ---- | C] () -- C:\Program Files\message.wav
[2012/10/09 18:24:04 | 002,664,400 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/10/01 02:29:35 | 000,001,536 | ---- | C] () -- C:\Windows\System32\bcevent.dll
[2012/09/22 13:18:33 | 000,002,248 | ---- | C] () -- C:\Windows\System32\ASOROSet.bin
[2012/09/09 23:50:53 | 000,045,056 | ---- | C] () -- C:\Windows\System32\UTSCSI.EXE
[2012/09/01 16:44:43 | 000,015,672 | ---- | C] () -- C:\Windows\System32\drivers\SmartDefragDriver.sys
[2012/08/19 03:55:24 | 000,001,463 | ---- | C] () -- C:\Users\Vanquisher\AppData\Local\recently-used.xbel
[2012/08/03 10:37:43 | 000,000,089 | ---- | C] () -- C:\Windows\ob1.INI
[2012/08/02 17:52:29 | 000,112,640 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2012/08/02 17:18:11 | 000,645,632 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2012/08/02 17:18:10 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2012/07/27 05:39:26 | 000,293,889 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2012/07/26 14:50:41 | 000,110,602 | ---- | C] () -- C:\Windows\System32\xcdsfx32.bin
[2012/02/17 10:22:31 | 000,000,533 | ---- | C] () -- C:\Windows\eReg.dat
[2012/01/27 16:51:00 | 000,011,200 | ---- | C] () -- C:\Users\Vanquisher\aufnahme.raw
[2012/01/27 16:46:17 | 000,000,017 | ---- | C] () -- C:\Users\Vanquisher\.javafx_ping_sent
[2012/01/27 16:46:15 | 000,000,000 | ---- | C] () -- C:\Users\Vanquisher\.javafx_eula_accepted
[2012/01/14 18:23:20 | 000,000,039 | ---- | C] () -- C:\Windows\KeplerAstrology.INI
[2012/01/05 03:41:58 | 000,234,768 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2011/08/01 07:03:39 | 000,000,510 | ---- | C] () -- C:\Windows\wininit.ini
[2011/07/19 14:01:31 | 000,009,728 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2011/07/15 06:08:38 | 000,081,920 | ---- | C] () -- C:\Windows\System32\v3shrtkgn.dll
[2011/07/14 08:10:55 | 000,000,062 | ---- | C] () -- C:\Windows\MyProg.ini
[2011/06/29 14:10:32 | 000,074,703 | ---- | C] () -- C:\Windows\System32\mfc45.dll
[2011/06/07 09:55:25 | 000,578,611 | ---- | C] () -- C:\Windows\System32\adb.exe
[2011/06/04 07:58:58 | 000,040,123 | ---- | C] () -- C:\Program Files\New_Message.mp3
[2011/06/04 04:01:15 | 000,167,276 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011/06/01 16:31:52 | 000,000,121 | ---- | C] () -- C:\Windows\bdagent.INI
[2011/06/01 07:21:28 | 000,917,874 | ---- | C] () -- C:\ProgramData\bdinstall.bin
[2011/06/01 01:42:41 | 000,000,022 | ---- | C] () -- C:\Windows\clofghls.dll
[2011/05/31 05:22:08 | 000,000,020 | ---- | C] () -- C:\Windows\mafosav.INI
[2011/05/16 12:11:13 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2011/04/27 18:49:32 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011/04/27 18:49:30 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011/04/27 18:49:30 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011/04/27 18:49:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011/04/27 18:49:30 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2011/04/25 18:02:47 | 000,000,038 | ---- | C] () -- C:\Windows\System32\defragboot.ini
[2011/04/25 17:15:16 | 000,000,201 | ---- | C] () -- C:\Windows\w32demo8.ini
[2011/04/16 15:25:57 | 000,000,056 | ---- | C] () -- C:\Windows\System32\ezsidmv.dat
[2011/04/15 08:35:37 | 000,333,288 | ---- | C] () -- C:\Windows\System32\sqlite3.dll
[2011/04/05 09:44:49 | 000,007,603 | ---- | C] () -- C:\Users\Vanquisher\AppData\Local\Resmon.ResmonCfg
[2011/03/28 21:43:58 | 003,220,992 | ---- | C] () -- C:\Windows\System32\x264vfw.dll
[2011/03/06 05:55:48 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/03/05 17:17:16 | 000,122,368 | ---- | C] ( ) -- C:\Windows\System32\lagarith.dll
[2011/01/10 09:13:15 | 000,000,001 | ---- | C] () -- C:\Windows\pvc11.dll
[2011/01/10 08:51:16 | 000,000,065 | ---- | C] () -- C:\Windows\videotoaudio.ini
[2011/01/10 08:48:54 | 000,000,005 | ---- | C] () -- C:\Windows\System32\SySVid.dat
[2011/01/10 08:47:48 | 000,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2010/07/15 13:09:12 | 000,129,024 | ---- | C] () -- C:\Users\Vanquisher\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/21 02:58:38 | 000,138,056 | ---- | C] () -- C:\Users\Vanquisher\AppData\Roaming\PnkBstrK.sys
[2010/02/15 09:13:50 | 000,000,440 | RHS- | C] () -- C:\Users\Vanquisher\ntuser.pol
[2010/02/10 00:25:51 | 000,000,025 | ---- | C] () -- C:\Users\Vanquisher\AppData\Roaming\bdfvconp.ini
[2010/02/05 00:23:13 | 000,000,005 | ---- | C] () -- C:\Users\Vanquisher\AppData\Roaming\closedListSW.awt
[2010/02/01 03:04:05 | 000,011,111 | ---- | C] () -- C:\Users\Vanquisher\AppData\Roaming\closedList.awt
[2010/02/01 03:04:05 | 000,000,005 | ---- | C] () -- C:\Users\Vanquisher\AppData\Roaming\openList.awt
[2010/01/08 07:50:47 | 000,000,552 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/11/11 01:00:46 | 000,002,955 | ---- | C] () -- C:\Users\Vanquisher\AppData\Roaming\SAS7_000.DAT

========== ZeroAccess Check ==========

[2009/07/14 10:12:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 10:11:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 17:49:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 06:46:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
  • 0

Advertisements


#2
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
  • 0

#3
Techminator

Techminator

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Report from Security Check:

Results of screen317's Security Check version 0.99.54
Windows 7 Service Pack 1 x86 (UAC is disabled!)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
Bitdefender Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
SpywareBlaster 4.6
SUPERAntiSpyware
Malwarebytes Anti-Malware version 1.65.1.1000
TuneUp Utilities 2013
TuneUp Utilities Language Pack (en-GB)
TuneUp Utilities Language Pack (en-US)
TuneUp Utilities 2013
CCleaner
JavaFX 2.1.1
JavaFX 2.0.3 SDK
Java 7 Update 9
Java™ SE Development Kit 7 Update 3
Adobe Flash Player 11.4.402.287
Mozilla Firefox (16.0.2)
Google Chrome 20.0.1132.57
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.94
````````Process Check: objlist.exe by Laurent````````
Bitdefender Bitdefender 2013 vsserv.exe
Bitdefender Bitdefender 2013 updatesrv.exe
Bitdefender Bitdefender SafeBox safeboxservice.exe
BitDefender Bitdefender 2013 bdagent.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
  • 0

#4
Techminator

Techminator

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Report of Adw Cleaner:

# AdwCleaner v2.006 - Logfile created 11/06/2012 at 14:16:44
# Updated 30/10/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (32 bits)
# User : Vanquisher - VANQUISHER-PC
# Boot Mode : Normal
# Running from : D:\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
Folder Deleted : C:\Program Files\Common Files\Software Update Utility
Folder Deleted : C:\Program Files\Mozilla Firefox\Extensions\[email protected]
Folder Deleted : C:\Program Files\Yontoo
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\bhigkz4y.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}
Folder Deleted : C:\Users\Vanquisher\AppData\Local\APN
Folder Deleted : C:\Users\Vanquisher\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc
Folder Deleted : C:\Users\Vanquisher\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Folder Deleted : C:\Users\Vanquisher\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\Vanquisher\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Vanquisher\AppData\Roaming\OpenCandy
Folder Deleted : C:\Windows\Installer\{0965F857-DAAD-4F93-8054-0E2EC3C8C5B0}
Folder Deleted : C:\Windows\Installer\{FB697452-8CA4-46B4-98B1-165C922A2EF3}

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software
Key Deleted : HKCU\Software\AutocompleteProBHO
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{442F13BC-2031-42D5-9520-437F65271153}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\AutocompletePro.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\defdhglnppeioeflggkmglipcecffkhk
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\Software\Tarma Installer
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://search.autocompletepro.com/?si=7981&bi=400 --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - Search Page] = hxxp://search.autocompletepro.com/?si=7981&bi=400 --> hxxp://www.google.com

-\\ Mozilla Firefox v16.0.2 (en-GB)

Profile name : default-1351026847965 [Profil par défaut]
File : C:\Users\Vanquisher\AppData\Roaming\Mozilla\Firefox\Profiles\7l6q5dm8.default-1351026847965\prefs.js

C:\Users\Vanquisher\AppData\Roaming\Mozilla\Firefox\Profiles\7l6q5dm8.default-1351026847965\user.js ... Deleted !

Deleted : user_pref("browser.startup.homepage", "hxxp://search.babylon.com/?affID=115917&tt=4412_3&babsrc=HP_s[...]
Deleted : user_pref("extensions.xnotifier.accounts.[hotmail#[email protected]].inboxOnly", true);
Deleted : user_pref("extensions.xnotifier.accounts.[yahoo#[email protected]].inboxOnly", true);
Deleted : user_pref("extensions.xnotifier.accounts.[yahoo#[email protected]].inboxOnly", true);

Profile name : default
File : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\bhigkz4y.default\prefs.js

C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\bhigkz4y.default\user.js ... Deleted !

Deleted : user_pref("keyword.URL", "hxxp://www.bigseekpro.com/search/toolbar/bigseekpro/{946D2CD6-1A7D-39C3-82[...]
Deleted : user_pref("somoto.dnscatch", "hxxp://www.bigseekpro.com/search/toolbar/bigseekpro/{946D2CD6-1A7D-39C[...]
Deleted : user_pref("somoto.homepage", "hxxp://www.bigseekpro.com/bigseekpro/{946D2CD6-1A7D-39C3-8275-AD85D586[...]

-\\ Google Chrome v22.0.1229.94

File : C:\Users\Vanquisher\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.14] : urls_to_restore_on_startup = [ "hxxp://search.babylon.com/?affID=115917&tt=4412_3&babsrc=HP_ss&mntrId=149ab71f0000000000000022fa0e5887" ]
Deleted [l.2535] : urls_to_restore_on_startup = [ "hxxp://search.babylon.com/?affID=115917&tt=4412_3&babsrc=HP_ss&mntrId=149ab71f0000000000000022fa0e5887" ]

-\\ Opera v12.2.1578.0

File : C:\Users\Vanquisher\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [7270 octets] - [06/11/2012 14:14:56]
AdwCleaner[S2].txt - [7489 octets] - [06/11/2012 14:16:44]

########## EOF - C:\AdwCleaner[S2].txt - [7549 octets] ##########
  • 0

#5
Techminator

Techminator

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Report from Rogue Killer:

RogueKiller V8.2.2 [11/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Website: http://tigzy.geeksto...roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Vanquisher [Admin rights]
Mode : Remove -- Date : 11/06/2012 14:40:48

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 18 ¤¤¤
[TASK][SUSP PATH] {2A5E140A-F279-4EAB-8BE8-31762783C128} : C:\Windows\System32\pcalua.exe -a C:\Users\Vanquisher\Desktop\Clipomatic.EXE -d C:\Users\Vanquisher\Desktop -> DELETED
[TASK][SUSP PATH] {55B05126-67E1-4CAB-A77F-22A86E1B0D00} : C:\Windows\System32\pcalua.exe -a "C:\Users\Vanquisher\AppData\Local\Temp\Temp2_eRecovery_Acer_3.0.3014_Vistax64Vistax86_A.zip\eRecovery_Acer_v3.0.3014_Vista(SP1)\Acer eRecovery Management_v3.0.3014.exe" -> DELETED
[TASK][SUSP PATH] {8D9DAF1E-D904-4345-8052-99C89330F7FE} : C:\Windows\System32\pcalua.exe -a C:\Users\VANQUI~1\AppData\Local\Temp\mozOpenDownload\Brothersoftdownloader_for_Free_PDF_Editor.exe -d "C:\Program Files\Mozilla Firefox" -> DELETED
[TASK][SUSP PATH] {AA38BB19-04B0-4F23-8229-ACEDADE76DE6} : C:\Windows\System32\pcalua.exe -a C:\Users\Vanquisher\AppData\Local\Temp\Temp1_Audio_Realtek_v6.0.1.5618_Vistax86x64_XPx86x64.zip\Audio_Realtek_v6.0.1.5618_Vistax86x64_XPx86x64\Setup.exe -> DELETED
[TASK][SUSP PATH] {BFF77BE7-0638-4049-837D-FA6D1C85CFFF} : C:\Windows\System32\pcalua.exe -a C:\Users\Vanquisher\AppData\Local\Temp\Temp1_Audio_Realtek_v6.0.1.5618_Vistax86x64_XPx86x64.zip\Audio_Realtek_v6.0.1.5618_Vistax86x64_XPx86x64\5618_WHQL_Vista_XP_Acer\Setup.exe -> DELETED
[TASK][SUSP PATH] {FC258E0D-35F1-4565-8A27-ED6BECE97A7D} : C:\Windows\System32\pcalua.exe -a C:\Users\VANQUI~1\AppData\Local\Temp\mozOpenDownload\pdfedit.exe -d "C:\Program Files\Mozilla Firefox" -> DELETED
[STARTUP][SUSP PATH] Uninstall LastPass RunOnce.lnk @Administrator : C:\Users\Administrator\AppData\Roaming\lpuninstall.exe -> DELETED
[STARTUP][SUSP PATH] Uninstall LastPass RunOnce.lnk @Guest : C:\Users\Guest\AppData\Roaming\lpuninstall.exe -> DELETED
[DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{69C13BF0-A68B-466A-AB66-BCF25386B92C} : NameServer (4.2.2.3 121.242.190.180) -> NOT REMOVED, USE DNSFIX
[IFEO] HKLM\[...]\taskmgr.exe : Debugger ("C:\Program Files\Process Hacker 2\ProcessHacker.exe") -> DELETED
[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> DELETED
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ] HKCU\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS543225L9A300 +++++
--- User ---
[MBR] 92dd81c7440e83e8ebfb914d39016db7
[BSP] 93668b7457000a136a904bd2f3e8632a : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 20973568 | Size: 114116 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 254683136 | Size: 110489 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_11062012_02d1440.txt >>
RKreport[1]_S_11062012_02d1439.txt ; RKreport[2]_D_11062012_02d1440.txt
  • 0

#6
Techminator

Techminator

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
I have pasted all the logs from the three applications in the correct order as you said. A follow up question I wanted to ask:

Rogue Killer enabled UAC which I had previously disabled since it keeps popping up for every thing i do. I was wondering if it is safe to disable UAC or not. I have read many conflicting views online and one person also said that enabling UAC prevents rootkits from intstalling themselves on the computer. I wonder how far this is true.

Please let me know.
  • 0

#7
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello Techminator

As a security view it is best ti keep it on. It will give you a warning of any changes so you can decide if you want it to happen. That is why some of our tools will reset it.

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
  • 0

#8
Techminator

Techminator

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
I ran Combofix and it took over 9 hours and it was showing stage 3 completed. The cursor was blinking so I don't think it had stalled. Just when I had started the scan, it displayed the message that scans can take over 10 mins but on highly infected systesm the time could be easily doubled. But 9+ hours is just ridiculous!!! So I closed the scan and restarted the computer

Also, I am not sure where the log file is saved or even if it is created. I saw on the desktop but its not there.
  • 0

#9
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello Techminator

Don't let it run more than an hour there are 50 stages so if you see that it is almost done then leave it

Ok lets try this, I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

after combofix has finished its scan please post the report back here.

Gringo
  • 0

#10
Techminator

Techminator

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Where is the report generated?
  • 0

Advertisements


#11
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello Techminator


It is located here - C:\ComboFix.txt but we can find it like this


extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\ComboFix.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
  • 0

#12
Techminator

Techminator

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Here is the report:

ComboFix 12-11-06.03 - Vanquisher 09/11/2012 9:18.8.2 - x86 MINIMAL
Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.3069.2514 [GMT 5.5:30]
Running from: c:\users\Vanquisher\Desktop\ComboFix.exe
AV: Bitdefender Antivirus *Enabled/Updated* {98CD50CE-5097-4098-9669-6C401FB3969C}
FW: Bitdefender Firewall *Enabled* {A0F6D1EB-1AF8-41C0-BD36-C575E160D1E7}
SP: Bitdefender Antispyware *Enabled/Updated* {23ACB12A-76AD-4F16-ACD9-57326434DC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Vanquisher\g2mdlhlpx.exe
c:\windows\security\Database\tmp.edb
.
.
((((((((((((((((((((((((( Files Created from 2012-10-09 to 2012-11-09 )))))))))))))))))))))))))))))))
.
.
2012-11-09 04:00 . 2012-11-09 04:00 -------- d-----w- c:\users\Vanquisher\AppData\Local\temp
2012-11-09 04:00 . 2012-11-09 04:00 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-11-09 04:00 . 2012-11-09 04:00 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-11-08 13:12 . 2012-11-08 13:12 -------- d-----w- c:\program files\Mozilla Thunderbird
2012-11-07 19:25 . 2012-11-07 19:25 -------- d-----w- c:\program files\VirusTotalUploader2
2012-11-07 18:59 . 2012-11-07 20:17 -------- d-----w- c:\users\Vanquisher\AppData\Local\toolbarcleaner
2012-11-07 18:59 . 2012-11-07 18:59 -------- d-----w- c:\programdata\Anti-phishing Domain Advisor
2012-11-07 13:33 . 2012-11-07 13:46 -------- d-----w- c:\programdata\WRData
2012-11-06 09:06 . 2012-11-06 09:06 14336 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2012-11-04 09:58 . 2012-11-04 09:58 -------- d-----w- c:\users\Vanquisher\AppData\Roaming\Process Hacker 2
2012-11-04 09:51 . 2012-11-04 09:51 -------- d-----w- c:\program files\Process Hacker 2
2012-11-04 07:04 . 2012-11-04 07:05 -------- d-----w- c:\users\Vanquisher\AppData\Roaming\Kingsoft
2012-11-04 07:04 . 2012-11-04 07:04 -------- d-----w- c:\programdata\Kingsoft
2012-11-04 07:04 . 2012-11-04 07:04 -------- d-----w- c:\program files\Kingsoft
2012-11-03 14:05 . 2012-11-07 19:02 -------- d-----w- c:\program files\SpywareBlaster
2012-11-03 11:09 . 2012-11-03 11:09 -------- d-----w- c:\program files\NirSoft
2012-11-03 09:55 . 2012-11-03 09:55 -------- d-----w- c:\users\Vanquisher\temp
2012-11-03 05:12 . 2012-11-03 05:13 -------- d-----w- c:\users\Vanquisher\AppData\Roaming\calibre
2012-11-03 05:12 . 2012-11-03 05:12 -------- d-----w- c:\program files\Calibre2
2012-11-02 16:15 . 2012-11-02 16:15 -------- d-----w- c:\users\Vanquisher\AppData\Local\Microsoft Help
2012-11-01 20:29 . 2008-06-25 08:52 20480 ----a-w- c:\windows\USB_VIDEO_REG.exe
2012-11-01 20:29 . 2012-11-01 20:29 -------- d-----w- c:\users\Vanquisher\AppData\Roaming\InstallShield
2012-11-01 14:14 . 2009-08-24 16:38 28160 ----a-w- c:\windows\system32\DfSdkBt.exe
2012-11-01 14:14 . 2012-11-01 14:14 -------- d-----w- c:\program files\Ashampoo
2012-11-01 14:11 . 2012-11-01 14:11 -------- d-----w- c:\users\Vanquisher\AppData\Local\Programs
2012-11-01 12:00 . 2012-11-01 12:00 21768 ----a-w- c:\windows\system32\drivers\PROCEXP141.SYS
2012-10-31 21:13 . 2012-10-31 21:13 -------- d-----w- c:\program files\JMicron
2012-10-31 21:10 . 2012-10-31 21:10 -------- d-----w- c:\windows\system32\SDA
2012-10-31 21:10 . 2012-10-15 11:02 147768 ----a-w- c:\windows\system32\drivers\jmcr.sys
2012-10-31 21:10 . 2010-07-27 04:38 203352 ----a-w- c:\windows\system32\jmcricon.dll
2012-10-31 19:57 . 2012-09-20 22:27 61440 ----a-w- c:\windows\system32\CleanMem.exe
2012-10-31 19:57 . 2012-10-31 19:57 -------- d-----w- c:\program files\CleanMem
2012-10-31 19:57 . 2012-10-31 19:57 -------- d-----w- c:\windows\CleanMem
2012-10-31 19:38 . 2012-10-31 19:38 -------- d-----w- c:\program files\RAM Def
2012-10-30 14:58 . 2012-10-30 14:58 -------- d-----w- c:\program files\Roadkil.Net
2012-10-30 14:14 . 2012-10-30 19:26 -------- d-----w- c:\programdata\RegRun
2012-10-30 08:04 . 2012-10-30 10:29 -------- d-----w- C:\bd_logs
2012-10-30 07:15 . 2012-10-30 07:15 -------- d-----w- c:\users\Vanquisher\AppData\Local\ElevatedDiagnostics
2012-10-30 06:34 . 2012-10-30 06:34 -------- d-----w- c:\users\Vanquisher\AppData\Local\ShamurShamur
2012-10-29 11:19 . 2012-10-29 11:19 -------- d-----w- c:\windows\Microsoft Antimalware
2012-10-29 07:11 . 2012-10-29 07:11 -------- d-----w- c:\users\Vanquisher\AppData\Roaming\enchant
2012-10-28 17:50 . 2012-10-28 17:50 -------- d-----w- c:\windows\en
2012-10-28 17:48 . 2012-10-29 05:45 -------- d-----w- c:\program files\Microsoft SkyDrive
2012-10-28 17:48 . 2012-10-28 17:47 5659096 ----a-w- c:\program files\Common Files\Windows Live\.cache\43a243d31cdb53401\skydrivesetup.exe
2012-10-28 17:48 . 2012-10-29 12:51 -------- d-----r- c:\users\Vanquisher\SkyDrive
2012-10-28 17:47 . 2012-10-28 17:47 -------- d-----w- c:\programdata\Microsoft SkyDrive
2012-10-27 12:40 . 2012-10-27 13:50 -------- d-----w- c:\users\Vanquisher\AppData\Roaming\cspa
2012-10-27 12:23 . 2009-02-24 13:12 116736 ----a-w- c:\windows\system32\drivers\mcdbus.sys
2012-10-27 12:23 . 2012-10-27 12:24 -------- d-----w- c:\program files\MagicDisc
2012-10-26 10:29 . 2012-11-07 10:53 -------- d-----w- c:\users\UpdatusUser
2012-10-26 10:28 . 2012-10-02 19:29 645992 ----a-w- c:\windows\system32\nvvsvc.exe
2012-10-26 10:28 . 2012-10-02 19:29 62312 ----a-w- c:\windows\system32\nvshext.dll
2012-10-26 10:28 . 2012-10-02 19:29 2557288 ----a-w- c:\windows\system32\nvsvcr.dll
2012-10-26 10:28 . 2012-10-02 19:29 108392 ----a-w- c:\windows\system32\nvmctray.dll
2012-10-26 10:28 . 2012-10-02 19:29 2853224 ----a-w- c:\windows\system32\nvsvc.dll
2012-10-26 10:28 . 2012-10-02 19:28 3965288 ----a-w- c:\windows\system32\nvcpl.dll
2012-10-26 10:26 . 2012-10-02 22:20 52584 ----a-w- c:\windows\system32\OpenCL.dll
2012-10-26 10:26 . 2012-10-26 10:26 -------- d-----w- c:\programdata\NVIDIA Corporation
2012-10-26 10:10 . 2012-08-23 14:10 12288 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2012-10-26 09:11 . 2012-08-24 16:57 247808 ----a-w- c:\windows\system32\schannel.dll
2012-10-26 09:11 . 2012-08-24 17:05 136560 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-10-26 09:11 . 2012-08-24 17:02 369856 ----a-w- c:\windows\system32\drivers\cng.sys
2012-10-26 09:11 . 2012-08-24 16:57 220160 ----a-w- c:\windows\system32\ncrypt.dll
2012-10-26 09:11 . 2012-08-24 16:56 1039360 ----a-w- c:\windows\system32\lsasrv.dll
2012-10-25 17:17 . 2012-10-25 17:17 -------- d-----w- c:\users\Vanquisher\AppData\Roaming\SUPERAntiSpyware.com
2012-10-25 17:17 . 2012-11-06 06:26 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-10-25 17:17 . 2012-10-25 17:17 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-10-25 14:49 . 2012-10-25 14:49 -------- d-----w- c:\windows\Sun
2012-10-24 18:16 . 2012-10-24 18:16 -------- d-----w- c:\users\Vanquisher\AppData\Local\Paint.NET
2012-10-24 15:21 . 2012-10-24 15:23 -------- d-----w- c:\program files\HitmanPro
2012-10-24 15:21 . 2012-10-25 14:38 -------- d-----w- c:\programdata\HitmanPro
2012-10-24 14:45 . 2012-10-24 14:45 -------- d-----w- c:\programdata\Soluto
2012-10-24 14:37 . 2012-10-24 14:37 622616 ----a-w- c:\windows\system32\drivers\avc3.sys
2012-10-24 14:28 . 2012-10-24 14:28 -------- d-----w- c:\program files\ESET
2012-10-24 10:06 . 2012-10-24 10:06 -------- d-----w- C:\Boot
2012-10-22 04:52 . 2012-11-09 03:30 29 ----a-w- c:\windows\system32\TempWmicBatchFile.bat
2012-10-22 04:50 . 2012-09-24 17:46 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-10-22 04:34 . 2011-05-12 12:02 82696 ----a-w- c:\windows\system32\lmdimon8.dll
2012-10-22 04:34 . 2011-05-12 12:02 82184 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\lmdippr8.dll
2012-10-22 04:33 . 2012-10-22 04:33 -------- d-----w- c:\programdata\Applications
2012-10-20 06:43 . 2012-10-20 06:43 -------- d-----w- c:\users\Vanquisher\Tracing
2012-10-19 20:45 . 2012-10-19 20:45 89944 ----a-w- c:\program files\Common Files\Windows Live\.cache\ab98b88a1cdae3a03\DSETUP.dll
2012-10-19 20:45 . 2012-10-19 20:45 537432 ----a-w- c:\program files\Common Files\Windows Live\.cache\ab98b88a1cdae3a03\DXSETUP.exe
2012-10-19 20:45 . 2012-10-19 20:45 1801048 ----a-w- c:\program files\Common Files\Windows Live\.cache\ab98b88a1cdae3a03\dsetup32.dll
2012-10-19 20:45 . 2012-10-19 20:45 89944 ----a-w- c:\program files\Common Files\Windows Live\.cache\a7cdf2f61cdae3a02\DSETUP.dll
2012-10-19 20:45 . 2012-10-19 20:45 537432 ----a-w- c:\program files\Common Files\Windows Live\.cache\a7cdf2f61cdae3a02\DXSETUP.exe
2012-10-19 20:45 . 2012-10-19 20:45 1801048 ----a-w- c:\program files\Common Files\Windows Live\.cache\a7cdf2f61cdae3a02\dsetup32.dll
2012-10-19 20:45 . 2012-10-19 20:45 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\a369ab2c1cdae3a01\DSETUP.dll
2012-10-19 20:45 . 2012-10-19 20:45 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\a369ab2c1cdae3a01\DXSETUP.exe
2012-10-19 20:45 . 2012-10-19 20:45 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\a369ab2c1cdae3a01\dsetup32.dll
2012-10-19 12:40 . 2012-10-18 05:49 51144 ----a-w- c:\windows\system32\drivers\Soluto.sys
2012-10-19 11:38 . 2012-10-19 11:38 -------- d-----w- c:\users\Vanquisher\AppData\Local\Apple
2012-10-19 08:37 . 2012-11-03 04:23 -------- d-----w- c:\users\Vanquisher\AppData\Roaming\Nitro PDF
2012-10-19 08:36 . 2012-09-12 20:14 27152 ----a-w- c:\windows\system32\nitrolocalmon2.dll
2012-10-19 08:36 . 2012-09-12 20:14 18448 ----a-w- c:\windows\system32\nitrolocalui2.dll
2012-10-19 08:36 . 2012-10-19 08:36 -------- d-----w- c:\programdata\Nitro PDF
2012-10-19 08:36 . 2012-10-19 08:36 -------- d-----w- c:\program files\Nitro PDF
2012-10-19 08:36 . 2012-10-19 08:36 -------- d-----w- c:\program files\Common Files\Nitro PDF
2012-10-19 08:10 . 2012-10-19 09:09 -------- d-----w- c:\program files\IZArc
2012-10-19 07:18 . 2012-10-28 14:59 -------- d-----w- c:\program files\Activision
2012-10-17 18:40 . 2012-10-17 18:40 -------- d-----w- c:\program files\gs
2012-10-17 16:31 . 2012-10-17 16:31 -------- d-----w- c:\users\Vanquisher\AppData\Local\Macromedia
2012-10-17 13:30 . 2012-10-17 13:30 -------- d-----w- c:\windows\system32\wbem\Logs
2012-10-17 13:25 . 2012-10-17 13:25 -------- d-----w- c:\windows\system32\wbem\MOF
2012-10-17 12:42 . 2012-10-17 12:42 -------- d-----w- c:\users\Vanquisher\AppData\Local\daulat.raikar
2012-10-16 06:05 . 2012-10-16 06:05 -------- d-----w- c:\windows\M Y! Banner Killer
2012-10-15 07:55 . 2012-10-30 14:14 2 --shatr- c:\windows\winstart.bat
2012-10-14 16:14 . 2012-10-14 16:14 -------- d-----w- c:\users\Vanquisher\AppData\Roaming\Malwarebytes
2012-10-14 16:14 . 2012-10-17 18:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-10-14 16:14 . 2012-09-29 14:24 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-14 05:29 . 2012-10-14 05:29 -------- d-----w- c:\users\Vanquisher\AppData\Roaming\Thunderbird
2012-10-14 05:29 . 2012-10-14 05:29 -------- d-----w- c:\users\Vanquisher\AppData\Local\Thunderbird
2012-10-12 09:26 . 2012-10-12 09:32 -------- d-----w- c:\programdata\WebEx
2012-10-11 18:22 . 2012-04-17 09:10 72704 ----a-w- c:\windows\system32\drivers\bdvedisk.sys
2012-10-11 18:19 . 2012-07-06 09:43 77192 ----a-w- c:\windows\system32\drivers\BdfNdisf6.sys
2012-10-11 18:19 . 2012-10-24 14:20 66392 ----a-w- c:\windows\system32\drivers\bdsandbox.sys
2012-10-11 18:19 . 2012-10-24 14:19 481464 ----a-w- c:\windows\system32\drivers\avckf.sys
2012-10-11 16:30 . 2012-10-11 18:26 -------- d-----w- c:\users\Vanquisher\AppData\Roaming\Bitdefender
2012-10-11 16:00 . 2012-08-29 12:54 161312 ----a-w- c:\windows\system32\drivers\gzflt.sys
2012-10-11 16:00 . 2012-07-02 09:51 343456 ----a-w- c:\windows\system32\drivers\trufos.sys
2012-10-10 06:58 . 2012-10-11 18:25 -------- d-----w- c:\programdata\Bitdefender
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-10 01:00 . 2012-04-02 04:22 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-10 01:00 . 2011-05-16 17:39 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-30 20:57 . 2012-09-30 20:59 1536 ----a-w- c:\windows\system32\bcevent.dll
2012-09-18 19:29 . 2012-10-09 02:52 6980552 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B5886727-BB84-4897-A03F-8D28CE8D749D}\mpengine.dll
2012-09-17 06:26 . 2011-12-25 14:08 31584 ----a-w- c:\windows\system32\TURegOpt.exe
2012-09-17 06:26 . 2011-12-25 14:15 21344 ----a-w- c:\windows\system32\authuitu.dll
2012-09-12 10:37 . 2012-09-12 10:37 58368 ----a-w- c:\windows\system32\sirenacm.dll
2012-09-12 10:27 . 2012-09-12 10:27 322048 ----a-w- c:\windows\WLXPGSS.SCR
2012-09-09 18:20 . 2012-09-09 18:20 45056 ----a-w- c:\windows\system32\UTSCSI.EXE
2012-09-07 15:28 . 2012-04-09 00:42 821736 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-07 15:28 . 2010-05-26 05:31 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-30 13:46 . 2012-08-30 13:46 65536 ----a-w- c:\windows\system32\frapsvid.dll
2012-08-24 06:59 . 2012-09-22 03:18 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 06:51 . 2012-09-22 03:18 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 06:51 . 2012-09-22 03:18 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 06:47 . 2012-09-22 03:18 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 06:47 . 2012-09-22 03:18 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 06:43 . 2012-09-22 03:18 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-23 15:52 . 2012-10-26 10:10 3072 ----a-w- c:\windows\system32\drivers\en-US\tsusbflt.sys.mui
2012-08-22 17:16 . 2012-09-11 21:52 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 17:16 . 2012-09-11 21:52 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 17:16 . 2012-09-11 21:52 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 17:16 . 2012-09-11 21:52 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 20:12 . 2012-09-26 02:55 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-10-27 09:29 . 2012-10-27 09:28 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-09-06 10:21 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-09-06 10:21 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-09-06 10:21 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-09-06 10:21 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox1]
@="{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}"
[HKEY_CLASSES_ROOT\CLSID\{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}]
2012-06-29 05:48 240920 ----a-w- c:\program files\BitDefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox2]
@="{342DAA0B-D796-460D-8566-901E08A1CCAD}"
[HKEY_CLASSES_ROOT\CLSID\{342DAA0B-D796-460D-8566-901E08A1CCAD}]
2012-06-29 05:48 240920 ----a-w- c:\program files\BitDefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox3]
@="{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}"
[HKEY_CLASSES_ROOT\CLSID\{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}]
2012-06-29 05:48 240920 ----a-w- c:\program files\BitDefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox4]
@="{33816773-98AE-4723-ADE0-EBE54C8B5A67}"
[HKEY_CLASSES_ROOT\CLSID\{33816773-98AE-4723-ADE0-EBE54C8B5A67}]
2012-06-29 05:48 240920 ----a-w- c:\program files\BitDefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"F.lux"="c:\users\Vanquisher\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-06 4763008]
"Facebook Update"="c:\users\Vanquisher\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-11-08 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-12-22 2049320]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-12-15 1115728]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]
"eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-05-30 544768]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2012-06-11 10996368]
"Bdagent"="c:\program files\Bitdefender\Bitdefender 2013\bdagent.exe" [2012-10-24 1609272]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-05-09 397312]
"PLFSetI"="c:\windows\PLFSetI.exe" [2009-11-20 200704]
"Anti-phishing Domain Advisor"="c:\programdata\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2012-07-06 217736]
.
c:\users\Vanquisher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
clipx.lnk - c:\program files\ClipX\clipx.exe [2005-12-1 68608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableLinkedConnections"= 1 (0x1)
"SynchronousUserGroupPolicy"= 0 (0x0)
"SynchronousMachineGroupPolicy"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 0 (0x0)
"NoFileAssociate"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoThumbnail"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]
@=""
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Venturi Configurator
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WLSync
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-04-20 11:48 58656 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2012-11-08 10:13 138096 ----atw- c:\users\Vanquisher\AppData\Local\Facebook\Update\FacebookUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-18 15:26 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe"
.
R0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys [x]
R0 gzflt;gzflt;c:\windows\system32\DRIVERS\gzflt.sys [x]
R0 Soluto;Soluto;c:\windows\system32\Drivers\Soluto.sys [x]
R1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [x]
R1 bdfwfpf;bdfwfpf;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [x]
R1 BDVEDISK;BDVEDISK;c:\windows\system32\DRIVERS\bdvedisk.sys [x]
R1 SaibVd32;Virtual Disk Driver;c:\windows\system32\Drivers\SaibVd32.sys [x]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [x]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [x]
R2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [x]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [x]
R2 CronService;Cron Service for Prey;c:\program files\Prey\platform\windows\cronsvc.exe [x]
R2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [x]
R2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe [x]
R2 IGBASVC;EgisTec Service;c:\program files\Acer Bio Protection\BASVC.exe [x]
R2 KMService;KMService;c:\windows\system32\srvany.exe [x]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [x]
R2 lxdc_device;lxdc_device;c:\windows\system32\lxdccoms.exe [x]
R2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe [x]
R2 PfFilter;PfFilter;c:\program files\IObit\Protected Folder\pffilter.sys [x]
R2 SwOffScheduler;Airytec Switch Off - Task Scheduler;c:\program files\Airytec\Switch Off\swoff.exe [x]
R2 SwOffWeb;Airytec Switch Off - Web Interface;c:\program files\Airytec\Switch Off\swoff.exe [x]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe [x]
R2 Updatesrv;Bitdefender Desktop Update Service;c:\program files\Bitdefender\Bitdefender 2013\updatesrv.exe [x]
R2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [x]
R3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys [x]
R3 BDSandBox;BDSandBox;c:\windows\system32\drivers\bdsandbox.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [x]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
R3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv.sys [x]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv.sys [x]
R3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [x]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
R3 NETwNs32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETwNs32.sys [x]
R3 NETwNv32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETwNv32.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [x]
R3 S2usbser;S2 USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\S2usbser.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [x]
R3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys [x]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files\IObit\Game Booster\Driver\WinRing0.sys [x]
R4 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files\Roxio\BackOnTrack\App\SaibSVC.exe [x]
R4 BdDesktopParental;Bitdefender Desktop Parental Control;c:\program files\Bitdefender\Bitdefender 2013\bdparentalservice.exe [x]
R4 BOT4Service;BOT4Service;c:\program files\Roxio\BackOnTrack\App\BService.exe [x]
R4 BOTService;BOTService;c:\program files\Roxio\BackOnTrack\Instant Restore\BOTService.exe [x]
R4 CrashPlanService;CrashPlan Backup Service;c:\program files\CrashPlan\CrashPlanService.exe [x]
R4 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo WinOptimizer 2012\DfsdkS.exe [x]
R4 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
R4 RosettaStoneDaemon;RosettaStoneDaemon;c:\program files\RosettaStoneLtdServices\RosettaStoneDaemon.exe [x]
R4 RoxMediaDB13;RoxMediaDB13;c:\program files\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe [x]
R4 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe [x]
R4 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R4 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R4 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [x]
S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys [x]
S0 SahdIa32;HDD Filter Driver;c:\windows\System32\Drivers\SahdIa32.sys [x]
S0 SaibIa32;Volume Filter Driver;c:\windows\System32\Drivers\SaibIa32.sys [x]
S0 SysCow;SysCow;c:\windows\system32\drivers\syscow32v.sys [x]
S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys [x]
S0 vidsflt58;Acronis Disk Storage Filter (58);c:\windows\system32\DRIVERS\vsflt58.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
S3 avchv;avchv Function Driver;c:\windows\system32\DRIVERS\avchv.sys [x]
S3 ITECIRfilter;ITECIR Filter Driver;c:\windows\system32\DRIVERS\ITECIRfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan sysagent
GPSvcGroup REG_MULTI_SZ GPSvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 01:00]
.
2012-11-08 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1400066183-2743379039-1498527986-1001Core.job
- c:\users\Vanquisher\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-03 10:13]
.
2012-11-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1400066183-2743379039-1498527986-1001UA.job
- c:\users\Vanquisher\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-03 10:13]
.
2012-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-18 16:26]
.
2012-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-18 16:26]
.
2012-10-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1400066183-2743379039-1498527986-1001Core.job
- c:\users\Vanquisher\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-21 16:26]
.
2012-10-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1400066183-2743379039-1498527986-1001Core1cd082ee0f66468.job
- c:\users\Vanquisher\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-21 16:26]
.
2012-10-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1400066183-2743379039-1498527986-1001UA.job
- c:\users\Vanquisher\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-21 16:26]
.
2012-10-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1400066183-2743379039-1498527986-1001UA1cd082ee3cbd628.job
- c:\users\Vanquisher\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-21 16:26]
.
2012-11-09 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task a46e60f9-0999-4b9a-a64d-eccd56caa16f.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2012-11-09 c:\windows\Tasks\WpsUpdateTask_Vanquisher.job
- c:\program files\Kingsoft\Kingsoft Office\office6\wpsupdate.exe [2011-11-03 16:00]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{4D562BFB-A1F7-441A-B359-4EA9D929F803}: NameServer = 4.2.2.2,4.2.2.1
TCP: Interfaces\{DE5A9892-8B4C-49D1-AD01-271DD9DFCEB7}: NameServer = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\users\Vanquisher\AppData\Roaming\Mozilla\Firefox\Profiles\7l6q5dm8.default-1351026847965\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=vmn&type=vmn-toolbarcleaner-1_1-ya-bs-rp&q=
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2012-10-24 09:46; {64161300-e22b-11db-8314-0800200c9a66}; c:\users\Vanquisher\AppData\Roaming\Mozilla\Firefox\Profiles\7l6q5dm8.default-1351026847965\extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi
FF - ExtSQL: 2012-10-24 10:24; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Vanquisher\AppData\Roaming\Mozilla\Firefox\Profiles\7l6q5dm8.default-1351026847965\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2012-10-24 10:41; [email protected]; c:\users\Vanquisher\AppData\Roaming\Mozilla\Firefox\Profiles\7l6q5dm8.default-1351026847965\extensions\[email protected]
FF - ExtSQL: 2012-10-24 10:41; {1018e4d6-728f-4b20-ad56-37578a4de76b}; c:\users\Vanquisher\AppData\Roaming\Mozilla\Firefox\Profiles\7l6q5dm8.default-1351026847965\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
FF - ExtSQL: 2012-10-24 10:41; {4BBDD651-70CF-4821-84F8-2B918CF89CA3}; c:\users\Vanquisher\AppData\Roaming\Mozilla\Firefox\Profiles\7l6q5dm8.default-1351026847965\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
FF - ExtSQL: 2012-10-24 10:53; [email protected]; c:\users\Vanquisher\AppData\Roaming\Mozilla\Firefox\Profiles\7l6q5dm8.default-1351026847965\extensions\[email protected]
FF - ExtSQL: 2012-10-24 11:07; [email protected]; c:\users\Vanquisher\AppData\Roaming\Mozilla\Firefox\Profiles\7l6q5dm8.default-1351026847965\extensions\[email protected]
FF - ExtSQL: 2012-10-24 12:05; {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}; c:\users\Vanquisher\AppData\Roaming\Mozilla\Firefox\Profiles\7l6q5dm8.default-1351026847965\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
FF - ExtSQL: 2012-10-24 12:50; {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}; c:\users\Vanquisher\AppData\Roaming\Mozilla\Firefox\Profiles\7l6q5dm8.default-1351026847965\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
FF - ExtSQL: 2012-10-24 16:35; {37fa1426-b82d-11db-8314-0800200c9a66}; c:\users\Vanquisher\AppData\Roaming\Mozilla\Firefox\Profiles\7l6q5dm8.default-1351026847965\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}.xpi
FF - ExtSQL: 2012-10-24 20:01; {210249CE-F888-11DD-B868-4CB456D89593}; c:\users\Vanquisher\AppData\Roaming\Mozilla\Firefox\Profiles\7l6q5dm8.default-1351026847965\extensions\{210249CE-F888-11DD-B868-4CB456D89593}
FF - ExtSQL: 2012-10-25 00:50; [email protected]; c:\users\Vanquisher\AppData\Roaming\Mozilla\Firefox\Profiles\7l6q5dm8.default-1351026847965\extensions\[email protected]
FF - ExtSQL: 2012-10-25 00:50; [email protected]; c:\users\Vanquisher\AppData\Roaming\Mozilla\Firefox\Profiles\7l6q5dm8.default-1351026847965\extensions\[email protected]
FF - ExtSQL: 2012-10-28 14:14; [email protected]; c:\users\Vanquisher\AppData\Roaming\Mozilla\Firefox\Profiles\7l6q5dm8.default-1351026847965\extensions\[email protected]
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers- - (no file)
ShellIconOverlayIdentifiers- - (no file)
ShellIconOverlayIdentifiers- - (no file)
SafeBoot-29978811.sys
SafeBoot-mcmscsvc
SafeBoot-MCODS
MSConfigStartUp-Adobe ARM - c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
AddRemove-AddonChat - c:\windows\system32\javaws.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1400066183-2743379039-1498527986-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:3d,5c,f3,3f,f6,43,6e,ca,9a,a8,d8,e7,fd,04,60,6e,59,a7,8f,36,fc,d3,17,
39,86,9e,5a,39,dc,56,80,12,7f,a2,ae,2c,3e,73,0f,e1,43,de,6f,4c,e4,99,6b,4b,\
"??"=hex:fc,62,e1,7d,d0,0c,ab,06,be,f1,36,fc,59,e2,5e,d7
.
[HKEY_USERS\S-1-5-21-1400066183-2743379039-1498527986-1001\Software\SecuROM\License information*]
"datasecu"=hex:a6,06,0b,f4,b1,a0,d5,c2,a4,77,33,22,ac,92,32,a1,d6,ad,96,75,23,
2c,fe,fa,cc,61,e4,0e,b4,ab,bb,27,01,8e,69,17,16,5a,8f,32,d6,b9,20,d5,85,25,\
"rkeysecu"=hex:1c,c4,e2,ba,49,48,7c,bc,15,ad,2f,39,14,8a,46,26
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-11-09 09:32:50
ComboFix-quarantined-files.txt 2012-11-09 04:02
.
Pre-Run: 21,558,042,624 bytes free
Post-Run: 21,413,109,760 bytes free
.
- - End Of File - - 79750FB7BCAB40C5312724CC81C858FB
------------------------------------------------------------------

What I did:
Logged into safe mode and ran combofix. It cleared almost 60 stages whereas in normal mode, it would not go beyond the 3rd stage. It then generated the log file and then I could restart the computer which I did.

What Happened:
The computer would not load windows. I tried in safe mode but still it would not load. When I would restart the computer, it would not go any further showing me the mouse pointer on the middle of the screen and the rest of the screen was black but if I pressed the Capslock key the LED would blink so it was not hanged or frozen. Past this point, Windows should have loaded but nothing helped. Even Last Known Good Configuration failed.

What I did:
I inserted the Windows 7 Pro disk and used the recovery option to recovery Windows startup. While it was running it gave me an option of System Restore but I cancelled and and let it run to see if the disk could repair startup but it did not so I ran startup repair again and when it gave me the option of System Restore this time, I used it and the system was restored. Then I could start windows normally. When it loaded, my Bitdefender Internet Security would not load. It seemed to have gotten corrupted so I uninstalled it totally and installed MS Security Essentials. Then rebooted and put the computer to sleep and woke it up. And guess what? everything is working now. Task Manager will load, new applications will load, etc. Basically, I would be able to do anything that I would want to normally.

Then I enabled Hibernation and hibernated the computer and resumed. And everything is working normally as it should.

So I can conclude that the issue is resolved by ComboFix. I think it had something to do with the boot files or startup files or those files which are required for windows to resume from sleep or hiberbation. Maybe those files were infected and my internet security could not detect it.

Finally, thank You very much for your assistance. It would not have been possible with you key advice by telling me to run ComboFix in Safe Mode. I'd really love to hear from you any advice to prevent such a thing and also its cause. This is an issue which took months for me to resolve.

Thanks once again Gringo, You are a Life Saver.
  • 0

#13
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
  • 0

#14
Techminator

Techminator

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
1-abc.net Duplicate Finder (Remove only)
Acer Crystal Eye Webcam
Acer Empowering Technology
Acer ePower Management
Acer eSettings Management
Acer Updater
Acronis True Image Home 2012
AddonChat
Adobe AIR
Adobe Community Help
Adobe Enterprise Café™
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Shockwave Player 11.6
Airytec Switch Off
Anti-phishing Domain Advisor
AntiPhotoSpy 2012
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ashampoo WinOptimizer 2012 v.8.1.4
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
µTorrent
Bitdefender Total Security 2013
Bonjour
calibre
CamStudio
Carmageddon TDR2000
CCleaner
Chinese Traditional Fonts Support For Adobe Reader X
Cisco WebEx Meetings
CleanMem
Combat Arms EU
CPUID CPU-Z 1.59
CrashPlan
CrystalDiskInfo 4.3.0a
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DirectX 9 Runtime
DivX Setup
Document Express DjVu Plug-in
Driver Magician 3.68
ESET Online Scanner v3
F.lux
Face Filter
Facebook Plug-In
Facebook Video Calling 1.2.0.287
Free Download Manager 3.8
Free PDF to Word Doc Converter v1.1
Game Booster 3
GIMP 2.6.12-2
GoGear SA19xx Device Manager
Google Chrome
Google Drive
Google Earth
Google Talk (remove only)
Google Talk Plugin
Google Update Helper
GoToMeeting 5.1.0.880
GPL Ghostscript
Hero Fighter
HitmanPro 3.6
inSSIDer 2.0
IrfanView (remove only)
IZArc 4.1.7
Java 7 Update 9
Java Auto Updater
Java™ SE Development Kit 7 Update 3
JavaFX 2.0.3 SDK
JavaFX 2.1.1
JDownloader
JMicron Flash Media Controller Driver
Junk Mail filter update
K-Lite Mega Codec Pack 9.1.0
Kepler 7.0
Kingsoft Office 2012 (8.1.0.3036)
L&H TTS3000 British English
Lernout & Hauspie TruVoice American English TTS Engine
Little Fighter 2 version 2.0a
MagicDisc 2.7.106
Malwarebytes Anti-Malware version 1.65.1.1000
ManyCam 3.0.80 (remove only)
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Easy Assist v2
Microsoft IntelliPoint 8.2
Microsoft Office Live Meeting 2007
Microsoft Office Outlook Connector
Microsoft Office Professional Plus 2010
Microsoft Office Word MUI (English) 2010
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SkyDrive
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft_VC100_CRT_x86
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
MobileMe Control Panel
Movie Maker
Mozilla Firefox 16.0.2 (x86 en-GB)
Mozilla Maintenance Service
Mozilla Thunderbird 16.0.2 (x86 en-GB)
MSU Screen Capture Lossless Codec v1.2 (Remove Only)
MSVCRT
MSVCRT110
NEC Electronics USB 3.0 Host Controller Driver
Network Stumbler 0.4.0 (remove only)
NirSoft ShellExView
Nitro Reader 2
Notepad++
NVIDIA 3D Vision Controller Driver 306.97
NVIDIA Control Panel 306.97
NVIDIA Graphics Driver 306.97
NVIDIA HD Audio Driver 1.3.18.0
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.12.0604
NVIDIA Update 1.10.8
NVIDIA Update Components
ooVoo
Opera 12.02
Paint.NET v3.5.10
Paltalk Messenger 10.2
PeerBlock 1.1 (r518)
Photo Common
Photo Gallery
Pidgin
Process Hacker 2.28 (r5073)
PxMergeModule
QuickTime
RAM Defrag (remove only)
Realtek High Definition Audio Driver
Recuva
Remove Empty Directories version 2.2
Revo Uninstaller Pro 2.5.9
Roadkil's Unstoppable Copier Version 5.2
Rosetta Stone Ltd Services
Rosetta Stone TOTALe
Roxio BackOnTrack
Roxio BackOnTrackPE
Roxio Burn - Secure
Roxio CinePlayer
Roxio CinePlayer Decoder Pack
Roxio Creator 2012 Pro
Roxio System Rollback
Roxio System Rollback Recovery Disk
Roxio Video Capture USB
Rynga
S2 PCSync
Samsung Kies
SAMSUNG USB Driver for Mobile Phones
SecondLifeViewer (remove only)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Skype Click to Call
Skype™ 5.10
SmartSound Common Data
SmartSound Quicktracks 5
SmartSound Quicktracks Plugin
SpywareBlaster 4.6
StarToken
Steam
SUPERAntiSpyware
swMSM
Synaptics Pointing Device Driver
System Requirements Lab
System Requirements Lab CYRI
System Requirements Lab for Intel
TagScanner 5.1.621
TeamViewer 7
Technitium MAC Address Changer v5.0 Release 3
TeraCopy 2.27
The Nosebleed Pack Patch Install
The Saboteur™
TSP_CODEC
TuneUp Utilities 2013
TuneUp Utilities Language Pack (en-GB)
TuneUp Utilities Language Pack (en-US)
Ubisoft Game Launcher
Unlocker 1.9.0
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553092)
VC80CRTRedist - 8.0.50727.6195
VCD Cutter 1.1
VirusTotal Uploader 2.0
VisiPics V1.30
VLC media player 2.0.4
Winamp
Winamp Detector Plug-in
WinDirStat 1.1.2
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
Xvid Video Codec
Yahoo! Messenger
ZTE_1.2059.0.8
  • 0

#15
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

µTorrent
Java™ SE Development Kit 7 Update 3
JavaFX 2.0.3 SDK
JavaFX 2.1.1
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.




Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP