Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

wisesearch trojan [Solved]

Started by jber , Oct 17 2013 10:50 AM

  • This topic is locked This topic is locked

#1
jber
Posted 17 October 2013 - 10:50 AM

jber

    Member

  • Member
  • PipPip
  • 14 posts
I tried downloading a font from an apparent bogus site which tried to install many things that I declined to. I'm not even sure if they went ahead to install anyway.

As soon as I'm done with the installation (after declining to all other installations that it tried) and installed the supposed "font" I went to my Chrome browser and opened a tab. That's when I saw it was different.

Untitled.png
This is how it looks like after the infection.

I tried doing a search on the textbox next to the "O" logo which looks like a hybrid of Opera, Chrome. Lol..

The address bar's url switched to this two progressively, almost instantaneously one after the other..

http://search.search...arch.php?rf&q=s
http://search.genieo....html?v=wpc&q=s

The image url of that "O" sign next to the supposed search engine leads to the following link which makes me think that I am infected by this wisesearch trojan.
http://websearch.wis...h.info/icon.png

Please assist to have this removed!

Thanks in advanced!
  • 0

Advertisements

#2
jber
Posted 17 October 2013 - 10:51 AM

jber

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Forgotten to paste the OTL log, didn't want to edit the post to confuse you guys. Here's my OTL log.

OTL logfile created on: 18/10/2013 12:44:19 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = D:\Users\BERNIE\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16721)
Locale: 00004809 | Country: Singapore | Language: ENE | Date Format: d/M/yyyy

7.98 Gb Total Physical Memory | 3.01 Gb Available Physical Memory | 37.75% Memory free
17.93 Gb Paging File | 9.89 Gb Available in Paging File | 55.16% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119.14 Gb Total Space | 13.48 Gb Free Space | 11.32% Space Free | Partition Type: NTFS
Drive D: | 1863.01 Gb Total Space | 421.75 Gb Free Space | 22.64% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive Z: | 1863.01 Gb Total Space | 246.11 Gb Free Space | 13.21% Space Free | Partition Type: NTFS

Computer Name: BERNIE-PC | User Name: BERNIE | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/10/18 00:43:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Users\BERNIE\Desktop\OTL.exe
PRC - [2013/10/09 10:19:12 | 001,813,928 | ---- | M] (Valve Corporation) -- D:\Program Files (x86)\Steam\Steam.exe
PRC - [2013/10/09 02:56:30 | 000,237,960 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe
PRC - [2013/10/03 16:30:28 | 001,103,200 | ---- | M] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) -- C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
PRC - [2013/10/03 16:21:24 | 012,952,416 | ---- | M] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) -- C:\Program Files (x86)\Evernote\Evernote\Evernote.exe
PRC - [2013/10/03 16:21:24 | 000,394,592 | ---- | M] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) -- C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe
PRC - [2013/10/03 14:03:07 | 000,844,752 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/09/06 20:53:20 | 001,423,008 | ---- | M] (Microsoft Corporation) -- D:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
PRC - [2013/08/15 11:53:50 | 004,411,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Program Files (x86)\AVG\AVG2013\avgui.exe
PRC - [2013/07/23 19:09:28 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
PRC - [2013/07/04 15:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
PRC - [2013/05/25 08:47:30 | 027,776,968 | ---- | M] (Dropbox, Inc.) -- C:\Users\BERNIE\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/05/11 18:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/12/20 18:44:32 | 000,844,296 | ---- | M] (Samsung) -- D:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2012/12/20 18:44:28 | 000,310,280 | ---- | M] (Samsung Electronics Co., Ltd.) -- D:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
PRC - [2012/12/20 18:44:26 | 001,476,104 | ---- | M] (Samsung) -- D:\Program Files (x86)\Samsung\Kies\Kies.exe
PRC - [2012/11/07 17:54:17 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012/09/06 21:11:30 | 001,327,104 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
PRC - [2012/09/06 21:06:14 | 000,393,216 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
PRC - [2012/06/06 15:31:56 | 003,076,096 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
PRC - [2012/06/05 15:56:28 | 000,266,240 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\BrYNSvc.exe
PRC - [2012/01/03 21:10:50 | 000,815,512 | ---- | M] (Adobe Systems Inc.) -- D:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2011/11/02 02:00:44 | 000,090,448 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2011/05/25 16:08:35 | 000,686,592 | ---- | M] (Antec Inc.) -- C:\Program Files (x86)\Antec CC\ChillControl V.exe
PRC - [2010/11/05 23:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/11/05 23:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/04/27 10:09:52 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009/10/26 13:16:00 | 000,223,464 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
PRC - [2009/10/26 13:15:56 | 000,375,000 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe


========== Modules (No Company Name) ==========

MOD - [2013/10/12 16:29:56 | 013,584,776 | ---- | M] () -- C:\Users\BERNIE\AppData\Local\Google\Chrome\User Data\PepperFlash\11.9.900.117\pepflashplayer.dll
MOD - [2013/10/10 03:21:51 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\0a42b7c7b77bab47789bbfe1e22400c6\System.Windows.Forms.ni.dll
MOD - [2013/10/10 03:21:46 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\44822911c48b08ed1e467bdfa7479144\System.Configuration.ni.dll
MOD - [2013/10/10 03:21:41 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\9e4e897e65c76fedb2f7d064465dcd4e\WindowsBase.ni.dll
MOD - [2013/10/10 03:03:29 | 012,698,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\c5db04fde4893300ff28045ce4f7567d\System.Windows.Forms.ni.dll
MOD - [2013/10/10 03:03:28 | 006,998,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\d913e7d0b1d32187e0c234f8a1a581fc\System.Core.ni.dll
MOD - [2013/10/10 03:03:28 | 003,910,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\18e76c3868d682a7c065bccd142eeec1\WindowsBase.ni.dll
MOD - [2013/10/10 03:03:26 | 000,786,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\5b44a8db5b70143f27fb695b5f72930d\System.Runtime.Remoting.ni.dll
MOD - [2013/10/10 03:03:24 | 000,964,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\edb27e2c25837f79902054965d6813cd\System.Configuration.ni.dll
MOD - [2013/10/10 00:05:14 | 016,233,864 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
MOD - [2013/10/09 10:19:16 | 001,121,704 | ---- | M] () -- D:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2013/10/03 14:03:05 | 000,415,184 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\ppgooglenaclpluginchrome.dll
MOD - [2013/10/03 14:03:03 | 004,055,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\pdf.dll
MOD - [2013/10/03 14:02:12 | 000,698,832 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\libglesv2.dll
MOD - [2013/10/03 14:02:11 | 000,099,792 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\libegl.dll
MOD - [2013/10/03 14:02:09 | 001,604,560 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\ffmpegsumo.dll
MOD - [2013/09/29 03:07:40 | 001,631,744 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\cceaf9d7891fc325a90473aa9a661661\System.Drawing.ni.dll
MOD - [2013/09/29 03:07:39 | 000,220,160 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\9ebb29485ad98aa062204cf08fc89167\System.ServiceProcess.ni.dll
MOD - [2013/09/29 03:07:17 | 018,545,152 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\775d60de39c6f0b49f1640c4e6c8de09\PresentationFramework.ni.dll
MOD - [2013/09/29 03:07:07 | 010,926,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\8e3d6080e8eaaaf28389f3742ff9acdd\PresentationCore.ni.dll
MOD - [2013/09/29 03:07:02 | 007,566,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\82d58d49946f82eb56bae40f3b097784\System.Xml.ni.dll
MOD - [2013/09/29 03:07:01 | 001,880,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\f4fff5d6e716c439b944025d3994170d\System.Xaml.ni.dll
MOD - [2013/09/29 03:06:58 | 009,937,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ac79b74f022d9a096de2b884f4249543\System.ni.dll
MOD - [2013/09/29 03:05:37 | 016,547,328 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\bf2ecabcd96ec8238dc385b0a3ffa084\mscorlib.ni.dll
MOD - [2013/09/26 13:55:02 | 021,115,392 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libcef.dll
MOD - [2013/09/26 13:54:48 | 000,983,054 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\avcodec-54.dll
MOD - [2013/09/26 13:54:48 | 000,189,454 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\avformat-54.dll
MOD - [2013/09/26 13:54:48 | 000,133,134 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\avutil-51.dll
MOD - [2013/09/26 13:50:14 | 000,433,664 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
MOD - [2013/09/26 13:49:28 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
MOD - [2013/09/11 06:20:56 | 020,625,832 | ---- | M] () -- D:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2013/09/11 03:03:02 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\9534f9c560de4259436a3bf30f09f5b6\Microsoft.VisualBasic.ni.dll
MOD - [2013/09/11 03:00:49 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\bca0e16e39d4df2c608dbf71391964b9\System.Runtime.Remoting.ni.dll
MOD - [2013/08/22 06:18:28 | 000,687,104 | ---- | M] () -- D:\Program Files (x86)\Steam\SDL2.dll
MOD - [2013/08/15 03:27:58 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\66b67927461da8ab7f08738e6c7df848\IAStorUtil.ni.dll
MOD - [2013/08/15 03:22:26 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\9b1f5980cd13f80944bf7b25f17a379b\System.Data.ni.dll
MOD - [2013/08/15 03:22:11 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\7ef9c62e7806b5f461a762709e3f531e\System.Drawing.ni.dll
MOD - [2013/08/15 03:22:02 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\20e3bd99d0fc9364e2a3a091d48786cd\System.Xml.ni.dll
MOD - [2013/08/15 03:21:59 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\98707c4b7b8ecf87ae85618de04564c9\System.ni.dll
MOD - [2013/07/12 00:17:06 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\23d95a5205020ef726d038d902318adf\IAStorCommon.ni.dll
MOD - [2013/07/11 21:07:04 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\99d7c2df7ccfe15a1fdfccbccc81bd56\Accessibility.ni.dll
MOD - [2013/07/11 21:06:51 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\bb95b73d99bc2f61c750b3fa46f4f5a1\mscorlib.ni.dll
MOD - [2013/06/15 07:49:12 | 001,100,800 | ---- | M] () -- D:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2013/06/15 07:49:12 | 000,192,000 | ---- | M] () -- D:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2013/06/15 07:49:12 | 000,124,416 | ---- | M] () -- D:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2013/03/14 04:48:52 | 024,978,944 | ---- | M] () -- C:\Users\BERNIE\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2012/11/14 07:32:50 | 003,558,400 | ---- | M] () -- C:\Users\BERNIE\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2012/09/06 21:02:16 | 000,978,944 | ---- | M] () -- C:\Program Files (x86)\ControlCenter4\BrImgProc.dll
MOD - [2012/08/27 21:33:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/08/27 21:33:08 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/11/21 11:24:08 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- D:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2009/06/27 10:11:12 | 000,503,202 | ---- | M] () -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\sqlite3.dll
MOD - [2009/02/27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/08/31 06:57:54 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2013/05/27 13:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/09/28 03:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2010/08/12 15:00:20 | 000,133,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel® PROSet Monitoring Service)
SRV:64bit: - [2009/07/14 09:41:19 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lpdsvc.dll -- (LPDSVC)
SRV - [2013/10/10 00:05:14 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/07/23 19:09:28 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- D:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2013/07/04 15:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- D:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/06/21 09:53:36 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- D:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/05/27 19:04:17 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/05/11 18:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/03/30 03:53:56 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/12/02 15:42:41 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/11/07 17:54:17 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/09/20 13:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2012/07/09 00:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012/06/05 15:56:28 | 000,266,240 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2010/11/05 23:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2009/10/26 13:16:00 | 000,223,464 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2009/06/11 05:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/09/05 01:43:42 | 000,045,880 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2013/08/31 08:11:28 | 012,528,640 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2013/08/31 06:32:32 | 000,618,496 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2013/07/20 01:51:00 | 000,311,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2013/07/20 01:50:56 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2013/07/20 01:50:56 | 000,071,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2013/07/20 01:50:50 | 000,206,648 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2013/07/05 16:40:38 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2013/07/01 01:45:28 | 000,116,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2013/03/21 03:08:24 | 000,240,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/12/06 01:04:26 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/09/28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/09/20 12:35:36 | 000,203,104 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2012/09/20 12:35:36 | 000,102,368 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2012/08/23 22:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 22:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 22:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 14:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/09/02 14:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011/09/02 14:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011/07/25 17:44:46 | 000,074,752 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2011/07/20 13:58:22 | 000,044,032 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2011/05/23 08:39:28 | 000,016,384 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AseUSBCC.sys -- (ASEUSBCC)
DRV:64bit: - [2011/03/11 14:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 14:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/21 11:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/05 23:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/10/19 16:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/09/30 13:00:06 | 000,180,736 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/09/30 13:00:06 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/09/21 14:34:18 | 000,313,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
DRV:64bit: - [2010/09/01 22:26:30 | 000,032,936 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iqvw64e.sys -- (NAL)
DRV:64bit: - [2009/12/30 11:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)
DRV:64bit: - [2009/07/14 09:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 09:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 09:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 08:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/06/11 04:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 04:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 04:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 04:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/14 09:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.sg/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://xin.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-sg
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E5 4B 44 89 1C BC CD 01 [binary data]
IE - HKCU\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {FE05D7FA-85E5-44b6-B567-5541635696B1}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\..\SearchScopes\{1A5EF316-A6C1-4b85-BDED-FF12BE096D0D}: "URL" = http://www.google.co...q={searchTerms}
IE - HKCU\..\SearchScopes\{FE05D7FA-85E5-44b6-B567-5541635696B1}: "URL" = http://sg.search.yah...icevm&type=EGMB
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: leethax%40leethax.net:2013.04.24
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.4: C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.7: C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: D:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: D:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@raidcall.en/RCplugin: C:\Users\BERNIE\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: D:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: D:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013/05/03 15:38:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: D:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: D:\Program Files (x86)\Mozilla Firefox\plugins

[2013/03/30 14:05:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\BERNIE\AppData\Roaming\mozilla\Extensions
[2013/10/17 20:29:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\BERNIE\AppData\Roaming\mozilla\Firefox\Profiles\z42nxq37.default\extensions
[2013/10/17 20:29:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\BERNIE\AppData\Roaming\mozilla\Firefox\Profiles\z42nxq37.default\extensions\staged
[2013/04/26 12:45:48 | 000,021,619 | ---- | M] () (No name found) -- C:\Users\BERNIE\AppData\Roaming\mozilla\firefox\profiles\z42nxq37.default\extensions\[email protected]

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://gmail.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - Extension: Angry Birds = C:\Users\BERNIE\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: Glow = C:\Users\BERNIE\AppData\Local\Google\Chrome\User Data\Default\Extensions\bekmjjakgojplnhahcilegeiklenjbgb\1.0_0\
CHR - Extension: Turn Off the Lights = C:\Users\BERNIE\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn\2.2.0.22_0\
CHR - Extension: YouTube = C:\Users\BERNIE\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: ChrisMines = C:\Users\BERNIE\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjglfclbmcibibhpjalihoghocblkcbl\1_0\
CHR - Extension: Google Search = C:\Users\BERNIE\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google News = C:\Users\BERNIE\AppData\Local\Google\Chrome\User Data\Default\Extensions\dllkocilcinkggkchnjgegijklcililc\3.0_0\
CHR - Extension: Timer = C:\Users\BERNIE\AppData\Local\Google\Chrome\User Data\Default\Extensions\edebbhkhcaafmolanelponjjanocpacd\1.8.0.4_0\
CHR - Extension: JAY-BERN | A piece of my mind = C:\Users\BERNIE\AppData\Local\Google\Chrome\User Data\Default\Extensions\emokmgihldooaidoakkdlgdejlmgoadf\2012.12.10.59087_0\
CHR - Extension: VAFinancials_Home = C:\Users\BERNIE\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbioccpemenebblfcnafabkknnblnadp\2012.12.10.59065_0\
CHR - Extension: Google Finance = C:\Users\BERNIE\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcgckldmmjdbpdejkclmfnnnehhocbfp\1.1_0\
CHR - Extension: IP Address = C:\Users\BERNIE\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjndloejlcbpkholmagjbddfkjmmploh\1.10_0\
CHR - Extension: TweetDeck by Twitter = C:\Users\BERNIE\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl\3.3.3_0\
CHR - Extension: TweetDeck by Twitter = C:\Users\BERNIE\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl\3.3.4_0\
CHR - Extension: Pictarine = C:\Users\BERNIE\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbedofcogklaejflehfloghnidpohipb\2.0.3_0\
CHR - Extension: Download music, movies, games, software! The Pirate Bay - The galaxy's most resilient BitTorrent site = C:\Users\BERNIE\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnagabdaoeegolfhpemhbconhdannhdi\2012.12.10.59017_0\
CHR - Extension: Windows Media Player Extension for HTML5 = C:\Users\BERNIE\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak\1.0_0\
CHR - Extension: Isoball 3 = C:\Users\BERNIE\AppData\Local\Google\Chrome\User Data\Default\Extensions\iajlkcpgcnbhfhpdeooockfaincfkjjj\1.4.0_0\
CHR - Extension: Sudoku for Google Chrome\u2122 = C:\Users\BERNIE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifaabgmcffhggbfgjknkgenljelbocin\1.5_0\
CHR - Extension: SearchNewTab = C:\Users\BERNIE\AppData\Local\Google\Chrome\User Data\Default\Extensions\iphdbjcljhephclfmegljnoajgihbbkf\1.0\
CHR - Extension: DOwnloAd keepEr = C:\Users\BERNIE\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlacodncmjmllbcmnkmkdocigknmlljd\1.6\
CHR - Extension: FSCharts.com - Airport Charts for Flight Simulator Pilots = C:\Users\BERNIE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbboilpadjpjekcebkajfjemocfjccfb\2012.12.10.59023_0\
CHR - Extension: Any.do Extension = C:\Users\BERNIE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdadialhpiikehpdeejjeiikopddkjem\1.0.3.8_0\
CHR - Extension: Any.do Extension = C:\Users\BERNIE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdadialhpiikehpdeejjeiikopddkjem\1.0.3.8_0\.orig
CHR - Extension: Autodesk Homestyler = C:\Users\BERNIE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdmmkfaghgcicheaimnpffeeekheafkb\2.6_0\
CHR - Extension: BBC News Alarm = C:\Users\BERNIE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgfldkgcfjkclomnlifbhgeleheokdkl\0.6_0\
CHR - Extension: KMineSweeper = C:\Users\BERNIE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldmhhkobonimkpkfoabdmmngbbjcgilo\0.6.3_0\
CHR - Extension: FVD Video Downloader = C:\Users\BERNIE\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp\5.4.3_0\
CHR - Extension: Simply Minesweeper - bookmark = C:\Users\BERNIE\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhbneihbfnjpknmgnoahcfhgjaldgjmj\1.0.1_0\
CHR - Extension: Go away MDA = C:\Users\BERNIE\AppData\Local\Google\Chrome\User Data\Default\Extensions\lledpflfnanamkogoclkgaggfdgoalok\1.7.5_0\
CHR - Extension: Quick Note = C:\Users\BERNIE\AppData\Local\Google\Chrome\User Data\Default\Extensions\mijlebbfndhelmdpmllgcfadlkankhok\1.6.0_0\
CHR - Extension: RSS Subscription Extension (by Google) = C:\Users\BERNIE\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbjncdgjeocebhnmkbbbdekmmmcbfjd\2.2.2_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\BERNIE\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: Todo.ly = C:\Users\BERNIE\AppData\Local\Google\Chrome\User Data\Default\Extensions\obhefmbclkekanpjjpkbciloojcmpkap\2_0\
CHR - Extension: Recently Closed Tabs = C:\Users\BERNIE\AppData\Local\Google\Chrome\User Data\Default\Extensions\opefiliglgllmponlmoajkfbcaigocfc\1.2.7_0\
CHR - Extension: Gmail = C:\Users\BERNIE\AppData\Local\Google\Chrome\User Data\Default\Extensions\pajmblhcnmpfpabgpfmjjlnjnnaficge\2012.12.10.59130_0\
CHR - Extension: Google Reader = C:\Users\BERNIE\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjjhlfkghdhmijklfnahfkpgmhcmfgcm\4.4_0\
CHR - Extension: Gmail = C:\Users\BERNIE\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/05/03 15:35:55 | 000,001,663 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 113.105.152.25 www.precisionmanuals.com
O1 - Hosts: 127.0.0.1 serials.wilcopub.com
O1 - Hosts: 127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
O1 - Hosts: 127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
O1 - Hosts: 127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Evernote extension) - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [EvtMgr6] D:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] D:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] D:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] D:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BCSSync] D:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [KiesTrayAgent] D:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [RaidCall] D:\Program Files (x86)\RaidCall\raidcall.exe (RAIDCALL.COM)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [StartCCC] D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [] D:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKCU..\Run: [AVG-Secure-Search-Update_0913b] C:\Users\BERNIE\AppData\Roaming\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe /PROMPT --mid be48754e1e1347d09d072524427320d9-ff0943eb841ffa5f5c4b8da1010fa0838bb74cdb --CMPID 0913b File not found
O4 - HKCU..\Run: [DAEMON Tools Lite] D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [KiesAirMessage] D:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup File not found
O4 - HKCU..\Run: [KiesPreload] D:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O4 - HKCU..\Run: [LCLC Control Panel] C:\Program Files (x86)\Antec CC\ChillControl V.exe (Antec Inc.)
O4 - HKCU..\Run: [NCsoft Launcher] D:\Program Files (x86)\NCSoft\Launcher\NCLauncher.exe /Minimized File not found
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Steam] D:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Users\BERNIE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ChillControl V.exe.lnk = C:\Windows\Installer\{5F2A7080-CE89-442D-ABF8-5991FF351A09}\ChillControl_V.exe_FBACECEBBA5A4D8EB5F25C5474C60354.exe (Acresso Software Inc.)
O4 - Startup: C:\Users\BERNIE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\BERNIE\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\BERNIE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
O4 - Startup: C:\Users\BERNIE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteTray.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Clip Image - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4 File not found
O8:64bit: - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3 File not found
O8:64bit: - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1 File not found
O8:64bit: - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not found
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - D:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html ()
O8:64bit: - Extra context menu item: Se&nd to OneNote - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Clip Image - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4 File not found
O8 - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3 File not found
O8 - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1 File not found
O8 - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - D:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html ()
O8 - Extra context menu item: Se&nd to OneNote - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 202.156.1.16 218.186.2.16 218.186.2.6
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{73D6AD2D-C583-4082-8FDC-C515BF714821}: DhcpNameServer = 202.156.1.16 218.186.2.16 218.186.2.6
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{ef5e2418-a836-11e2-9af9-f46d0497c92a}\Shell - "" = AutoRun
O33 - MountPoints2\{ef5e2418-a836-11e2-9af9-f46d0497c92a}\Shell\AutoRun\command - "" = I:\HTC_Sync_Manager_PC.exe
O33 - MountPoints2\{ff088f27-fdc8-11e2-a761-f46d0497c92a}\Shell - "" = AutoRun
O33 - MountPoints2\{ff088f27-fdc8-11e2-a761-f46d0497c92a}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{ff088f34-fdc8-11e2-a761-f46d0497c92a}\Shell - "" = AutoRun
O33 - MountPoints2\{ff088f34-fdc8-11e2-a761-f46d0497c92a}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/10/18 00:43:21 | 000,602,112 | ---- | C] (OldTimer Tools) -- D:\Users\BERNIE\Desktop\OTL.exe
[2013/10/18 00:38:21 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- D:\Users\BERNIE\Desktop\HiJackThis.exe
[2013/10/18 00:36:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013/10/18 00:36:05 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/10/18 00:35:52 | 004,369,632 | ---- | C] (Piriform Ltd) -- D:\Users\BERNIE\Desktop\ccsetup406.exe
[2013/10/17 20:30:02 | 000,000,000 | ---D | C] -- C:\ProgramData\SummerSoft
[2013/10/17 20:29:51 | 000,000,000 | ---D | C] -- C:\ProgramData\SearchNewTab
[2013/10/17 20:29:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ss_Helper
[2013/10/17 20:29:39 | 000,000,000 | ---D | C] -- C:\ProgramData\DOwnloAd keepEr
[2013/10/17 20:28:20 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2013/10/17 20:28:18 | 000,310,784 | ---- | C] (SummerSoft) -- D:\Users\BERNIE\Desktop\avantgarde-book.exe
[2013/10/10 03:45:31 | 000,000,000 | ---D | C] -- C:\Windows\rescache
[2013/10/05 04:11:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
[2013/09/28 00:15:43 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2013/09/28 00:15:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2013/09/28 00:15:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
[2013/09/28 00:11:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2013/09/28 00:05:23 | 000,792,704 | ---- | C] (AMD) -- D:\Users\BERNIE\Desktop\amddriverdownloader.exe

========== Files - Modified Within 30 Days ==========

[2013/10/18 00:43:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Users\BERNIE\Desktop\OTL.exe
[2013/10/18 00:38:21 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- D:\Users\BERNIE\Desktop\HiJackThis.exe
[2013/10/18 00:35:52 | 004,369,632 | ---- | M] (Piriform Ltd) -- D:\Users\BERNIE\Desktop\ccsetup406.exe
[2013/10/18 00:05:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/10/18 00:01:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/10/17 22:08:10 | 000,868,224 | ---- | M] () -- D:\Users\BERNIE\Desktop\aw8570sm.pdf
[2013/10/17 20:29:55 | 000,052,236 | ---- | M] () -- D:\Users\BERNIE\Desktop\avantgarde-book.ttf
[2013/10/17 20:28:16 | 000,310,784 | ---- | M] (SummerSoft) -- D:\Users\BERNIE\Desktop\avantgarde-book.exe
[2013/10/17 03:01:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/10/10 09:20:35 | 000,021,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/10 09:20:35 | 000,021,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/10 03:24:40 | 000,786,622 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/10/10 03:24:40 | 000,669,578 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/10/10 03:24:40 | 000,127,194 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/10/10 03:20:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/10/10 03:19:19 | 000,455,544 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/10/10 03:03:13 | 000,770,488 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/09/28 00:05:23 | 000,792,704 | ---- | M] (AMD) -- D:\Users\BERNIE\Desktop\amddriverdownloader.exe
[2013/09/23 19:22:49 | 000,378,197 | ---- | M] () -- D:\Users\BERNIE\Desktop\DCA FORM.PDF
[2013/09/22 19:18:38 | 000,000,813 | ---- | M] () -- C:\Users\Public\Desktop\Vuze.lnk
[2013/09/22 19:18:38 | 000,000,813 | ---- | M] () -- C:\Users\BERNIE\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk

========== Files Created - No Company Name ==========

[2013/10/17 22:08:01 | 000,868,224 | ---- | C] () -- D:\Users\BERNIE\Desktop\aw8570sm.pdf
[2013/10/17 20:29:54 | 000,052,236 | ---- | C] () -- D:\Users\BERNIE\Desktop\avantgarde-book.ttf
[2013/09/23 19:22:49 | 000,378,197 | ---- | C] () -- D:\Users\BERNIE\Desktop\DCA FORM.PDF
[2013/09/22 19:18:38 | 000,000,813 | ---- | C] () -- C:\Users\Public\Desktop\Vuze.lnk
[2013/08/30 19:53:48 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2013/06/13 11:19:31 | 000,012,292 | -H-- | C] () -- C:\Users\BERNIE\.DS_Store
[2013/03/29 10:13:14 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe
[2013/03/29 10:13:12 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe
[2012/12/21 01:27:51 | 000,002,560 | ---- | C] () -- C:\Users\BERNIE\AppData\Local\ascrypt_pro.dll
[2012/12/18 10:06:10 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012/12/18 10:06:06 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012/12/18 10:06:06 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012/12/18 10:06:06 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012/12/18 10:06:06 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012/12/17 15:45:36 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\mrvtcl.dll
[2012/12/17 15:45:10 | 000,001,269 | ---- | C] () -- C:\Windows\SimView.ini
[2012/12/17 15:45:10 | 000,000,097 | ---- | C] () -- C:\Windows\Jeppesen.ini
[2012/11/30 05:40:09 | 000,007,598 | ---- | C] () -- C:\Users\BERNIE\AppData\Local\Resmon.ResmonCfg
[2012/11/24 21:55:02 | 000,000,061 | -HS- | C] () -- C:\Windows\cnerolf.bin
[2012/11/21 19:49:18 | 000,000,113 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2012/11/09 01:52:09 | 000,552,960 | ---- | C] () -- C:\Windows\SysWow64\RAASAUDIO32.dll
[2012/11/07 00:11:56 | 000,291,088 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/11/07 00:11:41 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/11/06 21:26:36 | 000,770,488 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/11/06 21:24:45 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/11/06 20:41:32 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012/11/06 20:41:28 | 000,022,038 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2012/09/28 09:29:54 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/09/28 09:29:54 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/09/14 09:32:16 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2012/09/14 09:32:16 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
[2012/06/09 19:21:56 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll

========== ZeroAccess Check ==========

[2009/07/14 12:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 10:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 09:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 09:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 11:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 09:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/11/06 21:49:32 | 000,000,000 | ---D | M] -- C:\Users\BERNIE\AppData\Roaming\AVG2013
[2013/09/29 21:42:40 | 000,000,000 | ---D | M] -- C:\Users\BERNIE\AppData\Roaming\Azureus
[2013/05/04 01:57:47 | 000,000,000 | ---D | M] -- C:\Users\BERNIE\AppData\Roaming\BlackBox flightlogger
[2013/05/15 12:39:44 | 000,000,000 | ---D | M] -- C:\Users\BERNIE\AppData\Roaming\calibre
[2013/02/17 19:34:21 | 000,000,000 | ---D | M] -- C:\Users\BERNIE\AppData\Roaming\ControlCenter4
[2013/04/20 22:25:03 | 000,000,000 | ---D | M] -- C:\Users\BERNIE\AppData\Roaming\Corona Labs
[2012/12/06 01:05:31 | 000,000,000 | ---D | M] -- C:\Users\BERNIE\AppData\Roaming\DAEMON Tools Lite
[2013/10/10 22:24:02 | 000,000,000 | ---D | M] -- C:\Users\BERNIE\AppData\Roaming\Dropbox
[2012/11/30 05:56:31 | 000,000,000 | ---D | M] -- C:\Users\BERNIE\AppData\Roaming\EZCA
[2013/09/30 23:25:51 | 000,000,000 | ---D | M] -- C:\Users\BERNIE\AppData\Roaming\foobar2000
[2013/05/05 15:22:31 | 000,000,000 | ---D | M] -- C:\Users\BERNIE\AppData\Roaming\Individual Software
[2012/11/09 15:06:10 | 000,000,000 | ---D | M] -- C:\Users\BERNIE\AppData\Roaming\Leadertech
[2012/12/08 23:41:10 | 000,000,000 | ---D | M] -- C:\Users\BERNIE\AppData\Roaming\Mp3tag
[2012/11/24 22:46:07 | 000,000,000 | ---D | M] -- C:\Users\BERNIE\AppData\Roaming\Multi Crew Experience
[2012/11/24 22:45:56 | 000,000,000 | ---D | M] -- C:\Users\BERNIE\AppData\Roaming\Obsidium
[2013/06/10 00:33:56 | 000,000,000 | ---D | M] -- C:\Users\BERNIE\AppData\Roaming\Origin
[2012/12/21 01:33:13 | 000,000,000 | ---D | M] -- C:\Users\BERNIE\AppData\Roaming\RAASPRO
[2013/04/18 23:46:22 | 000,000,000 | ---D | M] -- C:\Users\BERNIE\AppData\Roaming\raidcall
[2012/11/17 03:25:00 | 000,000,000 | ---D | M] -- C:\Users\BERNIE\AppData\Roaming\Red Kawa
[2012/11/07 03:14:15 | 000,000,000 | ---D | M] -- C:\Users\BERNIE\AppData\Roaming\Research In Motion
[2013/01/22 11:49:14 | 000,000,000 | ---D | M] -- C:\Users\BERNIE\AppData\Roaming\Samsung
[2012/11/06 21:37:03 | 000,000,000 | ---D | M] -- C:\Users\BERNIE\AppData\Roaming\TuneUp Software
[2013/01/05 17:57:21 | 000,000,000 | ---D | M] -- C:\Users\BERNIE\AppData\Roaming\Unified Remote
[2013/03/17 18:20:38 | 000,000,000 | ---D | M] -- C:\Users\BERNIE\AppData\Roaming\WindSolutions

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 60 bytes -> C:\Users\BERNIE\Documents\.DS_Store:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\Users\BERNIE\.DS_Store:AFP_AfpInfo

< End of report >
  • 0

#3
emeraldnzl
Posted 21 October 2013 - 02:01 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello jber,

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called (FRST.txt) in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run, it makes also another log (Addition.txt). Please also paste that into your reply.

  • 0

#4
jber
Posted 22 October 2013 - 12:30 AM

jber

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Here's the logs you wanted.



---




Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-10-2013
Ran by BERNIE (administrator) on BERNIE-PC on 22-10-2013 14:27:01
Running from D:\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) D:\PROGRA~2\AVG\AVG2013\avgrsa.exe
(AVG Technologies CZ, s.r.o.) D:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(AVG Technologies CZ, s.r.o.) D:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) D:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
(DeviceVM, Inc.) C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Windows\system32\IProsetMonitor.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(AVG Technologies CZ, s.r.o.) D:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
(AVG Technologies CZ, s.r.o.) D:\Program Files (x86)\AVG\AVG2013\avgemca.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(AVG Technologies CZ, s.r.o.) D:\Program Files (x86)\AVG\AVG2013\avgui.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Logitech, Inc.) D:\Program Files\Logitech\SetPointG\SetPointII.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Advanced Micro Devices Inc.) D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) D:\Program Files (x86)\Steam\Steam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Antec Inc.) C:\Program Files (x86)\Antec CC\ChillControl V.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() D:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
(Valve Corporation) D:\Program Files (x86)\Steam\GameOverlayUI.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11545192 2010-11-02] (Realtek Semiconductor)
HKLM\...\Run: [EvtMgr6] - D:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKCU\...\Run: [Steam] - D:\Program Files (x86)\Steam\Steam.exe [1813928 2013-10-09] (Valve Corporation)
HKCU\...\Run: [LCLC Control Panel] - C:\Program Files (x86)\Antec CC\ChillControl V.exe [686592 2011-05-25] (Antec Inc.)
HKCU\...\Run: [Speech Recognition] - C:\Windows\Speech\Common\sapisvr.exe [44544 2009-07-14] (Microsoft Corporation)
HKCU\...\Run: [DAEMON Tools Lite] - D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673728 2012-11-06] (DT Soft Ltd)
HKCU\...\Run: [Pando Media Booster] - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2012-12-06] ()
HKCU\...\Run: [NCsoft Launcher] - D:\Program Files (x86)\NCSoft\Launcher\NCLauncher.exe /Minimized
HKCU\...\Run: [KiesPreload] - D:\Program Files (x86)\Samsung\Kies\Kies.exe [1476104 2012-12-20] (Samsung)
HKCU\...\Run: [KiesAirMessage] - D:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
HKCU\...\Run: [] - D:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844296 2012-12-20] (Samsung)
HKCU\...\Run: [AVG-Secure-Search-Update_0913b] - C:\Users\BERNIE\AppData\Roaming\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe /PROMPT --mid be48754e1e1347d09d072524427320d9-ff0943eb841ffa5f5c4b8da1010fa0838bb74cdb --CMPID 0913b
MountPoints2: {ef5e2418-a836-11e2-9af9-f46d0497c92a} - I:\HTC_Sync_Manager_PC.exe
MountPoints2: {ff088f27-fdc8-11e2-a761-f46d0497c92a} - F:\LaunchU3.exe -a
MountPoints2: {ff088f34-fdc8-11e2-a761-f46d0497c92a} - F:\LaunchU3.exe -a
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-05] (Intel Corporation)
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [BCU] - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe [375000 2009-10-26] (DeviceVM, Inc.)
HKLM-x32\...\Run: [AVG_UI] - D:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411440 2013-08-15] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] - C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [90448 2011-11-02] (Research In Motion Limited)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] - D:\Program Files (x86)\iTunes\iTunesHelper.exe [151952 2012-11-29] (Apple Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] - D:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310280 2012-12-20] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [ControlCenter4] - C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-09-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] - C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [RaidCall] - D:\Program Files (x86)\RaidCall\raidcall.exe [3423928 2013-04-01] (RAIDCALL.COM)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - D:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - D:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [815512 2012-01-03] (Adobe Systems Inc.)
HKLM-x32\...\Run: [QuickTime Task] - D:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [BCSSync] - D:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] - D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-30] (Advanced Micro Devices, Inc.)
HKU\Default\...\Run: [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\Default User\...\Run: [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
Startup: C:\Users\BERNIE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ChillControl V.exe.lnk
ShortcutTarget: ChillControl V.exe.lnk -> C:\Windows\Installer\{5F2A7080-CE89-442D-ABF8-5991FF351A09}\ChillControl_V.exe_FBACECEBBA5A4D8EB5F25C5474C60354.exe (Acresso Software Inc.)
Startup: C:\Users\BERNIE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\BERNIE\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\BERNIE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\BERNIE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteTray.lnk
ShortcutTarget: EvernoteTray.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.sg/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://xin.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xE54B44891CBCCD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-sg
URLSearchHook: SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch64.dll (DeviceVM, Inc.)
SearchScopes: HKCU - DefaultScope {FE05D7FA-85E5-44b6-B567-5541635696B1} URL = http://sg.search.yah...icevm&type=EGMB
SearchScopes: HKCU - {FE05D7FA-85E5-44b6-B567-5541635696B1} URL = http://sg.search.yah...icevm&type=EGMB
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 202.156.1.16 218.186.2.16 218.186.2.6

FireFox:
========
FF ProfilePath: C:\Users\BERNIE\AppData\Roaming\Mozilla\Firefox\Profiles\z42nxq37.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.1.4 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - D:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - D:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - D:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @raidcall.en/RCplugin - C:\Users\BERNIE\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 - C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat - D:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Extension: No Name - C:\Users\BERNIE\AppData\Roaming\Mozilla\Firefox\Profiles\z42nxq37.default\Extensions\staged
FF Extension: leethax - C:\Users\BERNIE\AppData\Roaming\Mozilla\Firefox\Profiles\z42nxq37.default\Extensions\[email protected]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - D:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - D:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF StartMenuInternet: FIREFOX.EXE - D:\Program Files (x86)\Mozilla Firefox\firefox.exe

Chrome:
=======
CHR HomePage: hxxp://gmail.com/
CHR RestoreOnStartup: "https://mail.google....1&shva=1#inbox", "hxxp://forums.hardwarezone.com.sg/subscription.php", "https://www.facebook.com/", "https://twitter.com/", "hxxp://battlelog.battlefield.com/bf3/", "hxxp://jaybern.wordpress.com/wp-admin/edit.php?post_type=post"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.96\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.96\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.96\pdf.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Extension: (Angry Birds) - D:\Users\BERNIE\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0
CHR Extension: (Turn Off the Lights) - D:\Users\BERNIE\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn\2.1.0.15_0
CHR Extension: (James White) - D:\Users\BERNIE\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkeidgmehkdjmpjodpjkepolokanalkm\3_0
CHR Extension: (YouTube) - D:\Users\BERNIE\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (ChrisMines) - D:\Users\BERNIE\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjglfclbmcibibhpjalihoghocblkcbl\1_0
CHR Extension: (Google Search) - D:\Users\BERNIE\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (Google News) - D:\Users\BERNIE\AppData\Local\Google\Chrome\User Data\Default\Extensions\dllkocilcinkggkchnjgegijklcililc\3.0_0
CHR Extension: (Timer) - D:\Users\BERNIE\AppData\Local\Google\Chrome\User Data\Default\Extensions\edebbhkhcaafmolanelponjjanocpacd\1.8.0.0_0
CHR Extension: (Google Finance) - D:\Users\BERNIE\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcgckldmmjdbpdejkclmfnnnehhocbfp\1.1_0
CHR Extension: (IP Address) - D:\Users\BERNIE\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjndloejlcbpkholmagjbddfkjmmploh\1.10_0
CHR Extension: (TweetDeck) - D:\Users\BERNIE\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl\2.0.5_0
CHR Extension: (Pictarine) - D:\Users\BERNIE\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbedofcogklaejflehfloghnidpohipb\2.0.1_0
CHR Extension: (Isoball 3) - D:\Users\BERNIE\AppData\Local\Google\Chrome\User Data\Default\Extensions\iajlkcpgcnbhfhpdeooockfaincfkjjj\1.3.0_0
CHR Extension: (Sudoku for Google Chrome\u2122) - D:\Users\BERNIE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifaabgmcffhggbfgjknkgenljelbocin\1.5_0
CHR Extension: (Autodesk Homestyler) - D:\Users\BERNIE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdmmkfaghgcicheaimnpffeeekheafkb\2.2_0
CHR Extension: (BBC News Alarm) - D:\Users\BERNIE\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgfldkgcfjkclomnlifbhgeleheokdkl\0.6_0
CHR Extension: (KMineSweeper) - D:\Users\BERNIE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldmhhkobonimkpkfoabdmmngbbjcgilo\0.6.1_0
CHR Extension: (FVD Video Downloader) - D:\Users\BERNIE\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp\1.3.9_0
CHR Extension: (Simply Minesweeper) - D:\Users\BERNIE\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhbneihbfnjpknmgnoahcfhgjaldgjmj\1.0.0_0
CHR Extension: (Quick Note) - D:\Users\BERNIE\AppData\Local\Google\Chrome\User Data\Default\Extensions\mijlebbfndhelmdpmllgcfadlkankhok\1.4.2_0
CHR Extension: (RSS Subscription Extension (by Google)) - D:\Users\BERNIE\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbjncdgjeocebhnmkbbbdekmmmcbfjd\2.2.0_0
CHR Extension: (Todo.ly) - D:\Users\BERNIE\AppData\Local\Google\Chrome\User Data\Default\Extensions\obhefmbclkekanpjjpkbciloojcmpkap\2_0
CHR Extension: (Recently Closed Tabs) - D:\Users\BERNIE\AppData\Local\Google\Chrome\User Data\Default\Extensions\opefiliglgllmponlmoajkfbcaigocfc\1.2.7_0
CHR Extension: (Google Reader) - D:\Users\BERNIE\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjjhlfkghdhmijklfnahfkpgmhcmfgcm\4.4_0
CHR Extension: (Gmail) - D:\Users\BERNIE\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 AVGIDSAgent; D:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
R2 avgwd; D:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-07-23] (AVG Technologies CZ, s.r.o.)
S3 COMSysApp; C:\Windows\SysWow64\dllhost.exe [7168 2009-07-14] (Microsoft Corporation)
R2 LPDSVC; C:\Windows\system32\lpdsvc.dll [45568 2009-07-14] (Microsoft Corporation)
S3 Microsoft SharePoint Workspace Audit Service; D:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [30785672 2012-09-20] (Microsoft Corporation)
S3 msiserver; C:\Windows\SysWow64\msiexec.exe [73216 2010-11-21] (Microsoft Corporation)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-11-07] ()
S2 SkypeUpdate; D:\Program Files (x86)\Skype\Updater\Updater.exe [162408 2013-06-21] (Skype Technologies)
R2 WSearch; C:\Windows\SysWow64\SearchIndexer.exe [427520 2011-05-04] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R3 ASEUSBCC; C:\Windows\System32\drivers\AseUSBCC.sys [16384 2011-05-23] (Silicon Laboratories)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-09-05] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-21] (AVG Technologies CZ, s.r.o.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-12-06] (DT Soft Ltd)
S3 NAL; C:\Windows\system32\Drivers\iqvw64e.sys [32936 2010-09-01] (Intel Corporation )
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [74752 2011-07-25] (Research In Motion Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44032 2011-07-20] (Research in Motion Ltd)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-22 14:26 - 2013-10-22 14:26 - 00000000 ____D C:\FRST
2013-10-18 19:04 - 2013-10-18 19:04 - 00000000 ____D C:\ProgramData\Licenses
2013-10-18 00:36 - 2013-10-18 00:36 - 00002774 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-10-18 00:36 - 2013-10-18 00:36 - 00000000 ____D C:\Program Files\CCleaner
2013-10-17 20:30 - 2013-10-17 20:30 - 00000000 ____D C:\ProgramData\SummerSoft
2013-10-17 20:29 - 2013-10-17 20:29 - 00000000 ____D C:\ProgramData\SearchNewTab
2013-10-17 20:29 - 2013-10-17 20:29 - 00000000 ____D C:\ProgramData\DOwnloAd keepEr
2013-10-17 20:29 - 2013-10-17 20:29 - 00000000 ____D C:\Program Files (x86)\Ss_Helper
2013-10-17 20:28 - 2013-10-17 20:30 - 00000000 ____D C:\ProgramData\InstallMate
2013-10-10 03:45 - 2013-10-10 03:45 - 00000000 ____D C:\Windows\rescache
2013-10-10 03:01 - 2013-09-23 07:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-10 03:01 - 2013-09-23 07:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-10 03:01 - 2013-09-23 07:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-10 03:01 - 2013-09-23 07:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-10 03:01 - 2013-09-23 07:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-10 03:01 - 2013-09-23 07:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-10 03:01 - 2013-09-23 07:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-10 03:01 - 2013-09-23 07:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-10 03:01 - 2013-09-23 07:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-10-10 03:01 - 2013-09-23 07:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-10-10 03:01 - 2013-09-23 07:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-10-10 03:01 - 2013-09-23 07:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-10 03:01 - 2013-09-23 07:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-10-10 03:01 - 2013-09-23 06:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-10 03:01 - 2013-09-23 06:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-10 03:01 - 2013-09-23 06:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-10 03:01 - 2013-09-23 06:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-10 03:01 - 2013-09-23 06:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-10 03:01 - 2013-09-23 06:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-10 03:01 - 2013-09-23 06:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-10 03:01 - 2013-09-23 06:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-10 03:01 - 2013-09-23 06:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-10 03:01 - 2013-09-23 06:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-10 03:01 - 2013-09-23 06:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-10 03:01 - 2013-09-23 06:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-10 03:01 - 2013-09-23 06:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-10 03:01 - 2013-09-23 06:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-10 03:01 - 2013-09-21 11:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-10 03:01 - 2013-09-21 11:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-10 03:01 - 2013-09-21 10:48 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-10-10 03:01 - 2013-09-21 10:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-10-09 17:53 - 2013-09-14 09:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-10-09 17:53 - 2013-09-08 10:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-10-09 17:53 - 2013-09-08 10:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-10-09 17:53 - 2013-09-08 10:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2013-10-09 17:53 - 2013-07-12 18:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-09 17:53 - 2013-07-04 20:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-10-09 17:53 - 2013-07-04 20:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-09 17:53 - 2013-07-04 20:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-10-09 17:53 - 2013-07-04 19:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2013-10-09 17:53 - 2013-07-04 19:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2013-10-09 17:53 - 2013-07-04 19:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-10-09 17:53 - 2013-07-04 18:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-10-09 17:53 - 2013-07-03 12:40 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2013-10-09 17:53 - 2013-07-03 12:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-09 17:53 - 2013-07-03 12:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-09 17:53 - 2013-06-26 06:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-09 17:53 - 2013-06-06 13:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-10-09 17:53 - 2013-06-06 13:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-10-09 17:53 - 2013-06-06 13:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-10-09 17:53 - 2013-06-06 13:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-09 17:53 - 2013-06-06 12:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-10-09 17:53 - 2013-06-06 12:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-10-09 17:53 - 2013-06-06 12:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-10-09 17:53 - 2013-06-06 11:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-09 17:53 - 2013-06-06 11:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-10-09 17:53 - 2013-06-06 11:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-10-09 17:52 - 2013-08-29 10:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-10-09 17:52 - 2013-08-29 10:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-10-09 17:52 - 2013-08-29 10:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-10-09 17:52 - 2013-08-29 10:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-10-09 17:52 - 2013-08-29 10:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-10-09 17:52 - 2013-08-29 09:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-10-09 17:52 - 2013-08-29 09:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-10-09 17:52 - 2013-08-29 09:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-10-09 17:52 - 2013-08-29 09:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2013-10-09 17:52 - 2013-08-29 09:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-10-09 17:52 - 2013-08-29 09:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2013-10-09 17:52 - 2013-08-29 08:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-10-09 17:52 - 2013-08-29 08:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-10-09 17:52 - 2013-08-29 08:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-10-09 17:52 - 2013-08-29 08:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-10-09 17:52 - 2013-08-28 09:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-09 17:48 - 2013-09-04 20:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-10-09 17:48 - 2013-09-04 20:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-10-09 17:48 - 2013-09-04 20:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-10-09 17:48 - 2013-09-04 20:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-10-09 17:48 - 2013-09-04 20:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-10-09 17:48 - 2013-09-04 20:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-10-09 17:48 - 2013-09-04 20:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-10-09 17:48 - 2013-08-28 09:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-10-09 17:48 - 2013-08-01 20:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-09 17:48 - 2013-07-20 18:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 17:48 - 2013-07-20 18:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-09-28 00:15 - 2013-09-28 00:15 - 00054029 _____ C:\Windows\SysWOW64\CCCInstall_201309280015076020.log
2013-09-28 00:15 - 2013-09-28 00:15 - 00000000 ____D C:\ProgramData\ATI
2013-09-28 00:15 - 2013-09-28 00:15 - 00000000 ____D C:\Program Files (x86)\AMD AVT
2013-09-28 00:11 - 2013-09-28 00:13 - 00000000 ____D C:\ProgramData\Package Cache
2013-09-22 19:18 - 2013-09-22 19:18 - 00000813 _____ C:\Users\Public\Desktop\Vuze.lnk

==================== One Month Modified Files and Folders =======

2013-10-22 14:26 - 2013-10-22 14:26 - 00000000 ____D C:\FRST
2013-10-22 14:05 - 2013-04-26 14:04 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-22 14:01 - 2012-11-06 20:45 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-22 13:30 - 2012-11-06 20:38 - 01689309 _____ C:\Windows\WindowsUpdate.log
2013-10-22 12:54 - 2012-11-07 02:53 - 00000000 ____D C:\Users\BERNIE\AppData\Roaming\Azureus
2013-10-22 08:36 - 2012-11-06 20:49 - 00000000 ____D C:\ProgramData\MFAData
2013-10-22 03:22 - 2013-05-01 19:14 - 00003502 _____ C:\Windows\System32\Tasks\AutoRearm
2013-10-22 03:01 - 2012-11-06 20:45 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-22 00:19 - 2012-11-11 05:22 - 00000000 ____D C:\Users\BERNIE\AppData\Roaming\vlc
2013-10-21 23:55 - 2012-11-06 21:36 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins
2013-10-18 19:04 - 2013-10-18 19:04 - 00000000 ____D C:\ProgramData\Licenses
2013-10-18 00:36 - 2013-10-18 00:36 - 00002774 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-10-18 00:36 - 2013-10-18 00:36 - 00000000 ____D C:\Program Files\CCleaner
2013-10-17 20:30 - 2013-10-17 20:30 - 00000000 ____D C:\ProgramData\SummerSoft
2013-10-17 20:30 - 2013-10-17 20:28 - 00000000 ____D C:\ProgramData\InstallMate
2013-10-17 20:29 - 2013-10-17 20:29 - 00000000 ____D C:\ProgramData\SearchNewTab
2013-10-17 20:29 - 2013-10-17 20:29 - 00000000 ____D C:\ProgramData\DOwnloAd keepEr
2013-10-17 20:29 - 2013-10-17 20:29 - 00000000 ____D C:\Program Files (x86)\Ss_Helper
2013-10-10 22:24 - 2013-05-01 12:35 - 00000000 ____D C:\Users\BERNIE\AppData\Roaming\Dropbox
2013-10-10 22:23 - 2013-04-20 18:59 - 00000000 _____ C:\Windows\SysWOW64\filetrace.log
2013-10-10 09:20 - 2009-07-14 12:45 - 00021872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-10 09:20 - 2009-07-14 12:45 - 00021872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-10 03:45 - 2013-10-10 03:45 - 00000000 ____D C:\Windows\rescache
2013-10-10 03:24 - 2009-07-14 13:13 - 00786622 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-10 03:20 - 2009-07-14 13:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-10 03:20 - 2009-07-14 12:51 - 00069927 _____ C:\Windows\setupact.log
2013-10-10 03:19 - 2009-07-14 12:45 - 00455544 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-10 03:03 - 2012-11-06 21:26 - 00770488 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-10-10 03:02 - 2012-11-07 03:43 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-10 03:01 - 2013-08-15 03:00 - 00000000 ____D C:\Windows\system32\MRT
2013-10-10 03:00 - 2012-11-06 21:14 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-10-10 00:05 - 2013-04-26 14:04 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-10 00:05 - 2012-11-11 12:51 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-10 00:05 - 2012-11-11 12:51 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-09 02:56 - 2012-11-06 20:45 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-10-09 02:56 - 2012-11-06 20:45 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-10-06 23:57 - 2012-11-07 03:13 - 00000462 _____ C:\Users\BERNIE\AppData\Roaming\Rim.DesktopHelper.Exception.log
2013-10-06 23:57 - 2012-11-07 03:13 - 00000385 _____ C:\Users\BERNIE\AppData\Roaming\Rim.Desktop.Exception.log
2013-09-30 23:25 - 2013-05-19 03:14 - 00000000 ____D C:\Users\BERNIE\AppData\Roaming\foobar2000
2013-09-29 15:00 - 2010-11-21 11:47 - 00297102 _____ C:\Windows\PFRO.log
2013-09-28 00:15 - 2013-09-28 00:15 - 00054029 _____ C:\Windows\SysWOW64\CCCInstall_201309280015076020.log
2013-09-28 00:15 - 2013-09-28 00:15 - 00000000 ____D C:\ProgramData\ATI
2013-09-28 00:15 - 2013-09-28 00:15 - 00000000 ____D C:\Program Files (x86)\AMD AVT
2013-09-28 00:15 - 2012-11-07 17:46 - 00000000 ____D C:\ProgramData\AMD
2013-09-28 00:13 - 2013-09-28 00:11 - 00000000 ____D C:\ProgramData\Package Cache
2013-09-23 07:28 - 2013-10-10 03:01 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-23 07:28 - 2013-10-10 03:01 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-23 07:27 - 2013-10-10 03:01 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-23 07:27 - 2013-10-10 03:01 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-23 07:27 - 2013-10-10 03:01 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-23 07:27 - 2013-10-10 03:01 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-23 07:27 - 2013-10-10 03:01 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-23 07:27 - 2013-10-10 03:01 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-23 07:27 - 2013-10-10 03:01 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-23 07:27 - 2013-10-10 03:01 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-23 07:27 - 2013-10-10 03:01 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-23 07:27 - 2013-10-10 03:01 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-23 07:27 - 2013-10-10 03:01 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-23 06:55 - 2013-10-10 03:01 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-23 06:55 - 2013-10-10 03:01 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-23 06:55 - 2013-10-10 03:01 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-23 06:54 - 2013-10-10 03:01 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-23 06:54 - 2013-10-10 03:01 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-23 06:54 - 2013-10-10 03:01 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-23 06:54 - 2013-10-10 03:01 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-23 06:54 - 2013-10-10 03:01 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-23 06:54 - 2013-10-10 03:01 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-23 06:54 - 2013-10-10 03:01 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-23 06:54 - 2013-10-10 03:01 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-23 06:54 - 2013-10-10 03:01 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-23 06:54 - 2013-10-10 03:01 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-23 06:54 - 2013-10-10 03:01 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-22 19:18 - 2013-09-22 19:18 - 00000813 _____ C:\Users\Public\Desktop\Vuze.lnk

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-21 01:09

==================== End Of Log ============================






Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-10-2013
Ran by BERNIE at 2013-10-22 14:27:15
Running from D:\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: AVG AntiVirus Free Edition 2013 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2013 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
A380v2 (FSX) (HKCU)
Addit! Pro For Flight Simulator X (x32 Version: 7.3.0005)
Adobe Acrobat X Pro - English, Français, Deutsch (x32 Version: 10.1.2)
Adobe AIR (x32 Version: 3.5.0.1060)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Reader XI (11.0.03) (x32 Version: 11.0.03)
Aerosoft's - Airbus X (x32 Version: 1.20)
Aerosoft's - Airbus X Extended - FSX (x32)
Airbus Series 2 - Evolution Full (FSX) (x32)
ALShow 2.01 (x32 Version: v2.01)
ALTools Update (x32 Version: v11.4.28.1)
AMD Accelerated Video Transcoding (Version: 13.15.100.30830)
AMD APP SDK Runtime (Version: 10.0.1016.4)
AMD Catalyst Control Center (x32 Version: 2013.0830.1944.33589)
AMD Catalyst Install Manager (Version: 8.0.915.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Media Foundation Decoders (Version: 1.0.80830.1925)
Antec CC (x32 Version: 1.1.0000)
Antec CC Driver x64 (x32 Version: 3.2.0000)
Apple Application Support (x32 Version: 2.3.4)
Apple Mobile Device Support (Version: 6.0.1.3)
Apple Software Update (x32 Version: 2.1.3.127)
AVG 2013 (Version: 13.0.3222)
AVG 2013 (Version: 13.0.3408)
AVG 2013 (Version: 2013.0.3408)
AviSynth 2.5 (x32)
AVS Video Converter 8 (x32 Version: 8.3.3.535)
Battlefield 3™ (x32 Version: 1.4.0.0)
Battlelog Web Plugins (x32 Version: 2.3.0)
BlackBerry Desktop Software 7.1 (x32 Version: 7.1.0.32)
BlackBox flightlogger V2.9.41 beta (x32)
Bonjour (Version: 3.0.0.10)
Brother MFL-Pro Suite DCP-7060D (x32 Version: 1.1.3.0)
Browser Configuration Utility (x32 Version: 1.0.10.0)
calibre (x32 Version: 0.9.5)
Canon Inkjet Printer Driver Add-On Module
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0830.1944.33589)
Catalyst Control Center InstallProxy (x32 Version: 2013.0830.1944.33589)
Catalyst Control Center Localization All (x32 Version: 2013.0830.1944.33589)
CCC Help Chinese Standard (x32 Version: 2013.0830.1943.33589)
CCC Help Chinese Traditional (x32 Version: 2013.0830.1943.33589)
CCC Help Czech (x32 Version: 2013.0830.1943.33589)
CCC Help Danish (x32 Version: 2013.0830.1943.33589)
CCC Help Dutch (x32 Version: 2013.0830.1943.33589)
CCC Help English (x32 Version: 2013.0830.1943.33589)
CCC Help Finnish (x32 Version: 2013.0830.1943.33589)
CCC Help French (x32 Version: 2013.0830.1943.33589)
CCC Help German (x32 Version: 2013.0830.1943.33589)
CCC Help Greek (x32 Version: 2013.0830.1943.33589)
CCC Help Hungarian (x32 Version: 2013.0830.1943.33589)
CCC Help Italian (x32 Version: 2013.0830.1943.33589)
CCC Help Japanese (x32 Version: 2013.0830.1943.33589)
CCC Help Korean (x32 Version: 2013.0830.1943.33589)
CCC Help Norwegian (x32 Version: 2013.0830.1943.33589)
CCC Help Polish (x32 Version: 2013.0830.1943.33589)
CCC Help Portuguese (x32 Version: 2013.0830.1943.33589)
CCC Help Russian (x32 Version: 2013.0830.1943.33589)
CCC Help Spanish (x32 Version: 2013.0830.1943.33589)
CCC Help Swedish (x32 Version: 2013.0830.1943.33589)
CCC Help Thai (x32 Version: 2013.0830.1943.33589)
CCC Help Turkish (x32 Version: 2013.0830.1943.33589)
ccc-utility64 (Version: 2013.0830.1944.33589)
CCleaner (Version: 4.06)
CopyTrans Suite Remove Only (HKCU Version: 2.37)
Corona SDK (x32 Version: 12.0.971)
CPUID CPU-Z 1.62
DAEMON Tools Lite (x32 Version: 4.46.1.0327)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
Delta Virtual Airlines 717 (FSX) (x32 Version: 1.00)
Delta Virtual Airlines ACARS (beta) 3.0 (x32 Version: 3.00)
Delta Virtual Airlines MD-88 (FSX) (x32 Version: 4.22)
Dota 2 (x32)
DOwnloAd keepEr (x32 Version: 2.1.0.1322)
Dropbox (HKCU Version: 2.0.22)
eReg (x32 Version: 1.20.138.34)
ESN Sonar (x32 Version: 0.70.4)
Evernote v. 5.0.2 (x32 Version: 5.0.2.1392)
EZdok Camera for Microsoft Flight Simulator X (x32)
Fast Duplicate File Finder 3.2.0.1 (x32 Version: 3.2.0.1)
Folder Size 2.8.0.0 (x32 Version: 2.8.0.0)
foobar2000 v1.2.6 (x32 Version: 1.2.6)
Free Mouse Auto Clicker 3.0 (x32)
FSFlyingSchool Pro (x32)
Google Chrome (x32 Version: 30.0.1599.101)
Google Earth (x32 Version: 7.1.1.1888)
Google Update Helper (x32 Version: 1.3.21.165)
Intel® Management Engine Components (x32 Version: 7.0.0.1144)
Intel® Network Connections 15.6.25.0 (Version: 15.6.25.0)
Intel® Rapid Storage Technology (x32 Version: 10.1.0.1008)
iTunes (Version: 11.0.0.163)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
Logitech SetPoint 6.32 (Version: 6.32.20)
Microsoft .NET Framework 4.5 (Version: 4.5.50709)
Microsoft Flight Simulator X (x32 Version: 10.0.61355.0)
Microsoft Flight Simulator X Service Pack 1 (x32 Version: 10.0.61355.0)
Microsoft Flight Simulator X Service Pack 2 (x32 Version: 10.0.61472.0)
Microsoft Office 2010 Service Pack 1 (SP1) (x32)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft SQL Server Compact 3.5 SP2 ENU (x32 Version: 3.5.8080.0)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (Version: 3.5.8080.0)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (x32 Version: 11.0.50727.1)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (x32 Version: 11.0.50727.1)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727)
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727)
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727)
Mozilla Firefox 21.0 (x86 en-US) (x32 Version: 21.0)
Mozilla Maintenance Service (x32 Version: 21.0)
Mp3tag v2.53 (x32 Version: v2.53)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (x32 Version: 4.20.9818.0)
Multi Crew Experience Ver 2.4.7.4 (x32 Version: 2.4.7.4)
MyFreeCodec (HKCU)
Online Flying Kit (FS) (x32 Version: 2.04)
Origin (x32 Version: 9.0.15.65)
Pando Media Booster (x32 Version: 2.6.0.8)
PDF Split And Merge Basic (Version: 2.2.2)
Plan-G v3 (x32 Version: 3.0.0)
PMDG 737 8900 NGX (x32 Version: 1.00.2922)
PMDG 747-400/400F for FSX (x32 Version: 2.10.0040)
PunkBuster Services (x32 Version: 0.991)
QuickTime (x32 Version: 7.74.80.86)
RAAS Professional by FS2Crew (LOCKED) (x32)
RaidCall (x32 Version: 7.2.0-1.0.5185.0)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6235)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.26.0)
ResumeMaker (x32)
Revo Uninstaller Pro 3.0.5 (Version: 3.0.5)
REX Essential Plus Overdrive (x32 Version: 3.5.2012.1029)
Samsung Kies (x32 Version: 2.5.1.12123_2)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.16.0)
SearchNewTab (x32 Version: 2.0.0.1673)
SimCharts 3.0 (x32 Version: 3.0)
SketchUp 2013 (x32 Version: 13.0.4124)
Skype™ 6.6 (x32 Version: 6.6.106)
SpywareBlaster 5.0 (x32 Version: 5.0.0)
Ss_Helper 1.74 (x32)
Steam (x32 Version: 1.0.0.0)
TeamSpeak 3 Client (Version: 3.0.12)
TERA (x32 Version: 18.10.03)
Unified Remote (x32 Version: 2.7.2.0)
Update for Microsoft .NET Framework 4.5 (KB2750147) (x32 Version: 1)
Update for Microsoft .NET Framework 4.5 (KB2805221) (x32 Version: 1)
Update for Microsoft .NET Framework 4.5 (KB2805226) (x32 Version: 1)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553065) (x32)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2566458) (x32)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32)
Update for Microsoft Word 2010 (KB2827323) 32-Bit Edition (x32)
VAFS5 (x32 Version: 5.1.1.18)
Videora iPhone 3GS Converter 6 (x32 Version: 6)
Videora iPod classic Converter 6 (x32 Version: 6)
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
VLC media player 2.0.2 (x32 Version: 2.0.2)
Vuze (Version: 5.1.0.0)
World of Warcraft (x32 Version: 5.1.0.16309)

==================== Restore Points =========================

17-10-2013 13:43:18 Scheduled Checkpoint

==================== Hosts content: ==========================

2009-07-14 10:34 - 2013-05-03 15:35 - 00001663 ___RA C:\Windows\system32\Drivers\etc\hosts
113.105.152.25 www.precisionmanuals.com
127.0.0.1 serials.wilcopub.com
127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net


==================== Scheduled Tasks (whitelisted) =============

Task: {4C5FEA0E-6CE2-4D81-B1A5-E4B74C8C0427} - System32\Tasks\AutoRearm => C:\Windows\AutoRearm\AutoRearm.exe [2013-05-01] ()
Task: {694D0AF8-1B05-4F10-9503-179117493ED2} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {A17DA5A5-9168-4E28-ACDA-A878F8BF76F2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-06] (Google Inc.)
Task: {A910C280-02AD-45F1-842F-88B43BFB78E0} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {BA4C6075-334A-45E1-851C-1D760D7B5F6D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-09-20] (Piriform Ltd)
Task: {D1009B3F-0F51-48BD-B93A-69C65A51E479} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-10] (Adobe Systems Incorporated)
Task: {E2A408D7-3597-420D-AF87-404A57B48A43} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe
Task: {F2E2CDD5-E195-4B71-B483-70D2D27411F5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-06] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-03-17 00:07 - 2011-03-17 00:07 - 04297568 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-08-15 03:28 - 2013-08-15 03:28 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\88896793f7119ee1105ad6f66e559470\IsdiInterop.ni.dll
2012-11-06 20:47 - 2010-11-05 23:50 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2013-02-17 17:13 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2012-08-27 21:33 - 2012-08-27 21:33 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-08-27 21:33 - 2012-08-27 21:33 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-03-17 00:11 - 2011-03-17 00:11 - 04297568 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () D:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-10-18 00:29 - 2013-10-09 08:01 - 00698832 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\libglesv2.dll
2013-10-18 00:29 - 2013-10-09 08:01 - 00099792 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\libegl.dll
2013-10-18 00:29 - 2013-10-09 08:02 - 04055504 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll
2013-10-18 00:29 - 2013-10-09 08:02 - 00415184 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll
2013-10-18 00:29 - 2013-10-09 08:01 - 01604560 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ffmpegsumo.dll
2013-10-18 00:29 - 2013-10-09 08:02 - 13584336 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll
2013-03-12 17:10 - 2013-08-22 06:18 - 00687104 _____ () D:\Program Files (x86)\Steam\SDL2.dll
2012-11-06 22:45 - 2013-10-09 10:19 - 01121704 _____ () D:\Program Files (x86)\Steam\bin\chromehtml.DLL
2012-11-06 22:45 - 2013-09-11 06:20 - 20625832 _____ () D:\Program Files (x86)\Steam\bin\libcef.dll
2012-11-06 22:45 - 2013-06-15 07:49 - 01100800 _____ () D:\Program Files (x86)\Steam\bin\avcodec-53.dll
2012-11-06 22:45 - 2013-06-15 07:49 - 00124416 _____ () D:\Program Files (x86)\Steam\bin\avutil-51.dll
2012-11-06 22:45 - 2013-06-15 07:49 - 00192000 _____ () D:\Program Files (x86)\Steam\bin\avformat-53.dll
2013-10-08 07:14 - 2013-10-08 07:14 - 00197544 _____ () D:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\bin\launcher.dll
2013-09-24 01:05 - 2013-09-24 01:11 - 00391592 _____ () D:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\bin\tier0.dll
2013-09-27 08:24 - 2013-09-27 08:27 - 00329640 _____ () D:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\bin\vstdlib.dll
2013-10-08 07:10 - 2013-10-08 07:14 - 00424360 _____ () D:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\bin\filesystem_stdio.dll
2013-10-22 00:47 - 2013-10-22 00:54 - 06148008 _____ () d:\program files (x86)\steam\steamapps\common\dota 2 beta\bin\engine.dll
2013-10-08 07:10 - 2013-10-08 07:14 - 00823208 _____ () d:\program files (x86)\steam\steamapps\common\dota 2 beta\bin\networksystem.dll
2013-09-27 08:27 - 2013-09-27 08:27 - 00160680 _____ () d:\program files (x86)\steam\steamapps\common\dota 2 beta\bin\inputsystem.dll
2013-09-27 08:24 - 2013-09-27 08:27 - 01171368 _____ () d:\program files (x86)\steam\steamapps\common\dota 2 beta\bin\materialsystem.dll
2013-09-27 08:24 - 2013-09-27 08:27 - 00444840 _____ () d:\program files (x86)\steam\steamapps\common\dota 2 beta\bin\datacache.dll
2013-09-27 08:24 - 2013-09-27 08:27 - 00583080 _____ () d:\program files (x86)\steam\steamapps\common\dota 2 beta\bin\studiorender.dll
2013-09-27 08:27 - 2013-09-27 08:27 - 00169384 _____ () d:\program files (x86)\steam\steamapps\common\dota 2 beta\bin\soundemittersystem.dll
2013-09-27 08:24 - 2013-09-27 08:27 - 01109416 _____ () d:\program files (x86)\steam\steamapps\common\dota 2 beta\bin\vphysics.dll
2013-09-27 08:24 - 2013-09-27 08:27 - 00776616 _____ () d:\program files (x86)\steam\steamapps\common\dota 2 beta\bin\vscript.dll
2013-09-27 08:24 - 2013-09-27 08:27 - 01458088 _____ () d:\program files (x86)\steam\steamapps\common\dota 2 beta\bin\vguimatsurface.dll
2013-10-08 07:10 - 2013-10-08 07:14 - 00460712 _____ () d:\program files (x86)\steam\steamapps\common\dota 2 beta\bin\vgui2.dll
2013-10-16 09:14 - 2013-10-16 09:14 - 05061032 _____ () d:\program files (x86)\steam\steamapps\common\dota 2 beta\bin\scaleformui_4.dll
2013-09-27 08:24 - 2013-09-27 08:27 - 00950696 _____ () D:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\bin\shaderapidx9.dll
2013-09-27 08:27 - 2013-09-27 08:27 - 00145320 _____ () d:\program files (x86)\steam\steamapps\common\dota 2 beta\bin\localize.dll
2013-09-27 08:27 - 2013-09-27 08:27 - 00161192 _____ () d:\program files (x86)\steam\steamapps\common\dota 2 beta\bin\stdshader_dbg.dll
2013-09-27 08:24 - 2013-09-27 08:27 - 01102760 _____ () d:\program files (x86)\steam\steamapps\common\dota 2 beta\bin\stdshader_dx9.dll
2013-10-22 06:17 - 2013-10-22 06:18 - 35069352 _____ () d:\program files (x86)\steam\steamapps\common\dota 2 beta\dota\bin\client.dll
2013-10-22 06:17 - 2013-10-22 06:18 - 17274792 _____ () d:\program files (x86)\steam\steamapps\common\dota 2 beta\dota\bin\server.dll
2013-09-27 08:27 - 2013-09-27 08:27 - 00225192 _____ () D:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\bin\scenefilecache.dll
2013-09-27 08:27 - 2013-09-27 08:27 - 00075176 _____ () d:\program files (x86)\steam\steamapps\common\dota 2 beta\bin\vaudio_miles.dll
2013-06-05 08:24 - 2013-06-05 08:24 - 00071680 _____ () d:\program files (x86)\steam\steamapps\common\dota 2 beta\bin\mssmp3.asi
2013-06-05 08:24 - 2013-06-05 08:24 - 00153088 _____ () d:\program files (x86)\steam\steamapps\common\dota 2 beta\bin\mssvoice.asi
2013-06-05 08:24 - 2013-06-05 08:24 - 00013312 _____ () d:\program files (x86)\steam\steamapps\common\dota 2 beta\bin\mssds3d.flt
2013-06-05 08:24 - 2013-06-05 08:24 - 00055808 _____ () d:\program files (x86)\steam\steamapps\common\dota 2 beta\bin\msseax.flt
2013-09-27 08:24 - 2013-09-27 08:27 - 00935848 _____ () D:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\bin\chromehtml.dll
2013-09-24 01:05 - 2013-09-24 01:11 - 20625832 _____ () D:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\bin\libcef.dll
2013-08-29 04:06 - 2013-08-29 04:07 - 01094158 _____ () D:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\bin\avcodec-53.dll
2013-08-29 04:07 - 2013-08-29 04:07 - 00117262 _____ () D:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\bin\avutil-51.dll
2013-08-29 04:07 - 2013-08-29 04:07 - 00183822 _____ () D:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\bin\avformat-53.dll
2013-09-27 08:27 - 2013-09-27 08:27 - 00171944 _____ () d:\program files (x86)\steam\steamapps\common\dota 2 beta\bin\vaudio_celt.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\.DS_Store:AFP_AfpInfo
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
AlternateDataStreams: C:\Users\BERNIE\.DS_Store:AFP_AfpInfo
AlternateDataStreams: C:\Users\BERNIE\Desktop\.DS_Store:AFP_AfpInfo
AlternateDataStreams: C:\Users\BERNIE\Documents\.DS_Store:AFP_AfpInfo

==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/17/2013 00:08:51 AM) (Source: MsiInstaller) (User: BERNIE-PC)
Description: Product: Adobe Reader XI (11.0.05) - Update 'Adobe Reader XI (11.0.04)' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft....k/?LinkId=23127

Error: (10/17/2013 00:08:51 AM) (Source: MsiInstaller) (User: BERNIE-PC)
Description: Product: Adobe Reader XI (11.0.05) - Update 'Adobe Reader XI (11.0.05)' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft....k/?LinkId=23127

Error: (10/17/2013 00:08:49 AM) (Source: MsiInstaller) (User: BERNIE-PC)
Description: Product: Adobe Reader XI (11.0.05) -- Error 1307.There is not enough disk space to install thi file C:\Config.Msi\PTCF84.tmp. Free some disk space and click Retry, or click Cancel to exit.

Error: (10/14/2013 02:45:19 AM) (Source: System Restore) (User: )
Description: The scheduled restore point could not be created. Additional information: (0x8004231f).

Error: (10/14/2013 02:45:19 AM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x8004231f).

Error: (10/13/2013 00:00:20 AM) (Source: System Restore) (User: )
Description: The scheduled restore point could not be created. Additional information: (0x8004231f).

Error: (10/13/2013 00:00:20 AM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x8004231f).

Error: (10/10/2013 03:22:18 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/03/2013 01:53:41 AM) (Source: Microsoft-Windows-Defrag) (User: )
Description: The volume EXT1 (F:) was not defragmented because an error was encountered: The disk was disconnected from the system. (0x89000011)

Error: (09/29/2013 03:02:29 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (10/18/2013 07:07:32 PM) (Source: Service Control Manager) (User: )
Description: The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (10/12/2013 05:08:24 PM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (10/11/2013 11:13:35 PM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (10/10/2013 11:12:48 PM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (10/10/2013 03:19:57 AM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (10/10/2013 03:19:02 AM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (10/10/2013 03:03:18 AM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (10/09/2013 05:36:54 PM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (10/09/2013 00:38:57 AM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (10/07/2013 06:51:46 PM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.


Microsoft Office Sessions:
=========================
Error: (10/17/2013 00:08:51 AM) (Source: MsiInstaller)(User: BERNIE-PC)
Description: Adobe Reader XI (11.0.05)Adobe Reader XI (11.0.04)1603(NULL)(NULL)(NULL)

Error: (10/17/2013 00:08:51 AM) (Source: MsiInstaller)(User: BERNIE-PC)
Description: Adobe Reader XI (11.0.05)Adobe Reader XI (11.0.05)1603(NULL)(NULL)(NULL)

Error: (10/17/2013 00:08:49 AM) (Source: MsiInstaller)(User: BERNIE-PC)
Description: Product: Adobe Reader XI (11.0.05) -- Error 1307.There is not enough disk space to install thi file C:\Config.Msi\PTCF84.tmp. Free some disk space and click Retry, or click Cancel to exit.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (10/14/2013 02:45:19 AM) (Source: System Restore)(User: )
Description: 0x8004231f

Error: (10/14/2013 02:45:19 AM) (Source: System Restore)(User: )
Description: C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreationScheduled Checkpoint0x8004231f

Error: (10/13/2013 00:00:20 AM) (Source: System Restore)(User: )
Description: 0x8004231f

Error: (10/13/2013 00:00:20 AM) (Source: System Restore)(User: )
Description: C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreationScheduled Checkpoint0x8004231f

Error: (10/10/2013 03:22:18 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/03/2013 01:53:41 AM) (Source: Microsoft-Windows-Defrag)(User: )
Description: EXT1 (F:)The disk was disconnected from the system. (0x89000011)

Error: (09/29/2013 03:02:29 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info ===========================

Percentage of memory in use: 91%
Total physical RAM: 8168.87 MB
Available physical RAM: 725.49 MB
Total Pagefile: 18338.61 MB
Available Pagefile: 7309.37 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:119.14 GB) (Free:13.68 GB) NTFS
Drive d: () (Fixed) (Total:1863.01 GB) (Free:414.15 GB) NTFS
Drive z: (Storage) (Fixed) (Total:1863.01 GB) (Free:246.11 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 409EEAF5)
Partition 1: (Not Active) - (Size=-198626508800) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 119 GB) (Disk ID: C8CEE171)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=119 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: C8CEE10D)
Partition 1: (Not Active) - (Size=-198626508800) - (Type=07 NTFS)

==================== End Of Log ============================
  • 0

#5
emeraldnzl
Posted 22 October 2013 - 02:10 AM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello jber,

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
  • 0

#6
jber
Posted 22 October 2013 - 09:41 AM

jber

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-10-2013
Ran by BERNIE at 2013-10-22 23:41:28 Run:1
Running from D:\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
2013-10-17 20:29 - 2013-10-17 20:29 - 00000000 ____D C:\ProgramData\SearchNewTab
AlternateDataStreams: C:\Users\.DS_Store:AFP_AfpInfo
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
AlternateDataStreams: C:\Users\BERNIE\.DS_Store:AFP_AfpInfo
AlternateDataStreams: C:\Users\BERNIE\Desktop\.DS_Store:AFP_AfpInfo
AlternateDataStreams: C:\Users\BERNIE\Documents\.DS_Store:AFP_AfpInfo
*****************

HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
C:\ProgramData\SearchNewTab => Moved successfully.
C:\Users\.DS_Store => ":AFP_AfpInfo" ADS removed successfully.
C:\ProgramData\TEMP => ":5C321E34" ADS removed successfully.
C:\Users\BERNIE\.DS_Store => ":AFP_AfpInfo" ADS removed successfully.
C:\Users\BERNIE\Desktop\.DS_Store => ":AFP_AfpInfo" ADS removed successfully.
C:\Users\BERNIE\Documents\.DS_Store => ":AFP_AfpInfo" ADS removed successfully.

==== End of Fixlog ====
  • 0

#7
emeraldnzl
Posted 22 October 2013 - 12:13 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right click JRT.exe and "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

  • 0

#8
jber
Posted 23 October 2013 - 09:30 AM

jber

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.7 (10.15.2013:3)
OS: Windows 7 Home Premium x64
Ran by BERNIE on Wed 23/10/2013 at 23:23:00.04
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\secman.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\sprotector
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{c670dcae-e392-aa32-6f42-143c7fc4bdfd}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{d793423b-ff18-4a54-b9c9-75b3396baac4}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\sprotector



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\BERNIE\AppData\Roaming\red kawa"



~~~ Chrome

Successfully deleted: [Folder] C:\Users\BERNIE\appdata\local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 23/10/2013 at 23:26:16.27
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • 0

#9
emeraldnzl
Posted 23 October 2013 - 11:56 AM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Please download ComboFix from this location:

Link

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.

  • Double click on ComboFix.exe & follow the prompts.
  • If you have an older Operating System you may be asked whether you want to install the Recovery Console. Click yes and follow any prompts.
  • Your desktop may go blank. This is normal.
  • ComboFix may appear to be doing nothing for quite long periods, this is normal, just leave it to do it's job.
  • ComboFix may reboot your machine. This is normal too.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#10
jber
Posted 24 October 2013 - 12:19 PM

jber

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Just a note emeraldnzl, the log I've posted is the product of the second run of ComboFix that I downloaded from your post. Reason being it hanged at some point during the first run. I proceeded to restart the computer since I couldn't find the .txt file that you mentioned. Attached is the screenshot of where it decided to hang.

ComboFix 13-10-24.01 - BERNIE 25/10/2013 2:11.2.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.65.1033.18.8169.5866 [GMT 8:00]
Running from: d:\users\BERNIE\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\programdata\DOwnloAd keepEr\9n.exe
c:\users\BERNIE\AppData\Local\assembly\tmp
c:\users\BERNIE\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlacodncmjmllbcmnkmkdocigknmlljd
c:\users\BERNIE\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlacodncmjmllbcmnkmkdocigknmlljd\1.6\background.html
c:\users\BERNIE\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlacodncmjmllbcmnkmkdocigknmlljd\1.6\ch.js
c:\users\BERNIE\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlacodncmjmllbcmnkmkdocigknmlljd\1.6\content.js
c:\users\BERNIE\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlacodncmjmllbcmnkmkdocigknmlljd\1.6\lsdb.js
c:\users\BERNIE\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlacodncmjmllbcmnkmkdocigknmlljd\1.6\manifest.json
c:\users\BERNIE\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlacodncmjmllbcmnkmkdocigknmlljd\1.6\sqlite.js
c:\users\BERNIE\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jlacodncmjmllbcmnkmkdocigknmlljd_0.localstorage-journal
c:\users\BERNIE\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jlacodncmjmllbcmnkmkdocigknmlljd_0.localstorage
c:\users\BERNIE\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\BERNIE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ChillControl V.exe.lnk
c:\users\BERNIE\AppData\Roaming\Mozilla\Firefox\Profiles\z42nxq37.default\extensions\staged
c:\users\BERNIE\AppData\Roaming\Mozilla\Firefox\Profiles\z42nxq37.default\extensions\staged\[email protected]\bootstrap.js
c:\users\BERNIE\AppData\Roaming\Mozilla\Firefox\Profiles\z42nxq37.default\extensions\staged\[email protected]\chrome.manifest
c:\users\BERNIE\AppData\Roaming\Mozilla\Firefox\Profiles\z42nxq37.default\extensions\staged\[email protected]\content\bg.js
c:\users\BERNIE\AppData\Roaming\Mozilla\Firefox\Profiles\z42nxq37.default\extensions\staged\[email protected]\install.rdf
c:\users\BERNIE\AppData\Roaming\Mozilla\Firefox\Profiles\z42nxq37.default\extensions\staged\[email protected]\bootstrap.js
c:\users\BERNIE\AppData\Roaming\Mozilla\Firefox\Profiles\z42nxq37.default\extensions\staged\[email protected]\chrome.manifest
c:\users\BERNIE\AppData\Roaming\Mozilla\Firefox\Profiles\z42nxq37.default\extensions\staged\[email protected]\content\bg.js
c:\users\BERNIE\AppData\Roaming\Mozilla\Firefox\Profiles\z42nxq37.default\extensions\staged\[email protected]\install.rdf
c:\windows\Installer\{5F2A7080-CE89-442D-ABF8-5991FF351A09}\ChillControl_V.exe_FBACECEBBA5A4D8EB5F25C5474C60354.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-09-24 to 2013-10-24 )))))))))))))))))))))))))))))))
.
.
2013-10-24 18:14 . 2013-10-24 18:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-10-24 18:14 . 2013-10-24 18:14 -------- d-----w- c:\users\BERNIE\AppData\Local\temp
2013-10-23 15:22 . 2013-10-23 15:22 -------- d-----w- c:\windows\ERUNT
2013-10-22 06:26 . 2013-10-22 06:26 -------- d-----w- C:\FRST
2013-10-18 11:04 . 2013-10-18 11:04 -------- d-----w- c:\programdata\Licenses
2013-10-17 16:36 . 2013-10-17 16:36 -------- d-----w- c:\program files\CCleaner
2013-10-17 12:30 . 2013-10-17 12:30 -------- d-----w- c:\programdata\SummerSoft
2013-10-17 12:29 . 2013-10-17 12:29 -------- d-----w- c:\program files (x86)\Ss_Helper
2013-10-17 12:29 . 2013-10-24 16:57 -------- d-----w- c:\programdata\DOwnloAd keepEr
2013-10-17 12:28 . 2013-10-17 12:30 -------- d-----w- c:\programdata\InstallMate
2013-10-09 19:45 . 2013-10-09 19:45 -------- d-----w- c:\windows\rescache
2013-10-09 09:53 . 2013-07-04 12:50 633856 ----a-w- c:\windows\system32\comctl32.dll
2013-10-09 09:52 . 2013-08-28 01:21 3155968 ----a-w- c:\windows\system32\win32k.sys
2013-10-09 09:48 . 2013-07-20 10:33 102608 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 09:48 . 2013-07-20 10:33 124112 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 09:48 . 2013-08-01 12:09 983488 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-10-09 09:48 . 2013-08-28 01:12 461312 ----a-w- c:\windows\system32\scavengeui.dll
2013-10-09 09:48 . 2013-09-04 12:12 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-10-09 09:48 . 2013-09-04 12:11 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-10-09 09:48 . 2013-09-04 12:11 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-10-09 09:48 . 2013-09-04 12:11 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-10-09 09:48 . 2013-09-04 12:11 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-10-09 09:48 . 2013-09-04 12:11 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2013-10-09 09:48 . 2013-09-04 12:11 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-09-27 16:15 . 2013-09-27 16:15 -------- d-----w- c:\programdata\ATI
2013-09-27 16:15 . 2013-09-27 16:15 -------- d-----w- c:\program files (x86)\AMD AVT
2013-09-27 16:11 . 2013-09-27 16:13 -------- d-----w- c:\programdata\Package Cache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-09 19:00 . 2012-11-06 13:14 80541720 ----a-w- c:\windows\system32\MRT.exe
2013-10-09 16:05 . 2012-11-11 04:51 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-09 16:05 . 2012-11-11 04:51 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-09-04 17:43 . 2013-09-04 17:43 45880 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
2013-08-31 00:14 . 2013-08-31 00:14 78432 ----a-w- c:\windows\system32\atimpc64.dll
2013-08-31 00:14 . 2013-08-31 00:14 78432 ----a-w- c:\windows\system32\amdpcom64.dll
2013-08-31 00:14 . 2013-08-31 00:14 71704 ----a-w- c:\windows\SysWow64\atimpc32.dll
2013-08-31 00:14 . 2013-08-31 00:14 71704 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2013-08-31 00:14 . 2013-08-31 00:14 125824 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2013-08-31 00:14 . 2011-04-19 17:21 142792 ----a-w- c:\windows\system32\atiuxp64.dll
2013-08-31 00:13 . 2012-09-28 01:11 114488 ----a-w- c:\windows\system32\atiu9p64.dll
2013-08-31 00:13 . 2011-04-19 17:21 97984 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2013-08-31 00:13 . 2011-04-19 18:07 1233080 ----a-w- c:\windows\system32\aticfx64.dll
2013-08-31 00:13 . 2013-03-29 02:37 1027544 ----a-w- c:\windows\SysWow64\aticfx32.dll
2013-08-31 00:13 . 2011-04-19 17:49 9464840 ----a-w- c:\windows\system32\atidxx64.dll
2013-08-31 00:13 . 2013-08-31 00:13 8215992 ----a-w- c:\windows\SysWow64\atidxx32.dll
2013-08-31 00:13 . 2013-08-31 00:13 6176008 ----a-w- c:\windows\SysWow64\atiumdva.dll
2013-08-31 00:13 . 2013-08-31 00:13 6189416 ----a-w- c:\windows\SysWow64\atiumdag.dll
2013-08-31 00:13 . 2012-09-28 01:31 6767240 ----a-w- c:\windows\system32\atiumd6a.dll
2013-08-31 00:13 . 2012-09-28 01:25 7256496 ----a-w- c:\windows\system32\atiumd64.dll
2013-08-31 00:11 . 2013-08-31 00:11 12528640 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2013-08-30 23:48 . 2013-08-30 23:48 127488 ----a-w- c:\windows\system32\coinst_13.152.dll
2013-08-30 23:48 . 2013-08-30 23:48 229376 ----a-w- c:\windows\system32\clinfo.exe
2013-08-30 23:47 . 2013-08-30 23:47 98816 ----a-w- c:\windows\system32\OpenVideo64.dll
2013-08-30 23:47 . 2013-08-30 23:47 83456 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2013-08-30 23:47 . 2013-08-30 23:47 86528 ----a-w- c:\windows\system32\OVDecode64.dll
2013-08-30 23:47 . 2013-08-30 23:47 73216 ----a-w- c:\windows\SysWow64\OVDecode.dll
2013-08-30 23:47 . 2013-08-30 23:47 28192256 ----a-w- c:\windows\system32\amdocl64.dll
2013-08-30 23:45 . 2013-08-30 23:45 23760896 ----a-w- c:\windows\SysWow64\amdocl.dll
2013-08-30 23:43 . 2013-08-30 23:43 63488 ----a-w- c:\windows\system32\OpenCL.dll
2013-08-30 23:43 . 2013-08-30 23:43 57344 ----a-w- c:\windows\SysWow64\OpenCL.dll
2013-08-30 23:35 . 2013-08-30 23:35 25387520 ----a-w- c:\windows\system32\atio6axx.dll
2013-08-30 23:18 . 2013-08-30 23:18 368640 ----a-w- c:\windows\system32\atiapfxx.exe
2013-08-30 23:18 . 2013-08-30 23:18 62464 ----a-w- c:\windows\system32\aticalrt64.dll
2013-08-30 23:18 . 2013-08-30 23:18 52224 ----a-w- c:\windows\SysWow64\aticalrt.dll
2013-08-30 23:18 . 2013-08-30 23:18 55808 ----a-w- c:\windows\system32\aticalcl64.dll
2013-08-30 23:18 . 2013-08-30 23:18 49152 ----a-w- c:\windows\SysWow64\aticalcl.dll
2013-08-30 23:17 . 2013-08-30 23:17 15716352 ----a-w- c:\windows\system32\aticaldd64.dll
2013-08-30 23:14 . 2013-08-30 23:14 14302208 ----a-w- c:\windows\SysWow64\aticaldd.dll
2013-08-30 23:13 . 2013-08-30 23:13 21400064 ----a-w- c:\windows\SysWow64\atioglxx.dll
2013-08-30 22:59 . 2012-09-28 01:39 442368 ----a-w- c:\windows\system32\atidemgy.dll
2013-08-30 22:58 . 2013-08-30 22:58 26112 ----a-w- c:\windows\system32\atimuixx.dll
2013-08-30 22:58 . 2013-08-30 22:58 571904 ----a-w- c:\windows\system32\atieclxx.exe
2013-08-30 22:57 . 2013-08-30 22:57 239616 ----a-w- c:\windows\system32\atiesrxx.exe
2013-08-30 22:56 . 2013-08-30 22:56 190976 ----a-w- c:\windows\system32\atitmm64.dll
2013-08-30 22:33 . 2012-09-28 01:13 784384 ----a-w- c:\windows\system32\atiadlxx.dll
2013-08-30 22:33 . 2013-08-30 22:33 594944 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2013-08-30 22:33 . 2013-08-30 22:33 43520 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2013-08-30 22:32 . 2013-08-30 22:32 75264 ----a-w- c:\windows\system32\atig6pxx.dll
2013-08-30 22:32 . 2013-08-30 22:32 69632 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2013-08-30 22:32 . 2013-08-30 22:32 69632 ----a-w- c:\windows\system32\atiglpxx.dll
2013-08-30 22:32 . 2013-08-30 22:32 100352 ----a-w- c:\windows\system32\atig6txx.dll
2013-08-30 22:32 . 2013-08-30 22:32 96768 ----a-w- c:\windows\SysWow64\atigktxx.dll
2013-08-30 22:32 . 2013-08-30 22:32 618496 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2013-08-30 11:58 . 2013-08-30 11:58 51200 ----a-w- c:\windows\system32\kdbsdk64.dll
2013-08-30 11:53 . 2013-08-30 11:53 38912 ----a-w- c:\windows\SysWow64\kdbsdk32.dll
2013-08-29 01:48 . 2013-10-09 09:52 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-08-05 02:25 . 2013-09-10 18:04 155584 ----a-w- c:\windows\system32\drivers\ataport.sys
2013-08-02 02:14 . 2013-09-10 18:04 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-08-02 02:13 . 2013-09-10 18:04 424448 ----a-w- c:\windows\system32\KernelBase.dll
2013-08-02 02:13 . 2013-09-10 18:04 1161216 ----a-w- c:\windows\system32\kernel32.dll
2013-08-02 02:12 . 2013-09-10 18:04 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-08-02 02:12 . 2013-09-10 18:04 6656 ----a-w- c:\windows\system32\apisetschema.dll
2013-08-02 02:12 . 2013-09-10 18:04 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-08-02 02:12 . 2013-09-10 18:04 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 02:12 . 2013-09-10 18:04 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-08-02 02:12 . 2013-09-10 18:04 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-08-02 02:12 . 2013-09-10 18:04 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 02:12 . 2013-09-10 18:04 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-08-02 02:12 . 2013-09-10 18:04 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-08-02 02:12 . 2013-09-10 18:04 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-08-02 02:12 . 2013-09-10 18:04 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-08-02 02:12 . 2013-09-10 18:04 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-08-02 02:12 . 2013-09-10 18:04 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-08-02 02:12 . 2013-09-10 18:04 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-08-02 02:12 . 2013-09-10 18:04 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-08-02 02:12 . 2013-09-10 18:04 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-08-02 02:12 . 2013-09-10 18:04 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-08-02 02:12 . 2013-09-10 18:04 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-08-02 02:12 . 2013-09-10 18:04 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-08-02 02:12 . 2013-09-10 18:04 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-08-02 02:12 . 2013-09-10 18:04 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-08-02 02:12 . 2013-09-10 18:04 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-08-02 02:12 . 2013-09-10 18:04 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-08-02 02:12 . 2013-09-10 18:04 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-08-02 02:12 . 2013-09-10 18:04 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-08-02 02:12 . 2013-09-10 18:04 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-08-02 02:12 . 2013-09-10 18:04 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-08-02 02:12 . 2013-09-10 18:04 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-08-02 02:12 . 2013-09-10 18:04 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-08-02 02:12 . 2013-09-10 18:04 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-08-02 01:50 . 2013-09-10 18:04 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll
2013-08-02 01:48 . 2013-09-10 18:04 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-08-02 01:48 . 2013-09-10 18:04 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2013-08-02 01:48 . 2013-09-10 18:04 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2013-08-02 01:48 . 2013-09-10 18:04 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-08-02 01:48 . 2013-09-10 18:04 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2013-08-02 01:48 . 2013-09-10 18:04 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2013-08-02 01:48 . 2013-09-10 18:04 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2013-08-02 01:48 . 2013-09-10 18:04 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-24 17:59 130736 ----a-w- c:\users\BERNIE\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-24 17:59 130736 ----a-w- c:\users\BERNIE\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-24 17:59 130736 ----a-w- c:\users\BERNIE\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-24 17:59 130736 ----a-w- c:\users\BERNIE\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="d:\program files (x86)\Steam\Steam.exe" [2013-10-09 1813928]
"LCLC Control Panel"="c:\program files (x86)\Antec CC\ChillControl V.exe" [2011-05-25 686592]
"Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2009-07-14 44544]
"DAEMON Tools Lite"="d:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-11-06 3673728]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2012-12-05 3093624]
"KiesPreload"="d:\program files (x86)\Samsung\Kies\Kies.exe" [2012-12-20 1476104]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-11-05 283160]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-26 375000]
"AVG_UI"="d:\program files (x86)\AVG\AVG2013\avgui.exe" [2013-09-22 4411952]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-11-01 90448]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"iTunesHelper"="d:\program files (x86)\iTunes\iTunesHelper.exe" [2012-11-28 151952]
"KiesTrayAgent"="d:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-12-20 310280]
"ControlCenter4"="c:\program files (x86)\ControlCenter4\BrCcBoot.exe" [2012-09-06 143360]
"BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2012-06-06 3076096]
"RaidCall"="d:\program files (x86)\RaidCall\raidcall.exe" [2013-04-01 3423928]
"Adobe Acrobat Speed Launcher"="d:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-01-03 36760]
"Acrobat Assistant 8.0"="d:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-01-03 815512]
"QuickTime Task"="d:\program files (x86)\QuickTime\QTTask.exe" [2013-04-30 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-11 253816]
"BCSSync"="d:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"StartCCC"="d:\program files\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2013-08-30 766208]
.
c:\users\BERNIE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\BERNIE\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]
EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2013-10-3 1103200]
EvernoteTray.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteTray.exe [2013-10-3 394592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 AVGIDSAgent;AVGIDSAgent;d:\program files (x86)\AVG\AVG2013\avgidsagent.exe;d:\program files (x86)\AVG\AVG2013\avgidsagent.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;d:\program files (x86)\Skype\Updater\Updater.exe;d:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 avgwd;AVG WatchDog;d:\program files (x86)\AVG\AVG2013\avgwdsvc.exe;d:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [x]
S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]
S3 ASEUSBCC;ASEUSBCC;c:\windows\system32\drivers\AseUSBCC.sys;c:\windows\SYSNATIVE\drivers\AseUSBCC.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe;c:\program files (x86)\Browny02\BrYNSvc.exe [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-10-17 16:28 1185744 ----a-w- c:\program files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-10-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-11 16:05]
.
2013-10-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-06 12:45]
.
2013-10-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-06 12:45]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-24 17:59 164016 ----a-w- c:\users\BERNIE\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-24 17:59 164016 ----a-w- c:\users\BERNIE\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-24 17:59 164016 ----a-w- c:\users\BERNIE\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-24 17:59 164016 ----a-w- c:\users\BERNIE\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-02 11545192]
"EvtMgr6"="d:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com.sg/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Clip Image - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4
IE: Clip selection - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3
IE: Clip this page - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1
IE: Clip URL - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
IE: E&xport to Microsoft Excel - d:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: New Note - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html
IE: Se&nd to OneNote - d:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 202.156.1.16 218.186.2.16 218.186.2.6
FF - ProfilePath - c:\users\BERNIE\AppData\Roaming\Mozilla\Firefox\Profiles\z42nxq37.default\
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-NCsoft Launcher - d:\program files (x86)\NCSoft\Launcher\NCLauncher.exe
Wow6432Node-HKCU-Run-KiesAirMessage - d:\program files (x86)\Samsung\Kies\KiesAirMessage.exe
Wow6432Node-HKCU-Run-AVG-Secure-Search-Update_0913b - c:\users\BERNIE\AppData\Roaming\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe
AddRemove-{C1A27135-69EB-8D44-7358-34727DD7B820} - c:\programdata\DOwnloAd keepEr\9n.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-10-25 02:15:02
ComboFix-quarantined-files.txt 2013-10-24 18:15
.
Pre-Run: 17,405,927,424 bytes free
Post-Run: 17,255,927,808 bytes free
.
- - End Of File - - F7309496FFB44ECDA90ADCB7A2BA47F8
  • 0

#11
emeraldnzl
Posted 24 October 2013 - 01:53 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello again jber,

I take it that it ran through fully the second time around?

Now

Please run a free online scan with the ESET Online Scanner

Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator.

Note: This scan works with Internet Explorer or Mozilla FireFox.

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

  • Click the green ESET Online Scanner box
  • Tick the box next to YES, I accept the Terms of Use
    then click on: Start
  • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, make sure you copy the logfile first!
  • Then click on: Finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic and tell me how your machine is now.

  • 0

#12
jber
Posted 25 October 2013 - 06:54 AM

jber

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
There was no logfile located at the file path you indicated. I went to save the log of deleted files from after the scan.

C:\Program Files (x86)\Ss_Helper\uninstall.exe a variant of Win32/SProtector.B application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\BERNIE\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlacodncmjmllbcmnkmkdocigknmlljd\1.6\ch.js.vir Win32/Adware.MultiPlug.H application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\BERNIE\AppData\Roaming\Mozilla\Firefox\Profiles\z42nxq37.default\extensions\staged\[email protected]\content\bg.js.vir Win32/Adware.MultiPlug.H application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\BERNIE\AppData\Roaming\Mozilla\Firefox\Profiles\z42nxq37.default\extensions\staged\[email protected]\content\bg.js.vir Win32/Adware.MultiPlug.H application cleaned by deleting - quarantined
C:\Users\BERNIE\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\00\00000000 Win32/InstalleRex.K application cleaned by deleting - quarantined
D:\Downloads\FSX Files\Addons\MultiCrewExperience2474.rar probably a variant of Win32/HackTool.TrialKiller.C application deleted - quarantined
D:\Downloads\FSX Files\Addons\Aircraft\PMDG 737NGX\Crack PMDG NGX.exe a variant of Win32/HackTool.Patcher.T application cleaned by deleting - quarantined
D:\Downloads\FSX Files\MCE2474\MCE2474\MCEL.rar probably a variant of Win32/HackTool.TrialKiller.C application deleted - quarantined
D:\Downloads\FSX Files\MCE2474\MCE2474\MCEL\LAUNCHER\tKill.exe probably a variant of Win32/HackTool.TrialKiller.C application cleaned by deleting - quarantined
D:\My Documents\Reference\KIA CERATO FORTE 2009 2010 SERVICE REPAIR MANUAL pdf.exe Win32/InstalleRex.J application cleaned by deleting - quarantined
D:\OWNER-PC\Backup Set 2011-10-15 111454\Backup Files 2011-11-06 190001\Backup files 3.zip Win32/OpenCandy application deleted - quarantined
D:\OWNER-PC\Backup Set 2011-10-15 111454\Backup Files 2011-12-11 190001\Backup files 2.zip multiple threats deleted - quarantined
D:\OWNER-PC\Backup Set 2011-10-15 111454\Backup Files 2012-03-18 190001\Backup files 2.zip Win32/InstallMate application deleted - quarantined
D:\OWNER-PC\Backup Set 2012-04-15 190001\Backup Files 2012-04-15 190001\Backup files 42.zip a variant of Win32/Bundled.Toolbar.Ask application deleted - quarantined
D:\OWNER-PC\Backup Set 2012-08-26 190001\Backup Files 2012-08-26 190001\Backup files 64.zip a variant of Win32/Bundled.Toolbar.Ask application deleted - quarantined
D:\Program Files (x86)\Cheat Engine 6.1\cheatengine-i386.exe a variant of Win32/HackTool.CheatEngine.AB application cleaned by deleting - quarantined
D:\Program Files (x86)\Codemasters\DiRT 3\paul.dll Win32/HackTool.Crack.O application cleaned by deleting - quarantined
D:\Program Files (x86)\Codemasters\DiRT 3\SKIDROW.dll Win32/HackTool.Crack.O application cleaned by deleting - quarantined
D:\Program Files (x86)\Multi Crew Experience\LAUNCHER\tKill.exe probably a variant of Win32/HackTool.TrialKiller.C application cleaned by deleting - quarantined
D:\Vuze Downloads\Flight1_Mustang107.rar Win32/HackTool.Patcher.A application deleted - quarantined
Z:\Backup\GarenaHack3.3R2_final2_CK_124b.exe a variant of Win32/VB.OPP trojan cleaned by deleting - quarantined
Z:\LAPTOP\DESKTOP\DTLite4413-0173.exe Win32/OpenCandy application cleaned by deleting - quarantined
Z:\Vuze Downloads\Games\Dirt 3\sr-dirt3.iso Win32/HackTool.Crack.O application deleted - quarantined
Z:\Vuze Downloads\Games\The Sims 3\The Sims 3 - Razor1911 MAXSPEED www.torentz.3xforum.ro\The Sims 3 - Razor1911 MAXSPEED www.torentz.3xforum.ro.iso a variant of Win32/Keygen.GU application deleted - quarantined

New tabs no longer shows the bogus search engine!

Websites no longer display random ad links!

Feels like the system is clean of this trojan. Thanks a bunch!
  • 0

#13
emeraldnzl
Posted 25 October 2013 - 12:05 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello again jber,

I think you are good to go.

We have a couple of last steps to perform and then you're all set.Posted Image

Follow these steps to uninstall Combofix and tools used in the removal of malware. This will also clean out and reset your Restore Points.

  • Go to Start > Programs > Accessories and click on Run
  • Copy and paste the the bolded text below in the box then hit OK

    Combofix /Uninstall

    Posted Image
Step 2
  • Double-click OTL.exe to run it. (Vista users, please right click on OTL.exe and select "Run as an Administrator")
  • Click on the CleanUp! button
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.
Any other tools remaining may be deleted.

-------------------------------------------------------------------------------------------------------------------

A reminder: Remember to (re-install if uninstalled during cleaning) update and turn back on any anti-malware programs you may have turned off during the cleaning process.
-------------------------------------------------------------------------------------------------------------------

Here are some things that I think are worth having a look at if you don't already know about them:

---------------------------------------------------------------------------------------------------------------------

It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article Strong passwords: How to create and use them.

----------------------------------------------------------------------------------------------------------------------

Java warning

Java is a popular point of entry to your computer for malicous programs. The United States Department of Homeland Security recommends that computer users disable Java, see here. Unless you need it to run an important software the safest approach is to completely uninstall Java. Where you do require it, then the next safest option is to disable it in your browsers until you need it, then enable it.

How to disable Java in your web browser and How to unplug Java from the browser

If you do still need Java then regularly check that it is up to date. Older versions are the most vulnerable to malicious attack.

  • Download Java for Windows

    Reboot your computer.
    You also need to unininstall older versions of Java.
  • Click Start > Control Panel > Add or Remove Programs
  • Remove all Java updates except the latest one you have just installed.
--------------------------------------------------------------------------------------------------------------------

To help protect your computer in the future:



If you do not already have automatic updates set then it is recommended that you do set Windows to check, download and install your updates automatically.

* Click Start > Control Panel > System and Security > Windows Update
* Under Windows Update click on Turn automatic updating on or off
* Check items shown to ensure you receive updates automatically. Click OK.

Be aware of what emails you open and websites you visit.

Go here for some good advice about how to prevent infection.

A fun way to check your online safety literacy.

Quiz - getsafeonline

Have a safe and happy computing day!
  • 0

#14
emeraldnzl
Posted 03 November 2013 - 09:22 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP