Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

ataport.sys, atapi.sys, and System32/Drivers/spbu.sys files mentioned

Started by MattDMan1984 , Apr 13 2013 07:31 AM

  • This topic is locked This topic is locked

#1
MattDMan1984
Posted 13 April 2013 - 07:31 AM

MattDMan1984

    Member

  • Member
  • PipPip
  • 10 posts
Hello,

I recently noticed that my internet was running oddly slowly and that my computer was showing a lot of activity even when idle. I normally just have AVG run scans periodically and use Spybot - Search & Destroy's Immunization, though I had Malwarebytes installed as well. Realizing I had not updated any of the programs manually in many weeks, I updated and scanned with both Spybot and Malwarebytes, but found nothing. When I ran a full AVG scan, however, it returned the results shown below. Although it then allowed me to "remove" the threats along with a computer reset, the entries have not gone away after several attempts. On the advice of a friend, I installed and ran ESET NOD32 Antivirus, which found and "removed" one threat; I have not yet run it a second time to see if its results have changed, but please inform me if you would like to know its results. OTL Quick Scan results are below the AVG results. Thank you for your time. :thumbsup:

AVG results: (All threats classified as "Medium")

Detection Name
Inline hook ataport.SYS DllUnload -> spbu.sys +0x299FE | Type: Part of Operating System
-- C:/Windows/System32/Drivers/spbu.sys

atapi.sys, hooked import ataport.SYS AtaPortWritePortUChar -> spbu.sys +0x26D6 | Type: Part of Operating System
-- C:/Windows/System32/Drivers/spbu.sys

atapi.sys, hooked import ataport.SYS AtaPortWritePortBufferUshort -> spbu.sys +0x2800 | Type: Part of Operating System
-- C:/Windows/System32/Drivers/spbu.sys

atapi.sys, hooked import ataport.SYS AtaPortReadPortUChar -> spbu.sys +0x2042 | Type: Part of Operating System
-- C:/Windows/System32/Drivers/spbu.sys

atapi.sys, hooked import ataport.SYS AtaPortReadPortBufferUshort -> spbu.sys +0x213E | Type: Part of Operating System
-- C:/Windows/System32/Drivers/spbu.sys


OTL logfile created on: 4/13/2013 9:46:45 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Matt\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.49 Gb Total Physical Memory | 1.63 Gb Available Physical Memory | 46.84% Memory free
6.98 Gb Paging File | 4.69 Gb Available in Paging File | 67.17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148.91 Gb Total Space | 42.39 Gb Free Space | 28.47% Space Free | Partition Type: NTFS
Drive E: | 100.00 Mb Total Space | 61.59 Mb Free Space | 61.60% Space Free | Partition Type: NTFS
Drive F: | 7.53 Gb Total Space | 3.53 Gb Free Space | 46.92% Space Free | Partition Type: FAT32

Computer Name: MATT-PC | User Name: Matt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/04/13 21:23:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.exe
PRC - [2013/04/09 17:57:09 | 001,312,720 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2013/03/21 15:19:46 | 001,341,664 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2013/03/21 15:19:40 | 005,078,504 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2013/03/19 22:26:44 | 003,289,208 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/02/19 13:39:41 | 001,151,152 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2013/02/19 13:39:41 | 000,968,880 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
PRC - [2012/12/29 17:26:22 | 001,822,136 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2012/12/29 17:26:22 | 000,873,400 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2012/12/29 02:53:20 | 000,383,416 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/12/19 04:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/12/11 03:52:44 | 003,147,384 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe
PRC - [2012/11/30 11:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012/11/23 11:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/11/15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe
PRC - [2012/10/30 04:59:56 | 000,726,648 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgrsx.exe
PRC - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe
PRC - [2012/10/22 13:04:32 | 001,116,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgnsx.exe
PRC - [2012/10/22 13:03:52 | 000,796,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgemcx.exe
PRC - [2012/10/22 13:03:46 | 000,440,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcsrvx.exe
PRC - [2011/11/22 16:53:28 | 001,327,440 | ---- | M] (Comfort Software Group) -- C:\Program Files\FreeAlarmClock\FreeAlarmClock.exe
PRC - [2011/02/25 14:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/09/23 18:59:44 | 004,543,232 | ---- | M] (World Community Grid) -- C:\Program Files\BOINC\boincmgr.exe
PRC - [2010/09/23 18:59:42 | 000,058,112 | ---- | M] (Space Sciences Laboratory) -- C:\Program Files\BOINC\boinctray.exe
PRC - [2010/09/23 18:59:40 | 000,537,344 | ---- | M] (World Community Grid) -- C:\Program Files\BOINC\boinc.exe
PRC - [2009/10/07 14:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/09/17 00:02:42 | 000,352,312 | ---- | M] (Rosetta Stone Ltd.) -- C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdController.exe
PRC - [2008/09/17 00:02:42 | 000,013,368 | ---- | M] (Rosetta Stone Ltd.) -- C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServer.exe


========== Modules (No Company Name) ==========

MOD - [2013/04/09 17:57:07 | 000,390,096 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\26.0.1410.64\ppgooglenaclpluginchrome.dll
MOD - [2013/04/09 17:57:06 | 013,130,704 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
MOD - [2013/04/09 17:57:05 | 004,050,896 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\26.0.1410.64\pdf.dll
MOD - [2013/04/09 17:56:15 | 000,598,480 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\26.0.1410.64\libglesv2.dll
MOD - [2013/04/09 17:56:14 | 000,124,368 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\26.0.1410.64\libegl.dll
MOD - [2013/04/09 17:56:13 | 001,606,096 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll
MOD - [2013/02/19 13:39:41 | 001,151,152 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2013/02/19 13:39:41 | 000,156,848 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\SiteSafety.dll
MOD - [2010/03/15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2009/08/18 12:02:42 | 000,061,952 | ---- | M] () -- C:\Program Files\BOINC\zlib1.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - [2013/04/10 15:58:17 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/03/21 15:19:46 | 001,341,664 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2013/03/19 22:26:44 | 003,289,208 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/02/19 13:39:41 | 000,968,880 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe -- (vToolbarUpdater14.2.0)
SRV - [2012/12/29 19:26:54 | 001,260,472 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/12/29 02:53:20 | 000,383,416 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/12/19 04:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/11/15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/06/21 03:47:17 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/08/02 03:37:41 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/10/08 03:00:49 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/10/07 14:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009/07/14 10:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 10:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 10:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/09/17 00:02:42 | 000,352,312 | ---- | M] (Rosetta Stone Ltd.) [Auto | Running] -- C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdController.exe -- (RosettaStoneLtdController)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (Synth3dVsc)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NPF)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\JRSKD24.SYS -- (JRSKD24)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (BCMH43XX)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (afpz7l14)
DRV - [2013/02/20 11:07:38 | 000,171,680 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\System32\drivers\eamonm.sys -- (eamonm)
DRV - [2013/02/19 13:39:41 | 000,033,112 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2013/01/10 15:08:16 | 000,105,760 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV - [2013/01/10 15:08:14 | 000,122,240 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2012/12/29 19:26:54 | 008,904,632 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012/11/15 23:33:26 | 000,094,048 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2012/10/22 13:02:46 | 000,179,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2012/10/15 03:48:52 | 000,055,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/10/02 03:30:38 | 000,159,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/09/21 03:46:06 | 000,164,832 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/09/21 03:46:00 | 000,177,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avglogx.sys -- (Avglogx)
DRV - [2012/09/21 03:45:54 | 000,019,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2012/09/14 03:05:20 | 000,035,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2012/08/23 23:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012/08/23 23:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2012/07/04 00:25:17 | 000,149,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2011/12/09 20:05:52 | 000,022,480 | R--- | M] (Soft Security Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\JRSUKD25.SYS -- (JRSUKD25)
DRV - [2011/12/09 20:01:18 | 000,126,048 | ---- | M] (Kings Information & Network) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\kcrtx86.sys -- (kcrtx86)
DRV - [2010/11/20 21:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 21:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 21:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 19:06:36 | 000,117,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST)
DRV - [2010/11/20 18:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 18:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 18:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/10/10 00:18:07 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2010/06/12 03:13:54 | 000,841,504 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ae1000w7.sys -- (AE1000)
DRV - [2010/04/28 02:41:10 | 000,306,016 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr70.sys -- (rt70x86)
DRV - [2010/04/06 00:36:20 | 000,224,424 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1k6232.sys -- (e1kexpress)
DRV - [2009/10/07 14:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/05/01 08:01:34 | 000,265,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2009/05/01 07:55:56 | 002,687,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LV302V32.SYS -- (PID_PEPI)
DRV - [2009/05/01 07:55:32 | 000,013,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lv302af.sys -- (pepifilter)
DRV - [2008/07/26 15:26:22 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007/08/02 09:32:26 | 000,022,784 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dadder.sys -- (DAdderFltr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8F 01 8D 20 1C 38 CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...fr&d=2012-10-07 15:04:14&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@4csoft.com/MediaPlayer: C:\Windows\system32\4C Soft\Common\NPMPlayerNX.dll (4C Soft, Inc.)
FF - HKLM\Software\MozillaPlugins\@4csoft.com/StudioNX: C:\Windows\system32\4C Soft\NXViewer\NPStudioNX.dll (4C Soft, Inc.)
FF - HKLM\Software\MozillaPlugins\@4csoft.com/UpdateAgent: C:\Windows\Downloaded Program Files\NP4CUpdate.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@interezen.co.kr/npi3gmanager: C:\Program Files\Interezen\Plugins\NPI3GManager.dll (Interezen © Interezen.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@softforum.com/npKeyPro: C:\Windows\system32\npKeyPro.dll (Softsecurity Co., Ltd.)
FF - HKLM\Software\MozillaPlugins\@softforum.com/npxwebplugins: C:\Program Files\SoftForum\XecureWeb\ActiveX\npxwebplugin.dll (SoftForum Co., Ltd.)
FF - HKLM\Software\MozillaPlugins\@softforum.com/npxwebplugins_file: C:\Program Files\SoftForum\XecureWeb\ActiveX\npxwebplugin_file.dll (SoftForum Co., Ltd.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@www.ubikey.co.kr/application/npvinetransfer-plugin: C:\Program Files\INFovine\npVineTransfer.dll ( )
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@softforum.com/npxwebplugins: C:\Program Files\SoftForum\XecureWeb\ActiveX\npxwebplugin.dll (SoftForum Co., Ltd.)
FF - HKCU\Software\MozillaPlugins\@softforum.com/npxwebplugins_file: C:\Program Files\SoftForum\XecureWeb\ActiveX\npxwebplugin_file.dll (SoftForum Co., Ltd.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Matt\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\@www.ubikey.co.kr/application/npvinetransfer-plugin: C:\Program Files\INFovine\npVineTransfer.dll ( )
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\14.2.0.1 [2013/02/19 13:40:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/05/31 16:41:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/04/13 13:32:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/04/12 13:55:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2013/04/13 17:05:31 | 000,000,000 | ---D | M]

[2013/04/13 13:33:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Extensions
[2013/04/13 13:32:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/04/12 13:55:05 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/04/12 13:55:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}
[2013/04/12 13:55:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013/04/12 13:55:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013/04/10 15:58:33 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013/02/19 13:40:12 | 000,003,714 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2013/04/10 15:57:54 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013/04/10 15:57:54 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.igoogle.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: npruntime scriptable UBIKey plugin (Enabled) = C:\Program Files\INFovine\npVineTransfer.dll
CHR - plugin: NPI3GManager © Interezen. plugin (Enabled) = C:\Program Files\Interezen\Plugins\NPI3GManager.dll
CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll
CHR - plugin: Java™ Platform SE 7 U17 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: SoftForum XecureWeb Control Plug-in (Enabled) = C:\Program Files\SoftForum\XecureWeb\ActiveX\npxwebplugin.dll
CHR - plugin: SoftForum XecureWeb File Control Plug-in (Enabled) = C:\Program Files\SoftForum\XecureWeb\ActiveX\npxwebplugin_file.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Matt\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: 4CMediaPlayer (Enabled) = C:\Windows\system32\4C Soft\Common\NPMPlayerNX.dll
CHR - plugin: STUDIO NX - Player (Enabled) = C:\Windows\system32\4C Soft\NXViewer\NPStudioNX.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw_1200112.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll
CHR - plugin: TouchEn Key for Multi-Browser (Enabled) = C:\Windows\system32\npKeyPro.dll
CHR - Extension: Google Docs = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: AdBlock = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.61_0\
CHR - Extension: AVG Security Toolbar = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\14.2.0.1_0\
CHR - Extension: Gmail = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/04/02 13:56:56 | 000,575,742 | ---- | M]) - C:\Windows\System32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost #[IPv6]
O1 - Hosts: 127.0.0.1 fr.a2dfp.net
O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 abcstats.com
O1 - Hosts: 127.0.0.1 a.abv.bg
O1 - Hosts: 127.0.0.1 adserver.abv.bg
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 ca.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1 achmedia.com
O1 - Hosts: 127.0.0.1 csh.actiondesk.com
O1 - Hosts: 127.0.0.1 www.activemeter.com #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ads.activepower.net
O1 - Hosts: 127.0.0.1 stat.active24stats.nl #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 cms.ad2click.nl
O1 - Hosts: 127.0.0.1 ad2games.com
O1 - Hosts: 127.0.0.1 ads.ad2games.com
O1 - Hosts: 127.0.0.1 content.ad20.net
O1 - Hosts: 15610 more lines...
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll File not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll ()
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [boincmgr] C:\Program Files\BOINC\boincmgr.exe (World Community Grid)
O4 - HKLM..\Run: [boinctray] C:\Program Files\BOINC\boinctray.exe (Space Sciences Laboratory)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [FreeAC] C:\Program Files\FreeAlarmClock\FreeAlarmClock.exe (Comfort Software Group)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PlayerScore.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office10\EXCEL.EXE/3000 File not found
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - Reg Error: Value error. File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {063F7D71-5E0B-48F2-87D5-F63C5917947E} http://ahnlabdownloa...ugin/aosmgr.cab (Reg Error: Key error.)
O16 - DPF: {0A2233AD-E771-11D2-973D-00104B15E56F} file:///C:/Windows/Temp/ToinbTR.cab (ToinbWTR Class)
O16 - DPF: {14DA1FE5-438E-4E2C-959D-5BF03F63EA9C} file:///C:/Windows/Temp/ToinbCComboII.cab (ToinbWCComboII Class)
O16 - DPF: {1C18220D-EC23-48C8-B35E-857ADE9D1465} file:///C:/Windows/Temp/Potential.cab (Potential Class)
O16 - DPF: {1C75AED9-693D-4D6A-8799-EBCCFE6D74D5} http://portal.chungd...GFileUpload.CAB (XGFILEUPLOAD Control)
O16 - DPF: {1F57AEAD-DB12-11D2-A4F9-00608CEBEE49} file:///C:/Windows/Temp/ToinbGrid.cab (ToinbWGrid Class)
O16 - DPF: {3267EA0D-B5D8-11D2-A4F9-00608CEBEE49} file:///C:/Windows/Temp/ToinbData.cab (ToinbWData Class)
O16 - DPF: {37D13B2F-E5EB-11D2-973D-00104B15E56F} file:///C:/Windows/Temp/ToinbRep.cab (ToinbWReport Class)
O16 - DPF: {3EFC2239-B769-469F-A5E6-38693AE0B9DE} http://www.benchbee....ab/sysinfo2.cab (Sysinfo2 Control)
O16 - DPF: {4401B994-DD33-11D2-B539-006097ADB678} file:///C:/Windows/Temp/ToinbTree.cab (ToinbWTree Class)
O16 - DPF: {4F1962EE-FBDF-4979-B2D0-1FE7760EDDEA} file:///C:/Windows/Temp/FileConverter.cab (FileConverter Class)
O16 - DPF: {5FBAE1CD-A276-11D3-AF84-00C026DC3D95} file:///C:/Windows/Temp/ToinbMEdit.cab (ToinbwMEdit Class)
O16 - DPF: {60109D65-70C0-425C-B3A4-4CB001513C69} file:///C:/Windows/Temp/LuxeCombo.cab (LuxeWCombo Class)
O16 - DPF: {62076E39-043C-4A5A-BF17-D8A2128ACD93} http://pib.wooribank...rezen/WRebw.cab (WRebw Module)
O16 - DPF: {69F1348F-3EBE-11D3-973D-0060979E2A03} file:///C:/Windows/Temp/ToinbIFile.cab (ToinbWInputFile Class)
O16 - DPF: {6CE20149-ABE3-462E-A1B4-5B549971AA38} http://ck.softforum....key3104_32k.cab (XecureCKKB Class)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.co...iaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {754F3DC4-0C79-4C92-AD64-A806D8FF2AB0} file:///C:/Windows/Temp/ToinbRadio.cab (ToinbWRadio Class)
O16 - DPF: {7A54CBF0-2CB4-11D4-973E-0060979E2A03} file:///C:/Windows/Temp/ToinbMenu.cab (ToinbWMenu Class)
O16 - DPF: {7A868592-7D06-44CF-ADF1-EF7517BD8F3A} http://aca.koreapoly.../ManagerEx4.cab (ManagerEx4 Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {8EEBE06F-29A9-4704-B339-F6CB260F71E3} http://portal.chungd...OCX/BWordXU.cab (BWordXU Control)
O16 - DPF: {91B0A4F0-3206-4564-9BB4-AF9055DEF8A1} file:///C:/Windows/Temp/ToinbTextArea.cab (ToinbWTextArea Class)
O16 - DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} http://download.micr...44/igdtoolx.cab (IGDTester Class)
O16 - DPF: {9C9AB433-EA85-11D2-A4F9-00608CEBEE49} file:///C:/Windows/Temp/ToinbBind.cab (ToinbWBind Class)
O16 - DPF: {A1B83F7D-05D8-42F8-9C29-99ED06CD528C} http://speed.nia.or....NIAforHuman.cab (SysNIAforHuman Control)
O16 - DPF: {B10570FB-3C00-4D0D-AF11-9B775C903D62} http://kibt.koreapol...oaderPlusX2.cab (TeamsLoaderPlusX2 Control)
O16 - DPF: {BCB3A52D-F8E7-11D3-973E-0060979E2A03} file:///C:/Windows/Temp/ToinbImgData.cab (ToinbWImgData Class)
O16 - DPF: {C1143E84-B2B1-473B-9F20-E62DD754FCAF} http://pib.wooribank...ineTransfer.cab (VineTransfer Control)
O16 - DPF: {C193DE20-29F4-4B4F-963B-EB20CB3186C0} http://speed.nia.or....n/SpeedTest.cab (SpeedTest Control)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.17.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DA7DA24A-D5F1-455F-BC74-4BE6D36FEC3F} http://ug.activetuto...te/4CUpdate.cab (UpdateAgent Class)
O16 - DPF: {E6876E99-7C28-43AD-9088-315DC302C05F} file:///C:/Windows/Temp/ToinbEMEdit.cab (ToinbWEMEdit Class)
O16 - DPF: {E92D4BD6-F236-4FF0-AC7F-BC17CC6456AA} http://www.benchbee..../BSpeedTest.cab (BSpeedTest Control)
O16 - DPF: {ED382953-E907-11D3-B694-006097AD7252} file:///C:/Windows/Temp/ToinbTab.cab (ToinbWTab Class)
O16 - DPF: {FD4C6571-DD20-11D2-973D-00104B15E56F} file:///C:/Windows/Temp/ToinbCCombo.cab (ToInbWCCombo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 164.124.101.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1709D91D-A2B2-4B40-A094-4C9FD704D4E5}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2E488934-6F1A-4C77-B956-0CD5FE9FD30D}: DhcpNameServer = 164.124.101.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{671CDC4E-8DDF-4BF6-B777-1418C9030794}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B624B6D4-002B-4FB4-A7D1-3677170BF243}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll ()
O18 - Protocol\Filter\application/x-gforms-deflate - No CLSID value found
O18 - Protocol\Filter\application/x-gforms-xml - No CLSID value found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 06:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{90b771ff-d3b8-11df-917e-00270e2ea6b9}\Shell - "" = AutoRun
O33 - MountPoints2\{90b771ff-d3b8-11df-917e-00270e2ea6b9}\Shell\AutoRun\command - "" = "H:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/04/13 21:45:04 | 000,000,000 | ---D | C] -- C:\Users\Matt\Desktop\hosts
[2013/04/13 21:23:15 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.exe
[2013/04/13 21:08:07 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\ESET
[2013/04/13 17:05:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
[2013/04/13 17:05:25 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2013/04/13 17:05:25 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/04/13 16:57:15 | 001,415,824 | ---- | C] (ESET) -- C:\Users\Matt\Desktop\eset_nod32_antivirus_live_installer.exe
[2013/04/13 13:47:03 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\Programs
[2013/04/13 13:40:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/04/13 13:32:50 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2013/04/12 13:55:04 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/04/07 15:50:05 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Roaming\Curse Advertising
[2013/04/03 22:06:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\POWERPREP II
[2013/04/03 22:06:28 | 000,000,000 | ---D | C] -- C:\Program Files\ETS
[2013/03/25 13:29:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013/03/25 02:10:08 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Roaming\MultiBit
[2013/03/25 02:09:23 | 000,000,000 | ---D | C] -- C:\Program Files\MultiBit-0.4.23
[2013/03/25 02:09:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MultiBit
[2013/03/18 04:09:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Stardock
[2013/03/18 03:53:14 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\PackageAware
[2013/03/17 01:33:35 | 000,000,000 | ---D | C] -- C:\Users\Matt\Desktop\Planet.Earth.2006.720p.HDDVD.x264-ESiR
[8 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/04/13 21:41:00 | 000,000,668 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/13 21:29:35 | 000,017,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/13 21:29:35 | 000,017,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/13 21:23:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.exe
[2013/04/13 21:21:46 | 000,000,664 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/13 21:20:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/04/13 21:20:09 | 2810,376,192 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/13 17:07:07 | 000,001,972 | ---- | M] () -- C:\Users\Matt\Desktop\ESET NOD32 Antivirus.lnk
[2013/04/13 16:57:15 | 001,415,824 | ---- | M] (ESET) -- C:\Users\Matt\Desktop\eset_nod32_antivirus_live_installer.exe
[2013/04/13 13:50:56 | 000,002,185 | ---- | M] () -- C:\Users\Matt\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/04/13 13:47:54 | 000,001,027 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/13 13:40:45 | 000,002,161 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/04/13 13:32:51 | 000,001,065 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/04/13 13:26:29 | 000,447,659 | ---- | M] () -- C:\Windows\System32\drivers\etc\HOSTS.MVP
[2013/04/13 13:22:14 | 000,001,067 | ---- | M] () -- C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PlayerScore.lnk
[2013/04/13 13:20:34 | 000,320,872 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/04/03 22:06:48 | 000,001,906 | ---- | M] () -- C:\Users\Public\Desktop\GRE PowerPrep II.lnk
[2013/04/03 00:30:42 | 1398,685,900 | ---- | M] () -- C:\Users\Matt\Desktop\Game.of.Thrones.S03E01.720p.HDTV.x264-EVOLVE.mkv
[2013/04/02 13:56:56 | 000,575,742 | ---- | M] () -- C:\Windows\System32\drivers\etc\HOSTS
[2013/03/25 02:09:22 | 000,001,759 | ---- | M] () -- C:\Users\Public\Desktop\MultiBit 0.4.23.lnk
[2013/03/24 13:44:42 | 000,001,949 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013/03/24 12:16:14 | 000,447,003 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20130413-132629.backup
[2013/03/24 11:51:02 | 000,632,708 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/03/24 11:51:02 | 000,412,224 | ---- | M] () -- C:\Windows\System32\perfh012.dat
[2013/03/24 11:51:02 | 000,110,342 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/03/24 11:51:02 | 000,108,630 | ---- | M] () -- C:\Windows\System32\perfc012.dat
[2013/03/18 04:03:17 | 000,000,837 | ---- | M] () -- C:\Users\Matt\Desktop\SimulationCraft - Shortcut.lnk
[2013/03/17 00:11:43 | 000,958,369 | ---- | M] () -- C:\Users\Matt\Desktop\black hole.jpg
[2013/03/15 08:45:55 | 000,001,278 | ---- | M] () -- C:\Users\Matt\Desktop\client-4.2.jnlp
[8 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/04/13 17:07:07 | 000,001,972 | ---- | C] () -- C:\Users\Matt\Desktop\ESET NOD32 Antivirus.lnk
[2013/04/13 13:40:45 | 000,002,185 | ---- | C] () -- C:\Users\Matt\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/04/13 13:40:45 | 000,002,161 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/04/13 13:36:52 | 000,000,668 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/13 13:36:51 | 000,000,664 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/13 13:32:51 | 000,001,077 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/04/13 13:32:51 | 000,001,065 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/04/03 22:06:48 | 000,001,906 | ---- | C] () -- C:\Users\Public\Desktop\GRE PowerPrep II.lnk
[2013/04/03 00:21:48 | 1398,685,900 | ---- | C] () -- C:\Users\Matt\Desktop\Game.of.Thrones.S03E01.720p.HDTV.x264-EVOLVE.mkv
[2013/03/25 02:09:22 | 000,001,759 | ---- | C] () -- C:\Users\Public\Desktop\MultiBit 0.4.23.lnk
[2013/03/24 13:44:42 | 000,001,949 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013/03/24 13:44:40 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013/03/18 04:03:17 | 000,000,837 | ---- | C] () -- C:\Users\Matt\Desktop\SimulationCraft - Shortcut.lnk
[2013/03/17 00:11:43 | 000,958,369 | ---- | C] () -- C:\Users\Matt\Desktop\black hole.jpg
[2013/03/15 08:45:51 | 000,001,278 | ---- | C] () -- C:\Users\Matt\Desktop\client-4.2.jnlp
[2012/10/15 05:22:00 | 000,001,057 | ---- | C] () -- C:\Users\Matt\AppData\Roaming\vso_ts_preview.xml
[2012/09/10 22:20:52 | 002,923,201 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin
[2012/01/26 16:59:01 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/12/11 19:30:09 | 000,003,584 | ---- | C] () -- C:\Users\Matt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/09 20:03:39 | 000,065,536 | ---- | C] () -- C:\Windows\System32\cosa.dll
[2011/12/09 20:03:39 | 000,015,512 | ---- | C] () -- C:\Windows\System32\IRTrace.dll
[2011/08/17 01:29:33 | 000,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2011/06/29 10:43:58 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011/06/11 02:37:20 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/06/11 02:36:14 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2010/10/08 21:55:06 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

========== ZeroAccess Check ==========

[2009/07/14 13:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 13:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 21:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 10:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011/12/09 20:06:14 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\AhnLab
[2011/08/15 21:46:37 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Amazon
[2011/04/10 19:58:33 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\AVG
[2012/10/07 15:14:00 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\AVG2013
[2013/04/10 09:07:19 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Curse Advertising
[2010/10/10 00:22:38 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\DAEMON Tools Lite
[2011/08/06 02:32:36 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Leadertech
[2012/04/24 02:23:10 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\LolClient
[2012/06/02 22:55:58 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\LolClient2
[2013/03/25 02:36:20 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\MultiBit
[2011/11/06 11:15:46 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Mumble
[2011/11/25 09:39:11 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\OpenDNS Updater
[2010/10/08 22:47:22 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\OpenOffice.org
[2012/07/19 15:06:15 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\PlayerScoreDesktop
[2011/09/17 12:32:42 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\PunkBuster
[2011/08/15 22:09:23 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\The Creative Assembly
[2012/10/07 15:04:27 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\TuneUp Software
[2010/11/07 16:15:19 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Turbine
[2013/04/13 13:55:25 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\uTorrent
[2012/10/15 05:24:45 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Vso

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 180 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >

Edited by MattDMan1984, 13 April 2013 - 07:42 AM.

  • 0

Advertisements

#2
godawgs
Posted 15 April 2013 - 10:57 AM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
HelloMatt, :wave: Welcome to the forums!
:welcome:. My name is godawgs and I will be assisting you with your Virus / Malware issues.
We apologize for the delay in responding to your request for help. Here at GeeksToGo we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

I will start working on your Malware issues. This may, or may not, solve other issues you have with your machine. The fixes are specific to your problem and should only be used for this issue on this machine!

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.
If you have not, please adhere to the guidelines below and then carefully follow all future instructions:

You must reply to posts within four days. If you haven't replied within that time, the topic will be closed! If you need additional time to complete things, just let me know.
If you're not sure, or if something unexpected happens, Do NOT continue! Stop and ask!

This board can notify you when a new reply is added to a topic. Please read this topic to find out how to do that.

Please do not run any tools unless instructed to do so.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability. Do as the instructions ask, nothing extra. Do Not run things twice unless instructed.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • If I ask a Question just answer it, don't run anything unless directed to.
Please read every post completely before doing anything.
  • Pay special attention to the NOTE: lines, or anything in red. These entries identify an individual issue or important step in the cleanup process.
  • Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. Some of the steps I will be asking you to do may require you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
Logs from malware diagnostic or removal programs (OTL is one of them) can take some time to analyze.
  • I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forum, (sometimes :lol: )
  • Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
Lastly, Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. Some infections are so severe that we might encounter situations where the only recourse is to re-format and re-install your operating system. Don't worry, this only happens in severe cases, but, sadly, it does happen.
In light of this be prepared to back up your data. Have means of backing up your data available.

IMPORTANT:Change your browser(s) to download any tools to the desktop.
Follow the directions here
For FireFox check the dot beside "Always ask me where to save files."
For Chrome, check the box beside "Ask where to save each file before downloading"
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

When OTL runs the first time it creates a file named Extras.txt. It should be in the same directory you ran OTL from. Please post the contents of that file.

I don't see a lot on the system. The first thing is the two antivirus programs you have running, ESET and AVG.

I see that you have more than one anti-virus programs installed and running. You should only have one anti-virus program installed and running. Anti-virus programs run in the background providing continuous protection of your system. It's called Real-Time Protection, or scanning, and it uses system resources as it runs. Two or more anti-virus programs running at the same time will use 2 or 3 times the ammount of system resources, or more. Because each program wants control of the system, there will be conflicts caused, including false positives. The end result is actually LESS anti-virus protection.

Please decide which antivirus you want to keep and I will help you remove the other.

Part of the internet slowness may be due to the Pando Networks program. Thjis is a dire application that does not perform as stated and can be a bandwidth hog also. Technically this type of software is based upon peer to peer technology and you can never really be sure what it is purportedly downloading is always safe. Plus it does not always make that much of a improvement with downloading.

I see some browser plugins installed by 4C Soft, Inc. which shows to be a Korean company. Do you know anything about these:

4csoft.com/MediaPlayer
4csoft.com/StudioNX
4csoft.com/UpdateAgent

Is your Internet Service Provider Comcast Cable?

There is also a URL from a Korean Company:
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 164.124.101.2
Do you know anything about this?

I want to get a couple more scans and also have the spbu.sys file scanned.


Step-1.

Run aswMBR
  • Download aswMBR.exe to your desktop.
  • (Windows /7 users: Right click the file and click Run as Administrator. If you get a UAC window, allow the file to run.
  • If it asks you if you want to download the latest virus definitions, click Yes
  • Click the "Scan" button to start the scan
    Posted Image
  • On completion of the scan click save log. Save it to your desktop and post in your next reply.
    Posted Image
NOTE: When you run aswMBR, if it is shutdown automatically, then it is most likely the infection detecting that aswMBR is running and terminating it. In this situation you should rename the executable (aswMBR.exe) to iexplore.exe and try it again.


Step-2.

Run RogueKiller

  • Download RogueKiller.
  • Click the English Webpage link.
  • Click the 32bits (x86) download link and save the RogueKiller.exe file to the desktop.

    NOTE: If using IE8 or better Smartscreen Filter will need to be disabled
  • Quit all programs and close all browsers.
  • Right click the RogueKiller icon and click Run as Administrator to run the program.
  • Wait until Prescan has finished ...
  • Click on Scan

    Posted Image
  • Wait for the end of the scan.
  • DO NOT delete anything at this time.
  • The report has been created on the desktop.
Please post:
All RKreport.txt text files located on your desktop.
NOTE: If RogueKiller has been blocked, do not hesitate to try a few times more. If it really won't run, rename it to winlogon.exe (or winlogon.com) and try again


Step-3.

AdwCleaner by Xplode

Download AdwCleaner from here to your desktop.
Close all open windows and browsers.

  • (Vista and 7 users)right click The adwcleaner.exe, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    Posted Image
  • Click the Search button and wait for the scan to finish.
  • Once done it may ask to reboot, allow this.
  • Do Not delete anything at this time.
  • On reboot a log will be produced please copy/paste that in your next reply. This report is also saved to C:\AdwCleaner[R1].txt


Step-4.

Virustotal File Upload:

To use Virustotal go Here
Posted Image
  • Click the Choose File button in the middle of the screen. This will open a File Upload window.
  • On the File Upload window, in the File name box, type, or copy and paste the following and click Open:
    NOTE.. Only one file per scan

    C:/Windows/System32/Drivers/spbu.sys
  • This will put the file in the box on the Virustotal page.
  • Click the Scan it! button.
  • IF you get a message that the file has already been analyzed click the Reanalyze button and the file will be scanned.
  • Please be patient while the file is scanned. It may take several minutes.
  • Once the scan results appear, please provide them in your next reply, or copy and paste the Virustotal link(s) (URL) in your next reply

Step-5.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. Answer my questions above.
2. The Extras.txt log
3. The aswMBR log
4. The RKreport.xtx log
5. The AdwCleaner[R1].txt log
6. The Virus Total results or a link to the results.
  • 0

#3
MattDMan1984
Posted 15 April 2013 - 10:59 PM

MattDMan1984

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
I have made a current backup to my external hard drive in case things go terribly wrong.

I have changed Chrome to download directly to the Desktop and to prompt me for download locations.

I cannot find the Extras.txt file. As per your instructions, I will not run OTL again or proceed with any of the other steps until you tell me otherwise. I will make sure not to move or delete any files from here going forward, and I apologize for making more work for you.

I will happily get rid of ESET. I only installed it in response to this specific problem, and I see your point about having less protection as a result.

I recall I was required to install Pando along with some game I purchased a while ago, and I will of course get rid of it if you think it might be a problem.

The software/URLs from Korea are probably because I live in Seoul, South Korea. I know I have had to install programs to correct essays for my job and for online banking, but this was many months ago and I do not recall the names of these programs. My ISP is C&M Communications, a Korean company.

Please let me know if you want me to run OTL a second time or whatever it takes to generate that Extras.txt file again before I proceed with the other scans. Thanks for your response and your time.

Edited by MattDMan1984, 15 April 2013 - 11:06 PM.

  • 0

#4
godawgs
Posted 16 April 2013 - 08:18 PM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

I have made a current backup to my external hard drive in case things go terribly wrong.

I have changed Chrome to download directly to the Desktop and to prompt me for download locations.

I cannot find the Extras.txt file. As per your instructions, I will not run OTL again or proceed with any of the other steps until you tell me otherwise. I will make sure not to move or delete any files from here going forward, and I apologize for making more work for you.

I will happily get rid of ESET. I only installed it in response to this specific problem, and I see your point about having less protection as a result.

I recall I was required to install Pando along with some game I purchased a while ago, and I will of course get rid of it if you think it might be a problem.

The software/URLs from Korea are probably because I live in Seoul, South Korea. I know I have had to install programs to correct essays for my job and for online banking, but this was many months ago and I do not recall the names of these programs. My ISP is C&M Communications, a Korean company.

Understood and no worries. I apologize about my confusion about Korea, but the OTL log showed the country as the United States.

Please let me know if you want me to run OTL a second time or whatever it takes to generate that Extras.txt file again before I proceed with the other scans. Thanks for your response and your time.

You are welcome. Let's start fresh and get new OTL and Extras.txt logs, then we will uninstall the unwanted programs and go from there.


I have changed the settings for the OTL scan so read them carefully.

Step-1.

Posted Image OTL Custom Scan

1. Please copy the text in the Quote box below, (Do Not copy the word Quote), and paste it in the Posted Image box in OTL. To do that:
  • Highlight everything inside the quote box, (except the word Quote), right click the mouse and click Copy.

netsvcs
base services
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
services.*
/md5stop
C:\Program Files\Common Files\ComObjects\*.* /s
DRIVES
>C:\commands.txt echo list vol /raw /hide /c
/wait
>C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
/wait
type c:\diskreport.txt /c
/wait
del c:\commands.txt^|y /hide /c
/wait
del c:\diskreport.txt^|y /hide /c


2. Re-open Posted Imageon the desktop. To do that:
  • Vista / 7 Users: Right click on the icon and click Run as Administrator)
Make sure all other windows are closed.
  • You will see a console like the one below:

    Posted Image
  • Click the box beside Scan All Users at the top of the console.<---Very Important
  • Do Not click the box beside Include 64bit Scans at the top of the console.
  • Make sure the Output box at the top is set to Standard Output.
  • In the Extra Registry section, click the radio button beside Use SafeList<---Very Improtant
  • Check the boxes beside LOP Check and Purity Check.
  • Place the mouse pointer inside thePosted Image box, right click and click Paste. This will put the above script inside OTL
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so.
  • Let the scan run uninterrupted.
  • When the scan completes, it will open OTL.Txt on the desktop. The Extras.txt file will be minimized on the taskbar. These files are also saved in the same location as OTL (it should be on your desktop).
  • Please copy the contents of these files and paste them into your next reply. To do that:
  • On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
  • Right click inside the forum post window then click Paste. This will paste the contents of the OTL.txt file in the in the post window.
Repeat for the Extras.txt log.


Step-2.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. The new OTL.txt log
2. The Extras.txt log
  • 0

#5
MattDMan1984
Posted 17 April 2013 - 07:24 AM

MattDMan1984

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
OTL logfile created on: 4/17/2013 9:56:34 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Matt\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.49 Gb Total Physical Memory | 2.34 Gb Available Physical Memory | 67.01% Memory free
6.98 Gb Paging File | 4.93 Gb Available in Paging File | 70.61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148.91 Gb Total Space | 41.64 Gb Free Space | 27.96% Space Free | Partition Type: NTFS
Drive E: | 100.00 Mb Total Space | 61.59 Mb Free Space | 61.60% Space Free | Partition Type: NTFS
Drive F: | 7.53 Gb Total Space | 3.53 Gb Free Space | 46.92% Space Free | Partition Type: FAT32
Drive H: | 931.51 Gb Total Space | 229.66 Gb Free Space | 24.65% Space Free | Partition Type: NTFS

Computer Name: MATT-PC | User Name: Matt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/04/13 21:23:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.exe
PRC - [2013/03/21 15:19:46 | 001,341,664 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2013/03/21 15:19:40 | 005,078,504 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2013/03/19 22:26:44 | 003,289,208 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/02/19 13:39:41 | 001,151,152 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2013/02/19 13:39:41 | 000,968,880 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
PRC - [2012/12/29 17:26:22 | 001,822,136 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2012/12/29 17:26:22 | 000,873,400 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2012/12/29 02:53:20 | 000,383,416 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/12/19 04:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/12/11 03:52:44 | 003,147,384 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe
PRC - [2012/11/30 11:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012/11/23 11:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/11/15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe
PRC - [2012/10/30 04:59:56 | 000,726,648 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgrsx.exe
PRC - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe
PRC - [2012/10/22 13:04:32 | 001,116,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgnsx.exe
PRC - [2012/10/22 13:03:52 | 000,796,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgemcx.exe
PRC - [2012/10/22 13:03:46 | 000,440,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcsrvx.exe
PRC - [2011/11/22 16:53:28 | 001,327,440 | ---- | M] (Comfort Software Group) -- C:\Program Files\FreeAlarmClock\FreeAlarmClock.exe
PRC - [2011/02/25 14:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/30 17:26:12 | 000,749,384 | ---- | M] (AVG) -- C:\Program Files\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
PRC - [2010/09/23 18:59:44 | 004,543,232 | ---- | M] (World Community Grid) -- C:\Program Files\BOINC\boincmgr.exe
PRC - [2010/09/23 18:59:42 | 000,058,112 | ---- | M] (Space Sciences Laboratory) -- C:\Program Files\BOINC\boinctray.exe
PRC - [2010/09/23 18:59:40 | 000,537,344 | ---- | M] (World Community Grid) -- C:\Program Files\BOINC\boinc.exe
PRC - [2009/10/07 14:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/09/17 00:02:42 | 000,352,312 | ---- | M] (Rosetta Stone Ltd.) -- C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdController.exe
PRC - [2008/09/17 00:02:42 | 000,013,368 | ---- | M] (Rosetta Stone Ltd.) -- C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServer.exe


========== Modules (No Company Name) ==========

MOD - [2013/02/19 13:39:41 | 001,151,152 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2013/02/19 13:39:41 | 000,156,848 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\SiteSafety.dll
MOD - [2010/11/30 17:27:16 | 000,473,960 | ---- | M] () -- C:\Program Files\AVG\AVG PC Tuneup 2011\sqlite3.dll
MOD - [2010/11/30 17:26:54 | 000,350,024 | ---- | M] () -- C:\Program Files\AVG\AVG PC Tuneup 2011\madExcept_.bpl
MOD - [2010/11/30 17:26:52 | 000,184,136 | ---- | M] () -- C:\Program Files\AVG\AVG PC Tuneup 2011\madBasic_.bpl
MOD - [2010/11/30 17:26:52 | 000,050,504 | ---- | M] () -- C:\Program Files\AVG\AVG PC Tuneup 2011\madDisAsm_.bpl
MOD - [2010/03/15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2009/08/18 12:02:42 | 000,061,952 | ---- | M] () -- C:\Program Files\BOINC\zlib1.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - [2013/04/10 15:58:17 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/03/30 04:53:56 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/03/21 15:19:46 | 001,341,664 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2013/03/19 22:26:44 | 003,289,208 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/02/19 13:39:41 | 000,968,880 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe -- (vToolbarUpdater14.2.0)
SRV - [2012/12/29 19:26:54 | 001,260,472 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/12/29 02:53:20 | 000,383,416 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/12/19 04:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/11/15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/08/02 03:37:41 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/10/08 03:00:49 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/10/07 14:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009/07/14 10:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 10:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 10:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/09/17 00:02:42 | 000,352,312 | ---- | M] (Rosetta Stone Ltd.) [Auto | Running] -- C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdController.exe -- (RosettaStoneLtdController)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (Synth3dVsc)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NPF)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\JRSKD24.SYS -- (JRSKD24)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (BCMH43XX)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (afpz7l14)
DRV - [2013/02/20 11:07:38 | 000,171,680 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\System32\drivers\eamonm.sys -- (eamonm)
DRV - [2013/02/19 13:39:41 | 000,033,112 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2013/01/10 15:08:16 | 000,105,760 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV - [2013/01/10 15:08:14 | 000,122,240 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2012/12/29 19:26:54 | 008,904,632 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012/11/15 23:33:26 | 000,094,048 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2012/10/22 13:02:46 | 000,179,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2012/10/15 03:48:52 | 000,055,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/10/02 03:30:38 | 000,159,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/09/21 03:46:06 | 000,164,832 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/09/21 03:46:00 | 000,177,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avglogx.sys -- (Avglogx)
DRV - [2012/09/21 03:45:54 | 000,019,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2012/09/14 03:05:20 | 000,035,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2012/08/23 23:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012/08/23 23:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2012/07/04 00:25:17 | 000,149,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2011/12/09 20:05:52 | 000,022,480 | R--- | M] (Soft Security Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\JRSUKD25.SYS -- (JRSUKD25)
DRV - [2011/12/09 20:01:18 | 000,126,048 | ---- | M] (Kings Information & Network) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\kcrtx86.sys -- (kcrtx86)
DRV - [2010/11/20 21:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 21:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 21:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 19:06:36 | 000,117,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST)
DRV - [2010/11/20 18:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 18:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 18:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/10/10 00:18:07 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2010/06/12 03:13:54 | 000,841,504 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ae1000w7.sys -- (AE1000)
DRV - [2010/04/28 02:41:10 | 000,306,016 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr70.sys -- (rt70x86)
DRV - [2010/04/06 00:36:20 | 000,224,424 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1k6232.sys -- (e1kexpress)
DRV - [2009/10/07 14:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/05/01 08:01:34 | 000,265,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2009/05/01 07:55:56 | 002,687,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LV302V32.SYS -- (PID_PEPI)
DRV - [2009/05/01 07:55:32 | 000,013,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lv302af.sys -- (pepifilter)
DRV - [2008/07/26 15:26:22 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007/08/02 09:32:26 | 000,022,784 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dadder.sys -- (DAdderFltr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-870645799-4136988807-1401639153-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-870645799-4136988807-1401639153-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-870645799-4136988807-1401639153-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8F 01 8D 20 1C 38 CE 01 [binary data]
IE - HKU\S-1-5-21-870645799-4136988807-1401639153-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-870645799-4136988807-1401639153-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-870645799-4136988807-1401639153-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...fr&d=2012-10-07 15:04:14&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-870645799-4136988807-1401639153-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@4csoft.com/MediaPlayer: C:\Windows\system32\4C Soft\Common\NPMPlayerNX.dll (4C Soft, Inc.)
FF - HKLM\Software\MozillaPlugins\@4csoft.com/StudioNX: C:\Windows\system32\4C Soft\NXViewer\NPStudioNX.dll (4C Soft, Inc.)
FF - HKLM\Software\MozillaPlugins\@4csoft.com/UpdateAgent: C:\Windows\Downloaded Program Files\NP4CUpdate.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@interezen.co.kr/npi3gmanager: C:\Program Files\Interezen\Plugins\NPI3GManager.dll (Interezen © Interezen.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@softforum.com/npKeyPro: C:\Windows\system32\npKeyPro.dll (Softsecurity Co., Ltd.)
FF - HKLM\Software\MozillaPlugins\@softforum.com/npxwebplugins: C:\Program Files\SoftForum\XecureWeb\ActiveX\npxwebplugin.dll (SoftForum Co., Ltd.)
FF - HKLM\Software\MozillaPlugins\@softforum.com/npxwebplugins_file: C:\Program Files\SoftForum\XecureWeb\ActiveX\npxwebplugin_file.dll (SoftForum Co., Ltd.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@www.ubikey.co.kr/application/npvinetransfer-plugin: C:\Program Files\INFovine\npVineTransfer.dll ( )
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@softforum.com/npxwebplugins: C:\Program Files\SoftForum\XecureWeb\ActiveX\npxwebplugin.dll (SoftForum Co., Ltd.)
FF - HKCU\Software\MozillaPlugins\@softforum.com/npxwebplugins_file: C:\Program Files\SoftForum\XecureWeb\ActiveX\npxwebplugin_file.dll (SoftForum Co., Ltd.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Matt\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\@www.ubikey.co.kr/application/npvinetransfer-plugin: C:\Program Files\INFovine\npVineTransfer.dll ( )
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\14.2.0.1 [2013/02/19 13:40:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/05/31 16:41:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/04/13 13:32:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/04/12 13:55:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2013/04/13 17:05:31 | 000,000,000 | ---D | M]

[2013/04/13 13:33:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Extensions
[2013/04/13 13:32:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/04/12 13:55:05 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/04/12 13:55:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}
[2013/04/12 13:55:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013/04/12 13:55:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013/04/10 15:58:33 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013/02/19 13:40:12 | 000,003,714 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2013/04/10 15:57:54 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013/04/10 15:57:54 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.igoogle.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: npruntime scriptable UBIKey plugin (Enabled) = C:\Program Files\INFovine\npVineTransfer.dll
CHR - plugin: NPI3GManager © Interezen. plugin (Enabled) = C:\Program Files\Interezen\Plugins\NPI3GManager.dll
CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll
CHR - plugin: Java™ Platform SE 7 U17 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: SoftForum XecureWeb Control Plug-in (Enabled) = C:\Program Files\SoftForum\XecureWeb\ActiveX\npxwebplugin.dll
CHR - plugin: SoftForum XecureWeb File Control Plug-in (Enabled) = C:\Program Files\SoftForum\XecureWeb\ActiveX\npxwebplugin_file.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Matt\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: 4CMediaPlayer (Enabled) = C:\Windows\system32\4C Soft\Common\NPMPlayerNX.dll
CHR - plugin: STUDIO NX - Player (Enabled) = C:\Windows\system32\4C Soft\NXViewer\NPStudioNX.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw_1200112.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll
CHR - plugin: TouchEn Key for Multi-Browser (Enabled) = C:\Windows\system32\npKeyPro.dll
CHR - Extension: Google Docs = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: AdBlock = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.61_0\
CHR - Extension: AVG Security Toolbar = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\14.2.0.1_0\
CHR - Extension: Gmail = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/04/02 13:56:56 | 000,575,742 | ---- | M]) - C:\Windows\System32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost #[IPv6]
O1 - Hosts: 127.0.0.1 fr.a2dfp.net
O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 abcstats.com
O1 - Hosts: 127.0.0.1 a.abv.bg
O1 - Hosts: 127.0.0.1 adserver.abv.bg
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 ca.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1 achmedia.com
O1 - Hosts: 127.0.0.1 csh.actiondesk.com
O1 - Hosts: 127.0.0.1 www.activemeter.com #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ads.activepower.net
O1 - Hosts: 127.0.0.1 stat.active24stats.nl #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 cms.ad2click.nl
O1 - Hosts: 127.0.0.1 ad2games.com
O1 - Hosts: 127.0.0.1 ads.ad2games.com
O1 - Hosts: 127.0.0.1 content.ad20.net
O1 - Hosts: 15610 more lines...
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll File not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll ()
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [boincmgr] C:\Program Files\BOINC\boincmgr.exe (World Community Grid)
O4 - HKLM..\Run: [boinctray] C:\Program Files\BOINC\boinctray.exe (Space Sciences Laboratory)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-21-870645799-4136988807-1401639153-1000..\Run: [FreeAC] C:\Program Files\FreeAlarmClock\FreeAlarmClock.exe (Comfort Software Group)
O4 - HKU\S-1-5-21-870645799-4136988807-1401639153-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-870645799-4136988807-1401639153-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office10\EXCEL.EXE/3000 File not found
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - Reg Error: Value error. File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {063F7D71-5E0B-48F2-87D5-F63C5917947E} http://ahnlabdownloa...ugin/aosmgr.cab (Reg Error: Key error.)
O16 - DPF: {0A2233AD-E771-11D2-973D-00104B15E56F} file:///C:/Windows/Temp/ToinbTR.cab (ToinbWTR Class)
O16 - DPF: {14DA1FE5-438E-4E2C-959D-5BF03F63EA9C} file:///C:/Windows/Temp/ToinbCComboII.cab (ToinbWCComboII Class)
O16 - DPF: {1C18220D-EC23-48C8-B35E-857ADE9D1465} file:///C:/Windows/Temp/Potential.cab (Potential Class)
O16 - DPF: {1C75AED9-693D-4D6A-8799-EBCCFE6D74D5} http://portal.chungd...GFileUpload.CAB (XGFILEUPLOAD Control)
O16 - DPF: {1F57AEAD-DB12-11D2-A4F9-00608CEBEE49} file:///C:/Windows/Temp/ToinbGrid.cab (ToinbWGrid Class)
O16 - DPF: {3267EA0D-B5D8-11D2-A4F9-00608CEBEE49} file:///C:/Windows/Temp/ToinbData.cab (ToinbWData Class)
O16 - DPF: {37D13B2F-E5EB-11D2-973D-00104B15E56F} file:///C:/Windows/Temp/ToinbRep.cab (ToinbWReport Class)
O16 - DPF: {3EFC2239-B769-469F-A5E6-38693AE0B9DE} http://www.benchbee....ab/sysinfo2.cab (Sysinfo2 Control)
O16 - DPF: {4401B994-DD33-11D2-B539-006097ADB678} file:///C:/Windows/Temp/ToinbTree.cab (ToinbWTree Class)
O16 - DPF: {4F1962EE-FBDF-4979-B2D0-1FE7760EDDEA} file:///C:/Windows/Temp/FileConverter.cab (FileConverter Class)
O16 - DPF: {5FBAE1CD-A276-11D3-AF84-00C026DC3D95} file:///C:/Windows/Temp/ToinbMEdit.cab (ToinbwMEdit Class)
O16 - DPF: {60109D65-70C0-425C-B3A4-4CB001513C69} file:///C:/Windows/Temp/LuxeCombo.cab (LuxeWCombo Class)
O16 - DPF: {62076E39-043C-4A5A-BF17-D8A2128ACD93} http://pib.wooribank...rezen/WRebw.cab (WRebw Module)
O16 - DPF: {69F1348F-3EBE-11D3-973D-0060979E2A03} file:///C:/Windows/Temp/ToinbIFile.cab (ToinbWInputFile Class)
O16 - DPF: {6CE20149-ABE3-462E-A1B4-5B549971AA38} http://ck.softforum....key3104_32k.cab (XecureCKKB Class)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.co...iaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {754F3DC4-0C79-4C92-AD64-A806D8FF2AB0} file:///C:/Windows/Temp/ToinbRadio.cab (ToinbWRadio Class)
O16 - DPF: {7A54CBF0-2CB4-11D4-973E-0060979E2A03} file:///C:/Windows/Temp/ToinbMenu.cab (ToinbWMenu Class)
O16 - DPF: {7A868592-7D06-44CF-ADF1-EF7517BD8F3A} http://aca.koreapoly.../ManagerEx4.cab (ManagerEx4 Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {8EEBE06F-29A9-4704-B339-F6CB260F71E3} http://portal.chungd...OCX/BWordXU.cab (BWordXU Control)
O16 - DPF: {91B0A4F0-3206-4564-9BB4-AF9055DEF8A1} file:///C:/Windows/Temp/ToinbTextArea.cab (ToinbWTextArea Class)
O16 - DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} http://download.micr...44/igdtoolx.cab (IGDTester Class)
O16 - DPF: {9C9AB433-EA85-11D2-A4F9-00608CEBEE49} file:///C:/Windows/Temp/ToinbBind.cab (ToinbWBind Class)
O16 - DPF: {A1B83F7D-05D8-42F8-9C29-99ED06CD528C} http://speed.nia.or....NIAforHuman.cab (SysNIAforHuman Control)
O16 - DPF: {B10570FB-3C00-4D0D-AF11-9B775C903D62} http://kibt.koreapol...oaderPlusX2.cab (TeamsLoaderPlusX2 Control)
O16 - DPF: {BCB3A52D-F8E7-11D3-973E-0060979E2A03} file:///C:/Windows/Temp/ToinbImgData.cab (ToinbWImgData Class)
O16 - DPF: {C1143E84-B2B1-473B-9F20-E62DD754FCAF} http://pib.wooribank...ineTransfer.cab (VineTransfer Control)
O16 - DPF: {C193DE20-29F4-4B4F-963B-EB20CB3186C0} http://speed.nia.or....n/SpeedTest.cab (SpeedTest Control)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.17.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DA7DA24A-D5F1-455F-BC74-4BE6D36FEC3F} http://ug.activetuto...te/4CUpdate.cab (UpdateAgent Class)
O16 - DPF: {E6876E99-7C28-43AD-9088-315DC302C05F} file:///C:/Windows/Temp/ToinbEMEdit.cab (ToinbWEMEdit Class)
O16 - DPF: {E92D4BD6-F236-4FF0-AC7F-BC17CC6456AA} http://www.benchbee..../BSpeedTest.cab (BSpeedTest Control)
O16 - DPF: {ED382953-E907-11D3-B694-006097AD7252} file:///C:/Windows/Temp/ToinbTab.cab (ToinbWTab Class)
O16 - DPF: {FD4C6571-DD20-11D2-973D-00104B15E56F} file:///C:/Windows/Temp/ToinbCCombo.cab (ToInbWCCombo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 164.124.101.2 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1709D91D-A2B2-4B40-A094-4C9FD704D4E5}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2E488934-6F1A-4C77-B956-0CD5FE9FD30D}: DhcpNameServer = 164.124.101.2 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{671CDC4E-8DDF-4BF6-B777-1418C9030794}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B624B6D4-002B-4FB4-A7D1-3677170BF243}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll ()
O18 - Protocol\Filter\application/x-gforms-deflate - No CLSID value found
O18 - Protocol\Filter\application/x-gforms-xml - No CLSID value found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 06:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{90b771ff-d3b8-11df-917e-00270e2ea6b9}\Shell - "" = AutoRun
O33 - MountPoints2\{90b771ff-d3b8-11df-917e-00270e2ea6b9}\Shell\AutoRun\command - "" = "H:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

========== Files/Folders - Created Within 30 Days ==========

[2013/04/14 04:47:10 | 000,000,000 | ---D | C] -- C:\Users\Matt\Desktop\simc-520
[2013/04/13 21:45:04 | 000,000,000 | ---D | C] -- C:\Users\Matt\Desktop\hosts
[2013/04/13 21:23:15 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.exe
[2013/04/13 21:08:07 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\ESET
[2013/04/13 17:05:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
[2013/04/13 17:05:25 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2013/04/13 17:05:25 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/04/13 16:57:15 | 001,415,824 | ---- | C] (ESET) -- C:\Users\Matt\Desktop\eset_nod32_antivirus_live_installer.exe
[2013/04/13 13:47:03 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\Programs
[2013/04/13 13:40:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/04/13 13:32:50 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2013/04/13 13:13:13 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/04/13 13:13:12 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/04/13 13:13:12 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/04/13 13:13:12 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/04/13 13:13:12 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/04/13 13:13:11 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/04/13 13:13:11 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/04/13 13:13:10 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/04/12 13:55:04 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/04/10 22:54:20 | 002,347,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/04/10 22:54:15 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013/04/10 22:54:15 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013/04/10 22:54:14 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2013/04/07 15:50:05 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Roaming\Curse Advertising
[2013/04/03 22:06:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\POWERPREP II
[2013/04/03 22:06:28 | 000,000,000 | ---D | C] -- C:\Program Files\ETS
[2013/03/25 13:29:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013/03/25 02:10:08 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Roaming\MultiBit
[2013/03/25 02:09:23 | 000,000,000 | ---D | C] -- C:\Program Files\MultiBit-0.4.23
[2013/03/25 02:09:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MultiBit
[2013/03/24 13:36:34 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013/03/24 13:36:16 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013/03/21 05:06:27 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys
[8 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/04/17 21:41:00 | 000,000,668 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/17 13:41:01 | 000,000,664 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/16 01:12:33 | 000,000,636 | ---- | M] () -- C:\Users\Matt\Desktop\SimulationCraft - Shortcut.lnk
[2013/04/14 05:42:43 | 000,017,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/14 05:42:43 | 000,017,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/14 04:44:44 | 034,620,231 | ---- | M] () -- C:\Users\Matt\Desktop\simc-520-6-win32 (1).zip
[2013/04/14 01:14:40 | 2810,376,192 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/13 21:23:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.exe
[2013/04/13 21:20:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/04/13 17:07:07 | 000,001,972 | ---- | M] () -- C:\Users\Matt\Desktop\ESET NOD32 Antivirus.lnk
[2013/04/13 16:57:15 | 001,415,824 | ---- | M] (ESET) -- C:\Users\Matt\Desktop\eset_nod32_antivirus_live_installer.exe
[2013/04/13 13:50:56 | 000,002,185 | ---- | M] () -- C:\Users\Matt\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/04/13 13:47:54 | 000,001,027 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/13 13:40:45 | 000,002,161 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/04/13 13:32:51 | 000,001,065 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/04/13 13:26:29 | 000,447,659 | ---- | M] () -- C:\Windows\System32\drivers\etc\HOSTS.MVP
[2013/04/13 13:20:34 | 000,320,872 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/04/03 22:06:48 | 000,001,906 | ---- | M] () -- C:\Users\Public\Desktop\GRE PowerPrep II.lnk
[2013/04/03 00:30:42 | 1398,685,900 | ---- | M] () -- C:\Users\Matt\Desktop\Game.of.Thrones.S03E01.720p.HDTV.x264-EVOLVE.mkv
[2013/04/02 13:56:56 | 000,575,742 | ---- | M] () -- C:\Windows\System32\drivers\etc\HOSTS
[2013/03/25 02:09:22 | 000,001,759 | ---- | M] () -- C:\Users\Public\Desktop\MultiBit 0.4.23.lnk
[2013/03/24 13:44:42 | 000,001,949 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013/03/24 13:38:40 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/03/24 13:38:40 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/03/24 13:36:07 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013/03/24 13:36:06 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2013/03/24 13:36:06 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013/03/24 13:36:06 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013/03/24 13:36:06 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013/03/24 12:16:14 | 000,447,003 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20130413-132629.backup
[2013/03/24 11:51:02 | 000,632,708 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/03/24 11:51:02 | 000,412,224 | ---- | M] () -- C:\Windows\System32\perfh012.dat
[2013/03/24 11:51:02 | 000,110,342 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/03/24 11:51:02 | 000,108,630 | ---- | M] () -- C:\Windows\System32\perfc012.dat
[2013/03/19 14:04:13 | 003,968,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013/03/19 14:04:10 | 003,913,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013/03/19 13:48:45 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[8 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/04/14 04:48:38 | 000,000,636 | ---- | C] () -- C:\Users\Matt\Desktop\SimulationCraft - Shortcut.lnk
[2013/04/14 04:44:02 | 034,620,231 | ---- | C] () -- C:\Users\Matt\Desktop\simc-520-6-win32 (1).zip
[2013/04/13 17:07:07 | 000,001,972 | ---- | C] () -- C:\Users\Matt\Desktop\ESET NOD32 Antivirus.lnk
[2013/04/13 13:40:45 | 000,002,185 | ---- | C] () -- C:\Users\Matt\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/04/13 13:40:45 | 000,002,161 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/04/13 13:36:52 | 000,000,668 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/13 13:36:51 | 000,000,664 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/13 13:32:51 | 000,001,077 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/04/13 13:32:51 | 000,001,065 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/04/03 22:06:48 | 000,001,906 | ---- | C] () -- C:\Users\Public\Desktop\GRE PowerPrep II.lnk
[2013/04/03 00:21:48 | 1398,685,900 | ---- | C] () -- C:\Users\Matt\Desktop\Game.of.Thrones.S03E01.720p.HDTV.x264-EVOLVE.mkv
[2013/03/25 02:09:22 | 000,001,759 | ---- | C] () -- C:\Users\Public\Desktop\MultiBit 0.4.23.lnk
[2013/03/24 13:44:42 | 000,001,949 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013/03/24 13:44:40 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2012/10/15 05:22:00 | 000,001,057 | ---- | C] () -- C:\Users\Matt\AppData\Roaming\vso_ts_preview.xml
[2012/09/10 22:20:52 | 002,923,201 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin
[2012/01/26 16:59:01 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/12/11 19:30:09 | 000,003,584 | ---- | C] () -- C:\Users\Matt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/09 20:03:39 | 000,065,536 | ---- | C] () -- C:\Windows\System32\cosa.dll
[2011/12/09 20:03:39 | 000,015,512 | ---- | C] () -- C:\Windows\System32\IRTrace.dll
[2011/08/17 01:29:33 | 000,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2011/06/29 10:43:58 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011/06/11 02:37:20 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/06/11 02:36:14 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2010/10/08 21:55:06 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

========== ZeroAccess Check ==========

[2009/07/14 13:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 13:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 21:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 10:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/10/13 08:03:04 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2012/10/13 08:03:04 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
[2011/12/09 20:06:14 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\AhnLab
[2011/08/15 21:46:37 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Amazon
[2011/04/10 19:58:33 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\AVG
[2012/10/07 15:14:00 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\AVG2013
[2013/04/10 09:07:19 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Curse Advertising
[2010/10/10 00:22:38 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\DAEMON Tools Lite
[2011/08/06 02:32:36 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Leadertech
[2012/04/24 02:23:10 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\LolClient
[2012/06/02 22:55:58 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\LolClient2
[2013/03/25 02:36:20 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\MultiBit
[2011/11/06 11:15:46 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Mumble
[2011/11/25 09:39:11 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\OpenDNS Updater
[2010/10/08 22:47:22 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\OpenOffice.org
[2012/07/19 15:06:15 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\PlayerScoreDesktop
[2011/09/17 12:32:42 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\PunkBuster
[2011/08/15 22:09:23 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\The Creative Assembly
[2012/10/07 15:04:27 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\TuneUp Software
[2010/11/07 16:15:19 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Turbine
[2013/04/13 13:55:25 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\uTorrent
[2012/10/15 05:24:45 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Vso

========== Purity Check ==========



========== Custom Scans ==========

< base services >
[2009/07/14 13:53:46 | 000,032,606 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/07/14 13:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2013/04/13 13:36:51 | 000,000,664 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2013/04/13 13:36:52 | 000,000,668 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2011/02/26 14:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/14 10:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/26 14:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009/10/31 14:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/02/26 14:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010/11/20 21:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/25 14:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011/02/25 14:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009/08/03 14:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/03 14:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 15:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: SERVICES >
[2009/06/11 06:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\System32\drivers\etc\services
[2009/06/11 06:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_045b589158ae90da\services

< MD5 for: SERVICES.ASFX >
[2012/01/03 22:10:54 | 000,003,312 | ---- | M] () MD5=635BB28624835AC3C03696B1C74E7B9A -- C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Locale\de_DE\Services\Services.asfx
[2012/01/03 22:10:54 | 000,003,252 | ---- | M] () MD5=B2F4D7E7D9563E1A6260039B2F26E61A -- C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Locale\fr_FR\Services\Services.asfx

< MD5 for: SERVICES.CFG >
[2012/01/03 22:10:56 | 000,585,874 | ---- | M] () MD5=0E19E0BEA7B159153258688CF8ED7716 -- C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Services\Services.cfg
[2012/09/23 20:43:36 | 000,603,848 | R--- | M] () MD5=81B120EAEE296F0E54F66C16C5A21367 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744BA0000000010\11.0.0\services.cfg
[2012/12/19 04:08:30 | 000,559,043 | ---- | M] () MD5=BA25E8F1460C7453B7488FE4B42F6919 -- C:\Program Files\Adobe\Reader 11.0\Reader\Services\Services.cfg
[2010/10/25 15:13:46 | 000,032,633 | R--- | M] () MD5=EA1C35DD541D60819D55482130BD585D -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA3301004F7706000000000050\10.0.0\services.cfg

< MD5 for: SERVICES.EXE >
[2009/07/14 10:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009/07/14 10:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2009/07/13 19:59:46 | 000,011,264 | ---- | M] (Microsoft Corporation) MD5=00C40A8AC138163FC44D89C998FC9AF5 -- C:\Windows\System32\ko-KR\services.exe.mui
[2009/07/13 19:59:46 | 000,011,264 | ---- | M] (Microsoft Corporation) MD5=00C40A8AC138163FC44D89C998FC9AF5 -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_ko-kr_3c0dc22636ff89a8\services.exe.mui
[2009/07/14 11:03:06 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=0DA5F221169DEB5AC3A22465CD6F0281 -- C:\Windows\System32\en-US\services.exe.mui
[2009/07/14 11:03:06 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=0DA5F221169DEB5AC3A22465CD6F0281 -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_69d39d3a8748c332\services.exe.mui

< MD5 for: SERVICES.LNK >
[2009/07/14 13:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 13:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2009/06/11 06:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof
[2009/06/11 06:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.mof

< MD5 for: SERVICES.MSC >
[2009/07/14 11:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\en-US\services.msc
[2009/06/11 06:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc
[2009/07/14 11:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/11 06:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc
[2009/07/13 19:49:38 | 000,092,751 | ---- | M] () MD5=E81B77D120857A0C2ECCC83E8238B362 -- C:\Windows\System32\ko-KR\services.msc
[2009/07/13 19:49:38 | 000,092,751 | ---- | M] () MD5=E81B77D120857A0C2ECCC83E8238B362 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_ko-kr_764f92120d69239b\services.msc

< MD5 for: SERVICES.PTXML >
[2009/07/14 05:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\System32\wdi\perftrack\Services.ptxml
[2009/07/14 05:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\Services.ptxml

< MD5 for: SERVICES.RDB >
[2011/01/18 07:52:22 | 000,237,568 | ---- | M] () MD5=507957679AE4579C15D57FA741EA6FFA -- C:\Program Files\OpenOffice.org 3\URE\misc\services.rdb
[2011/01/18 07:51:48 | 005,539,328 | ---- | M] () MD5=F2B666905F7FDAA80C86A101A7DE62F9 -- C:\Program Files\OpenOffice.org 3\Basis\program\services.rdb

< MD5 for: SERVICES.SBS >
[2011/03/01 09:58:44 | 000,034,818 | ---- | M] () MD5=62AFD4B2025CE6D4706B36F4C4808F9B -- C:\Program Files\Spybot - Search & Destroy\Includes\Services.sbs

< MD5 for: SVCHOST.EXE >
[2009/07/14 10:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/14 10:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 21:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 21:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 10:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/10/28 15:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 14:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 21:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 21:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/14 10:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

< C:\Program Files\Common Files\ComObjects\*.* /s >

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: ST3160812AS ATA Device
Partitions: 2
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE1 - Removable Media
Interface type: USB
Media Type: Removable Media
Model: SMI USB DISK USB Device
Partitions: 1
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE2 - External hard disk media
Interface type: USB
Media Type: External hard disk media
Model: Samsung STORY Station USB Device
Partitions: 1
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 100.00MB
Starting Offset: 1048576
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 149.00GB
Starting Offset: 105906176
Hidden sectors: 0


DeviceID: Disk #1, Partition #0
PartitionType: Unknown
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 8.00GB
Starting Offset: 32256
Hidden sectors: 0


DeviceID: Disk #2, Partition #0
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 932.00GB
Starting Offset: 32256
Hidden sectors: 0


< type c:\diskreport.txt /c >
Microsoft DiskPart version 6.1.7601
Copyright © 1999-2008 Microsoft Corporation.
On computer: MATT-PC
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 G DVD-ROM 0 B No Media
Volume 1 E System Rese NTFS Partition 100 MB Healthy System
Volume 2 C NTFS Partition 148 GB Healthy Boot
Volume 3 F USB DISK FAT32 Removable 7727 MB Healthy
Volume 4 H NTFS Partition 931 GB Healthy

========== Alternate Data Streams ==========

@Alternate Data Stream - 180 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >


OTL Extras logfile created on: 4/17/2013 9:56:34 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Matt\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.49 Gb Total Physical Memory | 2.34 Gb Available Physical Memory | 67.01% Memory free
6.98 Gb Paging File | 4.93 Gb Available in Paging File | 70.61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148.91 Gb Total Space | 41.64 Gb Free Space | 27.96% Space Free | Partition Type: NTFS
Drive E: | 100.00 Mb Total Space | 61.59 Mb Free Space | 61.60% Space Free | Partition Type: NTFS
Drive F: | 7.53 Gb Total Space | 3.53 Gb Free Space | 46.92% Space Free | Partition Type: FAT32
Drive H: | 931.51 Gb Total Space | 229.66 Gb Free Space | 24.65% Space Free | Partition Type: NTFS

Computer Name: MATT-PC | User Name: Matt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-870645799-4136988807-1401639153-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{031A95C7-8354-4DC1-8469-9F4E48EF9620}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0F06DF89-4864-4606-BBDC-AB116000E2A5}" = rport=139 | protocol=6 | dir=out | app=system |
"{160541C8-BE57-49F7-A340-F51C67B69FAA}" = lport=138 | protocol=17 | dir=in | app=system |
"{2A9AA926-5DB2-456F-A065-4305A7CF687B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{30381E6C-6362-4174-8FF0-958E2F33698A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3174F9D7-C469-40E4-A67B-7D1FF12826E4}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{374F5B9E-CA25-4D80-8E06-9A9546909884}" = lport=1120 | protocol=6 | dir=in | name=1120 |
"{3B79A6C2-6392-406D-9E3E-7E24DD397F54}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{43ADA2F4-44E6-4C19-AC3D-41C4629B45CF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{49E9615C-9BDB-498D-A49F-61C0800A458E}" = lport=3724 | protocol=17 | dir=in | name=3724 udp |
"{4EA60707-2541-4C9B-A456-142A972E675F}" = lport=58412 | protocol=6 | dir=in | name=pando media booster |
"{5D9C5A17-E93C-47FE-A2ED-F9FD76EF323B}" = lport=4000 | protocol=6 | dir=in | name=4000 |
"{622EF0E8-0D4C-4C7D-AD60-FB993B64DCB1}" = rport=138 | protocol=17 | dir=out | app=system |
"{6B6133C0-CCDB-46EF-AF56-10B439C14549}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{729A0899-D17A-43B3-B87F-80F4EA330861}" = lport=139 | protocol=6 | dir=in | app=system |
"{72A7544F-8F32-4439-9ED5-756F1E9B7854}" = lport=1119 | protocol=6 | dir=in | name=1119 |
"{7750A7C2-9BA6-4BA5-8474-03BD20836282}" = lport=137 | protocol=17 | dir=in | app=system |
"{83E147B4-8005-4720-A21A-1AACA22EA66B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{84368AE2-20E4-4EA8-A85F-06F28E7EC1E5}" = lport=58412 | protocol=17 | dir=in | name=pando media booster |
"{8F617F6E-8130-423E-9B4B-95CE434DD984}" = lport=445 | protocol=6 | dir=in | app=system |
"{9E28FDB6-DF4F-4CE9-BAFB-7C7884A674AB}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A24F54F8-8D4C-49B8-B50B-BA24B0056593}" = lport=3724 | protocol=6 | dir=in | name=3724 tcp |
"{A6C322A4-FA46-452D-8003-89A600DE27AA}" = rport=137 | protocol=17 | dir=out | app=system |
"{AAEC7010-1326-40A5-A270-E997B6B46E17}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{ABC5390C-1EBF-4318-8CFD-C60F108ACDCC}" = rport=445 | protocol=6 | dir=out | app=system |
"{ACDBBA56-DF39-4402-8C80-40BFD2C81CC9}" = lport=58412 | protocol=17 | dir=in | name=pando media booster |
"{ACE0610F-6BD6-4E43-94F2-DE54E1035FFA}" = rport=10243 | protocol=6 | dir=out | app=system |
"{B5213928-6048-4465-A705-1F8D48B612A1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{BE446A9D-AF8D-4EAE-B189-29DA15483AC6}" = lport=58412 | protocol=6 | dir=in | name=pando media booster |
"{D65BC3C5-12AA-4609-8B2C-AFDAF51954CA}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{EC1A753F-A049-49E5-83B3-059B41168E0B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F2208ED3-EF9A-4E0E-BF11-3A8989E6CE96}" = lport=10243 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{034545FE-91A7-4D6B-AB13-F7265DDE023C}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe |
"{056599FF-7109-4024-9F71-646CE6102BAC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0FB0B4A7-0A66-4528-996F-5F718FCEBE0E}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe |
"{100D406A-9E7C-45A7-AB28-305EAE07EEDF}" = protocol=58 | dir=in | [email protected],-28545 |
"{10608BED-1C3A-4A71-A81E-FA5C350532B7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{14BD3C03-D64D-4A65-8AD0-5E7C0DC68BC9}" = protocol=6 | dir=in | app=c:\program files\logitech\vid hd\vid.exe |
"{181C7904-EA4E-40AB-BB04-7F52AE56E6CE}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{1DEFDE01-E653-430E-9561-AD9D1E40F885}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{33C4AF08-A922-498F-A310-7E4B3EA3FF73}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{3CA50AE0-504E-4857-B84F-8359EE6F8B65}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe |
"{3CC33C50-A791-47EC-943E-747AB4F4B6B1}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{49606247-54A3-454C-8B5D-6002475FE28B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4E7DAD13-14A7-486F-84D2-54F33F8E9111}" = protocol=58 | dir=out | [email protected],-28546 |
"{56FFB1ED-62CE-4DDE-B2F8-00F6BEFDD52A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{58FDDEB6-345B-4C84-BEBF-3CEB92C90FDE}" = protocol=1 | dir=out | [email protected],-28544 |
"{6019CAAF-AA26-4B6B-8F07-D3A4FFC98893}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe |
"{61855B11-4409-4464-8F47-5ADCFA2FF0A7}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{669FE762-784D-451A-A8F0-F58735013E50}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{73061682-D766-4C2C-8DBB-C02FB075BFBE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7428BE6D-E8A8-481E-B672-DBDA3E1FA7CF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7657CE10-AB89-4E8E-817A-AC7B85D5D03E}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{76E81AAD-8AD7-4246-8CCF-2EACB1C6490D}" = protocol=6 | dir=in | name=6881-6999 |
"{816932F8-DC87-4741-8D7D-BA884EA38128}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{84BD5D6F-1F68-4EF0-B76B-B9251129AF79}" = protocol=6 | dir=out | app=c:\program files\rosetta stone\rosetta stone version 3\support\bin\win\rosettastoneltdservices.exe |
"{883DE01B-573F-43C8-83A8-A467055E93E5}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |
"{8D68B445-05A2-4BFE-B31B-CA1E1ED7BEB1}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{90A4865C-13E1-4BB1-8272-DFF2AA29516F}" = protocol=17 | dir=in | app=c:\program files\logitech\vid hd\vid.exe |
"{93C6B7E0-27EF-4C58-9FA2-29FC1AA4A780}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{9567837D-3A29-46E2-951A-6AA4A6DC6B06}" = dir=in | app=c:\program files\rosetta stone\rosetta stone version 3\support\bin\win\rosettastoneltdservices.exe |
"{95B27FB5-DFA9-4BB6-9B8E-39F8854F9BD6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{98DCDC53-B5E1-49B9-801B-1D1136304CC7}" = protocol=6 | dir=out | app=system |
"{9F9550A8-93E2-470E-BCFE-8A310AF1F38E}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe |
"{A3788A31-67B2-47C3-9454-70734F4DC3AB}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
"{AB1778B2-8C89-46B2-87E3-B88B286CE496}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{AE5A30C8-70B9-423C-9AAE-BD550F443F5D}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{B88FDC9F-468F-4A2B-AE25-5BFE08001D5F}" = protocol=6 | dir=in | name=6112-6114 |
"{BF5862F1-493A-43E0-A708-CDAEC178C564}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{C4DD19E1-A1E5-46DE-9352-8C0CDCA87FC9}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{C565D896-4A24-4A34-A126-6DD7A95DAFBF}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |
"{CB1CEB66-7140-4233-91C3-C34480794DAA}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |
"{D7EFFEEA-A876-46E1-A956-AA31E030AA13}" = protocol=6 | dir=out | app=c:\program files\rosetta stone\rosetta stone version 3\rosettastoneversion3.exe |
"{D88A3E82-B8C6-4741-98EC-8A223FA9EDD5}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe |
"{D9AFECB7-73D4-4834-93EB-7F2D0BB7398A}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe |
"{DF9FDAA5-F288-48C7-93E9-179928BACA65}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{E3788C3A-8CEE-4DCD-9E7E-2184EB4C0671}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E58581CE-2BAE-497D-97A7-FB9F59D8BF94}" = dir=in | app=c:\program files\rosetta stone\rosetta stone version 3\rosettastoneversion3.exe |
"{E70725DC-75A0-4653-893F-196676E34E52}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe |
"{EB3899D1-8AD2-4B39-A5E5-FDBEBCE025CC}" = protocol=1 | dir=in | [email protected],-28543 |
"{F25602FC-DA61-4354-94EC-1E658CC6868E}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe |
"{F4A08A27-9DFF-41EB-B164-DE023E2DD3B8}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |
"{F9FAA03A-D889-4982-9FC4-98FB571653BC}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe |
"{FC0C08C4-677A-4168-805D-457B922DBF31}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FD300680-B9AB-4C22-A02F-2961AFDDD60A}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
"{FE2BD32B-6048-40BA-926D-CD751AD04093}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{3395632B-A599-4854-8352-6AD173B3DDD8}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{D5313837-2590-4453-A0EE-5517EDF80F42}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{F7138F50-D46A-4DB7-A7CE-016AFBBD9261}C:\program files\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\java.exe |
"UDP Query User{014D6F9F-2C7F-40FC-9D9F-74AFB743D407}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{0F95F43D-D7C7-4AB2-A77A-B7BD5C68E8FD}C:\program files\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\java.exe |
"UDP Query User{E5AA0515-6B05-4664-BF0F-C93433D5F573}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02FDBC93-87BE-4339-8048-77B8389DE16B}" =
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2110AF8F-F6E9-4712-A185-1B839C60822E}" = Rosetta Stone Ltd Services
"{241DBC8D-14E3-4240-8EE5-3AC35086B638}" = AVG 2013
"{2687340C-C114-47DC-9F0E-C1BA85FEB001}" = POWERPREP II
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java™ 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216034FF}" = Java™ 6 Update 37
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{31B25CCC-C459-4A7B-8059-0D9913D4FAA1}" = World Community Grid
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{48A5AB54-6327-43DC-A376-4AC74C5D40B0}" = AVG 2013
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup 2011
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5AF4B3C4-C393-48D7-AC7E-8E7615579548}" = Adobe AIR
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6DCED63C-9502-431F-BED0-4A86353C6755}" = Default
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{884E1D74-38BB-4D5B-9688-AC22D0F37B21}" = Microsoft Tablet PC Platform SDK Version 1.5
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8ED5A2F1-338F-4608-8AF7-BCD1ADC1E1F7}_is1" = Free Alarm Clock 2.5.0
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{99011A6E-5200-11DE-BDB8-7ACD56D89593}" = Rosetta Stone Version 3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.02)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 310.90
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4E343DD-BAAB-4D59-AD9C-DEA0AFE09DF1}" = Mumble 1.2.3
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5558268-0050-4B95-AD5E-426960E1EFE1}" = Intel® Network Connections 15.3.68.0
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.1.19.365
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{ECD2AA58-5F23-4222-B2ED-143BB23021A3}" = ESET NOD32 Antivirus
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"AVG" = AVG 2013
"AVG PC Tuneup 2011_is1" = AVG PC Tuneup 2011 10.0.0.24
"AVG Secure Search" = AVG Security Toolbar
"Debut" = Debut Video Capture Software
"Google Chrome" = Google Chrome
"INFovine" = È̃´ëÆùÀÎÁơ¼­(º¸°ü)¼­ºñ½º
"Logitech Vid" = Logitech Vid HD
"lvdrivers_12.10" = Logitech Webcam Software Driver Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 20.0.1 (x86 en-US)" = Mozilla Firefox 20.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MultiBit 0.4.23" = MultiBit 0.4.23
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PokerStars" = PokerStars
"PROSetDX" = Intel® Network Connections 15.3.68.0
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.2
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"World of Warcraft" = World of Warcraft
"Wrye Bash" = Wrye Bash
"XecureCK" = TouchEn Key with E2E for 32bit
"XecureWeb Control" = XecureWeb Control

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-870645799-4136988807-1401639153-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Amazon Kindle" = Amazon Kindle
"UnityWebPlayer" = Unity Web Player
"World of Logs Client" = World of Logs Client

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 4/13/2013 5:44:29 PM | Computer Name = Matt-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files\spybot
- search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language"
in element "assemblyIdentity" is invalid.

Error - 4/14/2013 3:00:04 AM | Computer Name = Matt-PC | Source = Windows Backup | ID = 4103
Description =

Error - 4/14/2013 11:33:29 AM | Computer Name = Matt-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files\spybot
- search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language"
in element "assemblyIdentity" is invalid.

Error - 4/16/2013 4:15:42 PM | Computer Name = Matt-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files\spybot
- search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language"
in element "assemblyIdentity" is invalid.

[ System Events ]
Error - 4/15/2013 2:08:30 PM | Computer Name = Matt-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 4/15/2013 2:08:31 PM | Computer Name = Matt-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 4/15/2013 2:24:04 PM | Computer Name = Matt-PC | Source = VDS Basic Provider | ID = 33554433
Description =

Error - 4/15/2013 4:26:33 PM | Computer Name = Matt-PC | Source = volsnap | ID = 393241
Description = The shadow copies of volume H: were deleted because the shadow copy
storage could not grow in time. Consider reducing the IO load on the system or
choose a shadow copy storage volume that is not being shadow copied.

Error - 4/16/2013 9:00:48 PM | Computer Name = Matt-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 4/16/2013 9:00:49 PM | Computer Name = Matt-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 4/16/2013 9:00:49 PM | Computer Name = Matt-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 4/16/2013 9:00:50 PM | Computer Name = Matt-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 4/16/2013 9:00:50 PM | Computer Name = Matt-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 4/17/2013 9:02:06 AM | Computer Name = Matt-PC | Source = VDS Basic Provider | ID = 33554433
Description =


< End of report >
  • 0

#6
godawgs
Posted 17 April 2013 - 11:02 AM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hi Matt,

Let's see what we can do. We will uninstall the programs we discussed and one peer 2 peer program if you choose to uninstall it. We will need to disable the real time protection on Spybot S&D so it doesn't interfere with the fixes. Also, the Extras.txt log shows that Spybot is not happy and is throwing errors so you may need to uninstall and reinstall it. We do not use SpyBot anymore. We use MalwareBytes, which you have installed, and just suggest that you run peridoc scans with it. I will get to that.

However, one of the things I see in the Extras.txt log is this:
[ System Events ]
Error - 4/15/2013 2:08:30 PM | Computer Name = Matt-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

You may have a hard drive problem. Some time cleaning the system and doing some maintenance on the hard disk will clear this. Just wanted you to know up front.


You have the following Peer-to-Peer program(s) installed:

uTorrent

GeeksToGo does not recommend using such programs, but you should read the description of Peer-to-Peer programs below before deciding for yourself.

Description of Peer-to-Peer (P2P) software.
P2P(Peer-to-Peer) may be a great way to get lots of seemingly freeware, but it is a great way to get infected as well. The program(s) may be safe, but there's no way to tell if the file being shared is infected. P2P programs, more often than not, install adware and/or spyware and worse still, some worms spread via P2P networks, infecting you as well.
Once upon a time, P2P file sharing was fairly safe. This is no longer true. P2P programs form a direct conduit inside your computer, their security measures are easily circumvented, and malware writers are increasingly exploiting them to spread their wares on to your computer. If your P2P program is not configured correctly, your computer may also be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

If you need convincing, please read these short reports on the dangers of peer-2-peer programs and file sharing. We advise removing any P2P programs you have now and avoiding this type of software application. Whether you remove them or not is your decision. But if you decide to keep and use Peer-to-Peer programs I can guarantee that you will be coming back to this forum or another malware forum. If you do choose to keep the program(s), please do not use it / them until the computer is clean and I give the all clear.

All programs, folders and files listed below in this color are optional removals, but if you uninstall the program(s) you must delete the folders and files in the corresponding colors. All programs in black are malware or viruses and must be deleted, along with the corresponding folders and files in red.


Step-1.

Disable SpyBot S&D TeaTimer

Before we begin we need to disable the SpyBot Teatimer.

TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.

In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can re-enable it when we're done if you like.

  • Right click the Spybot Icon in the System Tray (looks like a calendar with a padlock symbol ) and click Exit Spybot S&D Resident
  • Run Spybot S&D
  • Go to the Mode menu, and make sure Advanced Mode is selected.
    Posted Image
  • You may be presented with a warning dialog. If so, press Yes.
  • Click on Posted Image
  • Click on Posted Image
  • Uncheck these boxes:
    Posted Image
  • Close Spybot S&D and Restart your computer.
Note: If TeaTimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.


Step-2.

Program uninstalls and Optional Removals


1. Please click the Start Orb Posted Image, click Control Panel. Under the Programs heading click Uninstall a program
2. In the list of programs installed, locate the following program(s):

Java™ 6 Update 22
Java™ 6 Update 37
Pando Media Booster
ESET NOD32 Antivirus
uTorrent

3. (Vista/7 users: right click the program and click Uninstall
4. After the programs have been uninstalled, close the Installed Programs window and the Control Panel.
5. Reboot the computer.

Delete the folders associated with the uninstalled programs.(Only do this if you uninstalled the program)

1. Using Windows Explorer (to get there right-click your Start button and click "Explore"), please delete the following folders(s) (if present):

C:\Program Files\Pando Networks
C:\Program Files\ESET
C:\Users\Matt\AppData\Local\ESET
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
C:\ProgramData\ESET
C:\Program Files\ESET
C:\Program Files\utorrent
C:\Users\Matt\AppData\Roaming\uTorrent

2. Close Windows Explorer.


Step-3.

Delete the eset_nod32_antivirus_live_installer.exe file from the desktop.


Step-4

Disable/Uninstall Chrome Plug-ins

  • Open the Chrome browser.
  • In the Address bar or Omni bar, type the following:

    chrome://plugins
  • On the Plug-ins page, find the Pando Web Plugin plug-in. There should be an option to Disable or Uninstall the plug-in. If the Uninstall option is available, choose it. Otherwise Disable the plug-in.

IF you can't find the plug-in that way:

  • Click the tools menu icon on the browser toolbar.

    Posted Image
  • Click Settings
  • Click Show advanced settings
  • In the Privacy section, click the Content Settings button.
  • Click Plug-ins
  • Click Disable individual plug-ins
  • Find anything related to Pando or Pando Web Plugin and Disable it.

Step-5.

Posted Image OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the quote box below (Do Not copy the word Quote. To do this, highlight everything
inside the quote box (except the word Quote) , right click and click Copy.

:COMMANDS
[createrestorepoint]

:OTL
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
[2013/04/12 13:55:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}
[2013/04/12 13:55:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013/04/12 13:55:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O33 - MountPoints2\{90b771ff-d3b8-11df-917e-00270e2ea6b9}\Shell - "" = AutoRun
O33 - MountPoints2\{90b771ff-d3b8-11df-917e-00270e2ea6b9}\Shell\AutoRun\command - "" = "H:\WD SmartWare.exe"

:FILES
ipconfig /flushdns /c

:REG
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"TCP Query User{D5313837-2590-4453-A0EE-5517EDF80F42}C:\program files\java\jre6\bin\java.exe" = -
"UDP Query User{E5AA0515-6B05-4664-BF0F-C93433D5F573}C:\program files\java\jre6\bin\java.exe" = -

:COMMANDS
[emptytemp]


Warning: This fix is relevant for this system and no other. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

2. Please re-open Posted Image on your desktop. To do that:
    Vista and 7 users: Right click the icon and click Run as Administrator
3. Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).
10. Run OTL again and click the Posted Image button. Post the log it produces in your next reply.


Step-6.

Virustotal File Upload:

To use Virustotal go Here
Posted Image
  • Click the Choose File button in the middle of the screen. This will open a File Upload window.
  • On the File Upload window, in the File name box, type, or copy and paste the following and click Open:
    NOTE.. Only one file per scan

    C:/Windows/System32/Drivers/spbu.sys
  • This will put the file in the box on the Virustotal page.
  • Click the Scan it! button.
  • IF you get a message that the file has already been analyzed click the Reanalyze button and the file will be scanned.
  • Please be patient while the file is scanned. It may take several minutes.
  • Once the scan results appear, please provide them in your next reply, or copy and paste the Virustotal link(s) (URL) in your next reply

Step-7.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. Let me know if you were successfully able to disable SpyBot
2. Let me know how the uninstalls went.
3. Let me know if you were able to find the Pando Web Plugin and disbable/uninstall it.
4. The OTL Fixes log
5. The new OTL.txt log
6. The VirusTotal results or a link to the results.
  • 0

#7
MattDMan1984
Posted 19 April 2013 - 05:33 AM

MattDMan1984

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
1. I successfully disabled SpyBot's active protection.
2. I successfully uninstalled the old Java updates, Pando, and ESET. (I did not uninstall uTorrent)
3. I could not find the Pando Plugin in Chrome after the uninstallation of the program.

4.
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin\ deleted successfully.
File C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll not found.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin\ not found.
File C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll not found.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} folder moved successfully.
Folder C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{90b771ff-d3b8-11df-917e-00270e2ea6b9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{90b771ff-d3b8-11df-917e-00270e2ea6b9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{90b771ff-d3b8-11df-917e-00270e2ea6b9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{90b771ff-d3b8-11df-917e-00270e2ea6b9}\ not found.
File "H:\WD SmartWare.exe" not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Matt\Desktop\cmd.bat deleted successfully.
C:\Users\Matt\Desktop\cmd.txt deleted successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{D5313837-2590-4453-A0EE-5517EDF80F42}C:\program files\java\jre6\bin\java.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{E5AA0515-6B05-4664-BF0F-C93433D5F573}C:\program files\java\jre6\bin\java.exe deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 57616 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Matt
->Temp folder emptied: 48787072 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 1911121 bytes
->Google Chrome cache emptied: 345636601 bytes
->Flash cache emptied: 492 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 200704 bytes
%systemroot%\System32 .tmp files removed: 41543448 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2710655 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 420.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 04192013_195318

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

5.
OTL logfile created on: 4/19/2013 8:01:46 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Matt\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.49 Gb Total Physical Memory | 2.34 Gb Available Physical Memory | 67.03% Memory free
6.98 Gb Paging File | 5.74 Gb Available in Paging File | 82.28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148.91 Gb Total Space | 42.10 Gb Free Space | 28.27% Space Free | Partition Type: NTFS
Drive E: | 100.00 Mb Total Space | 61.59 Mb Free Space | 61.60% Space Free | Partition Type: NTFS
Drive F: | 7.53 Gb Total Space | 3.53 Gb Free Space | 46.92% Space Free | Partition Type: FAT32
Drive H: | 931.51 Gb Total Space | 229.66 Gb Free Space | 24.65% Space Free | Partition Type: NTFS

Computer Name: MATT-PC | User Name: Matt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/04/13 21:23:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.exe
PRC - [2013/03/19 22:26:44 | 003,289,208 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/02/19 13:39:41 | 001,151,152 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2013/02/19 13:39:41 | 000,968,880 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
PRC - [2012/12/29 17:26:22 | 001,822,136 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2012/12/29 17:26:22 | 000,873,400 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2012/12/29 02:53:20 | 000,383,416 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/12/19 04:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/12/11 03:52:44 | 003,147,384 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe
PRC - [2012/11/30 11:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012/11/23 11:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/11/15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe
PRC - [2012/10/30 04:59:56 | 000,726,648 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgrsx.exe
PRC - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe
PRC - [2012/10/22 13:04:32 | 001,116,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgnsx.exe
PRC - [2012/10/22 13:03:52 | 000,796,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgemcx.exe
PRC - [2012/10/22 13:03:46 | 000,440,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcsrvx.exe
PRC - [2011/11/22 16:53:28 | 001,327,440 | ---- | M] (Comfort Software Group) -- C:\Program Files\FreeAlarmClock\FreeAlarmClock.exe
PRC - [2011/02/25 14:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/09/23 18:59:44 | 004,543,232 | ---- | M] (World Community Grid) -- C:\Program Files\BOINC\boincmgr.exe
PRC - [2010/09/23 18:59:42 | 000,058,112 | ---- | M] (Space Sciences Laboratory) -- C:\Program Files\BOINC\boinctray.exe
PRC - [2010/09/23 18:59:40 | 000,537,344 | ---- | M] (World Community Grid) -- C:\Program Files\BOINC\boinc.exe
PRC - [2009/10/07 14:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/09/17 00:02:42 | 000,352,312 | ---- | M] (Rosetta Stone Ltd.) -- C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdController.exe
PRC - [2008/09/17 00:02:42 | 000,013,368 | ---- | M] (Rosetta Stone Ltd.) -- C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServer.exe


========== Modules (No Company Name) ==========

MOD - [2013/02/19 13:39:41 | 001,151,152 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2013/02/19 13:39:41 | 000,156,848 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\SiteSafety.dll
MOD - [2009/08/18 12:02:42 | 000,061,952 | ---- | M] () -- C:\Program Files\BOINC\zlib1.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - [2013/04/10 15:58:17 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/03/30 04:53:56 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/03/19 22:26:44 | 003,289,208 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/02/19 13:39:41 | 000,968,880 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe -- (vToolbarUpdater14.2.0)
SRV - [2012/12/29 19:26:54 | 001,260,472 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/12/29 02:53:20 | 000,383,416 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/12/19 04:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/11/15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/08/02 03:37:41 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/10/08 03:00:49 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/10/07 14:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009/07/14 10:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 10:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 10:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/09/17 00:02:42 | 000,352,312 | ---- | M] (Rosetta Stone Ltd.) [Auto | Running] -- C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdController.exe -- (RosettaStoneLtdController)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (Synth3dVsc)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NPF)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\JRSKD24.SYS -- (JRSKD24)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (BCMH43XX)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (au58cohm)
DRV - [2013/02/19 13:39:41 | 000,033,112 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2012/12/29 19:26:54 | 008,904,632 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012/11/15 23:33:26 | 000,094,048 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2012/10/22 13:02:46 | 000,179,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2012/10/15 03:48:52 | 000,055,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/10/02 03:30:38 | 000,159,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/09/21 03:46:06 | 000,164,832 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/09/21 03:46:00 | 000,177,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avglogx.sys -- (Avglogx)
DRV - [2012/09/21 03:45:54 | 000,019,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2012/09/14 03:05:20 | 000,035,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2012/08/23 23:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012/08/23 23:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2012/07/04 00:25:17 | 000,149,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2011/12/09 20:05:52 | 000,022,480 | R--- | M] (Soft Security Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\JRSUKD25.SYS -- (JRSUKD25)
DRV - [2011/12/09 20:01:18 | 000,126,048 | ---- | M] (Kings Information & Network) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\kcrtx86.sys -- (kcrtx86)
DRV - [2010/11/20 21:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 21:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 21:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 19:06:36 | 000,117,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST)
DRV - [2010/11/20 18:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 18:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 18:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/10/10 00:18:07 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2010/06/12 03:13:54 | 000,841,504 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ae1000w7.sys -- (AE1000)
DRV - [2010/04/28 02:41:10 | 000,306,016 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr70.sys -- (rt70x86)
DRV - [2010/04/06 00:36:20 | 000,224,424 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1k6232.sys -- (e1kexpress)
DRV - [2009/10/07 14:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/05/01 08:01:34 | 000,265,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2009/05/01 07:55:56 | 002,687,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LV302V32.SYS -- (PID_PEPI)
DRV - [2009/05/01 07:55:32 | 000,013,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lv302af.sys -- (pepifilter)
DRV - [2008/07/26 15:26:22 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007/08/02 09:32:26 | 000,022,784 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dadder.sys -- (DAdderFltr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8F 01 8D 20 1C 38 CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...fr&d=2012-10-07 15:04:14&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@4csoft.com/MediaPlayer: C:\Windows\system32\4C Soft\Common\NPMPlayerNX.dll (4C Soft, Inc.)
FF - HKLM\Software\MozillaPlugins\@4csoft.com/StudioNX: C:\Windows\system32\4C Soft\NXViewer\NPStudioNX.dll (4C Soft, Inc.)
FF - HKLM\Software\MozillaPlugins\@4csoft.com/UpdateAgent: C:\Windows\Downloaded Program Files\NP4CUpdate.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@interezen.co.kr/npi3gmanager: C:\Program Files\Interezen\Plugins\NPI3GManager.dll (Interezen © Interezen.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npdeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@softforum.com/npKeyPro: C:\Windows\system32\npKeyPro.dll (Softsecurity Co., Ltd.)
FF - HKLM\Software\MozillaPlugins\@softforum.com/npxwebplugins: C:\Program Files\SoftForum\XecureWeb\ActiveX\npxwebplugin.dll (SoftForum Co., Ltd.)
FF - HKLM\Software\MozillaPlugins\@softforum.com/npxwebplugins_file: C:\Program Files\SoftForum\XecureWeb\ActiveX\npxwebplugin_file.dll (SoftForum Co., Ltd.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@www.ubikey.co.kr/application/npvinetransfer-plugin: C:\Program Files\INFovine\npVineTransfer.dll ( )
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@softforum.com/npxwebplugins: C:\Program Files\SoftForum\XecureWeb\ActiveX\npxwebplugin.dll (SoftForum Co., Ltd.)
FF - HKCU\Software\MozillaPlugins\@softforum.com/npxwebplugins_file: C:\Program Files\SoftForum\XecureWeb\ActiveX\npxwebplugin_file.dll (SoftForum Co., Ltd.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Matt\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\@www.ubikey.co.kr/application/npvinetransfer-plugin: C:\Program Files\INFovine\npVineTransfer.dll ( )

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\14.2.0.1 [2013/02/19 13:40:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/05/31 16:41:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/04/13 13:32:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/04/12 13:55:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

[2013/04/13 13:33:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Extensions
[2013/04/19 19:53:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/04/12 13:55:05 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/04/10 15:58:33 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013/02/19 13:40:12 | 000,003,714 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2013/04/10 15:57:54 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013/04/10 15:57:54 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.igoogle.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: npruntime scriptable UBIKey plugin (Enabled) = C:\Program Files\INFovine\npVineTransfer.dll
CHR - plugin: NPI3GManager © Interezen. plugin (Enabled) = C:\Program Files\Interezen\Plugins\NPI3GManager.dll
CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll
CHR - plugin: Java™ Platform SE 7 U17 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: SoftForum XecureWeb Control Plug-in (Enabled) = C:\Program Files\SoftForum\XecureWeb\ActiveX\npxwebplugin.dll
CHR - plugin: SoftForum XecureWeb File Control Plug-in (Enabled) = C:\Program Files\SoftForum\XecureWeb\ActiveX\npxwebplugin_file.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Matt\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: 4CMediaPlayer (Enabled) = C:\Windows\system32\4C Soft\Common\NPMPlayerNX.dll
CHR - plugin: STUDIO NX - Player (Enabled) = C:\Windows\system32\4C Soft\NXViewer\NPStudioNX.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw_1200112.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll
CHR - plugin: TouchEn Key for Multi-Browser (Enabled) = C:\Windows\system32\npKeyPro.dll
CHR - Extension: Google Docs = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: AdBlock = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.61_0\
CHR - Extension: AVG Security Toolbar = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\14.2.0.1_0\
CHR - Extension: Gmail = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/04/02 13:56:56 | 000,575,742 | ---- | M]) - C:\Windows\System32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost #[IPv6]
O1 - Hosts: 127.0.0.1 fr.a2dfp.net
O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 abcstats.com
O1 - Hosts: 127.0.0.1 a.abv.bg
O1 - Hosts: 127.0.0.1 adserver.abv.bg
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 ca.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1 achmedia.com
O1 - Hosts: 127.0.0.1 csh.actiondesk.com
O1 - Hosts: 127.0.0.1 www.activemeter.com #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ads.activepower.net
O1 - Hosts: 127.0.0.1 stat.active24stats.nl #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 cms.ad2click.nl
O1 - Hosts: 127.0.0.1 ad2games.com
O1 - Hosts: 127.0.0.1 ads.ad2games.com
O1 - Hosts: 127.0.0.1 content.ad20.net
O1 - Hosts: 15610 more lines...
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll ()
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [boincmgr] C:\Program Files\BOINC\boincmgr.exe (World Community Grid)
O4 - HKLM..\Run: [boinctray] C:\Program Files\BOINC\boinctray.exe (Space Sciences Laboratory)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [FreeAC] C:\Program Files\FreeAlarmClock\FreeAlarmClock.exe (Comfort Software Group)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office10\EXCEL.EXE/3000 File not found
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - Reg Error: Value error. File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O16 - DPF: {063F7D71-5E0B-48F2-87D5-F63C5917947E} http://ahnlabdownloa...ugin/aosmgr.cab (Reg Error: Key error.)
O16 - DPF: {0A2233AD-E771-11D2-973D-00104B15E56F} file:///C:/Windows/Temp/ToinbTR.cab (ToinbWTR Class)
O16 - DPF: {14DA1FE5-438E-4E2C-959D-5BF03F63EA9C} file:///C:/Windows/Temp/ToinbCComboII.cab (ToinbWCComboII Class)
O16 - DPF: {1C18220D-EC23-48C8-B35E-857ADE9D1465} file:///C:/Windows/Temp/Potential.cab (Potential Class)
O16 - DPF: {1C75AED9-693D-4D6A-8799-EBCCFE6D74D5} http://portal.chungd...GFileUpload.CAB (XGFILEUPLOAD Control)
O16 - DPF: {1F57AEAD-DB12-11D2-A4F9-00608CEBEE49} file:///C:/Windows/Temp/ToinbGrid.cab (ToinbWGrid Class)
O16 - DPF: {3267EA0D-B5D8-11D2-A4F9-00608CEBEE49} file:///C:/Windows/Temp/ToinbData.cab (ToinbWData Class)
O16 - DPF: {37D13B2F-E5EB-11D2-973D-00104B15E56F} file:///C:/Windows/Temp/ToinbRep.cab (ToinbWReport Class)
O16 - DPF: {3EFC2239-B769-469F-A5E6-38693AE0B9DE} http://www.benchbee....ab/sysinfo2.cab (Sysinfo2 Control)
O16 - DPF: {4401B994-DD33-11D2-B539-006097ADB678} file:///C:/Windows/Temp/ToinbTree.cab (ToinbWTree Class)
O16 - DPF: {4F1962EE-FBDF-4979-B2D0-1FE7760EDDEA} file:///C:/Windows/Temp/FileConverter.cab (FileConverter Class)
O16 - DPF: {5FBAE1CD-A276-11D3-AF84-00C026DC3D95} file:///C:/Windows/Temp/ToinbMEdit.cab (ToinbwMEdit Class)
O16 - DPF: {60109D65-70C0-425C-B3A4-4CB001513C69} file:///C:/Windows/Temp/LuxeCombo.cab (LuxeWCombo Class)
O16 - DPF: {62076E39-043C-4A5A-BF17-D8A2128ACD93} http://pib.wooribank...rezen/WRebw.cab (WRebw Module)
O16 - DPF: {69F1348F-3EBE-11D3-973D-0060979E2A03} file:///C:/Windows/Temp/ToinbIFile.cab (ToinbWInputFile Class)
O16 - DPF: {6CE20149-ABE3-462E-A1B4-5B549971AA38} http://ck.softforum....key3104_32k.cab (XecureCKKB Class)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.co...iaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {754F3DC4-0C79-4C92-AD64-A806D8FF2AB0} file:///C:/Windows/Temp/ToinbRadio.cab (ToinbWRadio Class)
O16 - DPF: {7A54CBF0-2CB4-11D4-973E-0060979E2A03} file:///C:/Windows/Temp/ToinbMenu.cab (ToinbWMenu Class)
O16 - DPF: {7A868592-7D06-44CF-ADF1-EF7517BD8F3A} http://aca.koreapoly.../ManagerEx4.cab (ManagerEx4 Class)
O16 - DPF: {8EEBE06F-29A9-4704-B339-F6CB260F71E3} http://portal.chungd...OCX/BWordXU.cab (BWordXU Control)
O16 - DPF: {91B0A4F0-3206-4564-9BB4-AF9055DEF8A1} file:///C:/Windows/Temp/ToinbTextArea.cab (ToinbWTextArea Class)
O16 - DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} http://download.micr...44/igdtoolx.cab (IGDTester Class)
O16 - DPF: {9C9AB433-EA85-11D2-A4F9-00608CEBEE49} file:///C:/Windows/Temp/ToinbBind.cab (ToinbWBind Class)
O16 - DPF: {A1B83F7D-05D8-42F8-9C29-99ED06CD528C} http://speed.nia.or....NIAforHuman.cab (SysNIAforHuman Control)
O16 - DPF: {B10570FB-3C00-4D0D-AF11-9B775C903D62} http://kibt.koreapol...oaderPlusX2.cab (TeamsLoaderPlusX2 Control)
O16 - DPF: {BCB3A52D-F8E7-11D3-973E-0060979E2A03} file:///C:/Windows/Temp/ToinbImgData.cab (ToinbWImgData Class)
O16 - DPF: {C1143E84-B2B1-473B-9F20-E62DD754FCAF} http://pib.wooribank...ineTransfer.cab (VineTransfer Control)
O16 - DPF: {C193DE20-29F4-4B4F-963B-EB20CB3186C0} http://speed.nia.or....n/SpeedTest.cab (SpeedTest Control)
O16 - DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DA7DA24A-D5F1-455F-BC74-4BE6D36FEC3F} http://ug.activetuto...te/4CUpdate.cab (UpdateAgent Class)
O16 - DPF: {E6876E99-7C28-43AD-9088-315DC302C05F} file:///C:/Windows/Temp/ToinbEMEdit.cab (ToinbWEMEdit Class)
O16 - DPF: {E92D4BD6-F236-4FF0-AC7F-BC17CC6456AA} http://www.benchbee..../BSpeedTest.cab (BSpeedTest Control)
O16 - DPF: {ED382953-E907-11D3-B694-006097AD7252} file:///C:/Windows/Temp/ToinbTab.cab (ToinbWTab Class)
O16 - DPF: {FD4C6571-DD20-11D2-973D-00104B15E56F} file:///C:/Windows/Temp/ToinbCCombo.cab (ToInbWCCombo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 164.124.101.2 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1709D91D-A2B2-4B40-A094-4C9FD704D4E5}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2E488934-6F1A-4C77-B956-0CD5FE9FD30D}: DhcpNameServer = 164.124.101.2 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{671CDC4E-8DDF-4BF6-B777-1418C9030794}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B624B6D4-002B-4FB4-A7D1-3677170BF243}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll ()
O18 - Protocol\Filter\application/x-gforms-deflate - No CLSID value found
O18 - Protocol\Filter\application/x-gforms-xml - No CLSID value found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 06:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/04/19 19:53:18 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/04/14 04:47:10 | 000,000,000 | ---D | C] -- C:\Users\Matt\Desktop\simc-520
[2013/04/13 21:45:04 | 000,000,000 | ---D | C] -- C:\Users\Matt\Desktop\hosts
[2013/04/13 21:23:15 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.exe
[2013/04/13 13:47:03 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\Programs
[2013/04/13 13:40:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/04/13 13:32:50 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2013/04/12 13:55:04 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/04/07 15:50:05 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Roaming\Curse Advertising
[2013/04/03 22:06:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\POWERPREP II
[2013/04/03 22:06:28 | 000,000,000 | ---D | C] -- C:\Program Files\ETS
[2013/03/25 13:29:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013/03/25 02:10:08 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Roaming\MultiBit
[2013/03/25 02:09:23 | 000,000,000 | ---D | C] -- C:\Program Files\MultiBit-0.4.23
[2013/03/25 02:09:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MultiBit

========== Files - Modified Within 30 Days ==========

[2013/04/19 19:57:34 | 000,000,664 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/19 19:57:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/04/19 19:57:17 | 2810,437,632 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/19 19:41:01 | 000,000,668 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/19 19:34:56 | 000,017,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/19 19:34:56 | 000,017,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/16 01:12:33 | 000,000,636 | ---- | M] () -- C:\Users\Matt\Desktop\SimulationCraft - Shortcut.lnk
[2013/04/14 04:44:44 | 034,620,231 | ---- | M] () -- C:\Users\Matt\Desktop\simc-520-6-win32 (1).zip
[2013/04/13 21:23:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.exe
[2013/04/13 13:50:56 | 000,002,185 | ---- | M] () -- C:\Users\Matt\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/04/13 13:47:54 | 000,001,027 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/13 13:40:45 | 000,002,161 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/04/13 13:32:51 | 000,001,065 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/04/13 13:26:29 | 000,447,659 | ---- | M] () -- C:\Windows\System32\drivers\etc\HOSTS.MVP
[2013/04/13 13:20:34 | 000,320,872 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/04/03 22:06:48 | 000,001,906 | ---- | M] () -- C:\Users\Public\Desktop\GRE PowerPrep II.lnk
[2013/04/03 00:30:42 | 1398,685,900 | ---- | M] () -- C:\Users\Matt\Desktop\Game.of.Thrones.S03E01.720p.HDTV.x264-EVOLVE.mkv
[2013/04/02 13:56:56 | 000,575,742 | ---- | M] () -- C:\Windows\System32\drivers\etc\HOSTS
[2013/03/25 02:09:22 | 000,001,759 | ---- | M] () -- C:\Users\Public\Desktop\MultiBit 0.4.23.lnk
[2013/03/24 13:44:42 | 000,001,949 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013/03/24 12:16:14 | 000,447,003 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20130413-132629.backup
[2013/03/24 11:51:02 | 000,632,708 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/03/24 11:51:02 | 000,412,224 | ---- | M] () -- C:\Windows\System32\perfh012.dat
[2013/03/24 11:51:02 | 000,110,342 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/03/24 11:51:02 | 000,108,630 | ---- | M] () -- C:\Windows\System32\perfc012.dat

========== Files Created - No Company Name ==========

[2013/04/14 04:48:38 | 000,000,636 | ---- | C] () -- C:\Users\Matt\Desktop\SimulationCraft - Shortcut.lnk
[2013/04/14 04:44:02 | 034,620,231 | ---- | C] () -- C:\Users\Matt\Desktop\simc-520-6-win32 (1).zip
[2013/04/13 13:40:45 | 000,002,185 | ---- | C] () -- C:\Users\Matt\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/04/13 13:40:45 | 000,002,161 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/04/13 13:36:52 | 000,000,668 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/13 13:36:51 | 000,000,664 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/13 13:32:51 | 000,001,077 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/04/13 13:32:51 | 000,001,065 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/04/03 22:06:48 | 000,001,906 | ---- | C] () -- C:\Users\Public\Desktop\GRE PowerPrep II.lnk
[2013/04/03 00:21:48 | 1398,685,900 | ---- | C] () -- C:\Users\Matt\Desktop\Game.of.Thrones.S03E01.720p.HDTV.x264-EVOLVE.mkv
[2013/03/25 02:09:22 | 000,001,759 | ---- | C] () -- C:\Users\Public\Desktop\MultiBit 0.4.23.lnk
[2013/03/24 13:44:42 | 000,001,949 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013/03/24 13:44:40 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2012/10/15 05:22:00 | 000,001,057 | ---- | C] () -- C:\Users\Matt\AppData\Roaming\vso_ts_preview.xml
[2012/09/10 22:20:52 | 002,923,201 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin
[2012/01/26 16:59:01 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/12/11 19:30:09 | 000,003,584 | ---- | C] () -- C:\Users\Matt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/09 20:03:39 | 000,065,536 | ---- | C] () -- C:\Windows\System32\cosa.dll
[2011/12/09 20:03:39 | 000,015,512 | ---- | C] () -- C:\Windows\System32\IRTrace.dll
[2011/08/17 01:29:33 | 000,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2011/06/29 10:43:58 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011/06/11 02:37:20 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/06/11 02:36:14 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2010/10/08 21:55:06 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

========== ZeroAccess Check ==========

[2009/07/14 13:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 13:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 21:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 10:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011/12/09 20:06:14 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\AhnLab
[2011/08/15 21:46:37 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Amazon
[2011/04/10 19:58:33 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\AVG
[2012/10/07 15:14:00 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\AVG2013
[2013/04/10 09:07:19 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Curse Advertising
[2010/10/10 00:22:38 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\DAEMON Tools Lite
[2011/08/06 02:32:36 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Leadertech
[2012/04/24 02:23:10 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\LolClient
[2012/06/02 22:55:58 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\LolClient2
[2013/03/25 02:36:20 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\MultiBit
[2011/11/06 11:15:46 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Mumble
[2011/11/25 09:39:11 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\OpenDNS Updater
[2010/10/08 22:47:22 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\OpenOffice.org
[2012/07/19 15:06:15 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\PlayerScoreDesktop
[2011/09/17 12:32:42 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\PunkBuster
[2011/08/15 22:09:23 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\The Creative Assembly
[2012/10/07 15:04:27 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\TuneUp Software
[2010/11/07 16:15:19 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Turbine
[2013/04/13 13:55:25 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\uTorrent
[2012/10/15 05:24:45 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Vso

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 180 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >

6. Neither VirusTotal nor I can find spbu.sys in that location any more, so of course no scan was done.
  • 0

#8
godawgs
Posted 19 April 2013 - 09:13 AM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hi Matt,

Thanks for the information. You're right, Pando and ESET totally uninstalled. That doesn't happen very often. Most times we have to go in and remove and leftovers. I understand about uTorrent but please don't use it until we are done.
The OTL [emptytemp] command did not remove the O16 files from the Windows\Temp folder so we will do that. Then see if we can find anything else.


Step-1.

Posted Image OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the quote box below (Do Not copy the word Quote. To do this, highlight everything
inside the quote box (except the word Quote) , right click and click Copy.

:COMMANDS
[createrestorepoint]

:OTL
O16 - DPF: {063F7D71-5E0B-48F2-87D5-F63C5917947E} http://ahnlabdownloa...ugin/aosmgr.cab (Reg Error: Key error.)
O16 - DPF: {0A2233AD-E771-11D2-973D-00104B15E56F} file:///C:/Windows/Temp/ToinbTR.cab (ToinbWTR Class)
O16 - DPF: {14DA1FE5-438E-4E2C-959D-5BF03F63EA9C} file:///C:/Windows/Temp/ToinbCComboII.cab (ToinbWCComboII Class)
O16 - DPF: {1C18220D-EC23-48C8-B35E-857ADE9D1465} file:///C:/Windows/Temp/Potential.cab (Potential Class)
O16 - DPF: {1F57AEAD-DB12-11D2-A4F9-00608CEBEE49} file:///C:/Windows/Temp/ToinbGrid.cab (ToinbWGrid Class)
O16 - DPF: {3267EA0D-B5D8-11D2-A4F9-00608CEBEE49} file:///C:/Windows/Temp/ToinbData.cab (ToinbWData Class)
O16 - DPF: {37D13B2F-E5EB-11D2-973D-00104B15E56F} file:///C:/Windows/Temp/ToinbRep.cab (ToinbWReport Class)
O16 - DPF: {4401B994-DD33-11D2-B539-006097ADB678} file:///C:/Windows/Temp/ToinbTree.cab (ToinbWTree Class)
O16 - DPF: {4F1962EE-FBDF-4979-B2D0-1FE7760EDDEA} file:///C:/Windows/Temp/FileConverter.cab (FileConverter Class)
O16 - DPF: {5FBAE1CD-A276-11D3-AF84-00C026DC3D95} file:///C:/Windows/Temp/ToinbMEdit.cab (ToinbwMEdit Class)
O16 - DPF: {60109D65-70C0-425C-B3A4-4CB001513C69} file:///C:/Windows/Temp/LuxeCombo.cab (LuxeWCombo Class)
O16 - DPF: {69F1348F-3EBE-11D3-973D-0060979E2A03} file:///C:/Windows/Temp/ToinbIFile.cab (ToinbWInputFile Class)
O16 - DPF: {754F3DC4-0C79-4C92-AD64-A806D8FF2AB0} file:///C:/Windows/Temp/ToinbRadio.cab (ToinbWRadio Class)
O16 - DPF: {7A54CBF0-2CB4-11D4-973E-0060979E2A03} file:///C:/Windows/Temp/ToinbMenu.cab (ToinbWMenu Class)
O16 - DPF: {91B0A4F0-3206-4564-9BB4-AF9055DEF8A1} file:///C:/Windows/Temp/ToinbTextArea.cab (ToinbWTextArea Class)
O16 - DPF: {9C9AB433-EA85-11D2-A4F9-00608CEBEE49} file:///C:/Windows/Temp/ToinbBind.cab (ToinbWBind Class)
O16 - DPF: {BCB3A52D-F8E7-11D3-973E-0060979E2A03} file:///C:/Windows/Temp/ToinbImgData.cab (ToinbWImgData Class)
O16 - DPF: {E6876E99-7C28-43AD-9088-315DC302C05F} file:///C:/Windows/Temp/ToinbEMEdit.cab (ToinbWEMEdit Class)
O16 - DPF: {ED382953-E907-11D3-B694-006097AD7252} file:///C:/Windows/Temp/ToinbTab.cab (ToinbWTab Class)
O16 - DPF: {FD4C6571-DD20-11D2-973D-00104B15E56F} file:///C:/Windows/Temp/ToinbCCombo.cab (ToInbWCCombo Class)

:COMMANDS
[emptytemp]


Warning: This fix is relevant for this system and no other. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

2. Please re-open Posted Image on your desktop. To do that:
  • Vista and 7 users: Right click the icon and click Run as Administrator
3. Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).


Step-2.

Run aswMBR
  • Download aswMBR.exe to your desktop.
  • (Windows /7 users: Right click the file and click Run as Administrator. If you get a UAC window, allow the file to run.
  • If it asks you if you want to download the latest virus definitions, click "No"
    Posted Image
  • Click the "Scan" button to start the scan
    Posted Image
  • On completion of the scan click save log. Save it to your desktop and post in your next reply.
    Posted Image
NOTE: When you run aswMBR, if it is shutdown automatically, then it is most likely the infection detecting that aswMBR is running and terminating it. In this situation you should rename the executable (aswMBR.exe) to iexplore.exe and try it again.


Step-3.

Run RogueKiller

  • Download RogueKiller.
  • Click the English Webpage link.
  • Click the 32bits (x86) download link and save the RogueKiller.exe file to the desktop.

    NOTE: If using IE8 or better Smartscreen Filter will need to be disabled
  • Quit all programs and close all browsers.
  • Right click the RogueKiller icon and click Run as Administrator to run the program.
  • Wait until Prescan has finished ...
  • Click on Scan

    Posted Image
  • Wait for the end of the scan.
  • DO NOT delete anything at this time.
  • The report has been created on the desktop.
Please post:
All RKreport.txt text files located on your desktop.
NOTE: If RogueKiller has been blocked, do not hesitate to try a few times more. If it really won't run, rename it to winlogon.exe (or winlogon.com) and try again


Step-4.

NOTE: See the text file in the Tools folder in the G2G folder for mor info......

THE CANNEDs

AdwCleaner by Xplode

Download AdwCleaner from here to your desktop.
Close all open windows and browsers.

  • (Vista and 7 users:))right click The adwcleaner.exe, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    Posted Image
  • Click the Search button and wait for the scan to finish.
  • Once done it may ask to reboot, allow this.
    Do Not delete anything at this point.
  • On reboot a log will be produced please copy/paste that in your next reply. This report is also saved to C:\AdwCleaner[R1].txt

Step-4.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. The OTL fixes log
2. The aswMBR log
3. The RKreport.txt log
4. The AdwCleaner[R1].txt log
  • 0

#9
MattDMan1984
Posted 21 April 2013 - 11:27 PM

MattDMan1984

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Starting removal of ActiveX control {063F7D71-5E0B-48F2-87D5-F63C5917947E}
C:\Windows\Downloaded Program Files\aosmgr.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{063F7D71-5E0B-48F2-87D5-F63C5917947E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{063F7D71-5E0B-48F2-87D5-F63C5917947E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{063F7D71-5E0B-48F2-87D5-F63C5917947E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{063F7D71-5E0B-48F2-87D5-F63C5917947E}\ not found.
File 3AD-E771-11D2-973D-00104B15E56F} file:///C:/Windows/Temp/ToinbTR.cab not found.
Starting removal of ActiveX control {0A2233AD-E771-11D2-973D-00104B15E56F}
C:\Windows\Downloaded Program Files\ToinbTR.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{0A2233AD-E771-11D2-973D-00104B15E56F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A2233AD-E771-11D2-973D-00104B15E56F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{0A2233AD-E771-11D2-973D-00104B15E56F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A2233AD-E771-11D2-973D-00104B15E56F}\ not found.
File FE5-438E-4E2C-959D-5BF03F63EA9C} file:///C:/Windows/Temp/ToinbCComboII.cab not found.
Starting removal of ActiveX control {14DA1FE5-438E-4E2C-959D-5BF03F63EA9C}
C:\Windows\Downloaded Program Files\ToinbCComboII.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{14DA1FE5-438E-4E2C-959D-5BF03F63EA9C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{14DA1FE5-438E-4E2C-959D-5BF03F63EA9C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{14DA1FE5-438E-4E2C-959D-5BF03F63EA9C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{14DA1FE5-438E-4E2C-959D-5BF03F63EA9C}\ not found.
File 20D-EC23-48C8-B35E-857ADE9D1465} file:///C:/Windows/Temp/Potential.cab not found.
Starting removal of ActiveX control {1C18220D-EC23-48C8-B35E-857ADE9D1465}
C:\Windows\Downloaded Program Files\Potential.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1C18220D-EC23-48C8-B35E-857ADE9D1465}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1C18220D-EC23-48C8-B35E-857ADE9D1465}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{1C18220D-EC23-48C8-B35E-857ADE9D1465}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1C18220D-EC23-48C8-B35E-857ADE9D1465}\ not found.
File EAD-DB12-11D2-A4F9-00608CEBEE49} file:///C:/Windows/Temp/ToinbGrid.cab not found.
Starting removal of ActiveX control {1F57AEAD-DB12-11D2-A4F9-00608CEBEE49}
C:\Windows\Downloaded Program Files\ToinbGrid.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1F57AEAD-DB12-11D2-A4F9-00608CEBEE49}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F57AEAD-DB12-11D2-A4F9-00608CEBEE49}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{1F57AEAD-DB12-11D2-A4F9-00608CEBEE49}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F57AEAD-DB12-11D2-A4F9-00608CEBEE49}\ not found.
File A0D-B5D8-11D2-A4F9-00608CEBEE49} file:///C:/Windows/Temp/ToinbData.cab not found.
Starting removal of ActiveX control {3267EA0D-B5D8-11D2-A4F9-00608CEBEE49}
C:\Windows\Downloaded Program Files\ToinbData.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{3267EA0D-B5D8-11D2-A4F9-00608CEBEE49}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3267EA0D-B5D8-11D2-A4F9-00608CEBEE49}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{3267EA0D-B5D8-11D2-A4F9-00608CEBEE49}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3267EA0D-B5D8-11D2-A4F9-00608CEBEE49}\ not found.
File B2F-E5EB-11D2-973D-00104B15E56F} file:///C:/Windows/Temp/ToinbRep.cab not found.
Starting removal of ActiveX control {37D13B2F-E5EB-11D2-973D-00104B15E56F}
C:\Windows\Downloaded Program Files\ToinbRep.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{37D13B2F-E5EB-11D2-973D-00104B15E56F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37D13B2F-E5EB-11D2-973D-00104B15E56F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{37D13B2F-E5EB-11D2-973D-00104B15E56F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37D13B2F-E5EB-11D2-973D-00104B15E56F}\ not found.
File 994-DD33-11D2-B539-006097ADB678} file:///C:/Windows/Temp/ToinbTree.cab not found.
Starting removal of ActiveX control {4401B994-DD33-11D2-B539-006097ADB678}
C:\Windows\Downloaded Program Files\ToinbTree.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{4401B994-DD33-11D2-B539-006097ADB678}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4401B994-DD33-11D2-B539-006097ADB678}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{4401B994-DD33-11D2-B539-006097ADB678}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4401B994-DD33-11D2-B539-006097ADB678}\ not found.
File 2EE-FBDF-4979-B2D0-1FE7760EDDEA} file:///C:/Windows/Temp/FileConverter.cab not found.
Starting removal of ActiveX control {4F1962EE-FBDF-4979-B2D0-1FE7760EDDEA}
C:\Windows\Downloaded Program Files\FileConverter.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{4F1962EE-FBDF-4979-B2D0-1FE7760EDDEA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4F1962EE-FBDF-4979-B2D0-1FE7760EDDEA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{4F1962EE-FBDF-4979-B2D0-1FE7760EDDEA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4F1962EE-FBDF-4979-B2D0-1FE7760EDDEA}\ not found.
File 1CD-A276-11D3-AF84-00C026DC3D95} file:///C:/Windows/Temp/ToinbMEdit.cab not found.
Starting removal of ActiveX control {5FBAE1CD-A276-11D3-AF84-00C026DC3D95}
C:\Windows\Downloaded Program Files\ToinbMEdit.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{5FBAE1CD-A276-11D3-AF84-00C026DC3D95}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FBAE1CD-A276-11D3-AF84-00C026DC3D95}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5FBAE1CD-A276-11D3-AF84-00C026DC3D95}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FBAE1CD-A276-11D3-AF84-00C026DC3D95}\ not found.
File D65-70C0-425C-B3A4-4CB001513C69} file:///C:/Windows/Temp/LuxeCombo.cab not found.
Starting removal of ActiveX control {60109D65-70C0-425C-B3A4-4CB001513C69}
C:\Windows\Downloaded Program Files\LuxeCombo.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{60109D65-70C0-425C-B3A4-4CB001513C69}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{60109D65-70C0-425C-B3A4-4CB001513C69}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{60109D65-70C0-425C-B3A4-4CB001513C69}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{60109D65-70C0-425C-B3A4-4CB001513C69}\ not found.
File 48F-3EBE-11D3-973D-0060979E2A03} file:///C:/Windows/Temp/ToinbIFile.cab not found.
Starting removal of ActiveX control {69F1348F-3EBE-11D3-973D-0060979E2A03}
C:\Windows\Downloaded Program Files\ToinbInputFile.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{69F1348F-3EBE-11D3-973D-0060979E2A03}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69F1348F-3EBE-11D3-973D-0060979E2A03}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{69F1348F-3EBE-11D3-973D-0060979E2A03}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69F1348F-3EBE-11D3-973D-0060979E2A03}\ not found.
File DC4-0C79-4C92-AD64-A806D8FF2AB0} file:///C:/Windows/Temp/ToinbRadio.cab not found.
Starting removal of ActiveX control {754F3DC4-0C79-4C92-AD64-A806D8FF2AB0}
C:\Windows\Downloaded Program Files\ToinbRadio.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{754F3DC4-0C79-4C92-AD64-A806D8FF2AB0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{754F3DC4-0C79-4C92-AD64-A806D8FF2AB0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{754F3DC4-0C79-4C92-AD64-A806D8FF2AB0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{754F3DC4-0C79-4C92-AD64-A806D8FF2AB0}\ not found.
File BF0-2CB4-11D4-973E-0060979E2A03} file:///C:/Windows/Temp/ToinbMenu.cab not found.
Starting removal of ActiveX control {7A54CBF0-2CB4-11D4-973E-0060979E2A03}
C:\Windows\Downloaded Program Files\ToinbMenu.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7A54CBF0-2CB4-11D4-973E-0060979E2A03}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7A54CBF0-2CB4-11D4-973E-0060979E2A03}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7A54CBF0-2CB4-11D4-973E-0060979E2A03}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7A54CBF0-2CB4-11D4-973E-0060979E2A03}\ not found.
File 4F0-3206-4564-9BB4-AF9055DEF8A1} file:///C:/Windows/Temp/ToinbTextArea.cab not found.
Starting removal of ActiveX control {91B0A4F0-3206-4564-9BB4-AF9055DEF8A1}
C:\Windows\Downloaded Program Files\ToinbTextArea.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{91B0A4F0-3206-4564-9BB4-AF9055DEF8A1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91B0A4F0-3206-4564-9BB4-AF9055DEF8A1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{91B0A4F0-3206-4564-9BB4-AF9055DEF8A1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91B0A4F0-3206-4564-9BB4-AF9055DEF8A1}\ not found.
File 433-EA85-11D2-A4F9-00608CEBEE49} file:///C:/Windows/Temp/ToinbBind.cab not found.
Starting removal of ActiveX control {9C9AB433-EA85-11D2-A4F9-00608CEBEE49}
C:\Windows\Downloaded Program Files\ToinbBind.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9C9AB433-EA85-11D2-A4F9-00608CEBEE49}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9C9AB433-EA85-11D2-A4F9-00608CEBEE49}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9C9AB433-EA85-11D2-A4F9-00608CEBEE49}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9C9AB433-EA85-11D2-A4F9-00608CEBEE49}\ not found.
File 52D-F8E7-11D3-973E-0060979E2A03} file:///C:/Windows/Temp/ToinbImgData.cab not found.
Starting removal of ActiveX control {BCB3A52D-F8E7-11D3-973E-0060979E2A03}
C:\Windows\Downloaded Program Files\ToinbImgData.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{BCB3A52D-F8E7-11D3-973E-0060979E2A03}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BCB3A52D-F8E7-11D3-973E-0060979E2A03}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{BCB3A52D-F8E7-11D3-973E-0060979E2A03}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BCB3A52D-F8E7-11D3-973E-0060979E2A03}\ not found.
File E99-7C28-43AD-9088-315DC302C05F} file:///C:/Windows/Temp/ToinbEMEdit.cab not found.
Starting removal of ActiveX control {E6876E99-7C28-43AD-9088-315DC302C05F}
C:\Windows\Downloaded Program Files\ToinbEMEdit.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E6876E99-7C28-43AD-9088-315DC302C05F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6876E99-7C28-43AD-9088-315DC302C05F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E6876E99-7C28-43AD-9088-315DC302C05F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6876E99-7C28-43AD-9088-315DC302C05F}\ not found.
File 953-E907-11D3-B694-006097AD7252} file:///C:/Windows/Temp/ToinbTab.cab not found.
Starting removal of ActiveX control {ED382953-E907-11D3-B694-006097AD7252}
C:\Windows\Downloaded Program Files\ToinbTab.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{ED382953-E907-11D3-B694-006097AD7252}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ED382953-E907-11D3-B694-006097AD7252}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{ED382953-E907-11D3-B694-006097AD7252}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ED382953-E907-11D3-B694-006097AD7252}\ not found.
File 571-DD20-11D2-973D-00104B15E56F} file:///C:/Windows/Temp/ToinbCCombo.cab not found.
Starting removal of ActiveX control {FD4C6571-DD20-11D2-973D-00104B15E56F}
C:\Windows\Downloaded Program Files\ToinbCCombo.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{FD4C6571-DD20-11D2-973D-00104B15E56F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD4C6571-DD20-11D2-973D-00104B15E56F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{FD4C6571-DD20-11D2-973D-00104B15E56F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD4C6571-DD20-11D2-973D-00104B15E56F}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Matt
->Temp folder emptied: 23701818 bytes
->Temporary Internet Files folder emptied: 39669 bytes
->Java cache emptied: 144477 bytes
->Google Chrome cache emptied: 356898001 bytes
->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 170103 bytes
RecycleBin emptied: 35794588 bytes

Total Files Cleaned = 397.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 04222013_140023

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...



aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-04-22 14:12:50
-----------------------------
14:12:50.498 OS Version: Windows 6.1.7601 Service Pack 1
14:12:50.498 Number of processors: 4 586 0x1E05
14:12:50.499 ComputerName: MATT-PC UserName: Matt
14:12:51.872 Initialize success
14:13:16.113 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-4
14:13:16.117 Disk 0 Vendor: ST3160812AS 3.ADJ Size: 152587MB BusType: 3
14:13:16.132 Disk 0 MBR read successfully
14:13:16.136 Disk 0 MBR scan
14:13:16.140 Disk 0 Windows 7 default MBR code
14:13:16.154 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
14:13:16.166 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 152485 MB offset 206848
14:13:16.191 Disk 0 scanning sectors +312496128
14:13:16.267 Disk 0 scanning C:\Windows\system32\drivers
14:13:34.018 Service scanning
14:13:47.884 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
14:13:51.852 Modules scanning
14:14:31.051 Disk 0 trace - called modules:
14:14:31.090 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x86dee1f8]<<
14:14:31.422 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8702c618]
14:14:31.430 3 CLASSPNP.SYS[8d3b959e] -> nt!IofCallDriver -> [0x86e85930]
14:14:31.437 5 ACPI.sys[8ce433d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-4[0x86e6d030]
14:14:31.446 \Driver\atapi[0x86e81e18] -> IRP_MJ_CREATE -> 0x86dee1f8
14:14:31.451 Scan finished successfully
14:14:49.824 Disk 0 MBR has been saved successfully to "C:\Users\Matt\Desktop\MBR.dat"
14:14:49.828 The log file has been saved successfully to "C:\Users\Matt\Desktop\aswMBR.txt"


RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Matt [Admin rights]
Mode : Scan -- Date : 04/22/2013 14:21:37
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost #[IPv6]
127.0.0.1 fr.a2dfp.net
127.0.0.1 m.fr.a2dfp.net
127.0.0.1 ad.a8.net
127.0.0.1 asy.a8ww.net
127.0.0.1 abcstats.com
127.0.0.1 a.abv.bg
127.0.0.1 adserver.abv.bg
127.0.0.1 adv.abv.bg
127.0.0.1 bimg.abv.bg
127.0.0.1 ca.abv.bg
127.0.0.1 www2.a-counter.kiev.ua
127.0.0.1 track.acclaimnetwork.com
127.0.0.1 accuserveadsystem.com
127.0.0.1 www.accuserveadsystem.com
127.0.0.1 achmedia.com
127.0.0.1 csh.actiondesk.com
127.0.0.1 www.activemeter.com #[Tracking.Cookie]
127.0.0.1 ads.activepower.net
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3160812AS ATA Device +++++
--- User ---
[MBR] ae454ba1160097bc0fa686c35e0449ed
[BSP] 83c18d2e04eb08d97fa47a02d855e0ea : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 152485 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: SMI USB DISK USB Device +++++
--- User ---
[MBR] 3c31d08e3f9f8b450abd984fa861adc5
[BSP] 33a07a59d299ab4ea9f4ab0156f9d86f : Windows XP MBR Code
Partition table:
0 - [ACTIVE] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 63 | Size: 7727 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive2: Samsung STORY Station USB Device +++++
--- User ---
[MBR] c2d89bd39df36b599bad73f05b69058b
[BSP] 2c9019a3d7d944262075e27610a6804f : Empty MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 953867 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1]_S_04222013_02d1421.txt >>
RKreport[1]_S_04222013_02d1421.txt



# AdwCleaner v2.201 - Logfile created 04/22/2013 at 14:25:03
# Updated 21/04/2013 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (32 bits)
# User : Matt - MATT-PC
# Boot Mode : Normal
# Running from : C:\Users\Matt\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
Folder Found : C:\Program Files\AVG Secure Search
Folder Found : C:\Program Files\Common Files\AVG Secure Search
Folder Found : C:\ProgramData\AVG Secure Search
Folder Found : C:\Users\Matt\AppData\Local\AVG Secure Search
Folder Found : C:\Users\Matt\AppData\Local\PackageAware
Folder Found : C:\Users\Matt\AppData\LocalLow\AVG Secure Search

***** [Registry] *****

Key Found : HKCU\Software\AVG Secure Search
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\IGearSettings
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Softonic
Key Found : HKLM\Software\AVG Secure Search
Key Found : HKLM\Software\AVG Security Toolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\S
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKU\S-1-5-21-870645799-4136988807-1401639153-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16476

[OK] Registry is clean.

-\\ Google Chrome v26.0.1410.64

File : C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [4786 octets] - [22/04/2013 14:25:03]

########## EOF - C:\AdwCleaner[R1].txt - [4846 octets] ##########
  • 0

#10
godawgs
Posted 22 April 2013 - 11:19 AM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Thanks for the scans. Let's kill what AdwCleaner found and I want to get a closer look at another file. This scan will produce an abbreviated OTL log so read the instructions carefully.


Step-1.

Re-run AdwCleaner

Close all open windows and browsers.

Re-open AdwCleaner
  • (Vista and 7 users)right click The adwcleaner.exe, click Run as administrator and accept the UAC prompt to run AdwCleaner.
  • Click the Delete button and wait for the scan.
    Posted Image
  • Everything that was found will be deleted.
  • When the scan ends, a report appears.
  • Once done it will ask to reboot, allow this

    Posted Image
  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner[S1].txt

Step-2.

Show Hidden Files and Folders
  • Click the Start Orb. Click Computer.
  • On the next window, at the top of the window, click Tools then click Folder Options.
  • On the Folder Options window click the View tab.
  • Under the Files and Folders section:
  • Make sure that 'Show hidden files and folders' (or 'Show all files') is enabled.

    Posted Image
  • Also make sure that Hide protected system operating files(recommended) is un-checked.

    Posted Image
  • Also make sure the Hide extensions for known file types box is un-checked.

    Posted Image

    Posted Image

Step-3

Posted Image OTL Custom Scan

1. Please copy the text in the Quote box below, (Do Not copy the word Quote), and paste it in the Posted Image box in OTL. To do that:
  • Highlight everything inside the quote box, (except the word Quote), right click the mouse and click Copy.

createrestorepoint
/md5start
halmacpi.dll
/md5stop


2. Re-open Posted Imageon the desktop. To do that:
  • Vista / 7 Users: Right click on the icon and click Run as Administrator
Make sure all other windows are closed.
  • You will see a console like the one below:

    Posted Image
  • Click the None button at the top of the console.<---Very Important
  • Click the box beside Include 64bit Scans at the top of the console.
  • Make sure the Output box at the top is set to Standard Output.
  • Place the mouse pointer inside thePosted Image box, right click and click Paste. This will put the above script inside OTL
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so.
  • Let the scan run uninterrupted.
  • When the scan completes, it will open OTL.Txt. This file is also saved in the same location as OTL (it should be on your desktop).
  • Please copy the contents of this file and paste it into your reply. To do that:
  • On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
  • Right click inside the forum post window then click Paste. This will paste the contents of the OTL.txt file in the in the post window.

Step-4.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. The AdwCleaner[S1].txt log
2. The new OTL.txt log
  • 0

Advertisements

#11
MattDMan1984
Posted 24 April 2013 - 11:15 PM

MattDMan1984

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
I have run the AdwCleaner deletion and changed my file settings, but not yet run the OTL fix. 1) I am not sure which "None" radio button I should be clicking (Processes, Modules, Services, Drivers, Standard Registry, or Extra Registry) 2) I do not have an "Include 64bit Scans" check box; perhaps because I am running on 32-bit Windows? I have no real idea of course. :huh: Please advise.

The AdwCleaner log is below. (When I ran it, AVG asked me to allow it to run, which I did.) Thanks again for your continued help!


# AdwCleaner v2.202 - Logfile created 04/25/2013 at 13:50:59
# Updated 23/04/2013 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (32 bits)
# User : Matt - MATT-PC
# Boot Mode : Normal
# Running from : C:\Users\Matt\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Program Files\Common Files\AVG Secure Search
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
Folder Deleted : C:\Program Files\AVG Secure Search
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\Users\Matt\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Matt\AppData\Local\PackageAware
Folder Deleted : C:\Users\Matt\AppData\LocalLow\AVG Secure Search

***** [Registry] *****

Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16476

[OK] Registry is clean.

-\\ Google Chrome v26.0.1410.64

File : C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [4915 octets] - [22/04/2013 14:25:03]
AdwCleaner[S1].txt - [5042 octets] - [25/04/2013 13:50:59]

########## EOF - C:\AdwCleaner[S1].txt - [5102 octets] ##########
  • 0

#12
godawgs
Posted 25 April 2013 - 01:05 AM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

1) I am not sure which "None" radio button I should be clicking (Processes, Modules, Services, Drivers, Standard Registry, or Extra Registry)

None of those. At the very top of the OTL console there are buttons for Run Scan, Run Fix, QuickScan and None. That's the none button I want you to click.

2) I do not have an "Include 64bit Scans" check box; perhaps because I am running on 32-bit Windows?

That's my bad. Your windows is the 32bit system so you won't have a Include 64bit Scans box.

Thanks again for your continued help!

You are welcome.
  • 0

#13
MattDMan1984
Posted 25 April 2013 - 01:31 AM

MattDMan1984

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Ah, my mistake. OTL log below.


OTL logfile created on: 4/25/2013 4:26:29 PM - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Matt\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.49 Gb Total Physical Memory | 2.86 Gb Available Physical Memory | 82.07% Memory free
6.98 Gb Paging File | 5.47 Gb Available in Paging File | 78.32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148.91 Gb Total Space | 40.40 Gb Free Space | 27.13% Space Free | Partition Type: NTFS
Drive E: | 100.00 Mb Total Space | 61.59 Mb Free Space | 61.60% Space Free | Partition Type: NTFS
Drive F: | 7.53 Gb Total Space | 3.53 Gb Free Space | 46.92% Space Free | Partition Type: FAT32
Drive H: | 931.51 Gb Total Space | 227.49 Gb Free Space | 24.42% Space Free | Partition Type: NTFS

Computer Name: MATT-PC | User Name: Matt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Custom Scans ==========

< MD5 for: HALMACPI.DLL >
[2010/11/20 21:29:53 | 000,194,432 | ---- | M] (Microsoft Corporation) MD5=1BF0D4727FDB437D513CFF8A9359C050 -- C:\Windows\System32\halmacpi.dll
[2010/11/20 21:29:53 | 000,194,432 | ---- | M] (Microsoft Corporation) MD5=1BF0D4727FDB437D513CFF8A9359C050 -- C:\Windows\winsxs\x86_microsoft-windows-hal_31bf3856ad364e35_6.1.7601.17514_none_ad305c8fb7ec5060\halmacpi.dll
[2009/07/14 10:20:28 | 000,194,640 | ---- | M] (Microsoft Corporation) MD5=9A557EAE64ABAB3BA67A9BB035D24CB9 -- C:\Windows\winsxs\x86_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_aaff48c7bafdccc6\halmacpi.dll

< End of report >
  • 0

#14
godawgs
Posted 25 April 2013 - 07:26 AM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hi,

Thanks for the log. It shows the halmacpi,dll file to be ok but aswMBR showed a problem with it so we will try something else.

We need to make sure that the AVG real time protection is disabled before running this scan. To do that:

  • Open the AVG program.
  • Click the Computer component.
  • In the Anti-Virus section, change the switch to Disabled.
You can re-enable it after the scan is done.



Step-1.


Posted Image TDSSKiller

Please read carefully and follow these steps.
Download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters. (See the image below)

    Posted Image
  • Make sure the boxes under Objects to scan are checked like the image below.
  • In the Additionak options section, check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system. (See the image below)

    Posted Image
  • Click OK
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip. DO NOT change the default action, click on Continue. (See the image below)

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
  • Get the report by clicking Report

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


Step-2.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. The TDSSKiller log
  • 0

#15
MattDMan1984
Posted 27 April 2013 - 02:13 PM

MattDMan1984

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
2 suspicious objects and no malicious objects detected. I re-enabled AVG real-time protection after the scan.

05:09:59.0331 4884 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
05:10:00.0419 4884 ============================================================
05:10:00.0419 4884 Current date / time: 2013/04/28 05:10:00.0418
05:10:00.0419 4884 SystemInfo:
05:10:00.0419 4884
05:10:00.0419 4884 OS Version: 6.1.7601 ServicePack: 1.0
05:10:00.0419 4884 Product type: Workstation
05:10:00.0419 4884 ComputerName: MATT-PC
05:10:00.0419 4884 UserName: Matt
05:10:00.0419 4884 Windows directory: C:\Windows
05:10:00.0419 4884 System windows directory: C:\Windows
05:10:00.0419 4884 Processor architecture: Intel x86
05:10:00.0419 4884 Number of processors: 4
05:10:00.0419 4884 Page size: 0x1000
05:10:00.0419 4884 Boot type: Normal boot
05:10:00.0419 4884 ============================================================
05:10:01.0443 4884 Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
05:10:02.0200 4884 Drive \Device\Harddisk1\DR1 - Size: 0x1E3000000 (7.55 Gb), SectorSize: 0x200, Cylinders: 0x3D9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
05:10:02.0204 4884 Drive \Device\Harddisk2\DR2 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
05:10:08.0388 4884 ============================================================
05:10:08.0388 4884 \Device\Harddisk0\DR0:
05:10:08.0415 4884 MBR partitions:
05:10:08.0415 4884 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
05:10:08.0415 4884 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x129D2800
05:10:08.0415 4884 \Device\Harddisk1\DR1:
05:10:08.0416 4884 MBR partitions:
05:10:08.0417 4884 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0xF17FC1
05:10:08.0417 4884 \Device\Harddisk2\DR2:
05:10:08.0417 4884 MBR partitions:
05:10:08.0417 4884 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74705982
05:10:08.0418 4884 ============================================================
05:10:08.0446 4884 C: <-> \Device\Harddisk0\DR0\Partition2
05:10:08.0465 4884 E: <-> \Device\Harddisk0\DR0\Partition1
05:10:08.0550 4884 H: <-> \Device\Harddisk2\DR2\Partition1
05:10:08.0550 4884 ============================================================
05:10:08.0550 4884 Initialize success
05:10:08.0550 4884 ============================================================
05:10:35.0905 1800 ============================================================
05:10:35.0905 1800 Scan started
05:10:35.0905 1800 Mode: Manual; SigCheck; TDLFS;
05:10:35.0905 1800 ============================================================
05:10:36.0521 1800 ================ Scan system memory ========================
05:10:36.0521 1800 System memory - ok
05:10:36.0521 1800 ================ Scan services =============================
05:10:36.0724 1800 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
05:10:36.0846 1800 1394ohci - ok
05:10:36.0891 1800 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
05:10:36.0909 1800 ACPI - ok
05:10:36.0944 1800 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
05:10:36.0998 1800 AcpiPmi - ok
05:10:37.0116 1800 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
05:10:37.0141 1800 AdobeARMservice - ok
05:10:37.0195 1800 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
05:10:37.0227 1800 adp94xx - ok
05:10:37.0264 1800 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
05:10:37.0279 1800 adpahci - ok
05:10:37.0294 1800 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
05:10:37.0306 1800 adpu320 - ok
05:10:37.0364 1800 [ 9067A7689D108C4F15ED2FCF2C572B5C ] AE1000 C:\Windows\system32\DRIVERS\ae1000w7.sys
05:10:37.0408 1800 AE1000 - ok
05:10:37.0438 1800 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
05:10:37.0506 1800 AeLookupSvc - ok
05:10:37.0535 1800 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
05:10:37.0571 1800 AFD - ok
05:10:37.0611 1800 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
05:10:37.0626 1800 agp440 - ok
05:10:37.0657 1800 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
05:10:37.0670 1800 aic78xx - ok
05:10:37.0691 1800 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
05:10:37.0748 1800 ALG - ok
05:10:37.0769 1800 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
05:10:37.0781 1800 aliide - ok
05:10:37.0811 1800 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
05:10:37.0821 1800 amdagp - ok
05:10:37.0838 1800 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
05:10:37.0848 1800 amdide - ok
05:10:37.0866 1800 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
05:10:37.0920 1800 AmdK8 - ok
05:10:37.0969 1800 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
05:10:38.0067 1800 AmdPPM - ok
05:10:38.0092 1800 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
05:10:38.0132 1800 amdsata - ok
05:10:38.0148 1800 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
05:10:38.0160 1800 amdsbs - ok
05:10:38.0182 1800 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
05:10:38.0191 1800 amdxata - ok
05:10:38.0234 1800 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
05:10:38.0510 1800 AppID - ok
05:10:38.0526 1800 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
05:10:38.0569 1800 AppIDSvc - ok
05:10:38.0617 1800 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
05:10:38.0669 1800 Appinfo - ok
05:10:38.0697 1800 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
05:10:38.0753 1800 AppMgmt - ok
05:10:38.0797 1800 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
05:10:38.0815 1800 arc - ok
05:10:38.0839 1800 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
05:10:38.0850 1800 arcsas - ok
05:10:38.0923 1800 [ 39CDCB109BF200CC8A05B9C7E6272D11 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
05:10:38.0938 1800 aspnet_state - ok
05:10:38.0952 1800 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
05:10:39.0058 1800 AsyncMac - ok
05:10:39.0083 1800 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
05:10:39.0093 1800 atapi - ok
05:10:39.0148 1800 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
05:10:39.0192 1800 AudioEndpointBuilder - ok
05:10:39.0199 1800 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
05:10:39.0225 1800 Audiosrv - ok
05:10:39.0420 1800 [ 4AFC14AFA58878FAA1D249E7E90EA54B ] AVGIDSAgent C:\Program Files\AVG\AVG2013\avgidsagent.exe
05:10:39.0602 1800 AVGIDSAgent - ok
05:10:39.0653 1800 [ 7BB2C605094DBCA536D127B434214862 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdriverx.sys
05:10:39.0682 1800 AVGIDSDriver - ok
05:10:39.0715 1800 [ 8F50F98686C9A397A19FCBAE284DB1C5 ] AVGIDSHX C:\Windows\system32\DRIVERS\avgidshx.sys
05:10:39.0733 1800 AVGIDSHX - ok
05:10:39.0744 1800 [ A8DE230CC8536790CA07D37FBCD87A74 ] AVGIDSShim C:\Windows\system32\DRIVERS\avgidsshimx.sys
05:10:39.0760 1800 AVGIDSShim - ok
05:10:39.0804 1800 [ D53D35031365A0ECCB1DC1BC1B15B18E ] Avgldx86 C:\Windows\system32\DRIVERS\avgldx86.sys
05:10:39.0828 1800 Avgldx86 - ok
05:10:39.0875 1800 [ 95889A9D23F3133250FA8AD13C982D58 ] Avglogx C:\Windows\system32\DRIVERS\avglogx.sys
05:10:39.0899 1800 Avglogx - ok
05:10:39.0936 1800 [ AF7AA9BA434CD28833A66E90993E8DFD ] Avgmfx86 C:\Windows\system32\DRIVERS\avgmfx86.sys
05:10:39.0958 1800 Avgmfx86 - ok
05:10:40.0015 1800 [ F3D57358DE0B8B3491013C615754A7C7 ] Avgrkx86 C:\Windows\system32\DRIVERS\avgrkx86.sys
05:10:40.0035 1800 Avgrkx86 - ok
05:10:40.0057 1800 [ BA73B38E9033FC6018DB736B635706AE ] Avgtdix C:\Windows\system32\DRIVERS\avgtdix.sys
05:10:40.0082 1800 Avgtdix - ok
05:10:40.0139 1800 [ CAE7B6E4D7EB17829C526153D19B9C95 ] avgtp C:\Windows\system32\drivers\avgtpx86.sys
05:10:40.0153 1800 avgtp - ok
05:10:40.0178 1800 [ 6B72E1E329C4E98C6B6FDD2D265E3BA3 ] avgwd C:\Program Files\AVG\AVG2013\avgwdsvc.exe
05:10:40.0195 1800 avgwd - ok
05:10:40.0230 1800 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
05:10:40.0310 1800 AxInstSV - ok
05:10:40.0344 1800 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
05:10:40.0394 1800 b06bdrv - ok
05:10:40.0413 1800 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
05:10:40.0444 1800 b57nd60x - ok
05:10:40.0450 1800 BCMH43XX - ok
05:10:40.0474 1800 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
05:10:40.0515 1800 BDESVC - ok
05:10:40.0522 1800 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
05:10:40.0561 1800 Beep - ok
05:10:40.0607 1800 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
05:10:40.0690 1800 BFE - ok
05:10:40.0737 1800 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
05:10:40.0816 1800 BITS - ok
05:10:40.0830 1800 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
05:10:40.0856 1800 blbdrive - ok
05:10:40.0890 1800 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
05:10:40.0942 1800 bowser - ok
05:10:40.0966 1800 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
05:10:41.0025 1800 BrFiltLo - ok
05:10:41.0038 1800 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
05:10:41.0079 1800 BrFiltUp - ok
05:10:41.0110 1800 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
05:10:41.0159 1800 Browser - ok
05:10:41.0178 1800 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
05:10:41.0214 1800 Brserid - ok
05:10:41.0231 1800 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
05:10:41.0266 1800 BrSerWdm - ok
05:10:41.0282 1800 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
05:10:41.0312 1800 BrUsbMdm - ok
05:10:41.0331 1800 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
05:10:41.0366 1800 BrUsbSer - ok
05:10:41.0386 1800 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
05:10:41.0460 1800 BTHMODEM - ok
05:10:41.0483 1800 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
05:10:41.0520 1800 bthserv - ok
05:10:41.0532 1800 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
05:10:41.0577 1800 cdfs - ok
05:10:41.0608 1800 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
05:10:41.0650 1800 cdrom - ok
05:10:41.0687 1800 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
05:10:41.0752 1800 CertPropSvc - ok
05:10:41.0773 1800 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
05:10:41.0798 1800 circlass - ok
05:10:41.0821 1800 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
05:10:41.0835 1800 CLFS - ok
05:10:41.0858 1800 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
05:10:41.0867 1800 clr_optimization_v2.0.50727_32 - ok
05:10:41.0909 1800 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
05:10:41.0919 1800 clr_optimization_v4.0.30319_32 - ok
05:10:41.0939 1800 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
05:10:41.0967 1800 CmBatt - ok
05:10:41.0985 1800 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
05:10:41.0997 1800 cmdide - ok
05:10:42.0028 1800 [ 42F158036BD4C2FF3122BF142E60E6FD ] CNG C:\Windows\system32\Drivers\cng.sys
05:10:42.0053 1800 CNG - ok
05:10:42.0070 1800 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
05:10:42.0083 1800 Compbatt - ok
05:10:42.0095 1800 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
05:10:42.0161 1800 CompositeBus - ok
05:10:42.0163 1800 COMSysApp - ok
05:10:42.0180 1800 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
05:10:42.0190 1800 crcdisk - ok
05:10:42.0236 1800 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
05:10:42.0309 1800 CryptSvc - ok
05:10:42.0358 1800 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys
05:10:42.0412 1800 CSC - ok
05:10:42.0470 1800 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll
05:10:42.0572 1800 CscService - ok
05:10:42.0598 1800 [ CB90F77E21109CCFD114A17BD87A42A7 ] DAdderFltr C:\Windows\system32\drivers\dadder.sys
05:10:42.0642 1800 DAdderFltr - ok
05:10:42.0666 1800 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
05:10:42.0712 1800 DcomLaunch - ok
05:10:42.0739 1800 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
05:10:42.0784 1800 defragsvc - ok
05:10:42.0823 1800 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
05:10:42.0875 1800 DfsC - ok
05:10:42.0920 1800 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
05:10:42.0987 1800 Dhcp - ok
05:10:43.0006 1800 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
05:10:43.0053 1800 discache - ok
05:10:43.0090 1800 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
05:10:43.0113 1800 Disk - ok
05:10:43.0188 1800 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
05:10:43.0245 1800 Dnscache - ok
05:10:43.0291 1800 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
05:10:43.0360 1800 dot3svc - ok
05:10:43.0419 1800 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
05:10:43.0482 1800 DPS - ok
05:10:43.0514 1800 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
05:10:43.0542 1800 drmkaud - ok
05:10:43.0594 1800 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
05:10:43.0625 1800 DXGKrnl - ok
05:10:43.0652 1800 [ 19E30C3C80D8CE29944B3F30FF9C8B76 ] e1kexpress C:\Windows\system32\DRIVERS\e1k6232.sys
05:10:43.0664 1800 e1kexpress - ok
05:10:43.0690 1800 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
05:10:43.0735 1800 EapHost - ok
05:10:43.0829 1800 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
05:10:43.0959 1800 ebdrv - ok
05:10:43.0992 1800 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
05:10:44.0035 1800 EFS - ok
05:10:44.0103 1800 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
05:10:44.0182 1800 ehRecvr - ok
05:10:44.0209 1800 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
05:10:44.0248 1800 ehSched - ok
05:10:44.0288 1800 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
05:10:44.0313 1800 elxstor - ok
05:10:44.0337 1800 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
05:10:44.0376 1800 ErrDev - ok
05:10:44.0422 1800 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
05:10:44.0471 1800 EventSystem - ok
05:10:44.0492 1800 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
05:10:44.0515 1800 exfat - ok
05:10:44.0531 1800 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
05:10:44.0553 1800 fastfat - ok
05:10:44.0602 1800 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
05:10:44.0643 1800 Fax - ok
05:10:44.0666 1800 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
05:10:44.0678 1800 fdc - ok
05:10:44.0698 1800 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
05:10:44.0731 1800 fdPHost - ok
05:10:44.0750 1800 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
05:10:44.0804 1800 FDResPub - ok
05:10:44.0821 1800 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
05:10:44.0835 1800 FileInfo - ok
05:10:44.0862 1800 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
05:10:44.0926 1800 Filetrace - ok
05:10:44.0973 1800 [ BB0667B0171B632B97EA759515476F07 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
05:10:45.0011 1800 FLEXnet Licensing Service - ok
05:10:45.0025 1800 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
05:10:45.0048 1800 flpydisk - ok
05:10:45.0080 1800 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
05:10:45.0095 1800 FltMgr - ok
05:10:45.0138 1800 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
05:10:45.0216 1800 FontCache - ok
05:10:45.0274 1800 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
05:10:45.0295 1800 FontCache3.0.0.0 - ok
05:10:45.0308 1800 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
05:10:45.0321 1800 FsDepends - ok
05:10:45.0362 1800 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
05:10:45.0376 1800 Fs_Rec - ok
05:10:45.0417 1800 [ E306A24D9694C724FA2491278BF50FDB ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
05:10:45.0438 1800 fvevol - ok
05:10:45.0460 1800 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
05:10:45.0476 1800 gagp30kx - ok
05:10:45.0531 1800 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
05:10:45.0613 1800 gpsvc - ok
05:10:45.0678 1800 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
05:10:45.0699 1800 gupdate - ok
05:10:45.0711 1800 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
05:10:45.0721 1800 gupdatem - ok
05:10:45.0742 1800 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
05:10:45.0793 1800 hcw85cir - ok
05:10:45.0826 1800 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
05:10:45.0864 1800 HdAudAddService - ok
05:10:45.0878 1800 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
05:10:45.0912 1800 HDAudBus - ok
05:10:45.0936 1800 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
05:10:45.0966 1800 HidBatt - ok
05:10:45.0984 1800 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
05:10:46.0015 1800 HidBth - ok
05:10:46.0036 1800 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
05:10:46.0079 1800 HidIr - ok
05:10:46.0108 1800 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
05:10:46.0138 1800 hidserv - ok
05:10:46.0159 1800 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\drivers\hidusb.sys
05:10:46.0181 1800 HidUsb - ok
05:10:46.0221 1800 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
05:10:46.0272 1800 hkmsvc - ok
05:10:46.0308 1800 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
05:10:46.0359 1800 HomeGroupListener - ok
05:10:46.0403 1800 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
05:10:46.0446 1800 HomeGroupProvider - ok
05:10:46.0491 1800 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
05:10:46.0514 1800 HpSAMD - ok
05:10:46.0563 1800 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
05:10:46.0607 1800 HTTP - ok
05:10:46.0644 1800 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
05:10:46.0653 1800 hwpolicy - ok
05:10:46.0673 1800 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
05:10:46.0696 1800 i8042prt - ok
05:10:46.0722 1800 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
05:10:46.0741 1800 iaStorV - ok
05:10:46.0815 1800 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
05:10:46.0874 1800 idsvc - ok
05:10:46.0898 1800 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
05:10:46.0910 1800 iirsp - ok
05:10:46.0968 1800 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
05:10:47.0051 1800 IKEEXT - ok
05:10:47.0142 1800 [ C877ECC52D2279818CFB0A7DD3DCB906 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
05:10:47.0247 1800 IntcAzAudAddService - ok
05:10:47.0274 1800 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
05:10:47.0286 1800 intelide - ok
05:10:47.0304 1800 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
05:10:47.0343 1800 intelppm - ok
05:10:47.0367 1800 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
05:10:47.0411 1800 IPBusEnum - ok
05:10:47.0437 1800 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
05:10:47.0485 1800 IpFilterDriver - ok
05:10:47.0522 1800 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
05:10:47.0580 1800 iphlpsvc - ok
05:10:47.0606 1800 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
05:10:47.0637 1800 IPMIDRV - ok
05:10:47.0665 1800 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
05:10:47.0709 1800 IPNAT - ok
05:10:47.0720 1800 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
05:10:47.0748 1800 IRENUM - ok
05:10:47.0764 1800 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
05:10:47.0775 1800 isapnp - ok
05:10:47.0805 1800 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
05:10:47.0819 1800 iScsiPrt - ok
05:10:47.0832 1800 JRSKD24 - ok
05:10:47.0857 1800 [ 139D9D538284EC721D759DF7238B8850 ] JRSUKD25 C:\Windows\system32\JRSUKD25.SYS
05:10:47.0867 1800 JRSUKD25 - ok
05:10:47.0881 1800 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
05:10:47.0892 1800 kbdclass - ok
05:10:47.0902 1800 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
05:10:47.0929 1800 kbdhid - ok
05:10:47.0950 1800 [ CBBC332B9A94D9EB16E3328B50760587 ] kcrtx86 C:\Windows\system32\kcrtx86.sys
05:10:47.0962 1800 kcrtx86 - ok
05:10:47.0974 1800 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
05:10:47.0984 1800 KeyIso - ok
05:10:48.0018 1800 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
05:10:48.0040 1800 KSecDD - ok
05:10:48.0064 1800 [ 5FE1ABF1AF591A3458C9CF24ED9A4D35 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
05:10:48.0082 1800 KSecPkg - ok
05:10:48.0108 1800 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
05:10:48.0155 1800 KtmRm - ok
05:10:48.0177 1800 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
05:10:48.0208 1800 LanmanServer - ok
05:10:48.0246 1800 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
05:10:48.0304 1800 LanmanWorkstation - ok
05:10:48.0329 1800 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
05:10:48.0349 1800 lltdio - ok
05:10:48.0375 1800 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
05:10:48.0411 1800 lltdsvc - ok
05:10:48.0429 1800 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
05:10:48.0463 1800 lmhosts - ok
05:10:48.0477 1800 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
05:10:48.0488 1800 LSI_FC - ok
05:10:48.0491 1800 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
05:10:48.0502 1800 LSI_SAS - ok
05:10:48.0512 1800 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
05:10:48.0523 1800 LSI_SAS2 - ok
05:10:48.0525 1800 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
05:10:48.0536 1800 LSI_SCSI - ok
05:10:48.0547 1800 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
05:10:48.0576 1800 luafv - ok
05:10:48.0599 1800 [ 1A7DB7A00A4B0D8DA24CD691A4547291 ] LVPr2Mon C:\Windows\system32\DRIVERS\LVPr2Mon.sys
05:10:48.0606 1800 LVPr2Mon - ok
05:10:48.0657 1800 [ 0DDFDCAA92C7F553328DB06BA599BEA9 ] LVPrcSrv C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
05:10:48.0676 1800 LVPrcSrv - ok
05:10:48.0703 1800 [ 87ECCE893D8AEC5A9337B917742D339C ] LVRS C:\Windows\system32\DRIVERS\lvrs.sys
05:10:48.0725 1800 LVRS - ok
05:10:48.0750 1800 [ 23F8EF78BB9553E465A476F3CEE5CA18 ] LVUSBSta C:\Windows\system32\drivers\LVUSBSta.sys
05:10:48.0761 1800 LVUSBSta - ok
05:10:48.0793 1800 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
05:10:48.0808 1800 Mcx2Svc - ok
05:10:48.0834 1800 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
05:10:48.0846 1800 megasas - ok
05:10:48.0861 1800 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
05:10:48.0877 1800 MegaSR - ok
05:10:48.0895 1800 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
05:10:48.0941 1800 MMCSS - ok
05:10:48.0960 1800 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
05:10:48.0991 1800 Modem - ok
05:10:49.0014 1800 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
05:10:49.0046 1800 monitor - ok
05:10:49.0062 1800 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
05:10:49.0079 1800 mouclass - ok
05:10:49.0093 1800 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
05:10:49.0129 1800 mouhid - ok
05:10:49.0171 1800 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
05:10:49.0186 1800 mountmgr - ok
05:10:49.0237 1800 [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
05:10:49.0261 1800 MozillaMaintenance - ok
05:10:49.0293 1800 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
05:10:49.0307 1800 mpio - ok
05:10:49.0330 1800 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
05:10:49.0365 1800 mpsdrv - ok
05:10:49.0405 1800 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
05:10:49.0488 1800 MpsSvc - ok
05:10:49.0527 1800 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
05:10:49.0566 1800 MRxDAV - ok
05:10:49.0588 1800 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
05:10:49.0642 1800 mrxsmb - ok
05:10:49.0675 1800 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
05:10:49.0695 1800 mrxsmb10 - ok
05:10:49.0711 1800 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
05:10:49.0739 1800 mrxsmb20 - ok
05:10:49.0757 1800 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
05:10:49.0775 1800 msahci - ok
05:10:49.0790 1800 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
05:10:49.0808 1800 msdsm - ok
05:10:49.0833 1800 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
05:10:49.0857 1800 MSDTC - ok
05:10:49.0885 1800 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
05:10:49.0919 1800 Msfs - ok
05:10:49.0937 1800 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
05:10:49.0961 1800 mshidkmdf - ok
05:10:49.0989 1800 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
05:10:49.0998 1800 msisadrv - ok
05:10:50.0025 1800 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
05:10:50.0056 1800 MSiSCSI - ok
05:10:50.0058 1800 msiserver - ok
05:10:50.0082 1800 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
05:10:50.0119 1800 MSKSSRV - ok
05:10:50.0122 1800 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
05:10:50.0155 1800 MSPCLOCK - ok
05:10:50.0165 1800 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
05:10:50.0195 1800 MSPQM - ok
05:10:50.0218 1800 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
05:10:50.0230 1800 MsRPC - ok
05:10:50.0253 1800 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
05:10:50.0266 1800 mssmbios - ok
05:10:50.0280 1800 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
05:10:50.0303 1800 MSTEE - ok
05:10:50.0306 1800 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
05:10:50.0329 1800 MTConfig - ok
05:10:50.0345 1800 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
05:10:50.0356 1800 Mup - ok
05:10:50.0406 1800 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
05:10:50.0438 1800 napagent - ok
05:10:50.0475 1800 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
05:10:50.0514 1800 NativeWifiP - ok
05:10:50.0556 1800 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
05:10:50.0590 1800 NDIS - ok
05:10:50.0610 1800 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
05:10:50.0632 1800 NdisCap - ok
05:10:50.0648 1800 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
05:10:50.0684 1800 NdisTapi - ok
05:10:50.0723 1800 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
05:10:50.0743 1800 Ndisuio - ok
05:10:50.0787 1800 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
05:10:50.0835 1800 NdisWan - ok
05:10:50.0876 1800 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
05:10:50.0897 1800 NDProxy - ok
05:10:50.0920 1800 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
05:10:50.0949 1800 NetBIOS - ok
05:10:51.0014 1800 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
05:10:51.0077 1800 NetBT - ok
05:10:51.0089 1800 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
05:10:51.0103 1800 Netlogon - ok
05:10:51.0136 1800 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
05:10:51.0182 1800 Netman - ok
05:10:51.0210 1800 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
05:10:51.0248 1800 netprofm - ok
05:10:51.0293 1800 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
05:10:51.0315 1800 NetTcpPortSharing - ok
05:10:51.0344 1800 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
05:10:51.0372 1800 nfrd960 - ok
05:10:51.0420 1800 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll
05:10:51.0463 1800 NlaSvc - ok
05:10:51.0469 1800 NPF - ok
05:10:51.0487 1800 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
05:10:51.0528 1800 Npfs - ok
05:10:51.0553 1800 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
05:10:51.0600 1800 nsi - ok
05:10:51.0617 1800 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
05:10:51.0637 1800 nsiproxy - ok
05:10:51.0699 1800 [ 9CDAEBE5160B9AF02AE17C62BDB6C4B5 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
05:10:51.0765 1800 Ntfs - ok
05:10:51.0792 1800 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
05:10:51.0830 1800 Null - ok
05:10:51.0869 1800 [ 77F9F9A199B87FE3F852E12F5419240B ] NVHDA C:\Windows\system32\drivers\nvhda32v.sys
05:10:51.0883 1800 NVHDA - ok
05:10:52.0104 1800 [ 2FA5434344AF84D73F66BA402FF78690 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
05:10:52.0351 1800 nvlddmkm - ok
05:10:52.0510 1800 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
05:10:52.0536 1800 nvraid - ok
05:10:52.0558 1800 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
05:10:52.0572 1800 nvstor - ok
05:10:52.0610 1800 [ B785320CBCF5021DE9945C803696C511 ] NVSvc C:\Windows\system32\nvvsvc.exe
05:10:52.0635 1800 NVSvc - ok
05:10:52.0725 1800 [ D2B064796C369F82E96397F721C4A29D ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
05:10:52.0787 1800 nvUpdatusService - ok
05:10:52.0798 1800 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
05:10:52.0809 1800 nv_agp - ok
05:10:52.0835 1800 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
05:10:52.0860 1800 ohci1394 - ok
05:10:52.0889 1800 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
05:10:52.0927 1800 p2pimsvc - ok
05:10:52.0951 1800 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
05:10:52.0984 1800 p2psvc - ok
05:10:53.0006 1800 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
05:10:53.0039 1800 Parport - ok
05:10:53.0080 1800 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
05:10:53.0103 1800 partmgr - ok
05:10:53.0122 1800 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
05:10:53.0149 1800 Parvdm - ok
05:10:53.0175 1800 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
05:10:53.0193 1800 PcaSvc - ok
05:10:53.0215 1800 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
05:10:53.0229 1800 pci - ok
05:10:53.0251 1800 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
05:10:53.0263 1800 pciide - ok
05:10:53.0284 1800 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
05:10:53.0299 1800 pcmcia - ok
05:10:53.0319 1800 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
05:10:53.0331 1800 pcw - ok
05:10:53.0359 1800 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
05:10:53.0399 1800 PEAUTH - ok
05:10:53.0453 1800 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
05:10:53.0544 1800 PeerDistSvc - ok
05:10:53.0565 1800 [ B20F958B207E6AAAC5F70D04DD2C30D8 ] pepifilter C:\Windows\system32\DRIVERS\lv302af.sys
05:10:53.0576 1800 pepifilter - ok
05:10:53.0688 1800 [ DD184D9ADFE2A8A21741DBDFE9E22F5C ] PID_PEPI C:\Windows\system32\DRIVERS\LV302V32.SYS
05:10:53.0797 1800 PID_PEPI - ok
05:10:53.0871 1800 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
05:10:53.0979 1800 pla - ok
05:10:54.0019 1800 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
05:10:54.0076 1800 PlugPlay - ok
05:10:54.0092 1800 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
05:10:54.0131 1800 PNRPAutoReg - ok
05:10:54.0155 1800 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
05:10:54.0180 1800 PNRPsvc - ok
05:10:54.0229 1800 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
05:10:54.0284 1800 PolicyAgent - ok
05:10:54.0325 1800 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
05:10:54.0346 1800 Power - ok
05:10:54.0366 1800 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
05:10:54.0387 1800 PptpMiniport - ok
05:10:54.0402 1800 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
05:10:54.0414 1800 Processor - ok
05:10:54.0457 1800 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
05:10:54.0500 1800 ProfSvc - ok
05:10:54.0512 1800 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
05:10:54.0528 1800 ProtectedStorage - ok
05:10:54.0547 1800 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
05:10:54.0597 1800 Psched - ok
05:10:54.0646 1800 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
05:10:54.0720 1800 ql2300 - ok
05:10:54.0734 1800 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
05:10:54.0745 1800 ql40xx - ok
05:10:54.0767 1800 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
05:10:54.0796 1800 QWAVE - ok
05:10:54.0809 1800 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
05:10:54.0841 1800 QWAVEdrv - ok
05:10:54.0860 1800 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
05:10:54.0891 1800 RasAcd - ok
05:10:54.0922 1800 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
05:10:54.0941 1800 RasAgileVpn - ok
05:10:54.0962 1800 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
05:10:54.0995 1800 RasAuto - ok
05:10:55.0009 1800 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
05:10:55.0033 1800 Rasl2tp - ok
05:10:55.0075 1800 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
05:10:55.0116 1800 RasMan - ok
05:10:55.0134 1800 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
05:10:55.0159 1800 RasPppoe - ok
05:10:55.0182 1800 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
05:10:55.0222 1800 RasSstp - ok
05:10:55.0268 1800 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
05:10:55.0323 1800 rdbss - ok
05:10:55.0337 1800 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
05:10:55.0350 1800 rdpbus - ok
05:10:55.0390 1800 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
05:10:55.0439 1800 RDPCDD - ok
05:10:55.0479 1800 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
05:10:55.0539 1800 RDPDR - ok
05:10:55.0553 1800 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
05:10:55.0600 1800 RDPENCDD - ok
05:10:55.0614 1800 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
05:10:55.0634 1800 RDPREFMP - ok
05:10:55.0663 1800 [ 65375DF758CA1872AB7EBBBA457FD5E6 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
05:10:55.0699 1800 RdpVideoMiniport - ok
05:10:55.0738 1800 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
05:10:55.0782 1800 RDPWD - ok
05:10:55.0826 1800 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
05:10:55.0843 1800 rdyboost - ok
05:10:55.0869 1800 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
05:10:55.0916 1800 RemoteAccess - ok
05:10:55.0948 1800 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
05:10:55.0998 1800 RemoteRegistry - ok
05:10:56.0037 1800 [ 906DCFC5EBF4EC0433F8D4FFFB0BA334 ] RMCAST C:\Windows\system32\DRIVERS\RMCAST.sys
05:10:56.0063 1800 RMCAST - ok
05:10:56.0097 1800 [ 7F7EBF43F4789DDC044098D696149391 ] RosettaStoneLtdController C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdController.exe
05:10:56.0120 1800 RosettaStoneLtdController ( UnsignedFile.Multi.Generic ) - warning
05:10:56.0120 1800 RosettaStoneLtdController - detected UnsignedFile.Multi.Generic (1)
05:10:56.0136 1800 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
05:10:56.0201 1800 RpcEptMapper - ok
05:10:56.0221 1800 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
05:10:56.0248 1800 RpcLocator - ok
05:10:56.0267 1800 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
05:10:56.0289 1800 RpcSs - ok
05:10:56.0317 1800 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
05:10:56.0344 1800 rspndr - ok
05:10:56.0373 1800 [ 5A54D765D6092B23D47AD9DBF7F6D7E4 ] rt70x86 C:\Windows\system32\DRIVERS\netr70.sys
05:10:56.0396 1800 rt70x86 - ok
05:10:56.0422 1800 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
05:10:56.0460 1800 s3cap - ok
05:10:56.0469 1800 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
05:10:56.0483 1800 SamSs - ok
05:10:56.0499 1800 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
05:10:56.0513 1800 sbp2port - ok
05:10:56.0602 1800 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
05:10:56.0662 1800 SBSDWSCService - ok
05:10:56.0688 1800 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
05:10:56.0727 1800 SCardSvr - ok
05:10:56.0747 1800 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
05:10:56.0783 1800 scfilter - ok
05:10:56.0839 1800 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
05:10:56.0911 1800 Schedule - ok
05:10:56.0929 1800 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
05:10:56.0949 1800 SCPolicySvc - ok
05:10:56.0991 1800 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
05:10:57.0035 1800 SDRSVC - ok
05:10:57.0060 1800 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
05:10:57.0121 1800 secdrv - ok
05:10:57.0141 1800 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
05:10:57.0171 1800 seclogon - ok
05:10:57.0196 1800 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
05:10:57.0238 1800 SENS - ok
05:10:57.0261 1800 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
05:10:57.0304 1800 SensrSvc - ok
05:10:57.0326 1800 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
05:10:57.0355 1800 Serenum - ok
05:10:57.0358 1800 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
05:10:57.0384 1800 Serial - ok
05:10:57.0407 1800 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
05:10:57.0432 1800 sermouse - ok
05:10:57.0486 1800 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
05:10:57.0547 1800 SessionEnv - ok
05:10:57.0565 1800 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
05:10:57.0609 1800 sffdisk - ok
05:10:57.0618 1800 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
05:10:57.0633 1800 sffp_mmc - ok
05:10:57.0654 1800 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
05:10:57.0677 1800 sffp_sd - ok
05:10:57.0713 1800 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
05:10:57.0726 1800 sfloppy - ok
05:10:57.0762 1800 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
05:10:57.0824 1800 SharedAccess - ok
05:10:57.0872 1800 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
05:10:57.0909 1800 ShellHWDetection - ok
05:10:57.0930 1800 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
05:10:57.0942 1800 sisagp - ok
05:10:57.0967 1800 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
05:10:57.0980 1800 SiSRaid2 - ok
05:10:57.0993 1800 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
05:10:58.0005 1800 SiSRaid4 - ok
05:10:58.0154 1800 [ 0C1B2E3A897397738D9F81CD3D152AF0 ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
05:10:58.0274 1800 Skype C2C Service - ok
05:10:58.0349 1800 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
05:10:58.0370 1800 SkypeUpdate - ok
05:10:58.0396 1800 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
05:10:58.0435 1800 Smb - ok
05:10:58.0460 1800 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
05:10:58.0472 1800 SNMPTRAP - ok
05:10:58.0483 1800 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
05:10:58.0492 1800 spldr - ok
05:10:58.0539 1800 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
05:10:58.0570 1800 Spooler - ok
05:10:58.0656 1800 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
05:10:58.0794 1800 sppsvc - ok
05:10:58.0850 1800 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
05:10:58.0905 1800 sppuinotify - ok
05:10:58.0945 1800 [ CDDDEC541BC3C96F91ECB48759673505 ] sptd C:\Windows\system32\Drivers\sptd.sys
05:10:58.0945 1800 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: CDDDEC541BC3C96F91ECB48759673505
05:10:58.0946 1800 sptd ( LockedFile.Multi.Generic ) - warning
05:10:58.0946 1800 sptd - detected LockedFile.Multi.Generic (1)
05:10:58.0976 1800 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
05:10:59.0017 1800 srv - ok
05:10:59.0036 1800 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
05:10:59.0067 1800 srv2 - ok
05:10:59.0084 1800 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
05:10:59.0115 1800 srvnet - ok
05:10:59.0151 1800 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
05:10:59.0200 1800 SSDPSRV - ok
05:10:59.0215 1800 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
05:10:59.0251 1800 SstpSvc - ok
05:10:59.0279 1800 Steam Client Service - ok
05:10:59.0360 1800 [ 00FCEC4DA4198F5F2B9BBD9225842568 ] Stereo Service C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
05:10:59.0403 1800 Stereo Service - ok
05:10:59.0429 1800 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
05:10:59.0439 1800 stexstor - ok
05:10:59.0485 1800 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
05:10:59.0539 1800 StiSvc - ok
05:10:59.0568 1800 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
05:10:59.0591 1800 storflt - ok
05:10:59.0618 1800 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys
05:10:59.0639 1800 storvsc - ok
05:10:59.0665 1800 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
05:10:59.0686 1800 swenum - ok
05:10:59.0714 1800 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
05:10:59.0774 1800 swprv - ok
05:10:59.0777 1800 Synth3dVsc - ok
05:10:59.0841 1800 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
05:10:59.0901 1800 SysMain - ok
05:10:59.0939 1800 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
05:10:59.0973 1800 TabletInputService - ok
05:11:00.0019 1800 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
05:11:00.0070 1800 TapiSrv - ok
05:11:00.0097 1800 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
05:11:00.0153 1800 TBS - ok
05:11:00.0224 1800 [ 7C0507D2391AF5933600CBCED799F277 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
05:11:00.0288 1800 Tcpip - ok
05:11:00.0318 1800 [ 7C0507D2391AF5933600CBCED799F277 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
05:11:00.0339 1800 TCPIP6 - ok
05:11:00.0380 1800 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
05:11:00.0406 1800 tcpipreg - ok
05:11:00.0447 1800 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
05:11:00.0485 1800 TDPIPE - ok
05:11:00.0522 1800 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
05:11:00.0561 1800 TDTCP - ok
05:11:00.0596 1800 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
05:11:00.0638 1800 tdx - ok
05:11:00.0666 1800 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
05:11:00.0688 1800 TermDD - ok
05:11:00.0736 1800 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
05:11:00.0810 1800 TermService - ok
05:11:00.0839 1800 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
05:11:00.0874 1800 Themes - ok
05:11:00.0890 1800 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
05:11:00.0914 1800 THREADORDER - ok
05:11:00.0939 1800 [ CE92B84ED806F1C5C340A51DFD3E49BC ] TlntSvr C:\Windows\System32\tlntsvr.exe
05:11:00.0966 1800 TlntSvr - ok
05:11:00.0980 1800 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
05:11:01.0015 1800 TrkWks - ok
05:11:01.0073 1800 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
05:11:01.0122 1800 TrustedInstaller - ok
05:11:01.0162 1800 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
05:11:01.0186 1800 tssecsrv - ok
05:11:01.0215 1800 [ 9CE253214ACAA5A7D323327D2055EFAA ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
05:11:01.0256 1800 TsUsbFlt - ok
05:11:01.0259 1800 tsusbhub - ok
05:11:01.0305 1800 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
05:11:01.0347 1800 tunnel - ok
05:11:01.0369 1800 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
05:11:01.0380 1800 uagp35 - ok
05:11:01.0424 1800 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
05:11:01.0481 1800 udfs - ok
05:11:01.0512 1800 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
05:11:01.0535 1800 UI0Detect - ok
05:11:01.0547 1800 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
05:11:01.0559 1800 uliagpkx - ok
05:11:01.0579 1800 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
05:11:01.0592 1800 umbus - ok
05:11:01.0620 1800 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
05:11:01.0642 1800 UmPass - ok
05:11:01.0678 1800 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll
05:11:01.0703 1800 UmRdpService - ok
05:11:01.0729 1800 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
05:11:01.0759 1800 upnphost - ok
05:11:01.0790 1800 [ 1D9F2BD026E8E2D45033A4DF3F16B78C ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
05:11:01.0820 1800 usbaudio - ok
05:11:01.0837 1800 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
05:11:01.0874 1800 usbccgp - ok
05:11:01.0896 1800 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
05:11:01.0928 1800 usbcir - ok
05:11:01.0952 1800 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\drivers\usbehci.sys
05:11:01.0966 1800 usbehci - ok
05:11:01.0987 1800 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
05:11:02.0008 1800 usbhub - ok
05:11:02.0020 1800 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys
05:11:02.0046 1800 usbohci - ok
05:11:02.0068 1800 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
05:11:02.0093 1800 usbprint - ok
05:11:02.0105 1800 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
05:11:02.0140 1800 USBSTOR - ok
05:11:02.0153 1800 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
05:11:02.0164 1800 usbuhci - ok
05:11:02.0183 1800 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
05:11:02.0207 1800 UxSms - ok
05:11:02.0218 1800 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
05:11:02.0228 1800 VaultSvc - ok
05:11:02.0241 1800 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
05:11:02.0251 1800 vdrvroot - ok
05:11:02.0304 1800 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
05:11:02.0360 1800 vds - ok
05:11:02.0399 1800 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
05:11:02.0421 1800 vga - ok
05:11:02.0434 1800 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
05:11:02.0456 1800 VgaSave - ok
05:11:02.0458 1800 VGPU - ok
05:11:02.0476 1800 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
05:11:02.0489 1800 vhdmp - ok
05:11:02.0506 1800 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
05:11:02.0516 1800 viaagp - ok
05:11:02.0525 1800 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
05:11:02.0544 1800 ViaC7 - ok
05:11:02.0559 1800 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
05:11:02.0569 1800 viaide - ok
05:11:02.0609 1800 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys
05:11:02.0622 1800 vmbus - ok
05:11:02.0639 1800 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
05:11:02.0650 1800 VMBusHID - ok
05:11:02.0661 1800 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
05:11:02.0671 1800 volmgr - ok
05:11:02.0698 1800 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
05:11:02.0711 1800 volmgrx - ok
05:11:02.0740 1800 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
05:11:02.0754 1800 volsnap - ok
05:11:02.0771 1800 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
05:11:02.0783 1800 vsmraid - ok
05:11:02.0855 1800 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
05:11:02.0929 1800 VSS - ok
05:11:03.0067 1800 [ 3AD1E72748978D8B0B3B674741E4C3E2 ] vToolbarUpdater14.2.0 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
05:11:03.0107 1800 vToolbarUpdater14.2.0 - ok
05:11:03.0126 1800 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
05:11:03.0153 1800 vwifibus - ok
05:11:03.0165 1800 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
05:11:03.0189 1800 vwififlt - ok
05:11:03.0215 1800 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
05:11:03.0258 1800 W32Time - ok
05:11:03.0278 1800 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
05:11:03.0292 1800 WacomPen - ok
05:11:03.0332 1800 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
05:11:03.0368 1800 WANARP - ok
05:11:03.0371 1800 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
05:11:03.0390 1800 Wanarpv6 - ok
05:11:03.0444 1800 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
05:11:03.0500 1800 WatAdminSvc - ok
05:11:03.0547 1800 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
05:11:03.0631 1800 wbengine - ok
05:11:03.0654 1800 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
05:11:03.0691 1800 WbioSrvc - ok
05:11:03.0733 1800 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
05:11:03.0786 1800 wcncsvc - ok
05:11:03.0810 1800 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
05:11:03.0833 1800 WcsPlugInService - ok
05:11:03.0853 1800 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
05:11:03.0865 1800 Wd - ok
05:11:03.0923 1800 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
05:11:03.0967 1800 Wdf01000 - ok
05:11:03.0979 1800 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
05:11:04.0024 1800 WdiServiceHost - ok
05:11:04.0026 1800 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
05:11:04.0040 1800 WdiSystemHost - ok
05:11:04.0083 1800 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
05:11:04.0117 1800 WebClient - ok
05:11:04.0165 1800 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
05:11:04.0193 1800 Wecsvc - ok
05:11:04.0200 1800 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
05:11:04.0239 1800 wercplsupport - ok
05:11:04.0256 1800 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
05:11:04.0292 1800 WerSvc - ok
05:11:04.0307 1800 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
05:11:04.0338 1800 WfpLwf - ok
05:11:04.0359 1800 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
05:11:04.0369 1800 WIMMount - ok
05:11:04.0414 1800 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
05:11:04.0472 1800 WinDefend - ok
05:11:04.0477 1800 WinHttpAutoProxySvc - ok
05:11:04.0531 1800 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
05:11:04.0568 1800 Winmgmt - ok
05:11:04.0798 1800 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
05:11:04.0881 1800 WinRM - ok
05:11:04.0922 1800 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
05:11:04.0945 1800 WinUsb - ok
05:11:04.0986 1800 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
05:11:05.0043 1800 Wlansvc - ok
05:11:05.0191 1800 [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
05:11:05.0269 1800 wlidsvc - ok
05:11:05.0302 1800 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
05:11:05.0331 1800 WmiAcpi - ok
05:11:05.0369 1800 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
05:11:05.0391 1800 wmiApSrv - ok
05:11:05.0617 1800 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
05:11:05.0695 1800 WMPNetworkSvc - ok
05:11:05.0715 1800 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
05:11:05.0738 1800 WPCSvc - ok
05:11:05.0777 1800 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
05:11:05.0841 1800 WPDBusEnum - ok
05:11:05.0873 1800 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
05:11:05.0914 1800 ws2ifsl - ok
05:11:05.0956 1800 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
05:11:06.0001 1800 wscsvc - ok
05:11:06.0006 1800 WSearch - ok
05:11:06.0377 1800 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
05:11:06.0469 1800 wuauserv - ok
05:11:06.0514 1800 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
05:11:06.0544 1800 WudfPf - ok
05:11:06.0559 1800 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
05:11:06.0592 1800 WUDFRd - ok
05:11:06.0610 1800 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
05:11:06.0634 1800 wudfsvc - ok
05:11:06.0661 1800 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
05:11:06.0679 1800 WwanSvc - ok
05:11:06.0693 1800 ================ Scan global ===============================
05:11:06.0769 1800 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
05:11:06.0821 1800 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
05:11:06.0842 1800 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
05:11:06.0862 1800 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
05:11:06.0886 1800 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
05:11:06.0893 1800 [Global] - ok
05:11:06.0893 1800 ================ Scan MBR ==================================
05:11:06.0906 1800 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
05:11:07.0468 1800 \Device\Harddisk0\DR0 - ok
05:11:07.0474 1800 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
05:11:11.0941 1800 \Device\Harddisk1\DR1 - ok
05:11:11.0945 1800 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk2\DR2
05:11:12.0097 1800 \Device\Harddisk2\DR2 - ok
05:11:12.0098 1800 ================ Scan VBR ==================================
05:11:12.0101 1800 [ 61A8567D506C45C292E897F18ED76549 ] \Device\Harddisk0\DR0\Partition1
05:11:12.0103 1800 \Device\Harddisk0\DR0\Partition1 - ok
05:11:12.0113 1800 [ 38B42F73168A789842B5F60D5C14EB77 ] \Device\Harddisk0\DR0\Partition2
05:11:12.0115 1800 \Device\Harddisk0\DR0\Partition2 - ok
05:11:12.0120 1800 [ 61E882CE9FD3361240AB372245EC17F5 ] \Device\Harddisk1\DR1\Partition1
05:11:12.0122 1800 \Device\Harddisk1\DR1\Partition1 - ok
05:11:12.0125 1800 [ 363CDB8A06D7E79BDBE1CB529D8EB83B ] \Device\Harddisk2\DR2\Partition1
05:11:12.0130 1800 \Device\Harddisk2\DR2\Partition1 - ok
05:11:12.0131 1800 ============================================================
05:11:12.0131 1800 Scan finished
05:11:12.0131 1800 ============================================================
05:11:12.0144 4640 Detected object count: 2
05:11:12.0144 4640 Actual detected object count: 2
05:11:22.0869 4640 RosettaStoneLtdController ( UnsignedFile.Multi.Generic ) - skipped by user
05:11:22.0869 4640 RosettaStoneLtdController ( UnsignedFile.Multi.Generic ) - User select action: Skip
05:11:22.0869 4640 sptd ( LockedFile.Multi.Generic ) - skipped by user
05:11:22.0869 4640 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP