Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

WIN 32/ Expiro Infection

Started by shar907 , Feb 03 2013 10:12 AM

  • This topic is locked This topic is locked

#1
shar907
Posted 03 February 2013 - 10:12 AM

shar907

    Member

  • Member
  • PipPip
  • 38 posts
Think I have Win 32/ Expiro infection. Can't open internet explorer it disappeared. Programs disappeared, Word and many others won't open. Used the Virus Remover for WIN 32/ Expiro 1.2.0.711 Free download from Softpedia called rmexpiro(2).exe. Still can't open programs. AVG keeps opening up with the threat and will delete it and it appears deletes the files I need for the programs I have. When i start the computer a blue screen appears I think its the windows scan program and it scans and says almost all my programs and files are gone. HELP.
Thanks
  • 0

Advertisements

#2
maliprog
Posted 04 February 2013 - 01:37 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello shar907 and welcome to my office here at G2G! :)

My nick is maliprog and I'll be your technical support on this issue. Before we start please read my notes carefully:

NOTES:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste it to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

Win32/Expiro is a virus that infects EXE files in all drives and collects user credentials from an infected computer. It also allows backdoor access and control to the infected computer, and lowers Internet Explorer security settings.

There is no guarantee can be given that the system will be usable or safe after this cleanup.
For a file infector the best recommendation would be to reformat and reinstall, but the choice is yours.

If you decide to try and clean your system let me know and we will try our best shot. As you already noticed some of your EXE files are infected and you probably won't get it back.

Please backup all your Word, Excell, PDF documents to safe place.

Don't backup any programs (any EXE files) because they are probably already infected!
  • 0

#3
shar907
Posted 04 February 2013 - 11:12 AM

shar907

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Thanks for your help.
Shar907
  • 0

#4
maliprog
Posted 04 February 2013 - 01:34 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
I don't get it...

Did you decide to re-format your system?
  • 0

#5
shar907
Posted 04 February 2013 - 10:51 PM

shar907

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
No.
  • 0

#6
maliprog
Posted 05 February 2013 - 03:48 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi shar907,

No.


Your answers are very confusing and short. Please try to write full sentences to your replies as I do. That way we will have real communication and I'll not need to guess what you want to say in your reply.

I guess you want to try cleaning precess.

Step 1

The following programme may need to be run several times and no guarantee can be given

Download Sality Killer zip to your desktop and extract SalityKiller.exe

Run the utility SalityKiller.exe on the infected computer
A reboot might require after disinfection.

Download the file Sality_RegKeys.zip
unpack the file Sality_RegKeys.zip
run the file Disable_autorun.reg from the archive Sality_RegKeys.zip

Once the scan is over, from the archive Sality_RegKeys.zip run the file of the registry key:

under Windows 2000 run the registry file SafeBootWin200.reg
under Windows XP run the registry file SafeBootWinXP.reg
under Windows 2003 run the registry file SafeBootWinServer2003.reg
under Windows Vista / 2008 run the registry file SafebootVista.reg
under Windows 7 / 2008 R2 run the registry file SafebootWin7.reg

Step 2

Let's install the free Avast:

AVAST Free

Once you have it installed and it has updated, right click on it and select Open Avast! User Interface then click on Scan Computer, then on
Boot-Time Scan then Schedule Now.

Reboot and let it run a scan. It will take many hours (like overnight) and unfortunately you may need to check back with it once in a while to see if it needs an input from you. If the scan hangs that may indicate a hardware problem.

Step 3

Please don't forget to include these items in your reply:

  • Please tell me did you manage to run these steps.
It would be helpful if you could post each log in separate post using "Add Reply" button
  • 0

#7
shar907
Posted 05 February 2013 - 08:17 PM

shar907

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
When I downloaded SalityKiller zip I only got the exe file and Eula.txt. There was no Sality_RegKeys.zip file or Disable_autorun.reg file. I rebooted the CPU.The report from this scan said " File C:\Documents & Settings\All Users\Application Data\IBUpdater Service\ibsvc.exe is infected by Win32:Install-Brain-AD[PUP]. I clicked 4, Moved to Chest.I downloaded Avast free. Scanned the system and did the Boot-time Scan. In Avast there were 48 infected files. I moved them to the Chest. AVG keeps popping on. In the report it says the CPU has has 908 potentially dangerous threats. When I moved them last week , to the virus vault, the programs or files with the virus were deleted. I can't open my word documents or get Internet Explorer back. When trying to open a Word document it says "The Window Installer Service could not be accessed. This can occur if you are running Windows in Safe Mode (I wasn't)or if the Windows Installer is not correctly installed, Contact your support personnel for assistance. When I try to open a word document with Foxit PDF it says Foxit PDF Convert is missing. Get it from Internet Explorer. Then it says "Fail to download due to your network disconnection or busyness".
  • 0

#8
maliprog
Posted 06 February 2013 - 12:07 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi shar907,

This infection is probably ruin a lot of programs on your PC and this is what I expected. My plain is to try to kill infection first and then try to repair what we can repair.

Step 1

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion just reboot your system once, that will cure it.


Please make sure you include the combo fix log in your next reply

Step 2

Download OTL to your Desktop

  • Double click on the icon to run it (If running Vista or Windows 7, right click on it and select "Run as an Administrator"). Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan/Fixes box paste this in

    netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
services.exe
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them here for me.


Step 3

Please don't forget to include these items in your reply:

  • OTL log
  • OTL Extras log
  • Combofix log
It would be helpful if you could post each log in separate post using "Add Reply" button
  • 0

#9
shar907
Posted 06 February 2013 - 01:45 PM

shar907

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Could not do ComboFix. It froze the CPU. When I scanned with OTL Avast popped on saying Malware Blocked c:\Documents & Settings OTL.exe. Can't find the OTL Extra log.

Thanks

OTL logfile created on: 2/6/2013 11:35:34 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Owner\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.07 Mb Total Physical Memory | 618.09 Mb Available Physical Memory | 60.95% Memory free
2.38 Gb Paging File | 1.88 Gb Available in Paging File | 79.01% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 29.92 Gb Free Space | 40.16% Space Free | Partition Type: NTFS

Computer Name: OWNERPC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/02/06 11:33:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\Downloads\OTL (1).exe
PRC - [2013/01/22 14:29:10 | 000,245,168 | ---- | M] (http://yourfiledownloader.com) -- C:\Program Files\YourFileDownloader\YourFileUpdater.exe
PRC - [2012/12/11 03:52:44 | 003,147,384 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe
PRC - [2012/12/03 23:35:18 | 000,843,704 | ---- | M] (Samsung) -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2012/12/03 23:35:10 | 000,967,608 | ---- | M] (Samsung) -- C:\Program Files\Samsung\Kies\Kies.exe
PRC - [2012/11/15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe
PRC - [2012/10/30 18:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/10/30 18:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/10/30 04:59:56 | 000,726,648 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgrsx.exe
PRC - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe
PRC - [2012/10/22 13:04:32 | 001,116,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgnsx.exe
PRC - [2012/10/22 13:03:46 | 000,440,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcsrvx.exe
PRC - [2012/09/18 14:28:32 | 000,069,640 | ---- | M] (Nalpeiron Ltd.) -- C:\WINDOWS\system32\NLSSRV32.EXE
PRC - [2011/10/11 04:43:27 | 001,700,784 | ---- | M] (iMesh, Inc) -- C:\Program Files\SearchCore for Browsers\SearchCore for Browsers\datamngrUI.exe
PRC - [2009/10/26 02:33:42 | 000,015,872 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
PRC - [2009/05/08 05:53:34 | 000,174,424 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Common\YMailAdvisor.exe
PRC - [2009/04/07 08:13:10 | 000,673,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe
PRC - [2008/04/17 13:14:00 | 000,102,712 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2008/04/17 13:14:00 | 000,098,616 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2013/02/06 04:49:42 | 002,051,072 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\13020600\algo.dll
MOD - [2013/02/05 16:19:45 | 002,051,072 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\13020501\algo.dll
MOD - [2013/01/22 04:39:56 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\92d58f840f549f9bd880783d43db7e3c\System.Runtime.Remoting.ni.dll
MOD - [2012/11/28 14:45:22 | 012,564,480 | ---- | M] () -- C:\Program Files\Samsung\Kies\Theme\Kies.Theme.dll
MOD - [2012/11/28 14:45:00 | 000,569,344 | ---- | M] () -- C:\Program Files\Samsung\Kies\Common\Kies.UI.dll
MOD - [2012/11/28 14:44:54 | 000,034,816 | ---- | M] () -- C:\Program Files\Samsung\Kies\Common\Kies.Common.DeviceServiceLib.Interface.dll
MOD - [2012/11/28 14:44:12 | 000,023,040 | ---- | M] () -- C:\Program Files\Samsung\Kies\MVVM\Kies.MVVM.dll
MOD - [2012/11/28 14:19:32 | 000,057,856 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\MediaModules\ASF_cSharpAPI.dll
MOD - [2012/06/14 12:06:10 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b84bb74d7724e147a642a1d5358feb7\System.ServiceProcess.ni.dll
MOD - [2012/06/14 09:43:15 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll
MOD - [2012/06/13 23:11:14 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll
MOD - [2012/06/13 23:10:17 | 014,329,856 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e4ecfaaf5417aceecb7fa8abddf06113\PresentationFramework.ni.dll
MOD - [2012/06/13 23:09:33 | 012,218,368 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\f33e2a4d9b385234406fa2d662f78875\PresentationCore.ni.dll
MOD - [2012/05/09 21:04:31 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
MOD - [2012/05/09 19:14:53 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012/05/09 19:12:56 | 002,295,296 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\38d07a5ac34b99d94fd14f42e779f625\System.Core.ni.dll
MOD - [2012/05/09 19:11:20 | 003,325,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\6d8bef0d008389874e55c0308f0c18e5\WindowsBase.ni.dll
MOD - [2012/05/09 19:11:05 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012/05/09 19:10:46 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2010/03/09 01:55:56 | 000,010,752 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerCOM.dll
MOD - [2009/10/26 02:33:42 | 000,015,872 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
MOD - [2009/10/26 02:33:34 | 000,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll
MOD - [2009/07/13 19:50:04 | 000,325,120 | ---- | M] () -- C:\Program Files\TeraCopy\TeraCopy.dll
MOD - [2009/06/21 22:26:00 | 000,305,664 | ---- | M] () -- C:\Program Files\TeraCopy\TeraCopyExt.dll
MOD - [2009/03/12 14:45:32 | 000,135,168 | ---- | M] () -- C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll
MOD - [2008/11/21 12:58:42 | 000,057,344 | ---- | M] () -- C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll
MOD - [2004/09/12 17:17:42 | 000,061,440 | ---- | M] () -- C:\WINDOWS\system32\CopyToSendTo.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\SearchIndexer.exe /Embedding -- (WSearch)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc)
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\wbem\wmiapsrv.exe -- (WmiApSrv)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe -- (vToolbarUpdater14.0.1)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\vssvc.exe -- (VSS)
SRV - File not found [Auto | Stopped] -- C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\system32\tlntsvr.exe -- (TlntSvr)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\system32\smlogsvc.exe -- (SysmonLog)
SRV - File not found [Auto | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - File not found [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler)
SRV - File not found [Auto | Stopped] -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\SCardSvr.exe -- (SCardSvr)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\system32\locator.exe -- (RpcLocator)
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\sessmgr.exe -- (RDSessMgr)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - File not found [Auto | Stopped] -- C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Nitro\Pro 8\NitroPDFDriverService8.exe -- (NitroDriverReadSpool8)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDEdsdm)
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDE)
SRV - File not found [Auto | Stopped] -- C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService)
SRV - File not found [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - File not found [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\system32\msiexec.exe /V -- (MSIServer)
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\mnmsrvc.exe -- (mnmsrvc)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxecserv.exe -- (lxecCATSCustConnectService)
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\lxeccoms.exe -- (lxec_device)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe -- (JavaQuickStarterService)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\system32\imapi.exe -- (ImapiService)
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\HPSIsvc.exe -- (HPSIService)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe /medsvc -- (gupdatem)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe /svc -- (gupdate)
SRV - File not found [Auto | Stopped] -- %SystemRoot%\System32\ersvc.dll -- (ERSvc)
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\System32\dmadmin.exe /com -- (dmadmin)
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\system32\clipsrv.exe -- (ClipSrv)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\system32\cisvc.exe -- (CiSvc)
SRV - File not found [Auto | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\alg.exe -- (ALG)
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - File not found [Auto | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2012/11/15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/10/30 18:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012/09/18 14:28:32 | 000,069,640 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\WINDOWS\system32\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2008/04/17 13:14:00 | 000,102,712 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Internet Explorer\SABProcEnum.sys -- (SABProcEnum)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | Auto | Stopped] -- -- (MCSTRM)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013/01/23 14:17:53 | 000,031,576 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2012/11/15 23:33:26 | 000,094,048 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2012/10/30 18:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/10/30 18:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/10/30 18:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/10/30 18:51:58 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012/10/30 18:51:57 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/10/30 18:51:56 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2012/10/30 18:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/10/24 21:35:59 | 000,005,248 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\giveio.sys -- (giveio)
DRV - [2012/10/22 13:02:46 | 000,179,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2012/10/15 03:48:52 | 000,055,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/10/02 03:30:38 | 000,159,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/09/21 03:46:06 | 000,164,832 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/09/21 03:46:00 | 000,177,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avglogx.sys -- (Avglogx)
DRV - [2012/09/21 03:45:54 | 000,019,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2012/09/14 03:05:20 | 000,035,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2012/07/04 15:26:12 | 000,010,088 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Stopped] -- C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2012/06/27 03:37:56 | 000,132,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2012/06/27 03:37:56 | 000,110,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdserd.sys -- (sscdserd)
DRV - [2012/06/27 03:37:56 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus)
DRV - [2012/06/27 03:37:56 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2011/10/08 02:28:44 | 000,017,408 | R--- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mvusbews.sys -- (mvusbews)
DRV - [2011/07/22 11:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 16:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/03/09 01:52:46 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2010/02/03 23:21:49 | 000,108,032 | R--- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smhwser.sys -- (smhwser)
DRV - [2009/09/08 18:13:16 | 000,065,584 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ctxusbm.sys -- (ctxusbm)
DRV - [2009/08/26 17:10:26 | 000,213,544 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2006/08/15 10:48:00 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/04/07 11:11:40 | 000,036,368 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LGUsbDiag.sys -- (UsbDiag)
DRV - [2004/04/07 11:11:40 | 000,019,908 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LGUSBBUS.SYS -- (usbbus)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = http://search.imesh....q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/search?q=%s
IE - HKCU\..\SearchScopes,DefaultScope = {7DD5994B-884B-46B1-BD95-20F64BE5FACA}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{7DD5994B-884B-46B1-BD95-20F64BE5FACA}: "URL" = http://search.yahoo....ei=utf-8&fr=ie8
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg....fr&d=2011-12-13 12:26:19&v=12.2.5.32&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = http://search.imesh....q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.order.1: "iMesh Web Search"
FF - prefs.js..browser.search.selectedEngine: "Delta Search"
FF - prefs.js..browser.startup.homepage: "http://www.yd.delta-...0000137273238d"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1423
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {1FD91A9C-410C-4090-BBCC-55D3450EF433}:1.0
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.9.0.9216
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31
FF - prefs.js..extensions.enabledItems: 2pffxtbr@CouponAlert_2p.com:1.44.0.31084
FF - prefs.js..extensions.enabledItems: {28387537-e3f9-4ed7-860c-11e69af4a8a0}:4.4.0.01
FF - prefs.js..extensions.enabledItems: {8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}:2.5.3
FF - prefs.js..extensions.enabledItems: avg@toolbar:11.0.0.9
FF - prefs.js..extensions.enabledItems: [email protected]:0.78.15
FF - prefs.js..keyword.URL: "http://search.imesh....emid=1&sr=0&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\14.0.1\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@CouponAlert_2p.com/Plugin: File not found
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: %16422%\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll (Oberon-Media )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\avg@toolbar: C:\Documents and Settings\All Users\Application Data\AVG Secure Search\FireFoxExt\14.0.2.14 [2013/01/23 14:19:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Documents and Settings\Owner\Local Settings\Application Data\RewardsArcadeSuite\1950\Firefox [2012/02/03 10:35:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/12/21 13:16:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/01/11 11:42:27 | 000,000,000 | ---D | M]

[2011/10/22 17:36:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2013/01/31 03:03:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\leail3qf.default\extensions
[2011/08/16 15:31:57 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\leail3qf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/10/22 17:36:17 | 000,000,000 | ---D | M] (MediaBar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\leail3qf.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}
[2012/12/14 22:43:45 | 000,000,000 | ---D | M] (Coupon Matcher) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\leail3qf.default\extensions\{d12b4ac5-7cfd-4189-9422-6a44f564d17c}
[2013/01/30 05:14:10 | 000,000,000 | ---D | M] (.) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\leail3qf.default\extensions\{ec9032c7-c20a-464f-7b0e-13a3a9e97385}
[2012/12/19 17:26:07 | 000,000,000 | ---D | M] ("Coupon Companion Plugin") -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\leail3qf.default\extensions\[email protected]
[2013/01/22 14:31:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\leail3qf.default\extensions\[email protected]
[2012/12/19 17:24:58 | 000,000,000 | ---D | M] (SelectionLinks) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\leail3qf.default\extensions\[email protected]
[2012/12/19 17:26:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\leail3qf.default\extensions\[email protected]\chrome\content\extensionCode
[2012/04/16 15:33:29 | 000,001,225 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\leail3qf.default\searchplugins\my-homepage.xml
[2011/10/22 17:35:36 | 000,002,514 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\leail3qf.default\searchplugins\SearchResults.xml
[2012/09/20 23:10:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/12/17 04:22:20 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/04/29 15:13:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/07/11 18:56:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2012/09/20 23:09:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2009/09/12 23:05:42 | 000,124,240 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CCMSDK.dll
[2009/09/12 23:06:22 | 000,070,488 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll
[2009/09/12 23:06:32 | 000,091,480 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\confmgr.dll
[2009/09/12 23:06:28 | 000,022,360 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll
[2009/09/12 23:08:36 | 000,406,864 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll
[2009/07/02 10:19:28 | 000,102,400 | ---- | M] (Zylom) -- C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll
[2009/09/12 23:06:24 | 000,023,896 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll
[2013/01/23 14:18:23 | 000,003,591 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2013/01/22 14:31:20 | 000,006,540 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2011/10/22 17:35:36 | 000,002,514 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml

========== Chrome ==========

CHR - default_search_provider: Delta Search (Enabled)
CHR - default_search_provider: search_url = http://www.yd.delta-...00000137273238d
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.56\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.56\pdf.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll
CHR - plugin: Skype Click to Call (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.5.0.11422_0\npSkypeChromePlugin.dll
CHR - plugin: Download Helper (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai\1.1.0_0\plugin/download_helper.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Zylom Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\14.0.1\\npsitesafety.dll
CHR - plugin: Oberon com adapter (Enabled) = C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Nitro PDF plugin for Firefox and Chrome (Enabled) = C:\Program Files\Nitro\Pro 8\npnitromozilla.dll
CHR - plugin: Java™ Platform SE 7 U5 (Enabled) = C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: General Crawler = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel\2.6_0\
CHR - Extension: Google Chrome = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dlddmedljhmbgdhapibnagaanenmajcm\1.0_0\
CHR - Extension: Coupon Matcher = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fbeaeacnffjpnodemllopecegchjefhb\1.1_0\
CHR - Extension: avast! WebRep = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\
CHR - Extension: RewardsArcade Suite = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ielefkgbofdpglioecfjcbikholflklb\1.21.72_0\crossrider
CHR - Extension: RewardsArcade Suite = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ielefkgbofdpglioecfjcbikholflklb\1.21.72_0\
CHR - Extension: Coupon Companion Plugin = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jneaojaoiajhnemidnjhoempalnidbhj\1.20.5_0\crossrider
CHR - Extension: Coupon Companion Plugin = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jneaojaoiajhnemidnjhoempalnidbhj\1.20.5_0\
CHR - Extension: Skype Click to Call = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.5.0.11422_0\
CHR - Extension: AVG Secure Search = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\14.0.2.14_0\

O1 HOSTS File: ([2006/02/28 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (MediaBar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\Program Files\iMesh Applications\MediaBar\Datamngr\ToolBar\imeshdtxmltbpi.dll ()
O2 - BHO: (SelectionLinksBHO Class) - {300BEC06-B743-4D19-86B9-11DC711D7FFB} - C:\Program Files\OApps\SelectionLinks.dll (SelectionLinks)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\14.0.2.14\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (RewardsArcadeSuite) - {B6EF6C45-5E8D-4c3b-B580-A5073261A381} - C:\Program Files\RewardsArcadeSuite\RewardsArcadeSuite.dll (215 Apps)
O2 - BHO: (SearchCore for Browsers) - {BE7A24F5-69CB-4708-B77B-B1EDA6043B95} - C:\Program Files\SearchCore for Browsers\SearchCore for Browsers\BrowserConnection.dll (SearchCore for Browsers)
O2 - BHO: (Lexmark Printable Web) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (MediaBar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\Program Files\iMesh Applications\MediaBar\Datamngr\ToolBar\imeshdtxmltbpi.dll ()
O3 - HKLM\..\Toolbar: (Reg Error: Value error.) - {3462c343-be19-4143-af70-cefb56f46fc6} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\14.0.2.14\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup File not found
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\SearchCore for Browsers\SearchCore for Browsers\datamngrUI.exe (iMesh, Inc)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [EzPrint] "C:\Program Files\Lexmark Pro800-Pro900 Series\ezprint.exe" File not found
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe File not found
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe File not found
O4 - HKLM..\Run: [lxecmon.exe] "C:\Program Files\Lexmark Pro800-Pro900 Series\lxecmon.exe" File not found
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe File not found
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKLM..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" File not found
O4 - HKLM..\Run: [YMailAdvisor] C:\Program Files\Yahoo!\Common\YMailAdvisor.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKCU..\Run: [ANTIMALWARE] C:\Documents and Settings\Owner\Application Data\AntiMalware.exe ()
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" File not found
O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics)
O4 - HKCU..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung)
O4 - HKCU..\Run: [Media Finder] "C:\Program Files\Media Finder\Media Finder.exe" /opentotray File not found
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - mswsock.dll File not found
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: dmc.org ([dmcnf04] https in Trusted sites)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} http://zone.msn.com/...tz.cab99160.cab (MSN Games – Hearts)
O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} http://zone.msn.com/...vl.cab55579.cab (ZPA_SHVL Object)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadbl...ivex/sabspx.cab (SABScanProcesses Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...k.cab102118.cab (MSN Games - Installer)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://zone.msn.com/...aploader_v6.cab (PopCapLoader Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B3B18F98-DDBC-4ED5-A952-4B4F34DDDB52}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\g7ps {9EACF0FB-4FC7-436E-989B-3197142AD979} - C:\Program Files\Common Files\G7PS\Shared Files\G7PSDLL\G7PS.dll (G7 Productivity Systems, Inc.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\14.0.1\ViProtocol.dll ()
O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\SEARCH~1\datamngr.dll) - C:\Program Files\SearchCore for Browsers\SearchCore for Browsers\datamngr.dll (iMesh, Inc)
O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\SEARCH~1\IEBHO.dll) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/04/29 15:05:05 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{595e7f6c-7276-11e0-aa5d-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{595e7f6c-7276-11e0-aa5d-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{595e7f6c-7276-11e0-aa5d-806d6172696f}\Shell\AutoRun\command - "" = E:\SETUP.EXE
O33 - MountPoints2\{595e7f6c-7276-11e0-aa5d-806d6172696f}\Shell\configure\command - "" = E:\SETUP.EXE
O33 - MountPoints2\{595e7f6c-7276-11e0-aa5d-806d6172696f}\Shell\install\command - "" = E:\SETUP.EXE
O33 - MountPoints2\{9a9bcb4e-b3b5-11e0-a37b-00137273238d}\Shell - "" = AutoRun
O33 - MountPoints2\{9a9bcb4e-b3b5-11e0-a37b-00137273238d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9a9bcb4e-b3b5-11e0-a37b-00137273238d}\Shell\AutoRun\command - "" = F:\PcOptions.exe
O33 - MountPoints2\{9a9bcb50-b3b5-11e0-a37b-00137273238d}\Shell - "" = AutoRun
O33 - MountPoints2\{9a9bcb50-b3b5-11e0-a37b-00137273238d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9a9bcb50-b3b5-11e0-a37b-00137273238d}\Shell\AutoRun\command - "" = F:\PcOptions.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
System Restore Service not available.

========== Files/Folders - Created Within 30 Days ==========

[2013/02/06 11:40:38 | 004,260,472 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgr41e.nt
[2013/02/05 23:09:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\MiRideshare My Page_files
[2013/02/05 21:37:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\LATEST CPU STUff
[2013/02/05 14:35:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2013/02/05 14:35:36 | 000,361,032 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2013/02/05 14:35:36 | 000,021,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2013/02/05 14:35:34 | 000,035,928 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2013/02/05 14:35:33 | 000,054,232 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2013/02/05 14:35:32 | 000,738,504 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2013/02/05 14:35:31 | 000,097,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2013/02/05 14:35:31 | 000,089,752 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2013/02/05 14:35:30 | 000,025,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2013/02/05 14:35:09 | 000,227,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2013/02/05 14:35:09 | 000,041,224 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2013/02/05 14:34:47 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013/02/05 14:34:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2013/02/04 00:37:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013/02/04 00:37:48 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2013/02/02 16:31:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\123
[2013/02/02 00:38:15 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2013/01/31 02:31:40 | 000,065,776 | ---- | C] (JGsoft - Just Great Software) -- C:\WINDOWS\UnDeploy.exe
[2013/01/31 01:00:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\ABBYY
[2013/01/30 17:28:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HP
[2013/01/30 17:24:29 | 000,017,408 | R--- | C] (Marvell Semiconductor, Inc.) -- C:\WINDOWS\System32\drivers\mvusbews.sys
[2013/01/30 17:21:11 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2013/01/30 10:49:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\AVG2013
[2013/01/30 10:34:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG
[2013/01/30 10:20:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2013
[2013/01/29 22:16:00 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2013/01/28 22:42:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2013/01/28 22:38:11 | 000,000,000 | -HSD | C] -- C:\found.000
[2013/01/26 19:15:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\AVG
[2013/01/24 11:07:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\PeaZip
[2013/01/23 02:57:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Output Files
[2013/01/23 02:55:40 | 000,000,000 | ---D | C] -- C:\Output Files
[2013/01/23 02:51:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\office Convert Pdf to Jpg Jpeg Tiff Free
[2013/01/23 02:51:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\tempdir
[2013/01/23 02:51:21 | 000,000,000 | ---D | C] -- C:\Program Files\office Convert Pdf to Jpg Jpeg Tiff Free
[2013/01/23 02:48:28 | 009,661,784 | ---- | C] (Officeconvert Software, Inc. ) -- C:\Documents and Settings\Owner\Desktop\office-convert-pdf-to-jpg-jpeg-tiff-free.exe
[2013/01/22 14:32:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BrowserProtect
[2013/01/22 13:44:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2013/01/22 12:33:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\PenSoft
[2013/01/22 11:28:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft Corporation
[2013/01/22 04:37:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Small Business Accounting
[2013/01/22 04:31:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Small Business
[2013/01/22 04:27:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft SQL Server 2005
[2013/01/22 04:18:05 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0
[2013/01/22 04:12:20 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server
[2013/01/22 03:56:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Payroll
[2013/01/22 03:56:31 | 000,000,000 | ---D | C] -- C:\Program Files\PenSoft
[2013/01/21 21:54:27 | 000,000,000 | ---D | C] -- C:\Program Files\YourFileDownloader
[2013/01/21 21:54:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\YourFileDownloader
[2013/01/21 21:30:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Halfpricesoft
[2013/01/21 19:37:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\ezPayCheck
[2013/01/21 19:05:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\GetRightToGo
[2013/01/21 19:01:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\PayWindow Tax Files
[2013/01/21 19:01:46 | 000,000,000 | ---D | C] -- C:\Program Files\PayWindow Payroll
[2013/01/21 19:01:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\PayWindow Data Files
[2013/01/21 19:01:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\paywin
[2013/01/21 18:44:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Payroll Mate 2011
[2013/01/21 17:22:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Payroll Mate 2013
[2013/01/21 17:22:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Payroll Mate (2013)
[2013/01/21 17:22:31 | 000,000,000 | ---D | C] -- C:\Program Files\Real Business Solutions
[2013/01/20 19:13:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\AVG
[2013/01/19 10:53:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\CrashDump
[2013/01/17 19:12:33 | 000,032,120 | ---- | C] (AVG) -- C:\WINDOWS\System32\TURegOpt.exe
[2013/01/17 19:12:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG PC TuneUp
[2013/01/17 19:08:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG
[2013/01/17 19:08:02 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
[2013/01/07 21:20:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Ixny
[2013/01/07 21:20:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Ivun
[2013/01/07 21:20:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Igom
[2013/01/07 18:11:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\TuneUp Software
[2011/04/29 15:15:27 | 002,234,088 | ---- | C] (Ask.com ) -- C:\Documents and Settings\Owner\NEWB52.tmp.exe
[6 C:\Documents and Settings\Owner\*.tmp files -> C:\Documents and Settings\Owner\*.tmp -> ]
[1 C:\Documents and Settings\Owner\Desktop\*.tmp files -> C:\Documents and Settings\Owner\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/02/06 11:46:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{ADC066A3-B83C-4719-B392-1608900EE918}.job
[2013/02/06 11:40:38 | 004,260,472 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgr41e.nt
[2013/02/06 11:40:38 | 000,107,430 | ---- | M] () -- C:\WINDOWS\System32\avgr41e.lst
[2013/02/06 11:33:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/06 10:51:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/02/06 08:48:00 | 000,000,580 | -H-- | M] () -- C:\WINDOWS\tasks\DataUpload.job
[2013/02/06 02:35:01 | 000,000,314 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013/02/06 00:09:17 | 000,000,010 | ---- | M] () -- C:\WINDOWS\popcinfo.dat
[2013/02/05 23:09:39 | 000,023,238 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MiRideshare My Page.htm
[2013/02/05 16:22:49 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/05 16:22:49 | 000,000,616 | -H-- | M] () -- C:\WINDOWS\tasks\ConfigExec.job
[2013/02/05 16:22:49 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\ROC_JAN2013_TB_rmv.job
[2013/02/05 16:22:45 | 000,000,324 | ---- | M] () -- C:\WINDOWS\tasks\YourFile DownloaderUpdate.job
[2013/02/05 16:22:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/02/05 16:07:54 | 000,183,023 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\WinZip.Pro.v17.0.Build.10283.Incl.Keygen-MESMERiZE.zip
[2013/02/05 15:28:02 | 1063,399,424 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/05 14:35:31 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2013/02/03 00:01:27 | 001,124,352 | ---- | M] () -- C:\WINDOWS\System32\WgaTray.exe
[2013/02/03 00:01:14 | 000,339,968 | ---- | M] () -- C:\WINDOWS\System32\mobsync.exe
[2013/02/03 00:01:13 | 000,225,280 | ---- | M] () -- C:\WINDOWS\System32\verclsid.exe
[2013/02/03 00:01:00 | 000,735,232 | ---- | M] () -- C:\WINDOWS\System32\spider.exe
[2013/02/03 00:00:59 | 000,323,584 | ---- | M] () -- C:\WINDOWS\System32\mshearts.exe
[2013/02/03 00:00:10 | 000,617,472 | ---- | M] () -- C:\WINDOWS\System32\ntvdm.exe
[2013/02/02 00:41:36 | 000,000,133 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Internet Explorer Troubleshooting.url
[2013/02/02 00:20:59 | 001,030,106 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Westland Section 8.pdf
[2013/01/31 12:15:30 | 000,001,919 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2013/01/31 12:06:24 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/01/31 03:20:55 | 000,000,183 | -HS- | M] () -- C:\boot.ini
[2013/01/31 02:24:20 | 000,286,904 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/01/31 01:06:24 | 000,000,665 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\EPSON Scan.lnk
[2013/01/30 17:25:37 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_mvusbews_01007.Wdf
[2013/01/30 17:25:36 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2013/01/30 17:25:35 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/01/30 06:54:42 | 001,163,264 | ---- | M] () -- C:\WINDOWS\UNNeroVision.exe
[2013/01/30 06:54:41 | 001,163,264 | ---- | M] () -- C:\WINDOWS\UNNeroShowTime.exe
[2013/01/30 06:54:40 | 001,163,264 | ---- | M] () -- C:\WINDOWS\UNNeroBackItUp.exe
[2013/01/30 06:54:40 | 000,496,128 | ---- | M] () -- C:\WINDOWS\uninst.exe
[2013/01/30 06:48:31 | 000,242,176 | ---- | M] () -- C:\WINDOWS\System32\dllcache\wab.exe
[2013/01/30 06:48:24 | 003,755,520 | ---- | M] () -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2013/01/30 06:48:24 | 000,829,440 | ---- | M] () -- C:\WINDOWS\System32\dllcache\iexplore.exe
[2013/01/30 06:45:00 | 000,343,040 | ---- | M] () -- C:\WINDOWS\regedit.exe
[2013/01/28 20:49:01 | 000,000,042 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\wsr27zt32.dll
[2013/01/28 18:58:35 | 108,118,325 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2013/01/28 18:57:51 | 000,344,459 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2013/01/27 20:32:07 | 000,036,344 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\AntiMalware.exe
[2013/01/24 22:25:00 | 000,870,128 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\mcs.rma
[2013/01/24 22:25:00 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\65CE19
[2013/01/24 11:01:22 | 062,851,524 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Nitro Pro 8.0.2.7z
[2013/01/23 14:17:53 | 000,031,576 | ---- | M] (AVG Technologies) -- C:\WINDOWS\System32\drivers\avgtpx86.sys
[2013/01/23 02:51:38 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\office Convert Pdf to Jpg Jpeg Tiff Free.lnk
[2013/01/23 02:48:44 | 009,661,784 | ---- | M] (Officeconvert Software, Inc. ) -- C:\Documents and Settings\Owner\Desktop\office-convert-pdf-to-jpg-jpeg-tiff-free.exe
[2013/01/21 17:22:43 | 000,001,820 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Payroll Mate (2013).lnk
[2013/01/17 19:12:22 | 000,001,747 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG PC TuneUp.lnk
[2013/01/12 14:32:17 | 000,001,831 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[6 C:\Documents and Settings\Owner\*.tmp files -> C:\Documents and Settings\Owner\*.tmp -> ]
[1 C:\Documents and Settings\Owner\Desktop\*.tmp files -> C:\Documents and Settings\Owner\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/02/06 11:40:38 | 000,107,430 | ---- | C] () -- C:\WINDOWS\System32\avgr41e.lst
[2013/02/05 23:09:38 | 000,023,238 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\MiRideshare My Page.htm
[2013/02/05 14:35:31 | 000,000,314 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013/02/03 00:01:26 | 001,124,352 | ---- | C] () -- C:\WINDOWS\System32\WgaTray.exe
[2013/02/03 00:01:14 | 000,339,968 | ---- | C] () -- C:\WINDOWS\System32\mobsync.exe
[2013/02/03 00:01:13 | 000,225,280 | ---- | C] () -- C:\WINDOWS\System32\verclsid.exe
[2013/02/03 00:00:59 | 000,735,232 | ---- | C] () -- C:\WINDOWS\System32\spider.exe
[2013/02/03 00:00:59 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\mshearts.exe
[2013/02/03 00:00:10 | 000,617,472 | ---- | C] () -- C:\WINDOWS\System32\ntvdm.exe
[2013/02/02 00:41:36 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Internet Explorer Troubleshooting.url
[2013/02/02 00:21:38 | 001,030,106 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Westland Section 8.pdf
[2013/01/31 12:15:30 | 000,001,919 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2013/01/31 02:24:20 | 000,286,904 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/01/30 17:25:44 | 000,047,104 | R--- | C] () -- C:\WINDOWS\System32\HP1100SMs.dll
[2013/01/30 17:25:43 | 001,511,424 | ---- | C] () -- C:\WINDOWS\System32\HP1100SM.EXE
[2013/01/30 17:25:43 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\HP1100LM.DLL
[2013/01/30 17:25:37 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_mvusbews_01007.Wdf
[2013/01/30 17:25:36 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2013/01/30 17:24:30 | 000,081,920 | R--- | C] () -- C:\WINDOWS\System32\mvusbews.dll
[2013/01/30 17:21:14 | 000,284,160 | ---- | C] () -- C:\WINDOWS\System32\mvhlewsi.dll
[2013/01/28 20:49:01 | 000,000,042 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\wsr27zt32.dll
[2013/01/27 20:32:10 | 000,036,344 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\AntiMalware.exe
[2013/01/24 11:02:09 | 062,791,680 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Nitro Pro 8.0.2.4 (64bit) + Keygen.tar
[2013/01/24 11:00:20 | 062,851,524 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Nitro Pro 8.0.2.7z
[2013/01/23 14:19:03 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\ROC_JAN2013_TB_rmv.job
[2013/01/23 02:51:38 | 000,000,795 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\office Convert Pdf to Jpg Jpeg Tiff Free.lnk
[2013/01/23 02:51:25 | 001,103,360 | ---- | C] () -- C:\WINDOWS\System32\cidfont.dll
[2013/01/23 02:51:24 | 004,369,408 | ---- | C] () -- C:\WINDOWS\System32\pdftk.exe
[2013/01/21 21:54:32 | 000,000,324 | ---- | C] () -- C:\WINDOWS\tasks\YourFile DownloaderUpdate.job
[2013/01/21 17:22:43 | 000,001,820 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Payroll Mate (2013).lnk
[2013/01/20 00:36:52 | 000,168,992 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2013/01/17 19:12:22 | 000,001,747 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG PC TuneUp.lnk
[2013/01/02 12:37:45 | 000,103,832 | ---- | C] () -- C:\Documents and Settings\Owner\GoToAssistDownloadHelper.exe
[2012/12/26 16:59:57 | 000,751,078 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\1.bmp
[2012/12/26 16:59:46 | 000,018,252 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\sound.mp3
[2012/12/26 16:59:41 | 000,114,890 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\1.jpg
[2012/12/18 03:29:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\4wgyser5huy6j.exe
[2012/11/28 14:17:24 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe
[2012/11/28 14:17:18 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2012/11/28 00:57:32 | 000,000,395 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2012/10/24 21:35:59 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
[2012/10/24 20:21:10 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EPWF500.ini
[2012/10/24 11:24:21 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxecvs.dll
[2012/10/24 11:24:17 | 000,442,368 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeccoin.dll
[2012/10/24 11:24:05 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\lxecgcfg.dll
[2012/10/24 11:24:03 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\lxeccui.dll
[2012/10/24 11:24:03 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\lxeccuir.dll
[2012/10/24 11:20:28 | 000,000,044 | -H-- | C] () -- C:\WINDOWS\System32\lxecrwrd.ini
[2012/10/24 11:20:15 | 000,331,776 | ---- | C] () -- C:\WINDOWS\System32\LXECinst.dll
[2012/10/24 11:20:14 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxecinpa.dll
[2012/10/24 11:20:14 | 000,356,352 | ---- | C] ( ) -- C:\WINDOWS\System32\LXEChcp.dll
[2012/10/24 11:20:14 | 000,344,064 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeciesc.dll
[2012/10/24 11:20:13 | 001,048,576 | ---- | C] ( ) -- C:\WINDOWS\System32\lxecserv.dll
[2012/10/24 11:20:13 | 000,847,872 | ---- | C] ( ) -- C:\WINDOWS\System32\lxecusb1.dll
[2012/10/24 11:20:13 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxecpmui.dll
[2012/10/24 11:20:12 | 000,577,536 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeclmpm.dll
[2012/10/24 11:20:10 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\lxecins.dll
[2012/10/24 11:20:10 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\lxecinsb.dll
[2012/10/24 11:20:10 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\lxecinsr.dll
[2012/10/24 11:20:10 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\lxecjswr.dll
[2012/10/24 11:20:09 | 000,688,128 | ---- | C] ( ) -- C:\WINDOWS\System32\lxechbn3.dll
[2012/10/24 11:20:09 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\lxeccu.dll
[2012/10/24 11:20:09 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxecgrd.dll
[2012/10/24 11:20:09 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\lxeccub.dll
[2012/10/24 11:20:09 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\lxeccur.dll
[2012/10/24 11:20:08 | 000,802,816 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeccomc.dll
[2012/10/24 11:20:08 | 000,372,736 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeccomm.dll
[2012/10/24 11:19:02 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\LXECsmr.dll
[2012/10/24 11:19:01 | 000,299,008 | ---- | C] () -- C:\WINDOWS\System32\LXECsm.dll
[2012/10/05 20:41:39 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\Owner\ntuser.pol
[2012/07/22 23:13:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2012/07/21 17:51:32 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2012/07/21 17:51:32 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2012/07/21 17:51:32 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2012/07/21 17:51:32 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2012/07/21 17:51:32 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2012/07/21 17:51:32 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2012/07/21 17:51:32 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2012/07/21 17:51:32 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2012/07/21 17:51:32 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2012/07/21 17:51:32 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2012/07/21 17:51:32 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2012/07/21 17:51:32 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2012/07/21 17:51:32 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2012/07/21 17:51:32 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2012/07/21 17:51:32 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2012/07/21 17:51:32 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2012/02/15 18:29:58 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/05 21:02:17 | 000,000,036 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2012/01/05 20:05:08 | 000,496,128 | ---- | C] () -- C:\WINDOWS\uninst.exe
[2011/12/21 19:43:42 | 000,870,128 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\mcs.rma
[2011/12/21 19:43:42 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\65CE19
[2011/12/20 22:02:46 | 000,000,018 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2011/12/20 22:02:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcreg.dat
[2011/10/22 19:06:40 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/31 00:51:20 | 000,000,080 | RHS- | C] () -- C:\WINDOWS\System32\2275C17DFF.dll
[2011/07/28 17:22:12 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2011/07/19 12:22:28 | 000,000,010 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2011/07/11 20:29:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/04/29 15:13:59 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/04/29 15:12:44 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011/04/29 15:09:36 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2011/04/29 15:02:42 | 000,219,648 | ---- | C] () -- C:\WINDOWS\System32\fltMc.exe
[2011/04/29 15:02:01 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/04/29 10:48:43 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/04/29 10:48:25 | 000,000,489 | ---- | C] () -- C:\WINDOWS\System32\Oeminfo.ini
[2011/04/29 10:43:29 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2010/03/07 02:00:34 | 000,331,776 | ---- | C] () -- C:\WINDOWS\System32\cscript.exe
[2008/04/14 04:42:22 | 000,389,632 | ---- | C] () -- C:\WINDOWS\System32\fsquirt.exe
[2008/04/14 04:42:22 | 000,317,440 | ---- | C] () -- C:\WINDOWS\System32\gpresult.exe
[2008/04/14 04:42:22 | 000,256,512 | ---- | C] () -- C:\WINDOWS\System32\getmac.exe
[2008/04/14 04:42:22 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\ftp.exe
[2008/04/14 04:42:22 | 000,236,032 | ---- | C] () -- C:\WINDOWS\System32\grpconv.exe
[2008/04/14 04:42:20 | 001,495,040 | ---- | C] () -- C:\WINDOWS\System32\dxdiag.exe
[2008/04/14 04:42:20 | 000,389,632 | ---- | C] () -- C:\WINDOWS\System32\eudcedit.exe
[2008/04/14 04:42:16 | 000,260,096 | ---- | C] () -- C:\WINDOWS\System32\cmstp.exe
[2008/04/14 04:42:16 | 000,253,440 | ---- | C] () -- C:\WINDOWS\System32\cipher.exe
[2008/04/14 04:42:16 | 000,236,544 | ---- | C] () -- C:\WINDOWS\System32\cmmon32.exe
[2008/04/14 04:42:16 | 000,222,208 | ---- | C] () -- C:\WINDOWS\System32\cmdl32.exe
[2008/04/14 04:42:14 | 000,339,456 | ---- | C] () -- C:\WINDOWS\System32\bootcfg.exe
[2008/04/14 04:42:14 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\ahui.exe
[2006/02/28 07:00:00 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\gpupdate.exe
[2006/02/28 07:00:00 | 000,247,296 | ---- | C] () -- C:\WINDOWS\System32\eventcreate.exe
[2006/02/28 07:00:00 | 000,236,032 | ---- | C] () -- C:\WINDOWS\System32\esentutl.exe
[2006/02/28 07:00:00 | 000,212,480 | ---- | C] () -- C:\WINDOWS\System32\expand.exe
[2006/02/28 07:00:00 | 000,204,288 | ---- | C] () -- C:\WINDOWS\System32\hostname.exe

========== ZeroAccess Check ==========

[2013/01/30 05:09:48 | 000,002,048 | -HS- | M] () -- C:\RECYCLER\S-1-5-18\$f61df9a3778550cec001783c5f6cc6cc\@
[2012/10/25 02:42:51 | 000,000,000 | -HSD | M] -- C:\RECYCLER\S-1-5-18\$f61df9a3778550cec001783c5f6cc6cc\L
[2012/10/25 02:42:51 | 000,000,000 | -HSD | M] -- C:\RECYCLER\S-1-5-18\$f61df9a3778550cec001783c5f6cc6cc\U
[2011/04/29 15:07:03 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[2012/10/25 02:48:18 | 000,005,120 | -HS- | M] () -- C:\WINDOWS\assembly\GAC\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 04:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/11/28 00:04:47 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 04:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/02/28 20:29:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AMMYY
[2013/02/05 14:34:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2013/01/17 19:12:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG
[2012/11/08 09:13:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2011/07/27 19:53:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2013/01/30 11:01:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2013
[2011/10/22 17:35:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2011/07/31 00:45:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund
[2013/01/22 14:32:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BrowserProtect
[2012/12/21 13:17:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2011/07/11 15:56:33 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/03/26 19:08:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2013/01/31 01:06:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2012/12/27 22:46:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileOpen
[2012/01/05 21:03:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\G7PS
[2013/02/05 15:45:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IBUpdaterService
[2011/10/22 17:34:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iMesh
[2012/02/06 15:04:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2013/02/06 09:07:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2012/12/27 22:41:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nitro
[2012/05/20 00:00:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Media
[2012/05/19 23:38:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2011/12/20 22:03:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2012/12/17 16:02:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2013/01/07 17:48:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/12/21 14:59:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2013/01/24 10:52:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2012/11/26 19:10:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZipEC
[2011/07/17 03:37:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2012/02/28 17:13:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
[2013/01/17 19:08:02 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
[2011/10/22 17:34:35 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{D7941DA4-2EF5-4E70-8A3D-3CF7634A336B}
[2013/01/30 11:35:30 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Owner\Application Data\4F4CEA
[2013/01/17 19:11:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AVG
[2011/12/14 18:08:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AVG Secure Search
[2011/07/11 16:08:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AVG10
[2013/01/30 10:49:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AVG2013
[2012/12/14 22:43:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Coupon Matcher
[2012/12/27 22:38:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Downloaded Installations
[2012/01/23 16:28:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DriverCure
[2013/01/07 19:13:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ElevatedDiagnostics
[2013/01/31 01:01:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\EPSON
[2012/12/27 22:46:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FileOpen
[2012/11/18 15:39:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Free Audio Editor
[2012/01/16 16:13:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\G7PS
[2013/01/21 19:08:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GetRightToGo
[2012/12/21 13:57:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ICAClient
[2013/01/07 21:21:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Igom
[2011/10/22 17:41:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\imeshbandmltbpi
[2011/08/21 22:15:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ImgBurn
[2012/02/15 17:45:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\IObit
[2013/01/07 21:21:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Ivun
[2013/01/07 21:21:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Ixny
[2012/10/24 20:35:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2013/01/30 18:01:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Media Finder
[2011/10/22 17:41:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mediabarim
[2012/03/26 20:32:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Need for Speed World
[2013/01/24 10:47:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Nico Mak Computing
[2012/12/27 22:46:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Nitro
[2013/01/25 10:09:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Nitro PDF
[2012/05/20 00:01:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Oberon Media
[2012/06/06 17:59:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Oracle
[2013/01/21 19:13:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\paywin
[2013/01/24 11:12:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PeaZip
[2013/01/07 18:09:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PerformerSoft
[2013/01/19 10:53:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Samsung
[2011/11/19 21:15:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TeraCopy
[2013/01/07 18:11:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TuneUp Software
[2011/08/24 20:37:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TypingMaster7
[2013/02/02 00:42:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\uTorrent
[2011/09/24 14:39:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Windows Desktop Search
[2011/09/30 14:16:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Windows Search
[2013/01/21 21:54:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\YourFileDownloader

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe

< MD5 for: SERVICES.EXE >
[2009/11/28 00:04:57 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\system32\services.exe

< MD5 for: SVCHOST.EXE >
[2008/04/14 04:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/04/14 04:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2008/04/14 04:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:373E1720
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E2B0AAB4

< End of report >
  • 0

#10
maliprog
Posted 07 February 2013 - 12:10 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi shar907,

We have work to do.

Step 1

We need to remove AVG from your system. Please download AVG Remover and run it in order to remove AVG. After we finish cleaning of your system you can install AVG again.

Step 2

Download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Check the boxes beside:

    • Loaded modules

  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Make sure to check:

    • Services and drivers
    • Boot sectors
    • Loaded modules
    • Verify Driver Digital Signature
    • Detect TDLFS file system

  • then click OK.
  • Click the Start Scan button to start the scan.
  • If a suspicious object is detected, the default action will be Skip
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected for malicious objects

    Posted Image
  • Click Continue then Reboot now to finish the cleaning process.
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
A report will be created in your root directory, (usually C:\\ folder) in the form of \"TDSSKiller.[Version]_[Date]_[Time]_log.txt\". Please copy and paste its contents on your next reply.

Step 3

Let's try Combofix now.

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion just reboot your system once, that will cure it.


Please make sure you include the combo fix log in your next reply

Step 4

Please don't forget to include these items in your reply:

  • TDSSKiller log
  • Combofix log
It would be helpful if you could post each log in separate post using "Add Reply" button
  • 0

Advertisements

#11
shar907
Posted 07 February 2013 - 01:26 AM

shar907

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
ComboFix is froze.

01:58:44.0609 3052 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
01:58:44.0937 3052 ============================================================
01:58:44.0937 3052 Current date / time: 2013/02/07 01:58:44.0937
01:58:44.0937 3052 SystemInfo:
01:58:44.0937 3052
01:58:44.0937 3052 OS Version: 5.1.2600 ServicePack: 3.0
01:58:44.0937 3052 Product type: Workstation
01:58:44.0937 3052 ComputerName: OWNERPC
01:58:44.0937 3052 UserName: Owner
01:58:44.0937 3052 Windows directory: C:\WINDOWS
01:58:44.0937 3052 System windows directory: C:\WINDOWS
01:58:44.0937 3052 Processor architecture: Intel x86
01:58:44.0937 3052 Number of processors: 2
01:58:44.0937 3052 Page size: 0x1000
01:58:44.0937 3052 Boot type: Normal boot
01:58:44.0937 3052 ============================================================
01:58:46.0296 3052 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
01:58:46.0296 3052 ============================================================
01:58:46.0296 3052 \Device\Harddisk0\DR0:
01:58:46.0296 3052 MBR partitions:
01:58:46.0296 3052 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x94FE97E
01:58:46.0296 3052 ============================================================
01:58:46.0312 3052 C: <-> \Device\Harddisk0\DR0\Partition1
01:58:46.0328 3052 ============================================================
01:58:46.0328 3052 Initialize success
01:58:46.0328 3052 ============================================================
01:59:12.0625 2592 Deinitialize success
  • 0

#12
maliprog
Posted 07 February 2013 - 01:31 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
OK. Let's try something

Step 1

Can you try to run Combofix from Safe mode with Networking

Please restart in safe mode:
  • If the computer is running, shut down Windows, and then turn off the power
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe mode with networking option is selected.
  • Press Enter. The computer then begins to start in Safe mode.

Now try Combofix again and post log.

Step 2

  • Run OTL.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open notepad window. OTL.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file, and post it with your next reply.

Step 3

Please don't forget to include these items in your reply:

  • Combofix log
  • OTL log
It would be helpful if you could post each log in separate post using "Add Reply" button
  • 0

#13
shar907
Posted 07 February 2013 - 01:39 AM

shar907

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
I can't restart or shut down the computer. ComboFix won't close.
  • 0

#14
maliprog
Posted 07 February 2013 - 01:41 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
If you are sure Combofix is frozen then close all other programs on your system and force restart your PC by pressing restart button on your PC case.
  • 0

#15
shar907
Posted 07 February 2013 - 02:12 AM

shar907

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Forced restart. Pressed F8 to get to safe mode with networking. Would not open after about five attempts. Will try again tomorrow morning.

Thanks
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP