Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Vista SP264bit-windows processes:explorer,start btn,etc stopped

Started by Cracked9286 , May 12 2013 12:48 PM

  • Please log in to reply

#1
Cracked9286
Posted 12 May 2013 - 12:48 PM

Cracked9286

    New Member

  • Member
  • Pip
  • 1 posts
Sir or Ma'am,
run32dll runs on bootup, slightly later in the bootup process msiexec.exe starts. I use ProcessHacker &/or AnVir Task Manager to kill those processes, sometime during this or after notepad.exe , explorer.exe and the control panel stop functioning. If I attempt to reopen them they get closed again. What could be causing these symptoms and how can I get rid of it?


OTL logfile created on: 5/12/2013 1:41:33 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = F:\AV-fix tools
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.96 Gb Total Physical Memory | 2.02 Gb Available Physical Memory | 50.96% Memory free
8.10 Gb Paging File | 5.94 Gb Available in Paging File | 73.36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.88 Gb Total Space | 153.44 Gb Free Space | 65.89% Space Free | Partition Type: NTFS
Drive D: | 221.16 Gb Total Space | 220.51 Gb Free Space | 99.71% Space Free | Partition Type: NTFS
Drive F: | 7.26 Gb Total Space | 7.06 Gb Free Space | 97.20% Space Free | Partition Type: FAT32

Computer Name: ETFYLHIOJO | User Name: Loco3 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/05/05 11:05:23 | 000,879,456 | ---- | M] (Opera Software) -- C:\d2\Opera11\opera.exe
PRC - [2013/04/26 09:45:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- F:\AV-fix tools\OTL.exe
PRC - [2013/04/02 19:21:57 | 001,712,128 | ---- | M] (Don HO [email protected]) -- C:\d2\apps\npp.6.3.2.bin\unicode\notepad++.exe
PRC - [2013/03/19 22:26:44 | 003,289,208 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/03/06 18:32:44 | 000,045,248 | ---- | M] (AVAST Software) -- C:\d2\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/08/21 07:49:40 | 006,110,720 | ---- | M] (Cubic Reality Software) -- C:\d2\CubicExplorer\CubicExplorer.exe
PRC - [2009/03/21 00:37:18 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\d2\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/12/22 21:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
PRC - [2008/08/14 01:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
PRC - [2008/08/14 00:59:56 | 000,301,624 | ---- | M] () -- C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
PRC - [2008/08/14 00:59:52 | 000,100,920 | ---- | M] () -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe
PRC - [2008/08/13 20:21:56 | 002,482,176 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
PRC - [2008/01/20 22:48:06 | 000,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cmd.exe
PRC - [2007/08/08 04:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe


========== Modules (No Company Name) ==========

MOD - [2013/05/05 12:45:01 | 016,032,648 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll
MOD - [2013/05/05 11:05:30 | 000,312,832 | ---- | M] () -- C:\d2\Opera11\gstreamer\plugins\gstoggdec.dll
MOD - [2013/05/05 11:05:30 | 000,101,888 | ---- | M] () -- C:\d2\Opera11\gstreamer\plugins\gstwebmdec.dll
MOD - [2013/05/05 11:05:30 | 000,073,728 | ---- | M] () -- C:\d2\Opera11\gstreamer\plugins\gstwavparse.dll
MOD - [2013/05/05 11:05:30 | 000,057,344 | ---- | M] () -- C:\d2\Opera11\gstreamer\plugins\gstautodetect.dll
MOD - [2013/05/05 11:05:30 | 000,038,912 | ---- | M] () -- C:\d2\Opera11\gstreamer\plugins\gstwaveform.dll
MOD - [2013/05/05 11:05:29 | 000,835,584 | ---- | M] () -- C:\d2\Opera11\gstreamer\gstreamer.dll
MOD - [2013/05/05 11:05:29 | 000,158,208 | ---- | M] () -- C:\d2\Opera11\gstreamer\plugins\gstffmpegcolorspace.dll
MOD - [2013/05/05 11:05:29 | 000,096,256 | ---- | M] () -- C:\d2\Opera11\gstreamer\plugins\gstcoreplugins.dll
MOD - [2013/05/05 11:05:29 | 000,094,208 | ---- | M] () -- C:\d2\Opera11\gstreamer\plugins\gstaudioresample.dll
MOD - [2013/05/05 11:05:29 | 000,093,696 | ---- | M] () -- C:\d2\Opera11\gstreamer\plugins\gstaudioconvert.dll
MOD - [2013/05/05 11:05:29 | 000,067,072 | ---- | M] () -- C:\d2\Opera11\gstreamer\plugins\gstdirectsound.dll
MOD - [2013/05/05 11:05:29 | 000,062,976 | ---- | M] () -- C:\d2\Opera11\gstreamer\plugins\gstdecodebin2.dll
MOD - [2012/02/17 20:55:35 | 000,166,912 | ---- | M] () -- C:\Program Files (x86)\WinRAR\RarExt.dll
MOD - [2011/09/21 16:46:29 | 001,673,728 | ---- | M] () -- C:\d2\apps\npp.6.3.2.bin\unicode\plugins\NppFTP.dll
MOD - [2011/07/18 17:07:28 | 000,014,336 | ---- | M] () -- C:\d2\apps\npp.6.3.2.bin\unicode\plugins\NppExport.dll


========== Services (SafeList) ==========

SRV:64bit: - [2010/10/19 14:51:44 | 001,430,288 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2010/10/19 14:29:38 | 000,838,928 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/08/08 04:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2013/03/19 22:26:44 | 003,289,208 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/03/06 18:32:44 | 000,045,248 | ---- | M] (AVAST Software) [Auto | Running] -- C:\d2\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\d2\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/02/08 10:03:22 | 000,030,240 | ---- | M] (Bitdefender) [Auto | Running] -- C:\d2\BitDefender\Bitdefender\Antivirus Free Edition\gzserv.exe -- (gzserv)
SRV - [2012/07/11 14:54:58 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\d2\SuperAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV - [2011/08/25 17:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/05 18:28:26 | 000,742,144 | ---- | M] (Cisco Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe -- (NACAgent)
SRV - [2009/03/29 22:42:16 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/08/14 00:59:52 | 000,100,920 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/03/06 18:33:21 | 001,025,808 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013/03/06 18:33:21 | 000,377,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2013/03/06 18:33:21 | 000,178,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013/03/06 18:33:21 | 000,068,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013/03/06 18:33:21 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013/03/06 18:33:20 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013/03/06 18:33:20 | 000,059,144 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (AswRdr)
DRV:64bit: - [2013/03/06 18:33:20 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/10/31 12:13:18 | 000,350,160 | ---- | M] (BitDefender S.R.L.) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\trufos.sys -- (trufos)
DRV:64bit: - [2012/10/10 14:00:48 | 000,705,552 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avc3.sys -- (avc3)
DRV:64bit: - [2012/10/04 13:30:19 | 000,147,232 | ---- | M] (BitDefender LLC) [File_System | System | Running] -- C:\Windows\SysNative\DRIVERS\gzflt.sys -- (gzflt)
DRV:64bit: - [2012/02/29 09:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/17 15:45:56 | 000,545,064 | ---- | M] (BitDefender) [File_System | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\avckf.sys -- (avckf)
DRV:64bit: - [2011/08/25 18:31:50 | 000,036,424 | ---- | M] (wj32) [Kernel | On_Demand | Running] -- C:\Program Files\Process Hacker 2\kprocesshacker.sys -- (KProcessHacker2)
DRV:64bit: - [2010/10/18 02:15:20 | 007,959,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETwNv64.sys -- (NETwNv64)
DRV:64bit: - [2010/02/15 06:27:50 | 005,449,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64)
DRV:64bit: - [2009/09/30 20:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/03/31 23:54:51 | 000,056,832 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\L1C60x64.sys -- (L1C)
DRV:64bit: - [2009/02/11 05:26:18 | 000,407,576 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
DRV:64bit: - [2008/12/18 08:16:24 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ATK64AMD.sys -- (MTsensor)
DRV:64bit: - [2008/11/26 03:39:49 | 000,261,680 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2008/11/03 03:03:28 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2008/08/10 22:14:01 | 001,820,672 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\snp2uvc.sys -- (SNP2UVC)
DRV:64bit: - [2008/01/20 22:46:55 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2007/07/24 15:11:32 | 000,014,904 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
DRV:64bit: - [2007/06/20 19:57:36 | 000,029,184 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\motmodem.sys -- (motmodem)
DRV:64bit: - [2006/10/03 21:45:36 | 000,273,408 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV - [2013/05/11 18:35:44 | 000,026,176 | ---- | M] (Emsisoft GmbH) [Kernel | System | Running] -- C:\d2\apps\EmsisoftEmergencyKit\Run\a2ddax64.sys -- (A2DDA)
DRV - [2012/02/07 17:42:47 | 000,120,704 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\d2\BitDefender\Bitdefender\Antivirus Free Edition\bdftdif.sys -- (bdftdif)
DRV - [2011/07/22 12:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\d2\SuperAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV - [2011/07/12 17:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\d2\SuperAntiSpyware\saskutil64.sys -- (SASKUTIL)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=ASUS&bmod=ASUS
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=ASUS&bmod=ASUS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=ASUS&bmod=ASUS
IE - HKLM\..\URLSearchHook: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ASUS
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2645238

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=ASUS&bmod=ASUS
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ASUS
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2645238
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Oracle)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\d2\VideoLAN\VLC\npvlc.dll (VideoLAN)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker

[2010/05/16 19:19:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Loco3\AppData\Roaming\Mozilla\Extensions
[2010/05/16 19:19:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Loco3\AppData\Roaming\Mozilla\Extensions\[email protected]
[2012/04/03 04:40:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Loco3\AppData\Roaming\Mozilla\Firefox\extensions
[2012/04/03 04:40:04 | 000,000,000 | ---D | M] (ZoneAlarm Security Community Toolbar) -- C:\Users\Loco3\AppData\Roaming\Mozilla\Firefox\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}

O1 HOSTS File: ([2010/11/04 06:13:17 | 000,424,748 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 http://188.124.5.149
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 14639 more lines...
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\d2\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\d2\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\d2\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\d2\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\d2\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\d2\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll File not found
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden" File not found
O4:64bit: - HKLM..\Run: [On-Screen Keyboard] C:\Windows\SysNative\osk.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [avast] C:\d2\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKCU..\Run: [aswAhAScr.dll] C:\d2\AnVir Task Manager Free\AnVir.exe (AnVir Software)
O4 - HKCU..\Run: [Process Hacker 2] C:\Program Files\Process Hacker 2\ProcessHacker.exe (wj32)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\d2\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\d2\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\d2\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\d2\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: state.oh.us ([www.odjfs] * in Trusted sites)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bit...m/qsax/qsax.cab (Bitdefender QuickScan Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{22387573-93BE-41AB-81CA-348F546A0450}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B03EFE29-E67C-4000-AA0C-8539FE79823A}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\cdo - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\d2\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\d2\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/05/11 18:35:32 | 000,000,112 | ---- | M] () - C:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{8c9a95d2-1766-11df-87b2-002618365ff2}\Shell - "" = AutoRun
O33 - MountPoints2\{8c9a95d2-1766-11df-87b2-002618365ff2}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{d9ff1ef8-10c1-11df-9f1c-addceaddd2e9}\Shell - "" = AutoRun
O33 - MountPoints2\{d9ff1ef8-10c1-11df-9f1c-addceaddd2e9}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{dc6e27e0-1076-11df-8299-a2759cbabfa1}\Shell\AutoRun\command - "" = F:\WDSetup.exe
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\WDSetup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/05/12 09:45:55 | 000,000,000 | ---D | C] -- C:\Run
[2013/05/12 09:45:54 | 000,000,000 | ---D | C] -- C:\Languages
[2013/05/11 14:08:41 | 000,000,000 | ---D | C] -- C:\Users\Loco3\AppData\Local\Paint.NET
[2013/05/11 14:05:40 | 000,000,000 | ---D | C] -- C:\Users\Loco3\AppData\Roaming\SmartPCFix
[2013/05/09 23:06:42 | 000,000,000 | ---D | C] -- C:\Users\Loco3\Desktop\RK_Quarantine
[2013/05/05 11:50:02 | 000,000,000 | ---D | C] -- C:\Users\Loco3\AppData\Roaming\CubicExplorer
[2013/05/05 11:16:01 | 000,000,000 | ---D | C] -- C:\Users\Loco3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2013/05/05 10:52:24 | 000,000,000 | ---D | C] -- C:\Users\Loco3\AppData\Roaming\vlc
[2013/05/05 10:52:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013/05/05 10:18:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CubicExplorer
[2013/05/05 10:18:08 | 000,000,000 | ---D | C] -- C:\Users\Loco3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CubicExplorer
[2013/04/24 18:47:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antivirus Free Edition
[2013/04/24 18:46:30 | 000,705,552 | ---- | C] (BitDefender) -- C:\Windows\SysNative\drivers\avc3.sys
[2013/04/24 18:46:30 | 000,545,064 | ---- | C] (BitDefender) -- C:\Windows\SysNative\drivers\avckf.sys
[2013/04/24 18:36:25 | 000,350,160 | ---- | C] (BitDefender S.R.L.) -- C:\Windows\SysNative\drivers\trufos.sys
[2013/04/24 18:36:25 | 000,147,232 | ---- | C] (BitDefender LLC) -- C:\Windows\SysNative\drivers\gzflt.sys
[2013/04/23 06:12:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2013/04/22 05:30:56 | 000,000,000 | ---D | C] -- C:\Users\Loco3\Desktop\rkill
[2013/04/22 05:27:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Skype
[2013/04/15 06:52:54 | 000,377,920 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013/04/15 06:52:54 | 000,059,144 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2013/04/15 06:52:54 | 000,033,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013/04/15 06:52:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2013/04/15 06:52:53 | 001,025,808 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013/04/15 06:52:53 | 000,068,920 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013/04/15 06:52:52 | 000,080,816 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013/04/15 06:52:28 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/04/15 02:39:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013/04/15 02:39:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[5 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/05/12 12:44:40 | 000,004,144 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/12 12:44:40 | 000,004,144 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/12 12:44:22 | 000,114,797 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2013/05/12 12:44:22 | 000,114,797 | ---- | M] () -- C:\ProgramData\nvModes.001
[2013/05/12 12:42:37 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2013/05/12 12:42:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/05/11 18:35:48 | 000,000,056 | ---- | M] () -- C:\EmergencyKitScanner.bat
[2013/05/11 18:35:32 | 000,000,112 | ---- | M] () -- C:\autorun.inf
[2013/05/11 18:35:32 | 000,000,060 | ---- | M] () -- C:\CommandlineScanner.bat
[2013/05/11 14:09:30 | 000,000,809 | ---- | M] () -- C:\Users\Public\Desktop\Paint.NET.lnk
[2013/05/09 23:21:53 | 000,001,206 | ---- | M] () -- C:\Users\Loco3\Desktop\2-rk.reg
[2013/05/09 23:21:19 | 000,001,206 | ---- | M] () -- C:\Users\Loco3\Desktop\1-rk.reg
[2013/05/09 23:15:43 | 000,000,628 | ---- | M] () -- C:\Users\Loco3\Desktop\regedit.exe - Shortcut.lnk
[2013/05/09 22:00:52 | 000,000,776 | ---- | M] () -- C:\Users\Loco3\Desktop\Logs - Shortcut.lnk
[2013/05/07 00:33:46 | 000,000,765 | ---- | M] () -- C:\Users\Loco3\Desktop\AnVir.exe - Shortcut (2).lnk
[2013/05/07 00:33:39 | 000,000,777 | ---- | M] () -- C:\Users\Loco3\Desktop\anvir64.exe - Shortcut.lnk
[2013/05/05 11:16:01 | 000,000,932 | ---- | M] () -- C:\Users\Loco3\Desktop\Revo Uninstaller.lnk
[2013/05/05 11:05:31 | 000,001,511 | ---- | M] () -- C:\Users\Loco3\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera 12.15 1748.lnk
[2013/05/05 11:05:31 | 000,001,487 | ---- | M] () -- C:\Users\Public\Desktop\Opera 12.15 1748.lnk
[2013/05/05 10:52:08 | 000,000,734 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/05/05 10:18:09 | 000,000,739 | ---- | M] () -- C:\Users\Loco3\Desktop\CubicExplorer.lnk
[2013/04/26 17:20:47 | 000,703,516 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/04/26 17:20:47 | 000,604,752 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/04/26 17:20:47 | 000,104,420 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/04/26 05:51:52 | 000,000,328 | -H-- | M] () -- C:\Windows\tasks\avast! Emergency Update.job
[2013/04/26 05:51:52 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013/04/24 21:40:11 | 000,000,805 | ---- | M] () -- C:\Users\Loco3\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2013/04/24 21:40:10 | 000,000,781 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/24 19:02:27 | 000,178,741 | ---- | M] () -- C:\ProgramData\1366842941.bdinstall.bin
[2013/04/24 18:46:30 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\avchv.sys
[2013/04/23 06:12:34 | 000,001,653 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/04/22 06:11:53 | 000,000,060 | -HS- | M] () -- C:\Windows\SysNative\drivers\fidbox2.idx
[2013/04/22 06:11:53 | 000,000,060 | -HS- | M] () -- C:\Windows\SysNative\drivers\fidbox2.dat
[2013/04/22 06:11:53 | 000,000,060 | -HS- | M] () -- C:\Windows\SysNative\drivers\fidbox.idx
[2013/04/22 06:11:53 | 000,000,060 | -HS- | M] () -- C:\Windows\SysNative\drivers\fidbox.dat
[2013/04/20 20:02:42 | 095,023,320 | ---- | M] () -- C:\ProgramData\1mjo3.pad
[2013/04/18 06:54:24 | 000,000,151 | ---- | M] () -- C:\ProgramData\1mjo3.reg
[2013/04/18 06:54:24 | 000,000,055 | ---- | M] () -- C:\ProgramData\1mjo3.bat
[2013/04/15 06:53:39 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/15 06:52:55 | 000,001,682 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/04/15 02:26:04 | 000,001,015 | ---- | M] () -- C:\Users\Loco3\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[5 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/05/12 09:48:12 | 000,000,112 | ---- | C] () -- C:\autorun.inf
[2013/05/12 09:48:12 | 000,000,056 | ---- | C] () -- C:\EmergencyKitScanner.bat
[2013/05/12 09:43:23 | 000,000,060 | ---- | C] () -- C:\CommandlineScanner.bat
[2013/05/11 14:09:30 | 000,000,821 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk
[2013/05/11 14:09:30 | 000,000,809 | ---- | C] () -- C:\Users\Public\Desktop\Paint.NET.lnk
[2013/05/09 23:21:53 | 000,001,206 | ---- | C] () -- C:\Users\Loco3\Desktop\2-rk.reg
[2013/05/09 23:21:19 | 000,001,206 | ---- | C] () -- C:\Users\Loco3\Desktop\1-rk.reg
[2013/05/09 23:15:43 | 000,000,628 | ---- | C] () -- C:\Users\Loco3\Desktop\regedit.exe - Shortcut.lnk
[2013/05/09 22:00:52 | 000,000,776 | ---- | C] () -- C:\Users\Loco3\Desktop\Logs - Shortcut.lnk
[2013/05/07 00:33:46 | 000,000,765 | ---- | C] () -- C:\Users\Loco3\Desktop\AnVir.exe - Shortcut (2).lnk
[2013/05/07 00:33:39 | 000,000,777 | ---- | C] () -- C:\Users\Loco3\Desktop\anvir64.exe - Shortcut.lnk
[2013/05/05 11:16:01 | 000,000,932 | ---- | C] () -- C:\Users\Loco3\Desktop\Revo Uninstaller.lnk
[2013/05/05 10:52:08 | 000,000,734 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/05/05 10:18:09 | 000,000,739 | ---- | C] () -- C:\Users\Loco3\Desktop\CubicExplorer.lnk
[2013/04/24 19:42:00 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\drivers\avchv.sys
[2013/04/24 19:02:23 | 000,178,741 | ---- | C] () -- C:\ProgramData\1366842941.bdinstall.bin
[2013/04/23 06:12:34 | 000,001,653 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/04/18 06:54:24 | 000,000,151 | ---- | C] () -- C:\ProgramData\1mjo3.reg
[2013/04/18 06:54:24 | 000,000,055 | ---- | C] () -- C:\ProgramData\1mjo3.bat
[2013/04/18 06:54:08 | 095,023,320 | ---- | C] () -- C:\ProgramData\1mjo3.pad
[2013/04/15 06:53:39 | 000,000,892 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/15 06:52:55 | 000,001,682 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/04/15 06:52:53 | 000,178,624 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013/04/15 06:52:53 | 000,000,328 | -H-- | C] () -- C:\Windows\tasks\avast! Emergency Update.job
[2013/04/15 06:52:52 | 000,065,336 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2013/04/15 03:20:38 | 000,001,511 | ---- | C] () -- C:\Users\Loco3\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera 12.15 1748.lnk
[2013/04/15 03:20:38 | 000,001,499 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera 12.15 1748.lnk
[2013/04/15 03:20:38 | 000,001,487 | ---- | C] () -- C:\Users\Public\Desktop\Opera 12.15 1748.lnk
[2013/03/13 16:57:46 | 000,000,154 | ---- | C] () -- C:\Windows\reimage.ini
[2012/05/08 12:05:16 | 007,358,827 | ---- | C] () -- C:\Users\Loco3\AppData\Local\census.cache
[2012/05/08 11:58:14 | 000,181,411 | ---- | C] () -- C:\Users\Loco3\AppData\Local\ars.cache
[2012/05/08 04:31:28 | 000,000,036 | ---- | C] () -- C:\Users\Loco3\AppData\Local\housecall.guid.cache
[2012/04/01 17:01:21 | 000,000,614 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2012/03/30 23:14:58 | 001,482,752 | ---- | C] ( ) -- C:\Windows\SysWow64\pnen3260.dll
[2012/03/30 23:14:58 | 000,548,940 | ---- | C] ( ) -- C:\Windows\SysWow64\raac.dll
[2012/03/30 23:14:58 | 000,376,832 | ---- | C] ( ) -- C:\Windows\SysWow64\vidsite.dll
[2012/03/30 23:14:58 | 000,184,320 | ---- | C] ( ) -- C:\Windows\SysWow64\rmfformat.dll
[2012/03/30 23:14:58 | 000,159,744 | ---- | C] ( ) -- C:\Windows\SysWow64\rvrender.dll
[2012/03/30 23:14:58 | 000,159,744 | ---- | C] ( ) -- C:\Windows\SysWow64\rarender.dll
[2012/03/30 23:14:58 | 000,086,016 | ---- | C] ( ) -- C:\Windows\SysWow64\smplfsys.dll
[2012/03/30 23:14:58 | 000,077,824 | ---- | C] ( ) -- C:\Windows\SysWow64\ramrender.dll
[2012/03/30 23:14:58 | 000,049,152 | ---- | C] ( ) -- C:\Windows\SysWow64\rv40.dll
[2012/03/30 23:14:58 | 000,031,744 | ---- | C] ( ) -- C:\Windows\SysWow64\ramfformat.dll
[2012/03/30 23:14:57 | 000,548,919 | ---- | C] ( ) -- C:\Windows\SysWow64\colorcvt.dll
[2012/03/30 23:14:57 | 000,286,720 | ---- | C] ( ) -- C:\Windows\SysWow64\drvc.dll
[2012/03/30 23:14:57 | 000,045,056 | ---- | C] ( ) -- C:\Windows\SysWow64\authmgr.dll
[2012/03/30 23:14:57 | 000,044,032 | ---- | C] ( ) -- C:\Windows\SysWow64\clntxres.dll
[2010/02/04 04:39:41 | 000,114,797 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/02/04 04:39:34 | 000,114,797 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010/02/04 03:33:01 | 000,000,552 | ---- | C] () -- C:\Users\Loco3\AppData\Local\d3d8caps.dat
[2010/02/04 02:29:31 | 000,000,680 | ---- | C] () -- C:\Users\Loco3\AppData\Local\d3d9caps.dat
[2010/02/03 00:08:21 | 000,033,280 | ---- | C] () -- C:\Users\Loco3\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/02 23:55:35 | 000,000,732 | ---- | C] () -- C:\Users\Loco3\AppData\Local\d3d9caps64.dat

========== ZeroAccess Check ==========

[2006/11/02 11:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 13:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 13:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 01:11:16 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 00:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 22:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/03/24 18:55:20 | 000,000,000 | ---D | M] -- C:\Users\Loco3\AppData\Roaming\addpcs
[2012/11/21 17:59:17 | 000,000,000 | ---D | M] -- C:\Users\Loco3\AppData\Roaming\AVG2013
[2010/10/16 17:29:58 | 000,000,000 | ---D | M] -- C:\Users\Loco3\AppData\Roaming\CheckPoint
[2013/05/07 23:45:23 | 000,000,000 | ---D | M] -- C:\Users\Loco3\AppData\Roaming\CubicExplorer
[2010/06/18 19:34:11 | 000,000,000 | ---D | M] -- C:\Users\Loco3\AppData\Roaming\Free AVI MPEG WMV MP4 FLV Video Joiner
[2011/02/12 11:17:49 | 000,000,000 | ---D | M] -- C:\Users\Loco3\AppData\Roaming\FrostWire
[2013/04/15 02:33:05 | 000,000,000 | ---D | M] -- C:\Users\Loco3\AppData\Roaming\Opera
[2012/02/18 15:43:58 | 000,000,000 | ---D | M] -- C:\Users\Loco3\AppData\Roaming\Process Hacker 2
[2012/05/07 03:07:05 | 000,000,000 | ---D | M] -- C:\Users\Loco3\AppData\Roaming\QuickScan
[2013/05/11 14:09:07 | 000,000,000 | ---D | M] -- C:\Users\Loco3\AppData\Roaming\SmartPCFix
[2011/07/10 01:24:37 | 000,000,000 | ---D | M] -- C:\Users\Loco3\AppData\Roaming\TamoSoft
[2012/11/21 16:57:49 | 000,000,000 | ---D | M] -- C:\Users\Loco3\AppData\Roaming\TuneUp Software

========== Purity Check ==========



< End of report >
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP