OTL logfile created on: 4/15/2013 9:55:08 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = F:\Users\Tron\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
4.00 Gb Total Physical Memory | 2.15 Gb Available Physical Memory | 53.74% Memory free
7.99 Gb Paging File | 5.08 Gb Available in Paging File | 63.56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = F: | %SystemRoot% = F:\Windows | %ProgramFiles% = F:\Program Files (x86)
Drive C: | 24.42 Gb Total Space | 9.37 Gb Free Space | 38.37% Space Free | Partition Type: NTFS
Drive D: | 87.90 Gb Total Space | 27.76 Gb Free Space | 31.58% Space Free | Partition Type: NTFS
Drive E: | 283.21 Gb Total Space | 182.06 Gb Free Space | 64.28% Space Free | Partition Type: NTFS
Drive F: | 70.23 Gb Total Space | 16.26 Gb Free Space | 23.16% Space Free | Partition Type: NTFS
Computer Name: TRON-PC | User Name: Tron | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ========== PRC - [2013/04/15 21:54:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- F:\Users\Tron\Desktop\OTL.exe
PRC - [2013/04/12 01:09:29 | 000,920,472 | ---- | M] (Mozilla Corporation) -- F:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/03/25 18:26:56 | 000,079,384 | ---- | M] (Google) -- F:\Users\Tron\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2013/03/13 17:15:00 | 004,394,032 | ---- | M] (AVG Technologies CZ, s.r.o.) -- F:\Program Files (x86)\AVG\AVG2013\avgui.exe
PRC - [2013/03/12 08:05:50 | 029,106,336 | ---- | M] (Dropbox, Inc.) -- F:\Users\Tron\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/03/06 16:30:43 | 003,560,288 | ---- | M] (TeamViewer GmbH) -- F:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2013/02/27 23:42:12 | 004,937,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- F:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
PRC - [2013/02/26 03:28:44 | 000,357,456 | ---- | M] (VMware, Inc.) -- F:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2013/02/26 03:28:30 | 000,104,528 | ---- | M] (VMware, Inc.) -- E:\VmWare1\New folder\vmware-tray.exe
PRC - [2013/02/26 03:28:26 | 000,436,304 | ---- | M] (VMware, Inc.) -- F:\Windows\SysWOW64\vmnat.exe
PRC - [2013/02/26 02:54:34 | 013,242,960 | ---- | M] () -- E:\VmWare1\New folder\vmware-hostd.exe
PRC - [2013/02/26 02:30:42 | 000,087,120 | ---- | M] (VMware, Inc.) -- E:\VmWare1\New folder\vmware-authd.exe
PRC - [2013/02/19 04:02:02 | 000,282,624 | ---- | M] (AVG Technologies CZ, s.r.o.) -- F:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
PRC - [2012/12/18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- F:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/11/09 15:23:53 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- F:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe
PRC - [2012/10/14 21:15:45 | 000,711,112 | ---- | M] () -- F:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
PRC - [2011/04/25 03:24:16 | 000,726,976 | ---- | M] (Citrix Systems, Inc.) -- F:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
PRC - [2011/04/25 03:22:40 | 000,305,088 | ---- | M] (Citrix Systems, Inc.) -- F:\Program Files (x86)\Citrix\ICA Client\concentr.exe
PRC - [2010/11/25 12:05:00 | 000,150,928 | ---- | M] (Microsoft Corporation) -- F:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe
PRC - [2010/08/24 10:29:18 | 000,206,240 | ---- | M] (CANON INC.) -- F:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
PRC - [2006/02/02 00:49:14 | 000,204,800 | ---- | M] () -- F:\oraclexe\app\oracle\product\10.2.0\server\BIN\TNSLSNR.EXE
PRC - [2006/02/02 00:43:44 | 059,064,320 | ---- | M] (Oracle Corporation) -- f:\oraclexe\app\oracle\product\10.2.0\server\BIN\oracle.exe
========== Modules (No Company Name) ========== MOD - [2013/04/12 01:09:28 | 003,133,336 | ---- | M] () -- F:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/11/09 15:23:52 | 014,586,808 | ---- | M] () -- F:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll
MOD - [2010/01/21 02:34:10 | 008,793,952 | ---- | M] () -- F:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/01/09 21:18:18 | 004,254,560 | ---- | M] () -- F:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
========== Services (SafeList) ========== SRV:
64bit: - [2012/11/26 00:45:24 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- F:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:
64bit: - [2012/11/08 00:37:39 | 002,828,408 | ---- | M] (COMODO) [Auto | Running] -- F:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV:
64bit: - [2010/11/25 12:05:00 | 000,150,928 | ---- | M] (Microsoft Corporation) [Auto | Running] -- F:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe -- (uagqecsvc)
SRV:
64bit: - [2009/08/18 03:36:20 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- F:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:
64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/04/12 01:09:29 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- F:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/03/06 16:30:43 | 003,560,288 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- F:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2013/02/27 23:42:12 | 004,937,264 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- F:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/02/26 03:28:44 | 000,357,456 | ---- | M] (VMware, Inc.) [Auto | Running] -- F:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2013/02/26 03:28:26 | 000,436,304 | ---- | M] (VMware, Inc.) [Auto | Running] -- F:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2013/02/26 02:54:34 | 013,242,960 | ---- | M] () [Auto | Running] -- E:\VmWare1\New folder\vmware-hostd.exe -- (VMwareHostd)
SRV - [2013/02/26 02:30:42 | 000,087,120 | ---- | M] (VMware, Inc.) [Auto | Running] -- E:\VmWare1\New folder\vmware-authd.exe -- (VMAuthdService)
SRV - [2013/02/19 04:02:02 | 000,282,624 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- F:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012/12/18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- F:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/10/14 21:15:45 | 000,711,112 | ---- | M] () [Auto | Running] -- F:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe -- (vToolbarUpdater13.2.0)
SRV - [2012/10/11 17:15:30 | 000,918,680 | ---- | M] (VMware, Inc.) [Auto | Running] -- F:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe -- (VMUSBArbService)
SRV - [2012/01/18 15:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- F:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2011/11/07 22:37:25 | 000,487,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:\Windows\Downloaded Program Files\DMService.exe -- (DMService)
SRV - [2011/09/29 21:16:48 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- F:\Program Files (x86)\Citrix\GoToAssist\570\g2aservice.exe -- (GoToAssist)
SRV - [2010/11/13 00:52:17 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- F:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/09/20 11:55:20 | 001,037,824 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- F:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/05/31 10:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- F:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 10:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- F:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2006/02/02 00:51:06 | 000,045,056 | ---- | M] () [On_Demand | Stopped] -- F:\oraclexe\app\oracle\product\10.2.0\server\bin\OraClrAgnt.exe -- (OracleXEClrAgent)
SRV - [2006/02/02 00:49:14 | 000,204,800 | ---- | M] () [Auto | Running] -- F:\oraclexe\app\oracle\product\10.2.0\server\BIN\TNSLSNR.EXE -- (OracleXETNSListener)
SRV - [2006/02/02 00:47:28 | 000,057,616 | ---- | M] (Oracle Corporation) [On_Demand | Stopped] -- F:\oraclexe\app\oracle\product\10.2.0\server\BIN\omtsreco.exe -- (OracleMTSRecoveryService)
SRV - [2006/02/02 00:44:06 | 000,102,400 | ---- | M] () [Disabled | Stopped] -- f:\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe -- (OracleJobSchedulerXE)
SRV - [2006/02/02 00:43:44 | 059,064,320 | ---- | M] (Oracle Corporation) [Auto | Running] -- f:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE -- (OracleServiceXE)
========== Driver Services (SafeList) ========== DRV:
64bit: - [2013/02/26 23:40:46 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- F:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:
64bit: - [2013/02/26 03:28:48 | 000,067,664 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- F:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:
64bit: - [2013/02/26 03:28:14 | 000,030,800 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- F:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:
64bit: - [2013/02/26 03:27:48 | 000,045,720 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- F:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:
64bit: - [2013/02/26 03:27:48 | 000,020,120 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- F:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:
64bit: - [2013/02/14 03:52:46 | 000,239,416 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- F:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:
64bit: - [2013/02/08 04:37:56 | 000,116,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- F:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:
64bit: - [2013/02/08 04:37:54 | 000,311,096 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- F:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:
64bit: - [2013/02/08 04:37:50 | 000,071,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- F:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:
64bit: - [2013/02/08 04:37:42 | 000,206,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- F:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:
64bit: - [2013/02/08 04:37:40 | 000,045,880 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- F:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:
64bit: - [2012/10/24 15:17:14 | 000,070,296 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- F:\Windows\SysNative\drivers\vsock.sys -- (vsock)
DRV:
64bit: - [2012/10/24 15:17:10 | 000,085,104 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- F:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:
64bit: - [2012/10/14 21:15:45 | 000,030,568 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- F:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:
64bit: - [2012/10/11 17:15:32 | 000,052,376 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- F:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:
64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- F:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:
64bit: - [2012/07/09 13:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- F:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:
64bit: - [2011/10/23 15:53:50 | 000,027,176 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- F:\Windows\SysNative\drivers\ggsemc.sys -- (ggsemc)
DRV:
64bit: - [2011/10/23 15:53:50 | 000,013,352 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- F:\Windows\SysNative\drivers\ggflt.sys -- (ggflt)
DRV:
64bit: - [2011/07/22 17:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- F:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:
64bit: - [2011/07/12 22:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- F:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:
64bit: - [2011/04/25 02:49:16 | 000,087,600 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- F:\Windows\SysNative\drivers\ctxusbm.sys -- (ctxusbm)
DRV:
64bit: - [2011/01/04 16:22:54 | 000,043,600 | ---- | M] (F5 Networks, Inc.) [Kernel | On_Demand | Running] -- F:\Windows\SysNative\drivers\covpnv64.sys -- (urvpndrv)
DRV:
64bit: - [2011/01/04 16:22:46 | 000,018,512 | ---- | M] (F5 Networks, Inc.) [Kernel | On_Demand | Stopped] -- F:\Windows\SysNative\drivers\urfltv64.sys -- (f5ipfw)
DRV:
64bit: - [2010/11/02 11:39:18 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- F:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:
64bit: - [2010/04/12 09:55:00 | 000,091,568 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- F:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:
64bit: - [2009/10/14 20:08:34 | 000,036,760 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- F:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:
64bit: - [2009/08/18 04:48:48 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- F:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:
64bit: - [2009/08/13 08:38:24 | 000,029,184 | ---- | M] (CSR, plc) [Kernel | On_Demand | Stopped] -- F:\Windows\SysNative\drivers\BthAvrcp.sys -- (BthAvrcp)
DRV:
64bit: - [2009/07/14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- F:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:
64bit: - [2009/07/14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- F:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:
64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- F:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:
64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- F:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:
64bit: - [2009/07/14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- F:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:
64bit: - [2009/07/14 02:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- F:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:
64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- F:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:
64bit: - [2009/07/14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- F:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:
64bit: - [2009/07/14 01:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- F:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:
64bit: - [2009/06/10 22:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- F:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:
64bit: - [2009/06/10 21:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- F:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:
64bit: - [2009/06/10 21:34:36 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- F:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:
64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- F:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:
64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- F:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:
64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- F:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:
64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- F:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2011/05/26 16:03:56 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- F:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2011/05/26 16:03:50 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- F:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- F:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:
64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:
64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://www.bing.com/...ms}&FORM=IE8SRCIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = F:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://www.bing.com/...ms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.com/IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B6 57 59 D1 CE C4 CA 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {EAB2E66A-059E-47C2-B180-176E05E052DF}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://www.bing.com/...Box&FORM=IE8SRCIE - HKCU\..\SearchScopes\{10EDAC71-1851-473a-BE8E-5D77C8FE5129}: "URL" =
http://www.ask.com/w...q={searchTerms}IE - HKCU\..\SearchScopes\{8EEAC88A-079B-4b2c-80C1-7836F79EB40A}: "URL" =
http://uk.search.yah...}&fr=chr-comodoIE - HKCU\..\SearchScopes\{EAB2E66A-059E-47C2-B180-176E05E052DF}: "URL" =
http://www.google.co...utputEncoding?}IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:12.0.0.1894
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8442
FF - prefs.js..extensions.enabledItems: avg@toolbar:9.0.0.22
FF - user.js - File not found
FF:
64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: F:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found
FF:
64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: F:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:
64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: F:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: F:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: F:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: F:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: F:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: F:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: F:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: F:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: F:\Program Files (x86)\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: F:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: F:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: F:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: F:\Users\Tron\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: F:\Users\Tron\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: F:\Users\Tron\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: F:\Users\Tron\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: F:\Users\Tron\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: F:\Program Files (x86)\Mozilla Firefox\components [2013/04/12 01:09:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: F:\Program Files (x86)\Mozilla Firefox\plugins [2013/04/12 01:09:19 | 000,000,000 | ---D | M]
[2010/03/22 22:50:08 | 000,000,000 | ---D | M] (No name found) -- F:\Users\Tron\AppData\Roaming\Mozilla\Extensions
[2012/11/02 00:28:29 | 000,000,000 | ---D | M] (No name found) -- F:\Users\Tron\AppData\Roaming\Mozilla\Firefox\Profiles\6qb9s14g.default\extensions
[2013/04/12 01:09:15 | 000,000,000 | ---D | M] (No name found) -- F:\Program Files (x86)\Mozilla Firefox\extensions
[2013/04/12 01:09:15 | 000,000,000 | ---D | M] (Skype Click to Call) -- F:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/04/12 01:09:29 | 000,263,064 | ---- | M] (Mozilla Foundation) -- F:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/04/25 02:58:10 | 000,124,864 | ---- | M] (Citrix Systems, Inc.) -- F:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll
[2011/04/25 03:00:08 | 000,071,104 | ---- | M] (Citrix Systems, Inc.) -- F:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll
[2011/04/25 02:59:06 | 000,092,096 | ---- | M] (Citrix Systems, Inc.) -- F:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll
[2011/04/25 02:58:38 | 000,022,976 | ---- | M] (Citrix Systems, Inc.) -- F:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll
[2011/10/23 15:52:02 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- F:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/09/25 23:01:12 | 000,075,208 | ---- | M] (Foxit Software Company) -- F:\Program Files (x86)\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2011/04/25 03:49:00 | 000,485,288 | ---- | M] () -- F:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll
[2010/05/19 15:38:12 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- F:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2011/04/25 03:00:04 | 000,024,512 | ---- | M] (Citrix Systems, Inc.) -- F:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll
[2012/12/20 21:43:42 | 000,001,738 | ---- | M] () -- F:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/11/04 11:47:30 | 000,002,465 | ---- | M] () -- F:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/12/20 21:43:42 | 000,001,148 | ---- | M] () -- F:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/12/20 21:43:42 | 000,001,379 | ---- | M] () -- F:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2013/03/04 22:40:37 | 000,002,086 | ---- | M] () -- F:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
[2012/12/20 21:43:42 | 000,001,334 | ---- | M] () -- F:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml
========== Chrome ========== CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage:
http://uk.yahoo.com?fr=fpc-comodoCHR - plugin: Shockwave Flash (Enabled) = F:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = F:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = F:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = F:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = F:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java Platform SE 6 U29 (Enabled) = F:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = F:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = F:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = F:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = F:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = F:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = F:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = F:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Winamp Application Detector (Enabled) = F:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Google Talk Plugin (Enabled) = F:\Users\Tron\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = F:\Users\Tron\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Talk Plugin Video Renderer (Enabled) = F:\Users\Tron\AppData\Roaming\Mozilla\plugins\npo1d.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = F:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = F:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Motive Plugin (Enabled) = F:\Program Files (x86)\Common Files\Motive\npMotive.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = F:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Google Update (Enabled) = F:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = F:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: iTunes Application Detector (Enabled) = F:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave Flash (Enabled) = F:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll
CHR - Extension: Skype Click to Call = F:\Users\Tron\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
O1 HOSTS File: ([2012/11/25 21:12:55 | 000,000,027 | ---- | M]) - F:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:
64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - F:\Program Files (x86)\AVG\AVG2012\avgssiea.dll File not found
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - F:\Program Files (x86)\AVG\AVG2012\avgssie.dll File not found
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - F:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:
64bit: - HKLM\..\Toolbar: (HopSurf toolbar) - {E9FAB13D-4600-49E1-90D1-EE961C859D39} - F:\Program Files\Comodo\HopSurfToolbar\HopSurfToolbar_IE.dll (Comodo Group, Inc.)
O3 - HKLM\..\Toolbar: (HopSurf toolbar) - {E9FAB13D-4600-49E1-90D1-EE961C859D39} - F:\Program Files (x86)\Comodo\HopSurfToolbar\HopSurfToolbar_IE.dll (Comodo Group, Inc.)
O4:
64bit: - HKLM..\Run: [CanonMyPrinter] F:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:
64bit: - HKLM..\Run: [COMODO Internet Security] F:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4:
64bit: - HKLM..\Run: [Windows Mobile Device Center] F:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] F:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] F:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ConnectionCenter] F:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [IJNetworkScanUtility] F:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [vmware-tray.exe] E:\VmWare1\New folder\vmware-tray.exe (VMware, Inc.)
O4 - Startup: F:\Users\Tron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = F:\Users\Tron\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:
64bit: - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O9:
64bit: - Extra Button: HopSurf - {ED98F8D1-09AC-4107-B2FF-91DBE011B0C5} - F:\Program Files\Comodo\HopSurfToolbar\HopSurfToolbar_IE.dll (Comodo Group, Inc.)
O9 - Extra Button: @F:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - F:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @F:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - F:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - F:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - F:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: HopSurf - {ED98F8D1-09AC-4107-B2FF-91DBE011B0C5} - F:\Program Files (x86)\Comodo\HopSurfToolbar\HopSurfToolbar_IE.dll (Comodo Group, Inc.)
O10:
64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - F:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:
64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - F:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10:
64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - F:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - F:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - F:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - F:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: kcl.ac.uk ([firepass] https in Trusted sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}
http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {0F2AAAE3-7E9E-4B64-AB5D-1CA24C6ACB9C}
https://xpress.polar...ail3/dwa85W.cab (IBM Lotus iNotes 8.5 Control)
O16 - DPF: {195538FD-1C39-44B1-A7C3-5D7137A8A8F1} F:\Users\Tron\AppData\Local\Temp\f5tmp\f5opswati.cab (OPSWAT AntiViruses Class)
O16 - DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} F:\Users\Tron\AppData\Local\Temp\f5tmp\urxvpn.cab (F5 Networks VPN Manager)
O16 - DPF: {30CF9713-6614-4556-B5F5-66F8C7F9DEF1} F:\Users\Tron\AppData\Local\Temp\f5tmp\f5opswati.cab (OPSWAT FireWalls Class)
O16 - DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} F:\Users\Tron\AppData\Local\Temp\f5tmp\f5tunsrv.cab (F5 Networks Dynamic Application Tunnel Control)
O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} F:\Users\Tron\AppData\Local\Temp\IXP000.TMP\InstallerControl.cab#-1,-1,-1,-1 (F5 Networks Auto Update)
O16 - DPF: {49EC7987-E331-44E3-B170-748B58A268B9} F:\Users\Tron\AppData\Local\Temp\f5tmp\f5opswati.cab (OPSWAT ProcessesScanner Class)
O16 - DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} F:\Users\Tron\AppData\Local\Temp\f5tmp\f5InspectionHost.cab (F5 Networks Policy Agent Host Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A}
https://hosted.fdmgr.../WhlCompMgr.cab (Forefront UAG client components)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} F:\Users\Tron\AppData\Local\Temp\f5tmp\urxshost.cab (F5 Networks SuperHost Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
https://misys.webex....ex/ieatgpc1.cab (GpcContainer Class)
O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} F:\Users\Tron\AppData\Local\Temp\f5tmp\urxhost.cab (F5 Networks Host Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {EBDC91CB-F23F-477D-B152-3F7243760D04} F:\Users\Tron\AppData\Local\Temp\f5tmp\f5opswati.cab (F5 Networks OPSWAT Helper Control)
O16 - DPF: ISVFlashIE2_CabSetup
http://download.isvi...e2_cabsetup.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0B8FD4A5-54CF-4C9B-B0FC-B570D6B59E63}: DhcpNameServer = 192.168.12.4 192.168.5.33 192.168.5.7
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E22FD6E2-6F13-44B1-BDE8-FC677317BBA7}: DhcpNameServer = 192.168.1.254 192.168.1.254
O18:
64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - F:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found
O18:
64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:
64bit: - Protocol\Handler\x-excid - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - F:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - F:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\x-excid {9D6CC632-1337-4a33-9214-2DA092E776F4} - F:\Windows\Downloaded Program Files\mimectl.dll (Microsoft Corporation)
O18:
64bit: - Protocol\Filter\application/x-ica - No CLSID value found
O18:
64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found
O18:
64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found
O18:
64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found
O18:
64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found
O18:
64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found
O18:
64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found
O18:
64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found
O18:
64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found
O18:
64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found
O18:
64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found
O18:
64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found
O18:
64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found
O18:
64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found
O18:
64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found
O18:
64bit: - Protocol\Filter\ica - No CLSID value found
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - F:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - F:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - F:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - F:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - F:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - F:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - F:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - F:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - F:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - F:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - F:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - F:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - F:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - F:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - F:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - F:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20:
64bit: - AppInit_DLLs: (F:\Windows\System32\guard64.dll) - F:\Windows\SysNative\guard64.dll (COMODO)
O20 - AppInit_DLLs: (F:\Windows\SysWOW64\guard32.dll) - F:\Windows\SysWOW64\guard32.dll (COMODO)
O20:
64bit: - HKLM Winlogon: Shell - (Explorer.exe) - F:\Windows\explorer.exe (Microsoft Corporation)
O20:
64bit: - HKLM Winlogon: UserInit - (F:\Windows\system32\userinit.exe) - F:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - F:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (F:\Windows\system32\userinit.exe) - F:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:
64bit: - Winlogon\Notify\GoToAssist: DllName - (F:\Program Files (x86)\Citrix\GoToAssist\570\G2AWinLogon_x64.dll) - F:\Program Files (x86)\Citrix\GoToAssist\570\g2awinlogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
O21:
64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/10/18 20:59:51 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:
64bit: - HKLM\..comfile [open] -- "%1" %*
O35:
64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:
64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:
64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ========== [2013/04/15 21:54:08 | 000,602,112 | ---- | C] (OldTimer Tools) -- F:\Users\Tron\Desktop\OTL.exe
[2013/04/12 01:09:13 | 000,000,000 | ---D | C] -- F:\Program Files (x86)\Mozilla Firefox
[2013/04/04 19:57:22 | 000,000,000 | ---D | C] -- F:\Users\Tron\AppData\Local\Programs
[2013/03/30 19:52:48 | 000,000,000 | ---D | C] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\ActiveState ActivePython 3.2 (32-bit)
[2013/03/30 15:00:28 | 000,000,000 | ---D | C] -- F:\Users\Tron\.idlerc
[2013/03/27 23:49:37 | 000,000,000 | ---D | C] -- F:\AVGTemp
[2013/03/24 13:51:03 | 000,000,000 | -HSD | C] -- F:\Windows\SysWow64\AI_RecycleBin
[2013/03/24 13:50:02 | 000,000,000 | ---D | C] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revolution R
[2013/03/24 13:50:02 | 000,000,000 | ---D | C] -- F:\Users\Tron\Documents\Revolution
[2013/03/24 13:50:02 | 000,000,000 | ---D | C] -- F:\Revolution
[2013/03/24 13:48:17 | 000,000,000 | ---D | C] -- F:\Users\Tron\AppData\Roaming\Revolution Analytics
[2013/03/23 14:19:20 | 000,000,000 | ---D | C] -- F:\Users\Tron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
[2013/03/23 14:19:20 | 000,000,000 | ---D | C] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
[2013/03/23 14:19:17 | 000,000,000 | ---D | C] -- F:\Users\Tron\AppData\Roaming\Notepad++
[2013/03/23 14:19:17 | 000,000,000 | ---D | C] -- F:\Program Files (x86)\Notepad++
[2013/03/22 23:16:51 | 000,067,224 | ---- | C] (VMware, Inc.) -- F:\Windows\SysNative\vsocklib.dll
[2013/03/22 23:16:51 | 000,063,128 | ---- | C] (VMware, Inc.) -- F:\Windows\SysWow64\vsocklib.dll
[2013/03/22 23:16:50 | 000,070,296 | ---- | C] (VMware, Inc.) -- F:\Windows\SysNative\drivers\vsock.sys
[2013/03/22 23:16:40 | 000,067,664 | ---- | C] (VMware, Inc.) -- F:\Windows\SysNative\drivers\vmx86.sys
[2013/03/22 23:16:08 | 000,357,456 | ---- | C] (VMware, Inc.) -- F:\Windows\SysWow64\vmnetdhcp.exe
[2013/03/22 23:16:03 | 000,436,304 | ---- | C] (VMware, Inc.) -- F:\Windows\SysWow64\vmnat.exe
[2013/03/22 23:16:02 | 000,030,800 | ---- | C] (VMware, Inc.) -- F:\Windows\SysNative\drivers\vmnetuserif.sys
[2013/03/22 23:15:58 | 000,933,968 | ---- | C] (VMware, Inc.) -- F:\Windows\SysNative\vnetlib64.dll
[2013/03/22 23:15:22 | 000,052,376 | ---- | C] (VMware, Inc.) -- F:\Windows\SysNative\drivers\hcmon.sys
[2013/03/22 23:14:22 | 000,000,000 | ---D | C] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware
[2013/03/22 23:14:18 | 000,000,000 | ---D | C] -- F:\Program Files\Common Files\VMware
[2013/03/22 23:13:40 | 000,000,000 | ---D | C] -- F:\Program Files (x86)\Common Files\VMware
[2013/03/22 23:13:40 | 000,000,000 | ---D | C] -- F:\Users\Public\Documents\Shared Virtual Machines
[2013/03/22 23:13:39 | 000,000,000 | ---D | C] -- F:\Program Files (x86)\VMware
[2013/03/22 22:39:12 | 000,000,000 | -HSD | C] -- F:\$RECYCLE.BIN
[2013/03/22 21:29:31 | 000,000,000 | ---D | C] -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\ActiveState ActivePython 3.2 (64-bit)
[2013/03/22 21:26:41 | 000,000,000 | ---D | C] -- F:\Python32
[2013/03/19 21:36:16 | 000,000,000 | ---D | C] -- F:\Users\Tron\AppData\Roaming\Foxit Software
[2010/06/07 22:50:48 | 000,454,656 | ---- | C] (Simon Tatham) -- F:\Program Files (x86)\putty.exe
========== Files - Modified Within 30 Days ========== [2013/04/15 21:54:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- F:\Users\Tron\Desktop\OTL.exe
[2013/04/15 21:34:00 | 000,000,894 | ---- | M] () -- F:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/15 21:14:00 | 000,000,904 | ---- | M] () -- F:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3453684860-2673869547-1550078029-1000UA.job
[2013/04/15 21:11:08 | 000,000,852 | ---- | M] () -- F:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3453684860-2673869547-1550078029-1000Core.job
[2013/04/15 21:06:45 | 000,000,890 | ---- | M] () -- F:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/15 20:58:34 | 000,067,584 | --S- | M] () -- F:\Windows\bootstat.dat
[2013/04/13 23:22:42 | 000,015,904 | -H-- | M] () -- F:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/13 23:22:42 | 000,015,904 | -H-- | M] () -- F:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/13 23:21:51 | 000,002,058 | ---- | M] () -- F:\Users\Tron\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/04/13 23:14:23 | 000,065,536 | ---- | M] () -- F:\Windows\SysNative\Ikeext.etl
[2013/04/13 23:14:12 | 3217,231,872 | -HS- | M] () -- F:\hiberfil.sys
[2013/04/12 00:32:23 | 000,002,193 | ---- | M] () -- F:\Users\Public\Desktop\Google Chrome.lnk
[2013/04/06 10:43:25 | 000,000,975 | ---- | M] () -- F:\Users\Public\Desktop\AVG 2013.lnk
[2013/04/04 19:57:42 | 000,001,123 | ---- | M] () -- F:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/03 23:11:30 | 000,724,846 | ---- | M] () -- F:\Windows\SysNative\PerfStringBackup.INI
[2013/04/03 23:11:30 | 000,627,168 | ---- | M] () -- F:\Windows\SysNative\perfh009.dat
[2013/04/03 23:11:30 | 000,110,378 | ---- | M] () -- F:\Windows\SysNative\perfc009.dat
[2013/04/01 21:41:37 | 000,435,912 | ---- | M] () -- F:\Windows\SysNative\FNTCACHE.DAT
[2013/03/31 22:10:35 | 000,001,059 | ---- | M] () -- F:\Users\Tron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013/03/31 22:10:09 | 000,001,025 | ---- | M] () -- F:\Users\Tron\Desktop\Dropbox.lnk
[2013/03/31 11:10:19 | 000,001,100 | ---- | M] () -- F:\Users\Public\Desktop\TeamViewer 8.lnk
[2013/03/23 17:20:55 | 000,265,533 | ---- | M] () -- F:\Users\Tron\Documents\.RData
[2013/03/23 17:20:55 | 000,019,444 | ---- | M] () -- F:\Users\Tron\Documents\.Rhistory
[2013/03/22 23:14:38 | 000,001,024 | ---- | M] () -- F:\Windows\SysWow64\%TMP%
[2013/03/22 23:14:32 | 000,729,548 | ---- | M] () -- F:\Windows\SysWow64\PerfStringBackup.INI
[2013/03/22 23:14:24 | 000,001,643 | ---- | M] () -- F:\Users\Public\Desktop\VMware Workstation.lnk
[2013/03/22 22:44:35 | 000,002,293 | ---- | M] () -- F:\Users\Tron\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
========== Files Created - No Company Name ========== [2013/03/31 11:10:19 | 000,001,112 | ---- | C] () -- F:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk
[2013/03/31 11:10:19 | 000,001,100 | ---- | C] () -- F:\Users\Public\Desktop\TeamViewer 8.lnk
[2013/03/23 17:20:55 | 000,265,533 | ---- | C] () -- F:\Users\Tron\Documents\.RData
[2013/03/22 23:14:38 | 000,001,024 | ---- | C] () -- F:\Windows\SysWow64\%TMP%
[2013/03/22 23:14:24 | 000,001,643 | ---- | C] () -- F:\Users\Public\Desktop\VMware Workstation.lnk
[2012/11/20 11:05:26 | 000,000,020 | ---- | C] () -- F:\Users\Tron\defogger_reenable
[2012/03/15 20:39:26 | 000,005,120 | ---- | C] () -- F:\Users\Tron\sql_tron3.sas7bdat
[2012/03/15 20:34:02 | 000,005,120 | ---- | C] () -- F:\Users\Tron\sql_tron2.sas7bdat
[2012/03/07 21:15:52 | 000,000,161 | ---- | C] () -- F:\Windows\ODBC.INI
[2011/11/24 18:26:10 | 000,000,000 | ---- | C] () -- F:\Windows\f5unistall.INI
[2011/09/08 12:16:30 | 000,361,472 | ---- | C] () -- F:\Windows\SysWow64\pythoncom32.dll
[2011/09/08 12:16:30 | 000,103,936 | ---- | C] () -- F:\Windows\SysWow64\pywintypes32.dll
[2011/09/04 15:09:38 | 000,210,754 | ---- | C] () -- F:\Windows\hpoins21.dat
[2011/09/04 15:09:38 | 000,005,474 | ---- | C] () -- F:\Windows\hpomdl21.dat
[2011/07/28 21:39:40 | 000,000,021 | RHS- | C] () -- F:\ProgramData\ExpPDFSAMSystem.kje
[2010/06/10 19:37:45 | 000,000,600 | ---- | C] () -- F:\Users\Tron\AppData\Local\PUTTY.RND
[2010/04/17 00:21:58 | 000,007,611 | ---- | C] () -- F:\Users\Tron\AppData\Local\Resmon.ResmonCfg
[2010/04/10 00:01:55 | 000,011,144 | ---- | C] () -- F:\Users\Tron\gsview32.ini
[2010/04/09 23:38:44 | 000,001,415 | ---- | C] () -- F:\Users\Tron\gsview64.ini
[2010/03/22 21:16:18 | 000,000,056 | -H-- | C] () -- F:\ProgramData\ezsidmv.dat
========== ZeroAccess Check ========== [2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- F:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = F:\Windows\SysNative\shell32.dll -- [2009/07/14 02:41:54 | 014,161,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2009/07/14 02:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = F:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = F:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ========== [2012/10/14 21:30:21 | 000,000,000 | ---D | M] -- F:\Users\Tron\AppData\Roaming\AVG2013
[2013/02/26 23:26:00 | 000,000,000 | ---D | M] -- F:\Users\Tron\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2012/11/05 12:12:35 | 000,000,000 | ---D | M] -- F:\Users\Tron\AppData\Roaming\Canon
[2010/12/18 21:18:02 | 000,000,000 | ---D | M] -- F:\Users\Tron\AppData\Roaming\Citrix
[2011/12/26 12:52:48 | 000,000,000 | ---D | M] -- F:\Users\Tron\AppData\Roaming\CodeGear
[2010/11/02 11:37:43 | 000,000,000 | ---D | M] -- F:\Users\Tron\AppData\Roaming\DAEMON Tools Lite
[2010/04/14 00:22:56 | 000,000,000 | ---D | M] -- F:\Users\Tron\AppData\Roaming\Dev-Cpp
[2013/04/15 21:42:33 | 000,000,000 | ---D | M] -- F:\Users\Tron\AppData\Roaming\Dropbox
[2011/10/21 21:50:52 | 000,000,000 | ---D | M] -- F:\Users\Tron\AppData\Roaming\FileZilla
[2013/03/19 21:36:16 | 000,000,000 | ---D | M] -- F:\Users\Tron\AppData\Roaming\Foxit Software
[2010/12/01 11:39:40 | 000,000,000 | ---D | M] -- F:\Users\Tron\AppData\Roaming\ICAClient
[2011/01/20 00:11:12 | 000,000,000 | ---D | M] -- F:\Users\Tron\AppData\Roaming\Mobipocket
[2013/03/23 17:21:48 | 000,000,000 | ---D | M] -- F:\Users\Tron\AppData\Roaming\Notepad++
[2010/11/09 00:24:14 | 000,000,000 | ---D | M] -- F:\Users\Tron\AppData\Roaming\OpenOffice.org
[2013/03/24 13:48:17 | 000,000,000 | ---D | M] -- F:\Users\Tron\AppData\Roaming\Revolution Analytics
[2010/06/29 20:18:20 | 000,000,000 | ---D | M] -- F:\Users\Tron\AppData\Roaming\SanDisk
[2011/03/12 12:50:42 | 000,000,000 | ---D | M] -- F:\Users\Tron\AppData\Roaming\SmartDraw
[2013/02/04 23:36:32 | 000,000,000 | ---D | M] -- F:\Users\Tron\AppData\Roaming\Spotify
[2011/06/19 09:10:06 | 000,000,000 | ---D | M] -- F:\Users\Tron\AppData\Roaming\Subversion
[2013/03/31 11:10:40 | 000,000,000 | ---D | M] -- F:\Users\Tron\AppData\Roaming\TeamViewer
[2013/04/04 23:36:12 | 000,000,000 | ---D | M] -- F:\Users\Tron\AppData\Roaming\Tinn-R
[2012/10/14 21:16:50 | 000,000,000 | ---D | M] -- F:\Users\Tron\AppData\Roaming\TuneUp Software
[2012/05/10 14:17:16 | 000,000,000 | ---D | M] -- F:\Users\Tron\AppData\Roaming\uTorrent
[2011/02/25 08:02:32 | 000,000,000 | ---D | M] -- F:\Users\Tron\AppData\Roaming\webex
[2013/03/24 21:57:52 | 000,000,000 | ---D | M] -- F:\Users\Tron\AppData\Roaming\WinEdt
========== Purity Check ========== ========== Custom Scans ========== < >[2009/07/14 06:08:49 | 000,000,006 | -H-- | C] () -- F:\Windows\Tasks\SA.DAT
[2009/07/14 06:08:49 | 000,032,608 | ---- | C] () -- F:\Windows\Tasks\SCHEDLGU.TXT
[2010/03/16 11:34:02 | 000,000,890 | ---- | C] () -- F:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2010/03/16 11:34:04 | 000,000,894 | ---- | C] () -- F:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2010/09/08 17:01:47 | 000,000,852 | ---- | C] () -- F:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3453684860-2673869547-1550078029-1000Core.job
[2010/09/08 17:01:47 | 000,000,904 | ---- | C] () -- F:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3453684860-2673869547-1550078029-1000UA.job
< %SYSTEMDRIVE%\*.exe > < MD5 for: EXPLORER.EXE >[2009/07/14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- F:\Windows\SysWOW64\explorer.exe
[2009/07/14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- F:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- F:\Windows\SoftwareDistribution\Download\0cfc8dbf763c806fb82e646c7352a6fc\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2009/08/03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- F:\Windows\SoftwareDistribution\Download\00236e2e422dab929dcda56260d05350\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2009/10/31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- F:\Windows\SoftwareDistribution\Download\0cfc8dbf763c806fb82e646c7352a6fc\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- F:\Windows\SoftwareDistribution\Download\00236e2e422dab929dcda56260d05350\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2009/10/31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- F:\Windows\SoftwareDistribution\Download\0cfc8dbf763c806fb82e646c7352a6fc\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- F:\Windows\SoftwareDistribution\Download\00236e2e422dab929dcda56260d05350\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- F:\Windows\erdnt\cache86\explorer.exe
[2009/07/14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- F:\Windows\explorer.exe
[2009/07/14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- F:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- F:\Windows\SoftwareDistribution\Download\0cfc8dbf763c806fb82e646c7352a6fc\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2009/08/03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- F:\Windows\SoftwareDistribution\Download\00236e2e422dab929dcda56260d05350\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
< MD5 for: SERVICES.EXE >[2009/07/14 02:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- F:\Windows\erdnt\cache64\services.exe
[2009/07/14 02:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- F:\Windows\SysNative\services.exe
[2009/07/14 02:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- F:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
< MD5 for: SVCHOST.EXE >[2012/12/14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- F:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- F:\Windows\erdnt\cache86\svchost.exe
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- F:\Windows\SysWOW64\svchost.exe
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- F:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- F:\Windows\erdnt\cache64\svchost.exe
[2009/07/14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- F:\Windows\SysNative\svchost.exe
[2009/07/14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- F:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
< MD5 for: USERINIT.EXE >[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- F:\Windows\erdnt\cache86\userinit.exe
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- F:\Windows\SysWOW64\userinit.exe
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- F:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- F:\Windows\erdnt\cache64\userinit.exe
[2009/07/14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- F:\Windows\SysNative\userinit.exe
[2009/07/14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- F:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
< MD5 for: WINLOGON.EXE >[2009/07/14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- F:\Windows\erdnt\cache64\winlogon.exe
[2009/07/14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- F:\Windows\SysNative\winlogon.exe
[2009/07/14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- F:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012/12/14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- F:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/10/28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- F:\Windows\SoftwareDistribution\Download\0cfc8dbf763c806fb82e646c7352a6fc\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- F:\Windows\SoftwareDistribution\Download\0cfc8dbf763c806fb82e646c7352a6fc\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
< %systemroot%\*. /mp /s > ========== Alternate Data Streams ========== @Alternate Data Stream - 151 bytes -> F:\ProgramData\TEMP:0B4227B4
< End of report >