Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Services.exe High CPU usage malware

Started by juddaz1982 , Feb 02 2013 02:03 PM

  • Please log in to reply

#1
juddaz1982
Posted 02 February 2013 - 02:03 PM

juddaz1982

    New Member

  • Member
  • Pip
  • 8 posts
Hi all

I recently noticed my computer as been very slow and checked out the task manager. It showed the program services.exe was using the majority of CPU. I checked this online and have seen that some programs replace this file when they infect the machines. I think this is the problem.

I tried a few 'fixes' from different sites but none seemed to have worked. I run scans with OTL, roguekiller, AVG free (my main anti-virus), stinger, hitman pro, malwarebytes. I dont know which lines of code or log though that im supposed to delete or ask the programs to delete. They all generate logs but i have not idea what they mean.

Here is my OTL log, any help is appreciated.

OTL logfile created on: 02/02/2013 18:30:58 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Admin\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.49 Gb Total Physical Memory | 0.58 Gb Available Physical Memory | 38.71% Memory free
3.78 Gb Paging File | 2.88 Gb Available in Paging File | 76.02% Paging File free
Paging file location(s): C:\pagefile.sys 2500 3500 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.51 Gb Total Space | 18.34 Gb Free Space | 24.61% Space Free | Partition Type: FAT32

Computer Name: ACER-DEF8FEC2CA | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/26 11:16:48 | 001,101,488 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2013/01/26 11:16:48 | 000,945,328 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe
PRC - [2013/01/26 09:36:14 | 000,105,832 | ---- | M] (SurfRight B.V.) -- C:\Program Files\HitmanPro\hmpsched.exe
PRC - [2013/01/18 21:13:54 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/01/17 08:50:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL.exe
PRC - [2012/12/23 22:13:16 | 001,673,048 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC [2012/12/23 22:13:16 | 000,976,728 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/12/11 03:52:44 | 003,147,384 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe
PRC - [2012/11/15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe
PRC - [2012/10/30 04:59:56 | 000,726,648 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgrsx.exe
PRC - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe
PRC - [2012/10/22 13:04:32 | 001,116,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgnsx.exe
PRC - [2012/10/22 13:03:46 | 000,440,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcsrvx.exe
PRC - [2012/09/15 09:14:32 | 000,212,992 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Documents and Settings\Admin\Local Settings\Temp\RtkBtMnt.exe
PRC - [2012/07/10 18:45:18 | 000,230,240 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\MobileBrServ\mbbService.exe
PRC - [2012/07/05 22:07:00 | 000,161,704 | ---- | M] (Oracle Corporation) -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
PRC - [2012/01/17 11:07:58 | 000,505,736 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2011/11/04 08:49:56 | 000,788,992 | ---- | M] () -- C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
PRC - [2011/03/31 15:36:56 | 000,073,728 | ---- | M] () -- C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\WJATH\AthServer.exe
PRC - [2011/03/31 15:36:54 | 000,499,796 | ---- | M] (Atheros) -- C:\WINDOWS\system32\acs.exe
PRC - [2008/04/14 01:12:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/31 17:29:06 | 000,196,608 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
PRC - [2008/01/29 17:38:32 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe


========== Modules (No Company Name) ==========

MOD - [2013/01/26 11:16:48 | 001,101,488 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2013/01/26 11:16:48 | 000,945,328 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe
MOD - [2013/01/26 11:16:48 | 000,156,848 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\14.0.1\SiteSafety.dll
MOD - [2013/01/18 21:13:52 | 003,022,232 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013/01/09 20:21:50 | 001,138,688 | ---- | M] () -- c:\Program Files\JustBrowse\sprotector.dll
MOD - [2013/01/09 20:18:06 | 001,159,168 | ---- | M] () -- c:\Program Files\WxDownload\sprotector.dll
MOD - [2013/01/09 08:18:14 | 014,586,888 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll
MOD - [2012/08/21 17:18:44 | 000,557,056 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\js32.dll
MOD - [2012/07/17 01:54:04 | 000,520,464 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
MOD - [2012/07/13 02:10:30 | 000,970,240 | ---- | M] () -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\0fsmw8p8.default\extensions\[email protected]\platform\WINNT_x86-msvc\components\lpxpcom.dll
MOD - [2012/07/10 18:45:18 | 000,230,240 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\MobileBrServ\mbbService.exe
MOD - [2011/11/04 08:49:56 | 000,788,992 | ---- | M] () -- C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
MOD - [2011/11/03 16:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/08/25 14:02:18 | 001,425,920 | ---- | M] () -- C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\nicLan.dll
MOD - [2011/03/31 15:36:56 | 000,231,424 | ---- | M] () -- C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\WJATH\WjAth.dll
MOD - [2011/03/31 15:36:56 | 000,073,728 | ---- | M] () -- C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\WJATH\AthServer.exe
MOD - [2011/03/31 15:36:56 | 000,024,576 | ---- | M] () -- C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\WJATH\IAthWcAPI.dll
MOD - [2011/03/31 15:36:46 | 000,167,424 | ---- | M] () -- C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\DC_WFF.dll
MOD - [2011/02/04 17:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2008/04/14 01:12:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 01:11:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll


========== Services (SafeList) ==========

SRV - [2013/01/26 11:16:48 | 000,945,328 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe -- (vToolbarUpdater14.0.1)
SRV - [2013/01/26 09:36:14 | 000,105,832 | ---- | M] (SurfRight B.V.) [Auto | Running] -- C:\Program Files\HitmanPro\hmpsched.exe -- (HitmanProScheduler)
SRV - [2013/01/18 21:13:52 | 000,115,608 | ---- | M] (Mozilla Foundation) [Auto | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/01/09 08:18:20 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/23 22:13:16 | 000,976,728 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/11/15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012/07/10 18:45:18 | 000,230,240 | ---- | M] () [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\MobileBrServ\mbbService.exe -- (Mobile Broadband HL Service)
SRV - [2012/07/05 22:07:00 | 000,161,704 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2011/11/01 18:44:08 | 000,013,160 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\599\g2aservice.exe -- (GoToAssist)
SRV - [2011/03/31 15:36:54 | 000,499,796 | ---- | M] (Atheros) [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2011/03/31 15:36:52 | 000,360,529 | ---- | M] (wireless) [On_Demand | Stopped] -- C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\WPS\jswpsapi.exe -- (jswpsapi)
SRV - [2011/03/09 13:30:08 | 000,092,592 | ---- | M] (TomTom) [On_Demand | Stopped] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2008/11/09 20:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [On_Demand | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/01/29 17:38:32 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2007/12/18 12:48:40 | 000,196,704 | ---- | M] (OptionNV) [Disabled | Stopped] -- C:\Program Files\Orange\ICON 225 USB Connect\GtDetectSc.exe -- (GtDetectSc)
SRV - [2005/07/25 20:25:18 | 000,491,520 | ---- | M] ( ) [On_Demand | Stopped] -- C:\WINDOWS\system32\lxcfcoms.exe -- (lxcf_device)
SRV - [2003/05/19 16:07:38 | 000,086,016 | ---- | M] (Yahoo! Inc.) [On_Demand | Stopped] -- C:\WINDOWS\system32\YPcservice.exe -- (YPCService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\IDS-DI~1\20090923.001\symidsco.sys -- (SYMIDSCO)
DRV - File not found [Kernel | Boot | Stopped] -- System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\Drivers\psdvdisk.sys -- (psdvdisk)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\Drivers\psdfilter.sys -- (psdfilter)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS -- (MRESP50a64)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS -- (MRESP50)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS -- (MREMP50a64)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS -- (MREMP50)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013/01/26 11:16:48 | 000,031,576 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2012/12/23 22:13:34 | 000,071,480 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2012/12/23 22:13:34 | 000,065,848 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2012/12/23 22:13:32 | 000,166,840 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2012/12/14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/11/15 23:33:26 | 000,094,048 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2012/10/24 05:36:20 | 000,272,216 | ---- | M] () [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus32_43926.sys -- (RapportCerberus_43926)
DRV - [2012/10/22 13:02:46 | 000,179,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2012/10/15 03:48:52 | 000,055,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/10/02 03:30:38 | 000,159,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/09/21 03:46:06 | 000,164,832 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/09/21 03:46:00 | 000,177,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avglogx.sys -- (Avglogx)
DRV - [2012/09/21 03:45:54 | 000,019,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2012/09/14 03:05:20 | 000,035,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2012/07/17 01:54:04 | 000,021,520 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Running] -- c:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportIaso.sys -- (RapportIaso)
DRV - [2012/06/19 16:54:20 | 006,141,584 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2011/07/28 19:06:06 | 001,763,584 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athuw.sys -- (AR9271)
DRV - [2011/03/31 15:36:52 | 000,058,208 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)
DRV - [2011/03/31 15:36:52 | 000,057,440 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\jswscimd.sys -- (JSWSCIMD)
DRV - [2011/02/14 02:42:36 | 000,020,864 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2011/02/14 02:42:34 | 000,025,216 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2011/02/14 02:42:32 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2010/11/22 10:24:58 | 000,056,424 | ---- | M] (Exent Technologies Ltd.) [Kernel | Auto | Running] -- C:\Program Files\Free Ride Games\X4HSEx.sys -- (X4HSEx)
DRV - [2009/11/18 07:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/11/18 07:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2007/11/13 15:50:40 | 000,106,112 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Gt51Ip.sys -- (GT72NDISIPXP)
DRV - [2007/10/09 12:53:16 | 000,059,264 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gt72ubus.sys -- (GT72UBUS)
DRV - [2007/03/30 12:38:14 | 000,008,064 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gtptser.sys -- (GTPTSER)
DRV - [2006/09/25 10:02:22 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2006/06/20 03:20:24 | 001,097,728 | ---- | M] (Logitech) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lv321av.sys -- (lv321av)
DRV - [2006/06/20 03:16:16 | 000,039,424 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2006/06/13 10:18:00 | 000,162,432 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2006/06/13 10:03:00 | 000,424,320 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2006/06/01 08:55:00 | 000,244,864 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2005/12/13 23:08:44 | 001,124,097 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2003/01/10 16:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.client...fo/bt_side.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://websearch.just-browse.info/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://uk.red.client...fo/bt_side.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\SearchScopes,DefaultScope = {0A388CCC-E801-429B-AFEB-180EC915ABF7}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{0A388CCC-E801-429B-AFEB-180EC915ABF7}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.jus...q={searchTerms}
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search...p={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://bt.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://websearch.just-browse.info/
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0A388CCC-E801-429B-AFEB-180EC915ABF7}: "URL" = http://www.google.co...GGHP_en-GBGB492
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg....fr&d=2011-10-13 14:53:30&v=12.2.5.32&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{A33BEB1D-A76A-41F9-8759-1EE61F8326AA}: "URL" = http://uk.search.yah...-8&fr=bt-odbrws
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2504091
IE - HKCU\..\SearchScopes\{B98D7C9B-A6D4-4FC9-8FC3-FDBF48062BEC}: "URL" = http://search.yahoo....=utf-8&fr=b1ie7
IE - HKCU\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.jus...q={searchTerms}
IE - HKCU\..\SearchScopes\{CFAAC75C-9A4D-494F-B188-7875E9A5484D}: "URL" = http://www.flickr.co...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..CT2504091.browser.search.defaultthis.engineName: true
FF - prefs.js..browser.search.defaultenginename: "WebSearch"
FF - prefs.js..browser.search.defaultenginename,S: S", "WebSearch"
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: "http://websearch.jus...e.info/?l=1&q="
FF - prefs.js..browser.search.order.1: "WebSearch"
FF - prefs.js..browser.search.order.1,S: S", "WebSearch"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.selectedEngine,S: S", "WebSearch"
FF - prefs.js..browser.startup.homepage: "https://www.google.co.uk/"
FF - prefs.js..extensions.enabledAddons: support%40lastpass.com:2.0.0
FF - prefs.js..extensions.enabledAddons: donottrackplus%40abine.com:2.2.1.829
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.11
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6
FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0
FF - prefs.js..extensions.enabledAddons: %7B23fcfd51-4958-4f00-80a3-ae97e717ed8b%7D:2.1.2.145
FF - prefs.js..extensions.enabledAddons: nasanightlaunch%40example.com:0.6.20121022
FF - prefs.js..keyword.URL: "http://websearch.jus...e.info/?l=1&q="
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\14.0.1\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@exent.com/npExentCtl,version=7.0.0.0: C:\Program Files\Free Ride Games\npExentCtl.dll (Exent Technologies Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/12/29 15:04:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/01/18 21:13:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/01/18 21:13:28 | 000,000,000 | ---D | M]

[2012/07/10 19:14:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Extensions
[2012/12/01 15:02:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Extensions\[email protected]
[2012/07/10 19:30:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\0fsmw8p8.default\extensions
[2012/10/25 08:23:00 | 000,000,000 | ---D | M] (FT DeepDark) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\0fsmw8p8.default\extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66}
[2012/11/03 08:27:54 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\0fsmw8p8.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/08/22 22:11:40 | 000,000,000 | ---D | M] (Vuze Remote) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\0fsmw8p8.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2012/09/15 12:31:20 | 000,000,000 | ---D | M] (DoNotTrackPlus) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\0fsmw8p8.default\extensions\[email protected]
[2012/10/13 07:30:00 | 000,000,000 | ---D | M] (LavaFox V2) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\0fsmw8p8.default\extensions\[email protected]
[2012/07/13 02:10:30 | 000,000,000 | ---D | M] (LastPass) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\0fsmw8p8.default\extensions\[email protected]
[2012/07/21 21:25:40 | 000,702,524 | ---- | M] () (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\0fsmw8p8.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
[2012/10/24 05:41:12 | 002,290,783 | ---- | M] () (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\0fsmw8p8.default\extensions\[email protected]
[2012/11/03 23:06:00 | 000,530,388 | ---- | M] () (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\0fsmw8p8.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012/08/29 21:56:22 | 000,007,915 | ---- | M] () (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\0fsmw8p8.default\extensions\[email protected]\chrome\content\ff\view_expiry.js
[2012/07/10 19:32:06 | 000,000,869 | ---- | M] () -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\0fsmw8p8.default\searchplugins\conduit.xml
[2013/01/17 08:37:38 | 000,000,556 | ---- | M] () -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\0fsmw8p8.default\searchplugins\WebSearch.xml
[2013/01/18 21:13:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/12/29 15:04:22 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012/07/16 03:10:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2013/01/18 21:13:54 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2008/02/07 21:48:26 | 000,419,136 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll
[2007/03/16 17:27:00 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcr80.dll
[2007/03/16 17:27:00 | 000,548,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcp80.dll
[2007/03/16 17:27:00 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcm80.dll
[2008/02/07 21:46:16 | 000,021,824 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll
[2008/02/07 21:46:20 | 000,091,448 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\confmgr.dll
[2008/02/07 21:46:12 | 000,024,384 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll
[2008/02/07 21:46:12 | 000,087,360 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll
[2009/09/21 12:24:16 | 000,001,329 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\crawlersrch.xml
[2010/09/11 10:43:42 | 000,002,191 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2013/01/26 11:17:36 | 000,003,591 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/08/30 10:27:36 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/10/13 12:24:28 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://websearch.just-browse.info/
CHR - Extension: No name found = C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jdeikohnfgillokgfhjhnfdmhdkmjkab\1\

O1 HOSTS File: ([2004/08/10 20:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} - C:\Program Files\SiteRanker\SiteRank.dll (Crawler, LLC)
O2 - BHO: (ALOT Toolbar Helper) - {14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6} - C:\Program Files\alot\bin\BHO\alotBHO.dll (Vertro)
O2 - BHO: (MapNeto 1 Toolbar) - {1e7e4de1-5ef4-4baa-9250-c26258dc499a} - C:\Program Files\MapNeto_1\prxtbMap2.dll (Conduit Ltd.)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll File not found
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (ALOT Appbar Helper) - {85F5CF95-EC8F-49fc-BB3F-38C79455CBA2} - C:\Program Files\alotappbar\bin\BHO\ALOTHelperBHO.dll (Vertro)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\14.0.2.14\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O2 - BHO: (wxDownload) - {BCE6FF61-51E0-E33D-EC57-D9C7A518ED63} - C:\Documents and Settings\All Users\Application Data\wxDownload\50f7bd9be1dfe.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SidebarAutoLaunch Class) - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll (Yahoo! Inc.)
O2 - BHO: (Free Ride Games Toolbar) - {f92a9fe4-2850-4198-b9d5-279880e49b16} - C:\Program Files\Free_Ride_Games\prxtbFre2.dll (Conduit Ltd.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (MapNeto 1 Toolbar) - {1e7e4de1-5ef4-4baa-9250-c26258dc499a} - C:\Program Files\MapNeto_1\prxtbMap2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ALOT Toolbar) - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll (Vertro)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\14.0.2.14\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (ALOT Appbar) - {A531D99C-5A22-449b-83DA-872725C6D0ED} - C:\Program Files\alotappbar\bin\alothelper.dll (Vertro)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (BT Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (Free Ride Games Toolbar) - {f92a9fe4-2850-4198-b9d5-279880e49b16} - C:\Program Files\Free_Ride_Games\prxtbFre2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LaunchApp] C:\WINDOWS\Alaunch.exe (Acer Inc.)
O4 - HKLM..\Run: [LXCFCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.DLL ()
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk = C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML File not found
O9 - Extra Button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{53139C75-ADB4-44B8-83A5-D9963D997C65}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A0E30E0F-7C5C-439C-B5FC-4DB070D80189}: DhcpNameServer = 192.168.1.1 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll File not found
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\14.0.1\ViProtocol.dll ()
O20 - AppInit_DLLs: (c:\progra~1\wxdown~1\sprote~1.dll) - c:\Program Files\WxDownload\sprotector.dll ()
O20 - AppInit_DLLs: (c:\progra~1\justbr~1\sprote~1.dll) - c:\Program Files\JustBrowse\sprotector.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\599\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\599\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/08/30 16:46:30 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/02/02 17:51:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Brother
[2013/02/02 17:42:53 | 001,522,176 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\BrWia08a.dll
[2013/02/02 17:42:53 | 000,045,056 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\BrUsi08a.dll
[2013/02/02 17:42:36 | 000,126,976 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\BrfxD05a.dll
[2013/02/02 17:42:32 | 000,176,128 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\BroSNMP.dll
[2013/02/02 17:42:32 | 000,073,728 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\BrDctF2.dll
[2013/02/02 17:42:32 | 000,005,120 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\BrDctF2L.dll
[2013/02/02 17:42:32 | 000,003,072 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\BrDctF2S.dll
[2013/02/02 17:42:27 | 000,167,936 | ---- | C] (brother) -- C:\WINDOWS\System32\NSSearch.dll
[2013/02/02 17:42:21 | 000,000,000 | ---D | C] -- C:\Program Files\Brother
[2013/02/02 17:42:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Brother
[2013/02/02 17:41:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\My Documents\mflpro
[2013/02/02 17:10:10 | 000,000,000 | -HSD | C] -- C:\FOUND.019
[2013/02/01 12:53:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG
[2013/01/26 12:06:21 | 000,014,664 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\stinger.sys
[2013/01/26 12:02:13 | 000,000,000 | ---D | C] -- C:\Program Files\stinger
[2013/01/26 11:43:03 | 010,683,936 | ---- | C] (McAfee Inc.) -- C:\Documents and Settings\Admin\Desktop\Stinger.exe
[2013/01/26 10:14:52 | 000,000,000 | -HSD | C] -- C:\FOUND.018
[2013/01/26 09:53:17 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2013/01/26 09:36:10 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2013/01/26 09:36:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HitmanPro
[2013/01/26 09:35:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2013/01/26 09:34:58 | 008,946,432 | ---- | C] (SurfRight B.V.) -- C:\Documents and Settings\Admin\Desktop\HitmanPro.exe
[2013/01/26 09:18:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Desktop\RK_Quarantine
[2013/01/19 12:18:38 | 000,000,000 | -HSD | C] -- C:\FOUND.017
[2013/01/19 12:14:10 | 000,000,000 | ---D | C] -- C:\Avenger
[2013/01/19 09:46:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\Malwarebytes
[2013/01/19 09:45:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/01/19 09:45:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2013/01/19 09:45:47 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/01/19 09:45:47 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/01/19 09:17:48 | 010,156,344 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Admin\Desktop\mbam-setup-1.70.0.1100.exe
[2013/01/18 21:13:25 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/01/17 08:53:56 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Admin\Desktop\aswMBR.exe
[2013/01/17 08:51:16 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL.exe
[2013/01/17 08:37:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Cloud Software LTD
[2013/01/17 08:37:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\wxDownload Fast
[2013/01/17 08:37:52 | 000,000,000 | ---D | C] -- C:\Program Files\wxDownload Fast
[2013/01/17 08:37:37 | 000,000,000 | ---D | C] -- C:\Program Files\JustBrowse
[2013/01/17 08:36:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CloudSoft
[2013/01/17 08:35:15 | 000,000,000 | ---D | C] -- C:\Program Files\Optimizer Pro
[2013/01/17 08:35:01 | 000,000,000 | ---D | C] -- C:\Program Files\WxDownload
[2013/01/17 08:34:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\wxDownload
[2013/01/17 08:34:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\wxDownload
[2013/01/17 08:32:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2013/01/15 03:25:12 | 000,000,000 | -HSD | C] -- C:\FOUND.016
[2013/01/07 00:46:02 | 000,000,000 | -HSD | C] -- C:\FOUND.015
[2013/01/06 23:38:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Start Menu\Programs\Raptr
[2013/01/06 23:38:24 | 000,000,000 | ---D | C] -- C:\Program Files\Raptr
[2013/01/06 23:38:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\Raptr
[2013/01/05 09:27:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\My Documents\docs
[2012/07/13 02:10:29 | 010,974,280 | ---- | C] (LastPass) -- C:\Program Files\Common Files\lpuninstall.exe
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\Documents and Settings\Admin\My Documents\*.tmp files -> C:\Documents and Settings\Admin\My Documents\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/02/02 18:34:08 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/02 18:17:18 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/02/02 17:59:30 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/02 17:59:30 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\ROC_JAN2013_TB_rmv.job
[2013/02/02 17:58:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/02/02 17:58:30 | 1600,307,200 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/02 17:57:26 | 000,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat
[2013/02/02 17:51:48 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Brother Creative Center.lnk
[2013/02/02 17:51:30 | 000,000,230 | ---- | M] () -- C:\WINDOWS\Brpfx04a.ini
[2013/02/02 17:51:30 | 000,000,094 | ---- | M] () -- C:\WINDOWS\brpcfx.ini
[2013/02/02 17:51:00 | 000,000,419 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI
[2013/02/02 17:51:00 | 000,000,027 | ---- | M] () -- C:\WINDOWS\BRPP2KA.INI
[2013/02/02 17:43:04 | 000,000,050 | ---- | M] () -- C:\WINDOWS\System32\bridf08b.dat
[2013/02/02 06:42:54 | 000,096,256 | ---- | M] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/02/01 12:53:36 | 000,000,610 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2013.lnk
[2013/02/01 05:50:20 | 000,000,210 | RHS- | M] () -- C:\boot.ini
[2013/01/31 22:38:28 | 000,443,482 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/01/31 22:38:28 | 000,072,582 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/01/26 18:15:40 | 000,000,056 | RH-- | M] () -- C:\Documents and Settings\Admin\Desktop\Stinger.opt
[2013/01/26 12:06:22 | 000,014,664 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\stinger.sys
[2013/01/26 11:42:16 | 010,683,936 | ---- | M] (McAfee Inc.) -- C:\Documents and Settings\Admin\Desktop\Stinger.exe
[2013/01/26 11:16:48 | 000,031,576 | ---- | M] (AVG Technologies) -- C:\WINDOWS\System32\drivers\avgtpx86.sys
[2013/01/26 10:36:02 | 000,001,518 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HitmanPro.lnk
[2013/01/26 09:53:18 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2013/01/26 09:34:18 | 008,946,432 | ---- | M] (SurfRight B.V.) -- C:\Documents and Settings\Admin\Desktop\HitmanPro.exe
[2013/01/25 19:04:12 | 000,061,493 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\New Public Details (A4 Size) - Anxiety Alliance - Helpline Call Taker.pdf
[2013/01/19 09:45:52 | 000,000,692 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/19 09:03:42 | 010,156,344 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Admin\Desktop\mbam-setup-1.70.0.1100.exe
[2013/01/19 08:15:06 | 000,764,416 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\RogueKiller.exe
[2013/01/19 08:13:30 | 002,195,061 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\tdsskiller.zip
[2013/01/19 08:10:20 | 000,724,952 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\avenger.zip
[2013/01/19 08:08:32 | 000,095,744 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\SystemLook_x64.exe
[2013/01/17 19:05:36 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\MBR.dat
[2013/01/17 08:53:40 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Admin\Desktop\aswMBR.exe
[2013/01/17 08:50:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL.exe
[2013/01/15 20:46:14 | 000,002,413 | ---- | M] () -- C:\WINDOWS\System32\lgAxconfig.ini
[2013/01/09 07:44:48 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/01/06 23:37:08 | 000,001,413 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Vuze.lnk
[2013/01/06 23:37:08 | 000,001,413 | ---- | M] () -- C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2013/01/06 13:58:46 | 001,466,147 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\ctax.pdf
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\Documents and Settings\Admin\My Documents\*.tmp files -> C:\Documents and Settings\Admin\My Documents\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/02/02 17:51:47 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Brother Creative Center.lnk
[2013/02/02 17:51:28 | 000,000,230 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2013/02/02 17:51:28 | 000,000,094 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2013/02/02 17:50:58 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2013/02/02 17:50:58 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2013/02/02 17:43:03 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\bridf08b.dat
[2013/02/02 17:42:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2013/01/26 18:15:38 | 000,000,056 | RH-- | C] () -- C:\Documents and Settings\Admin\Desktop\Stinger.opt
[2013/01/26 11:18:17 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\ROC_JAN2013_TB_rmv.job
[2013/01/26 09:36:13 | 000,001,518 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HitmanPro.lnk
[2013/01/26 09:18:10 | 000,764,416 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\RogueKiller.exe
[2013/01/25 19:04:11 | 000,061,493 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\New Public Details (A4 Size) - Anxiety Alliance - Helpline Call Taker.pdf
[2013/01/19 09:45:51 | 000,000,692 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/19 08:14:15 | 002,195,061 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\tdsskiller.zip
[2013/01/19 08:11:55 | 000,724,952 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\avenger.zip
[2013/01/19 08:09:49 | 000,095,744 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\SystemLook_x64.exe
[2013/01/17 19:05:34 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\MBR.dat
[2013/01/06 13:58:45 | 001,466,147 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\ctax.pdf
[2013/01/05 09:15:26 | 734,791,680 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\The.Amityville.Horror[2005]DvDrip[Eng]-aXXo.avi
[2012/12/01 14:13:30 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\DriverCoInstaller.dll
[2012/12/01 14:13:20 | 000,011,264 | ---- | C] () -- C:\WINDOWS\System32\rockusbCoInstaller.dll
[2012/09/15 18:06:35 | 000,262,216 | ---- | C] () -- C:\WINDOWS\System32\IPTests.dll
[2012/09/15 18:05:38 | 000,422,000 | ---- | C] () -- C:\WINDOWS\System32\wgapi.dll
[2012/08/15 11:41:38 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2012/08/15 11:22:51 | 000,025,548 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTAIODAT.DAT
[2012/07/15 04:45:18 | 000,027,520 | ---- | C] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\dt.dat
[2012/07/12 06:56:24 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\CommonDL.dll
[2012/07/12 06:56:24 | 000,002,413 | ---- | C] () -- C:\WINDOWS\System32\lgAxconfig.ini
[2012/07/12 01:12:25 | 000,096,256 | ---- | C] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/05 10:39:14 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\fusioncache.dat
[2011/10/08 09:09:25 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

========== ZeroAccess Check ==========

[2006/08/30 16:06:10 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2010/09/09 15:16:30 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 13:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 01:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2006/09/25 10:02:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/05/29 13:42:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBT
[2009/10/19 18:46:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/03/19 15:35:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2010/06/06 10:37:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2010/09/18 10:16:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2010/10/04 21:08:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Free Ride Games
[2010/10/13 21:49:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/10/13 22:04:32 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/10/13 23:41:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/02/24 12:49:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\dBfAjAk08520
[2011/05/14 15:52:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\lA01803IfLbM01803
[2011/05/14 15:52:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\hK01803DjImA01803
[2011/05/14 15:53:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fK01803FbEpA01803
[2011/05/14 15:54:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iB01803OmLaN01803
[2011/05/14 15:55:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\dG01803KpLpJ01803
[2011/05/14 15:55:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\hF01803MfMbK01803
[2011/05/14 15:57:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\dA01803EaDjD01803
[2011/05/29 12:07:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\hF01803GdNiD01803
[2011/05/29 12:08:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iB01803KhLmJ01803
[2011/05/29 12:09:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\cM01803OlMlE01803
[2011/05/29 12:10:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\hM01803FjLjA01803
[2011/05/29 12:11:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eI01803AgKpB01803
[2011/05/29 12:11:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fO01803ImApF01803
[2011/05/29 12:12:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pE01803DlJmD01803
[2011/06/20 19:04:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fN01803IdOaF01803
[2011/06/20 19:04:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\gA01803MhIjF01803
[2011/06/18 00:18:16 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\~0
[2011/06/30 20:26:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}
[2011/10/13 14:49:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2012/07/10 18:45:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MobileBrServ
[2012/07/11 17:16:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2012/07/12 06:56:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LGMOBILEAX
[2012/07/16 17:02:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\5DFly Software
[2012/08/18 18:15:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TreeCardGames
[2012/09/15 18:04:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TP-LINK
[2012/10/20 14:00:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2013
[2012/12/01 14:12:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{F0489EF2-D393-4114-85BA-A94D71D89543}
[2013/01/17 08:32:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2013/01/17 08:34:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\wxDownload
[2013/01/17 08:36:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CloudSoft
[2013/01/17 08:38:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cloud Software LTD
[2013/01/26 09:35:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2010/11/06 08:57:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Trusteer
[2012/07/05 10:41:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\SiteRanker
[2012/07/10 18:46:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\alotappbar
[2012/07/10 18:46:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\AVG Secure Search
[2012/07/10 19:31:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Azureus
[2012/07/11 00:10:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\PriceGong
[2012/07/12 04:53:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1
[2012/07/12 05:49:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Philipp Winterberg
[2012/07/12 06:42:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\LG Electronics
[2012/07/14 20:27:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\alot
[2012/07/15 23:52:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\5DFly
[2012/07/18 02:18:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Oracle
[2012/08/18 15:17:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\BSplayer PRO
[2012/08/18 18:14:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\TreeCardGames
[2012/08/18 19:15:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\MysteryStudio
[2012/08/18 19:15:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Exent Technologies
[2012/09/15 18:07:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\TP-LINK
[2012/10/20 14:57:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\TuneUp Software
[2012/10/20 17:54:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\AVG2013
[2012/12/01 15:01:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Philips-Songbird
[2012/12/01 15:22:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Philips
[2012/12/06 12:27:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Amazon
[2012/12/16 10:34:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\ICAClient
[2012/12/29 14:53:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\OpenCandy
[2013/01/06 23:38:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Raptr

========== Purity Check ==========



< End of report >
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP