Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

WIN 32/ Expiro Infection [Closed]


  • This topic is locked This topic is locked

#1
shar907

shar907

    Member

  • Member
  • PipPip
  • 33 posts
Think I have Win 32/ Expiro infection. Can't open internet explorer it disappeared. Programs disappeared, Word and many others won't open. Used the Virus Remover for WIN 32/ Expiro 1.2.0.711 Free download from Softpedia called rmexpiro(2).exe. Still can't open programs. AVG keeps opening up with the threat and will delete it and it appears deletes the files I need for the programs I have. When i start the computer a blue screen appears I think its the windows scan program and it scans and says almost all my programs and files are gone. HELP.
Thanks

OTL logfile created on: 2/3/2013 10:42:15 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Owner\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.07 Mb Total Physical Memory | 184.45 Mb Available Physical Memory | 18.19% Memory free
2.38 Gb Paging File | 1.54 Gb Available in Paging File | 64.60% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 30.78 Gb Free Space | 41.31% Space Free | Partition Type: NTFS

Computer Name: OWNERPC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/02/03 10:21:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\Downloads\OTL.exe
PRC - [2013/01/24 11:06:23 | 000,628,064 | ---- | M] (Softango) -- C:\Documents and Settings\All Users\Application Data\IBUpdaterService\ibsvc.exe
PRC - [2013/01/22 14:29:10 | 000,245,168 | ---- | M] (http://yourfiledownloader.com) -- C:\Program Files\YourFileDownloader\YourFileUpdater.exe
PRC - [2013/01/18 03:07:04 | 001,248,208 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2012/12/11 03:52:44 | 003,147,384 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe
PRC - [2012/12/03 23:35:18 | 000,843,704 | ---- | M] (Samsung) -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2012/12/03 23:35:10 | 000,967,608 | ---- | M] (Samsung) -- C:\Program Files\Samsung\Kies\Kies.exe
PRC - [2012/11/15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe
PRC - [2012/10/30 04:59:56 | 000,726,648 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgrsx.exe
PRC - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe
PRC - [2012/10/22 13:04:32 | 001,116,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgnsx.exe
PRC - [2012/10/22 13:03:46 | 000,440,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcsrvx.exe
PRC - [2012/09/18 14:28:32 | 000,069,640 | ---- | M] (Nalpeiron Ltd.) -- C:\WINDOWS\system32\NLSSRV32.EXE
PRC - [2011/10/11 04:43:27 | 001,700,784 | ---- | M] (iMesh, Inc) -- C:\Program Files\SearchCore for Browsers\SearchCore for Browsers\datamngrUI.exe
PRC - [2009/10/26 02:33:42 | 000,015,872 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
PRC - [2009/05/08 05:53:34 | 000,174,424 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Common\YMailAdvisor.exe
PRC - [2009/04/07 08:13:10 | 000,673,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe
PRC - [2008/04/17 13:14:00 | 000,102,712 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2008/04/17 13:14:00 | 000,098,616 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2013/02/02 00:22:56 | 012,459,888 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.5.31.138\pepflashplayer.dll
MOD - [2013/01/23 14:17:53 | 000,156,848 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\14.0.1\SiteSafety.dll
MOD - [2013/01/22 04:39:56 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\92d58f840f549f9bd880783d43db7e3c\System.Runtime.Remoting.ni.dll
MOD - [2013/01/18 03:07:02 | 000,460,240 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.56\ppgooglenaclpluginchrome.dll
MOD - [2013/01/18 03:07:01 | 004,012,496 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.56\pdf.dll
MOD - [2013/01/18 03:06:13 | 001,552,848 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.56\ffmpegsumo.dll
MOD - [2012/11/28 14:45:22 | 012,564,480 | ---- | M] () -- C:\Program Files\Samsung\Kies\Theme\Kies.Theme.dll
MOD - [2012/11/28 14:45:00 | 000,569,344 | ---- | M] () -- C:\Program Files\Samsung\Kies\Common\Kies.UI.dll
MOD - [2012/11/28 14:44:54 | 000,034,816 | ---- | M] () -- C:\Program Files\Samsung\Kies\Common\Kies.Common.DeviceServiceLib.Interface.dll
MOD - [2012/11/28 14:44:12 | 000,023,040 | ---- | M] () -- C:\Program Files\Samsung\Kies\MVVM\Kies.MVVM.dll
MOD - [2012/11/28 14:19:32 | 000,057,856 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\MediaModules\ASF_cSharpAPI.dll
MOD - [2012/06/14 12:06:10 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b84bb74d7724e147a642a1d5358feb7\System.ServiceProcess.ni.dll
MOD - [2012/06/13 23:10:17 | 014,329,856 | ---- | M] () -- c:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e4ecfaaf5417aceecb7fa8abddf06113\PresentationFramework.ni.dll
MOD - [2012/06/13 23:09:33 | 012,218,368 | ---- | M] () -- c:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\f33e2a4d9b385234406fa2d662f78875\PresentationCore.ni.dll
MOD - [2012/05/09 21:04:31 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
MOD - [2012/05/09 19:14:53 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012/05/09 19:12:56 | 002,295,296 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\38d07a5ac34b99d94fd14f42e779f625\System.Core.ni.dll
MOD - [2012/05/09 19:11:20 | 003,325,440 | ---- | M] () -- c:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\6d8bef0d008389874e55c0308f0c18e5\WindowsBase.ni.dll
MOD - [2012/05/09 19:11:05 | 007,953,408 | ---- | M] () -- c:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012/05/09 19:10:46 | 011,492,352 | ---- | M] () -- c:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2010/03/09 01:55:56 | 000,010,752 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerCOM.dll
MOD - [2009/10/26 02:33:42 | 000,015,872 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
MOD - [2009/10/26 02:33:34 | 000,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll
MOD - [2009/06/21 22:26:00 | 000,305,664 | ---- | M] () -- C:\Program Files\TeraCopy\TeraCopyExt.dll
MOD - [2009/03/12 14:45:32 | 000,135,168 | ---- | M] () -- C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll
MOD - [2008/11/21 12:58:42 | 000,057,344 | ---- | M] () -- C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll
MOD - [2008/04/14 04:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 04:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2004/09/12 17:17:42 | 000,061,440 | ---- | M] () -- C:\WINDOWS\system32\CopyToSendTo.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\SearchIndexer.exe /Embedding -- (WSearch)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc)
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\wbem\wmiapsrv.exe -- (WmiApSrv)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe -- (vToolbarUpdater14.0.1)
SRV - File not found [Auto | Stopped] -- C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\tlntsvr.exe -- (TlntSvr)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\system32\smlogsvc.exe -- (SysmonLog)
SRV - File not found [Auto | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - File not found [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler)
SRV - File not found [Auto | Stopped] -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\SCardSvr.exe -- (SCardSvr)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\system32\locator.exe -- (RpcLocator)
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\sessmgr.exe -- (RDSessMgr)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - File not found [Auto | Stopped] -- C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDEdsdm)
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDE)
SRV - File not found [Auto | Stopped] -- C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService)
SRV - File not found [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\system32\msiexec.exe /V -- (MSIServer)
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\mnmsrvc.exe -- (mnmsrvc)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxecserv.exe -- (lxecCATSCustConnectService)
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\lxeccoms.exe -- (lxec_device)
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\HPSIsvc.exe -- (HPSIService)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe /medsvc -- (gupdatem)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe /svc -- (gupdate)
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\System32\dmadmin.exe /com -- (dmadmin)
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\clipsrv.exe -- (ClipSrv)
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\cisvc.exe -- (CiSvc)
SRV - File not found [Auto | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\alg.exe -- (ALG)
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - File not found [Auto | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2013/02/03 00:01:12 | 000,388,608 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Nitro\Pro 8\nitropdfdriverservice8.exe -- (NitroDriverReadSpool8)
SRV - [2013/02/03 00:01:10 | 029,365,248 | ---- | M] () [Auto | Stopped] -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ)
SRV - [2013/02/03 00:01:01 | 000,352,768 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/02/03 00:01:00 | 000,347,136 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\imapi.exe -- (ImapiService)
SRV - [2013/01/24 11:06:23 | 000,628,064 | ---- | M] (Softango) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\IBUpdaterService\ibsvc.exe -- (IBUpdaterService)
SRV - [2012/11/15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012/09/18 14:28:32 | 000,069,640 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\WINDOWS\system32\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2008/04/17 13:14:00 | 000,102,712 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Internet Explorer\SABProcEnum.sys -- (SABProcEnum)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | Auto | Stopped] -- -- (MCSTRM)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013/01/23 14:17:53 | 000,031,576 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2012/11/15 23:33:26 | 000,094,048 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2012/10/24 21:35:59 | 000,005,248 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\giveio.sys -- (giveio)
DRV - [2012/10/22 13:02:46 | 000,179,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2012/10/15 03:48:52 | 000,055,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/10/02 03:30:38 | 000,159,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/09/21 03:46:06 | 000,164,832 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/09/21 03:46:00 | 000,177,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avglogx.sys -- (Avglogx)
DRV - [2012/09/21 03:45:54 | 000,019,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2012/09/14 03:05:20 | 000,035,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2012/07/04 15:26:12 | 000,010,088 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Stopped] -- C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2012/06/27 03:37:56 | 000,132,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2012/06/27 03:37:56 | 000,110,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdserd.sys -- (sscdserd)
DRV - [2012/06/27 03:37:56 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus)
DRV - [2012/06/27 03:37:56 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2011/10/08 02:28:44 | 000,017,408 | R--- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mvusbews.sys -- (mvusbews)
DRV - [2011/07/22 11:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 16:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/03/09 01:52:46 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2010/02/03 23:21:49 | 000,108,032 | R--- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smhwser.sys -- (smhwser)
DRV - [2009/09/08 18:13:16 | 000,065,584 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ctxusbm.sys -- (ctxusbm)
DRV - [2009/08/26 17:10:26 | 000,213,544 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2006/08/15 10:48:00 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/04/07 11:11:40 | 000,036,368 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LGUsbDiag.sys -- (UsbDiag)
DRV - [2004/04/07 11:11:40 | 000,019,908 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LGUSBBUS.SYS -- (usbbus)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = http://search.imesh....q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/search?q=%s
IE - HKCU\..\SearchScopes,DefaultScope = {7DD5994B-884B-46B1-BD95-20F64BE5FACA}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{7DD5994B-884B-46B1-BD95-20F64BE5FACA}: "URL" = http://search.yahoo....ei=utf-8&fr=ie8
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg....fr&d=2011-12-13 12:26:19&v=12.2.5.32&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = http://search.imesh....q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.order.1: "iMesh Web Search"
FF - prefs.js..browser.search.selectedEngine: "Delta Search"
FF - prefs.js..browser.startup.homepage: "http://www.yd.delta-...0000137273238d"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1423
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {1FD91A9C-410C-4090-BBCC-55D3450EF433}:1.0
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.9.0.9216
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31
FF - prefs.js..extensions.enabledItems: [email protected]_2p.com:1.44.0.31084
FF - prefs.js..extensions.enabledItems: {28387537-e3f9-4ed7-860c-11e69af4a8a0}:4.4.0.01
FF - prefs.js..extensions.enabledItems: {8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}:2.5.3
FF - prefs.js..extensions.enabledItems: [email protected]:11.0.0.9
FF - prefs.js..extensions.enabledItems: [email protected]:0.78.15
FF - prefs.js..keyword.URL: "http://search.imesh....emid=1&sr=0&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\14.0.1\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@CouponAlert_2p.com/Plugin: File not found
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: %16422%\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll (Oberon-Media )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Documents and Settings\All Users\Application Data\AVG Secure Search\FireFoxExt\14.0.2.14 [2013/01/23 14:19:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Documents and Settings\Owner\Local Settings\Application Data\RewardsArcadeSuite\1950\Firefox [2012/02/03 10:35:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/12/21 13:16:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/01/11 11:42:27 | 000,000,000 | ---D | M]

[2011/10/22 17:36:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2013/01/31 03:03:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\leail3qf.default\extensions
[2011/08/16 15:31:57 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\leail3qf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/10/22 17:36:17 | 000,000,000 | ---D | M] (MediaBar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\leail3qf.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}
[2012/12/14 22:43:45 | 000,000,000 | ---D | M] (Coupon Matcher) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\leail3qf.default\extensions\{d12b4ac5-7cfd-4189-9422-6a44f564d17c}
[2013/01/30 05:14:10 | 000,000,000 | ---D | M] (.) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\leail3qf.default\extensions\{ec9032c7-c20a-464f-7b0e-13a3a9e97385}
[2012/12/19 17:26:07 | 000,000,000 | ---D | M] ("Coupon Companion Plugin") -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\leail3qf.default\extensions\[email protected]
[2013/01/22 14:31:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\leail3qf.default\extensions\[email protected]
[2012/12/19 17:24:58 | 000,000,000 | ---D | M] (SelectionLinks) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\leail3qf.default\extensions\[email protected]
[2012/12/19 17:26:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\leail3qf.default\extensions\[email protected]\chrome\content\extensionCode
[2012/04/16 15:33:29 | 000,001,225 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\leail3qf.default\searchplugins\my-homepage.xml
[2011/10/22 17:35:36 | 000,002,514 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\leail3qf.default\searchplugins\SearchResults.xml
[2012/09/20 23:10:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/12/17 04:22:20 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/04/29 15:13:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/07/11 18:56:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2012/09/20 23:09:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2009/09/12 23:05:42 | 000,124,240 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CCMSDK.dll
[2009/09/12 23:06:22 | 000,070,488 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll
[2009/09/12 23:06:32 | 000,091,480 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\confmgr.dll
[2009/09/12 23:06:28 | 000,022,360 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll
[2009/09/12 23:08:36 | 000,406,864 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll
[2009/07/02 10:19:28 | 000,102,400 | ---- | M] (Zylom) -- C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll
[2009/09/12 23:06:24 | 000,023,896 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll
[2013/01/23 14:18:23 | 000,003,591 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2013/01/22 14:31:20 | 000,006,540 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2011/10/22 17:35:36 | 000,002,514 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml

========== Chrome ==========

CHR - default_search_provider: Delta Search (Enabled)
CHR - default_search_provider: search_url = http://www.yd.delta-...00000137273238d
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.56\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.56\pdf.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll
CHR - plugin: Skype Click to Call (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.5.0.11422_0\npSkypeChromePlugin.dll
CHR - plugin: Download Helper (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai\1.1.0_0\plugin/download_helper.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Zylom Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\14.0.1\\npsitesafety.dll
CHR - plugin: Oberon com adapter (Enabled) = C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Nitro PDF plugin for Firefox and Chrome (Enabled) = C:\Program Files\Nitro\Pro 8\npnitromozilla.dll
CHR - plugin: Java™ Platform SE 7 U5 (Enabled) = C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: General Crawler = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel\2.6_0\
CHR - Extension: Google Chrome = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dlddmedljhmbgdhapibnagaanenmajcm\1.0_0\
CHR - Extension: Coupon Matcher = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fbeaeacnffjpnodemllopecegchjefhb\1.1_0\
CHR - Extension: RewardsArcade Suite = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ielefkgbofdpglioecfjcbikholflklb\1.21.72_0\crossrider
CHR - Extension: RewardsArcade Suite = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ielefkgbofdpglioecfjcbikholflklb\1.21.72_0\
CHR - Extension: Coupon Companion Plugin = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jneaojaoiajhnemidnjhoempalnidbhj\1.20.5_0\crossrider
CHR - Extension: Coupon Companion Plugin = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jneaojaoiajhnemidnjhoempalnidbhj\1.20.5_0\
CHR - Extension: Skype Click to Call = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.5.0.11422_0\
CHR - Extension: AVG Secure Search = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\14.0.2.14_0\

O1 HOSTS File: ([2006/02/28 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (MediaBar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\Program Files\iMesh Applications\MediaBar\Datamngr\ToolBar\imeshdtxmltbpi.dll ()
O2 - BHO: (SelectionLinksBHO Class) - {300BEC06-B743-4D19-86B9-11DC711D7FFB} - C:\Program Files\OApps\SelectionLinks.dll (SelectionLinks)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\14.0.2.14\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (RewardsArcadeSuite) - {B6EF6C45-5E8D-4c3b-B580-A5073261A381} - C:\Program Files\RewardsArcadeSuite\RewardsArcadeSuite.dll (215 Apps)
O2 - BHO: (SearchCore for Browsers) - {BE7A24F5-69CB-4708-B77B-B1EDA6043B95} - C:\Program Files\SearchCore for Browsers\SearchCore for Browsers\BrowserConnection.dll (SearchCore for Browsers)
O2 - BHO: (Lexmark Printable Web) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (MediaBar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\Program Files\iMesh Applications\MediaBar\Datamngr\ToolBar\imeshdtxmltbpi.dll ()
O3 - HKLM\..\Toolbar: (Reg Error: Value error.) - {3462c343-be19-4143-af70-cefb56f46fc6} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\14.0.2.14\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup File not found
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\SearchCore for Browsers\SearchCore for Browsers\datamngrUI.exe (iMesh, Inc)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [EzPrint] "C:\Program Files\Lexmark Pro800-Pro900 Series\ezprint.exe" File not found
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe File not found
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe File not found
O4 - HKLM..\Run: [lxecmon.exe] "C:\Program Files\Lexmark Pro800-Pro900 Series\lxecmon.exe" File not found
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe File not found
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKLM..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" File not found
O4 - HKLM..\Run: [YMailAdvisor] C:\Program Files\Yahoo!\Common\YMailAdvisor.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKCU..\Run: [ANTIMALWARE] C:\Documents and Settings\Owner\Application Data\AntiMalware.exe ()
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" File not found
O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics)
O4 - HKCU..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung)
O4 - HKCU..\Run: [Media Finder] "C:\Program Files\Media Finder\Media Finder.exe" /opentotray File not found
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - mswsock.dll File not found
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: dmc.org ([dmcnf04] https in Trusted sites)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} http://zone.msn.com/...tz.cab99160.cab (MSN Games – Hearts)
O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} http://zone.msn.com/...vl.cab55579.cab (ZPA_SHVL Object)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadbl...ivex/sabspx.cab (SABScanProcesses Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...k.cab102118.cab (MSN Games - Installer)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://zone.msn.com/...aploader_v6.cab (PopCapLoader Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B3B18F98-DDBC-4ED5-A952-4B4F34DDDB52}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\g7ps {9EACF0FB-4FC7-436E-989B-3197142AD979} - C:\Program Files\Common Files\G7PS\Shared Files\G7PSDLL\G7PS.dll (G7 Productivity Systems, Inc.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\14.0.1\ViProtocol.dll ()
O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\SEARCH~1\datamngr.dll) - C:\Program Files\SearchCore for Browsers\SearchCore for Browsers\datamngr.dll (iMesh, Inc)
O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\SEARCH~1\IEBHO.dll) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/04/29 15:05:05 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{595e7f6c-7276-11e0-aa5d-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{595e7f6c-7276-11e0-aa5d-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{595e7f6c-7276-11e0-aa5d-806d6172696f}\Shell\AutoRun\command - "" = E:\SETUP.EXE
O33 - MountPoints2\{595e7f6c-7276-11e0-aa5d-806d6172696f}\Shell\configure\command - "" = E:\SETUP.EXE
O33 - MountPoints2\{595e7f6c-7276-11e0-aa5d-806d6172696f}\Shell\install\command - "" = E:\SETUP.EXE
O33 - MountPoints2\{9a9bcb4e-b3b5-11e0-a37b-00137273238d}\Shell - "" = AutoRun
O33 - MountPoints2\{9a9bcb4e-b3b5-11e0-a37b-00137273238d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9a9bcb4e-b3b5-11e0-a37b-00137273238d}\Shell\AutoRun\command - "" = F:\PcOptions.exe
O33 - MountPoints2\{9a9bcb50-b3b5-11e0-a37b-00137273238d}\Shell - "" = AutoRun
O33 - MountPoints2\{9a9bcb50-b3b5-11e0-a37b-00137273238d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9a9bcb50-b3b5-11e0-a37b-00137273238d}\Shell\AutoRun\command - "" = F:\PcOptions.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/02/03 00:09:35 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2013/02/02 16:31:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\123
[2013/02/02 00:38:15 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2013/01/31 02:31:40 | 000,065,776 | ---- | C] (JGsoft - Just Great Software) -- C:\WINDOWS\UnDeploy.exe
[2013/01/31 01:00:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\ABBYY
[2013/01/30 17:28:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HP
[2013/01/30 17:24:29 | 000,017,408 | R--- | C] (Marvell Semiconductor, Inc.) -- C:\WINDOWS\System32\drivers\mvusbews.sys
[2013/01/30 17:21:11 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2013/01/30 10:49:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\AVG2013
[2013/01/30 10:34:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG
[2013/01/30 10:20:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2013
[2013/01/29 22:16:00 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2013/01/28 22:42:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2013/01/28 22:38:11 | 000,000,000 | -HSD | C] -- C:\found.000
[2013/01/26 19:15:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\AVG
[2013/01/24 11:07:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\PeaZip
[2013/01/23 02:57:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Output Files
[2013/01/23 02:55:40 | 000,000,000 | ---D | C] -- C:\Output Files
[2013/01/23 02:51:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\office Convert Pdf to Jpg Jpeg Tiff Free
[2013/01/23 02:51:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\tempdir
[2013/01/23 02:51:21 | 000,000,000 | ---D | C] -- C:\Program Files\office Convert Pdf to Jpg Jpeg Tiff Free
[2013/01/23 02:48:28 | 009,661,784 | ---- | C] (Officeconvert Software, Inc. ) -- C:\Documents and Settings\Owner\Desktop\office-convert-pdf-to-jpg-jpeg-tiff-free.exe
[2013/01/22 14:32:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BrowserProtect
[2013/01/22 13:44:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2013/01/22 12:33:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\PenSoft
[2013/01/22 11:28:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft Corporation
[2013/01/22 04:37:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Small Business Accounting
[2013/01/22 04:31:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Small Business
[2013/01/22 04:27:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft SQL Server 2005
[2013/01/22 04:18:05 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0
[2013/01/22 04:12:20 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server
[2013/01/22 03:56:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Payroll
[2013/01/22 03:56:31 | 000,000,000 | ---D | C] -- C:\Program Files\PenSoft
[2013/01/21 21:54:27 | 000,000,000 | ---D | C] -- C:\Program Files\YourFileDownloader
[2013/01/21 21:54:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\YourFileDownloader
[2013/01/21 21:30:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Halfpricesoft
[2013/01/21 19:37:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\ezPayCheck
[2013/01/21 19:05:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\GetRightToGo
[2013/01/21 19:01:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\PayWindow Tax Files
[2013/01/21 19:01:46 | 000,000,000 | ---D | C] -- C:\Program Files\PayWindow Payroll
[2013/01/21 19:01:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\PayWindow Data Files
[2013/01/21 19:01:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\paywin
[2013/01/21 18:44:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Payroll Mate 2011
[2013/01/21 17:22:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Payroll Mate 2013
[2013/01/21 17:22:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Payroll Mate (2013)
[2013/01/21 17:22:31 | 000,000,000 | ---D | C] -- C:\Program Files\Real Business Solutions
[2013/01/20 19:13:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\AVG
[2013/01/19 10:53:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\CrashDump
[2013/01/17 19:12:33 | 000,032,120 | ---- | C] (AVG) -- C:\WINDOWS\System32\TURegOpt.exe
[2013/01/17 19:12:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG PC TuneUp
[2013/01/17 19:08:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG
[2013/01/17 19:08:02 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
[2013/01/07 21:20:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Ixny
[2013/01/07 21:20:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Ivun
[2013/01/07 21:20:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Igom
[2013/01/07 18:11:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\TuneUp Software
[2011/04/29 15:15:27 | 002,234,088 | ---- | C] (Ask.com ) -- C:\Documents and Settings\Owner\NEWB52.tmp.exe
[6 C:\Documents and Settings\Owner\*.tmp files -> C:\Documents and Settings\Owner\*.tmp -> ]
[1 C:\Documents and Settings\Owner\Desktop\*.tmp files -> C:\Documents and Settings\Owner\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/02/03 10:51:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/02/03 10:51:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{ADC066A3-B83C-4719-B392-1608900EE918}.job
[2013/02/03 10:33:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/03 08:48:00 | 000,000,580 | -H-- | M] () -- C:\WINDOWS\tasks\DataUpload.job
[2013/02/03 02:05:14 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/03 02:05:14 | 000,000,616 | -H-- | M] () -- C:\WINDOWS\tasks\ConfigExec.job
[2013/02/03 02:05:14 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\ROC_JAN2013_TB_rmv.job
[2013/02/03 02:05:12 | 000,000,324 | ---- | M] () -- C:\WINDOWS\tasks\YourFile DownloaderUpdate.job
[2013/02/03 02:05:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/02/03 02:05:07 | 1063,399,424 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/03 00:01:27 | 001,124,352 | ---- | M] () -- C:\WINDOWS\System32\WgaTray.exe
[2013/02/03 00:01:14 | 000,339,968 | ---- | M] () -- C:\WINDOWS\System32\mobsync.exe
[2013/02/03 00:01:13 | 000,225,280 | ---- | M] () -- C:\WINDOWS\System32\verclsid.exe
[2013/02/03 00:01:00 | 000,735,232 | ---- | M] () -- C:\WINDOWS\System32\spider.exe
[2013/02/03 00:01:00 | 000,347,136 | ---- | M] () -- C:\WINDOWS\System32\imapi.exe
[2013/02/03 00:00:59 | 000,323,584 | ---- | M] () -- C:\WINDOWS\System32\mshearts.exe
[2013/02/03 00:00:10 | 000,617,472 | ---- | M] () -- C:\WINDOWS\System32\ntvdm.exe
[2013/02/02 01:41:05 | 000,000,010 | ---- | M] () -- C:\WINDOWS\popcinfo.dat
[2013/02/02 00:41:36 | 000,000,133 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Internet Explorer Troubleshooting.url
[2013/02/02 00:20:59 | 001,030,106 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Westland Section 8.pdf
[2013/01/31 12:15:30 | 000,001,919 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2013/01/31 12:06:24 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/01/31 03:20:55 | 000,000,183 | -HS- | M] () -- C:\boot.ini
[2013/01/31 02:24:20 | 000,286,904 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/01/31 01:06:24 | 000,000,665 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\EPSON Scan.lnk
[2013/01/30 17:25:37 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_mvusbews_01007.Wdf
[2013/01/30 17:25:36 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2013/01/30 17:25:35 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/01/30 06:54:42 | 001,163,264 | ---- | M] () -- C:\WINDOWS\UNNeroVision.exe
[2013/01/30 06:54:41 | 001,163,264 | ---- | M] () -- C:\WINDOWS\UNNeroShowTime.exe
[2013/01/30 06:54:40 | 001,163,264 | ---- | M] () -- C:\WINDOWS\UNNeroBackItUp.exe
[2013/01/30 06:54:40 | 000,496,128 | ---- | M] () -- C:\WINDOWS\uninst.exe
[2013/01/30 06:48:31 | 000,242,176 | ---- | M] () -- C:\WINDOWS\System32\dllcache\wab.exe
[2013/01/30 06:48:24 | 003,755,520 | ---- | M] () -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2013/01/30 06:48:24 | 000,829,440 | ---- | M] () -- C:\WINDOWS\System32\dllcache\iexplore.exe
[2013/01/30 06:45:00 | 000,343,040 | ---- | M] () -- C:\WINDOWS\regedit.exe
[2013/01/28 20:49:01 | 000,000,042 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\wsr27zt32.dll
[2013/01/28 18:58:35 | 108,118,325 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2013/01/28 18:57:51 | 000,344,459 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2013/01/27 20:32:07 | 000,036,344 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\AntiMalware.exe
[2013/01/24 22:25:00 | 000,870,128 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\mcs.rma
[2013/01/24 22:25:00 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\65CE19
[2013/01/24 11:01:22 | 062,851,524 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Nitro Pro 8.0.2.7z
[2013/01/23 14:17:53 | 000,031,576 | ---- | M] (AVG Technologies) -- C:\WINDOWS\System32\drivers\avgtpx86.sys
[2013/01/23 02:51:38 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\office Convert Pdf to Jpg Jpeg Tiff Free.lnk
[2013/01/23 02:48:44 | 009,661,784 | ---- | M] (Officeconvert Software, Inc. ) -- C:\Documents and Settings\Owner\Desktop\office-convert-pdf-to-jpg-jpeg-tiff-free.exe
[2013/01/21 17:22:43 | 000,001,820 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Payroll Mate (2013).lnk
[2013/01/17 19:12:22 | 000,001,747 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG PC TuneUp.lnk
[2013/01/12 14:32:17 | 000,001,831 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[6 C:\Documents and Settings\Owner\*.tmp files -> C:\Documents and Settings\Owner\*.tmp -> ]
[1 C:\Documents and Settings\Owner\Desktop\*.tmp files -> C:\Documents and Settings\Owner\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/02/03 00:01:26 | 001,124,352 | ---- | C] () -- C:\WINDOWS\System32\WgaTray.exe
[2013/02/03 00:01:14 | 000,339,968 | ---- | C] () -- C:\WINDOWS\System32\mobsync.exe
[2013/02/03 00:01:13 | 000,225,280 | ---- | C] () -- C:\WINDOWS\System32\verclsid.exe
[2013/02/03 00:01:00 | 000,347,136 | ---- | C] () -- C:\WINDOWS\System32\imapi.exe
[2013/02/03 00:00:59 | 000,735,232 | ---- | C] () -- C:\WINDOWS\System32\spider.exe
[2013/02/03 00:00:59 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\mshearts.exe
[2013/02/03 00:00:10 | 000,617,472 | ---- | C] () -- C:\WINDOWS\System32\ntvdm.exe
[2013/02/02 00:41:36 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Internet Explorer Troubleshooting.url
[2013/02/02 00:21:38 | 001,030,106 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Westland Section 8.pdf
[2013/01/31 12:15:30 | 000,001,919 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2013/01/31 02:24:20 | 000,286,904 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/01/30 17:25:44 | 000,047,104 | R--- | C] () -- C:\WINDOWS\System32\HP1100SMs.dll
[2013/01/30 17:25:43 | 001,511,424 | ---- | C] () -- C:\WINDOWS\System32\HP1100SM.EXE
[2013/01/30 17:25:43 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\HP1100LM.DLL
[2013/01/30 17:25:37 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_mvusbews_01007.Wdf
[2013/01/30 17:25:36 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2013/01/30 17:24:30 | 000,081,920 | R--- | C] () -- C:\WINDOWS\System32\mvusbews.dll
[2013/01/30 17:21:14 | 000,284,160 | ---- | C] () -- C:\WINDOWS\System32\mvhlewsi.dll
[2013/01/28 20:49:01 | 000,000,042 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\wsr27zt32.dll
[2013/01/27 20:32:10 | 000,036,344 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\AntiMalware.exe
[2013/01/24 11:02:09 | 062,791,680 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Nitro Pro 8.0.2.4 (64bit) + Keygen.tar
[2013/01/24 11:00:20 | 062,851,524 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Nitro Pro 8.0.2.7z
[2013/01/23 14:19:03 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\ROC_JAN2013_TB_rmv.job
[2013/01/23 02:51:38 | 000,000,795 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\office Convert Pdf to Jpg Jpeg Tiff Free.lnk
[2013/01/23 02:51:25 | 001,103,360 | ---- | C] () -- C:\WINDOWS\System32\cidfont.dll
[2013/01/23 02:51:24 | 004,369,408 | ---- | C] () -- C:\WINDOWS\System32\pdftk.exe
[2013/01/21 21:54:32 | 000,000,324 | ---- | C] () -- C:\WINDOWS\tasks\YourFile DownloaderUpdate.job
[2013/01/21 17:22:43 | 000,001,820 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Payroll Mate (2013).lnk
[2013/01/20 00:36:52 | 000,168,992 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2013/01/17 19:12:22 | 000,001,747 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG PC TuneUp.lnk
[2013/01/02 12:37:45 | 000,103,832 | ---- | C] () -- C:\Documents and Settings\Owner\GoToAssistDownloadHelper.exe
[2012/12/26 16:59:57 | 000,751,078 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\1.bmp
[2012/12/26 16:59:46 | 000,018,252 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\sound.mp3
[2012/12/26 16:59:41 | 000,114,890 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\1.jpg
[2012/12/18 03:29:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\4wgyser5huy6j.exe
[2012/11/28 14:17:24 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe
[2012/11/28 14:17:18 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2012/11/28 00:57:32 | 000,000,395 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2012/10/24 21:35:59 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
[2012/10/24 20:21:10 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EPWF500.ini
[2012/10/24 11:24:21 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxecvs.dll
[2012/10/24 11:24:17 | 000,442,368 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeccoin.dll
[2012/10/24 11:24:05 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\lxecgcfg.dll
[2012/10/24 11:24:03 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\lxeccui.dll
[2012/10/24 11:24:03 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\lxeccuir.dll
[2012/10/24 11:20:28 | 000,000,044 | -H-- | C] () -- C:\WINDOWS\System32\lxecrwrd.ini
[2012/10/24 11:20:15 | 000,331,776 | ---- | C] () -- C:\WINDOWS\System32\LXECinst.dll
[2012/10/24 11:20:14 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxecinpa.dll
[2012/10/24 11:20:14 | 000,356,352 | ---- | C] ( ) -- C:\WINDOWS\System32\LXEChcp.dll
[2012/10/24 11:20:14 | 000,344,064 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeciesc.dll
[2012/10/24 11:20:13 | 001,048,576 | ---- | C] ( ) -- C:\WINDOWS\System32\lxecserv.dll
[2012/10/24 11:20:13 | 000,847,872 | ---- | C] ( ) -- C:\WINDOWS\System32\lxecusb1.dll
[2012/10/24 11:20:13 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxecpmui.dll
[2012/10/24 11:20:12 | 000,577,536 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeclmpm.dll
[2012/10/24 11:20:10 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\lxecins.dll
[2012/10/24 11:20:10 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\lxecinsb.dll
[2012/10/24 11:20:10 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\lxecinsr.dll
[2012/10/24 11:20:10 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\lxecjswr.dll
[2012/10/24 11:20:09 | 000,688,128 | ---- | C] ( ) -- C:\WINDOWS\System32\lxechbn3.dll
[2012/10/24 11:20:09 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\lxeccu.dll
[2012/10/24 11:20:09 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxecgrd.dll
[2012/10/24 11:20:09 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\lxeccub.dll
[2012/10/24 11:20:09 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\lxeccur.dll
[2012/10/24 11:20:08 | 000,802,816 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeccomc.dll
[2012/10/24 11:20:08 | 000,372,736 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeccomm.dll
[2012/10/24 11:19:02 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\LXECsmr.dll
[2012/10/24 11:19:01 | 000,299,008 | ---- | C] () -- C:\WINDOWS\System32\LXECsm.dll
[2012/10/05 20:41:39 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\Owner\ntuser.pol
[2012/07/22 23:13:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2012/07/21 17:51:32 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2012/07/21 17:51:32 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2012/07/21 17:51:32 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2012/07/21 17:51:32 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2012/07/21 17:51:32 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2012/07/21 17:51:32 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2012/07/21 17:51:32 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2012/07/21 17:51:32 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2012/07/21 17:51:32 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2012/07/21 17:51:32 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2012/07/21 17:51:32 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2012/07/21 17:51:32 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2012/07/21 17:51:32 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2012/07/21 17:51:32 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2012/07/21 17:51:32 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2012/07/21 17:51:32 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2012/02/15 18:29:58 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/05 21:02:17 | 000,000,036 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2012/01/05 20:05:08 | 000,496,128 | ---- | C] () -- C:\WINDOWS\uninst.exe
[2011/12/21 19:43:42 | 000,870,128 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\mcs.rma
[2011/12/21 19:43:42 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\65CE19
[2011/12/20 22:02:46 | 000,000,018 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2011/12/20 22:02:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcreg.dat
[2011/10/22 19:06:40 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/31 00:51:20 | 000,000,080 | RHS- | C] () -- C:\WINDOWS\System32\2275C17DFF.dll
[2011/07/28 17:22:12 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2011/07/19 12:22:28 | 000,000,010 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2011/07/11 20:29:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/04/29 15:13:59 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/04/29 15:12:44 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011/04/29 15:09:36 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2011/04/29 15:02:01 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/04/29 10:48:43 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/04/29 10:48:25 | 000,000,489 | ---- | C] () -- C:\WINDOWS\System32\Oeminfo.ini
[2011/04/29 10:43:29 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll

========== ZeroAccess Check ==========

[2013/01/30 05:09:48 | 000,002,048 | -HS- | M] () -- C:\RECYCLER\S-1-5-18\$f61df9a3778550cec001783c5f6cc6cc\@
[2012/10/25 02:42:51 | 000,000,000 | -HSD | M] -- C:\RECYCLER\S-1-5-18\$f61df9a3778550cec001783c5f6cc6cc\L
[2012/10/25 02:42:51 | 000,000,000 | -HSD | M] -- C:\RECYCLER\S-1-5-18\$f61df9a3778550cec001783c5f6cc6cc\U
[2011/04/29 15:07:03 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[2012/10/25 02:48:18 | 000,005,120 | -HS- | M] () -- C:\WINDOWS\assembly\GAC\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
"ThreadingModel" = Both
"" = C:\RECYCLER\S-1-5-21-1202660629-527237240-1547161642-1003\$f61df9a3778550cec001783c5f6cc6cc\n.

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 04:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\RECYCLER\S-1-5-18\$f61df9a3778550cec001783c5f6cc6cc\n.
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 04:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/02/28 20:29:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AMMYY
[2013/01/17 19:12:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG
[2012/11/08 09:13:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2011/07/27 19:53:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2013/01/30 11:01:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2013
[2011/10/22 17:35:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2011/07/31 00:45:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund
[2013/01/22 14:32:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BrowserProtect
[2012/12/21 13:17:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2011/07/11 15:56:33 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/03/26 19:08:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2013/01/31 01:06:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2012/12/27 22:46:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileOpen
[2012/01/05 21:03:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\G7PS
[2013/01/24 11:07:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IBUpdaterService
[2011/10/22 17:34:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iMesh
[2012/02/06 15:04:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2013/02/03 08:23:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2012/12/27 22:41:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nitro
[2012/05/20 00:00:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Media
[2012/05/19 23:38:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2011/12/20 22:03:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2012/12/17 16:02:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2013/01/07 17:48:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/12/21 14:59:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2013/01/24 10:52:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2012/11/26 19:10:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZipEC
[2011/07/17 03:37:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2012/02/28 17:13:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
[2013/01/17 19:08:02 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
[2011/10/22 17:34:35 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{D7941DA4-2EF5-4E70-8A3D-3CF7634A336B}
[2013/01/30 11:35:30 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Owner\Application Data\4F4CEA
[2013/01/17 19:11:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AVG
[2011/12/14 18:08:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AVG Secure Search
[2011/07/11 16:08:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AVG10
[2013/01/30 10:49:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AVG2013
[2012/12/14 22:43:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Coupon Matcher
[2012/12/27 22:38:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Downloaded Installations
[2012/01/23 16:28:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DriverCure
[2013/01/07 19:13:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ElevatedDiagnostics
[2013/01/31 01:01:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\EPSON
[2012/12/27 22:46:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FileOpen
[2012/11/18 15:39:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Free Audio Editor
[2012/01/16 16:13:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\G7PS
[2013/01/21 19:08:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GetRightToGo
[2012/12/21 13:57:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ICAClient
[2013/01/07 21:21:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Igom
[2011/10/22 17:41:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\imeshbandmltbpi
[2011/08/21 22:15:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ImgBurn
[2012/02/15 17:45:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\IObit
[2013/01/07 21:21:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Ivun
[2013/01/07 21:21:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Ixny
[2012/10/24 20:35:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2013/01/30 18:01:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Media Finder
[2011/10/22 17:41:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mediabarim
[2012/03/26 20:32:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Need for Speed World
[2013/01/24 10:47:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Nico Mak Computing
[2012/12/27 22:46:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Nitro
[2013/01/25 10:09:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Nitro PDF
[2012/05/20 00:01:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Oberon Media
[2012/06/06 17:59:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Oracle
[2013/01/21 19:13:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\paywin
[2013/01/24 11:12:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PeaZip
[2013/01/07 18:09:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PerformerSoft
[2013/01/19 10:53:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Samsung
[2011/11/19 21:15:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TeraCopy
[2013/01/07 18:11:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TuneUp Software
[2011/08/24 20:37:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TypingMaster7
[2013/02/02 00:42:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\uTorrent
[2011/09/24 14:39:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Windows Desktop Search
[2011/09/30 14:16:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Windows Search
[2013/01/21 21:54:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\YourFileDownloader

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:373E1720
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E2B0AAB4

< End of report >

Attached Files


  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there you have multiple infections, some of them are password stealers

Do not use this computer for online banking, if you do use online banking then inform your bank that your data may be compromised

I will try and clear as much as possible in one fix, run all of these programmes in the order stated saving any logs until you have finished


Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

THEN

Create an emergency repair USB drive:
Download Dr Web Live USB to your desktop
  • Connect a USB flash drive to the computer. Registering the plugging in event takes no more than 10 seconds.
  • Launch drwebliveusb.exe.
  • The program will detect available USB-devices automatically and prompt you to choose the one you’d like to use as an emergency repair drive. You can format the device if you like (a warning will be displayed before you proceed with formatting). In order to read the License agreement, follow a corresponding link found in the program window (the page containing the license agreement text will be loaded in your default browser).
    Posted Image
  • To create a bootable USB flash drive, press the Create Dr.Web LiveUSB button.
  • Files will be copied automatically.
  • Once the copying process is completed, press the Exit button to close the application.
  • Reboot the infected computer with the USB in the drive
  • Ensure that the first boot device is USB - If you are not sure about that then see this page for instructions
  • As loading starts, a dialogue window will prompt you to choose between the standard and safe modes.

    Posted Image
  • Use arrow keys to select DrWeb-LiveCD (Default)
  • When the system is loaded, check the disks or folders you want to scan, and click on ?Start?.

    Posted Image
  • The programme will now scan for and cure/delete any malware that it finds. Allow it to do so
  • Once completed reboot to normal windows
  • No log is produced so once in normal windows run a fresh OTL scan and let me know if the problems persist

  • 0

#3
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP