Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

BSOD xp emeraldnzl [Solved]


  • This topic is locked This topic is locked

#1
cmislin

cmislin

    Member

  • Member
  • PipPipPip
  • 384 posts
I've had two threads on the windows XP forums about BSOD it was suggested I headed over here to get checked out. I'm currently running in safemode with network support. Here is the log info from OTL.



OTL logfile created on: 11/23/2013 12:33:12 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\cookie\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 1.39 Gb Available Physical Memory | 42.68% Memory free
5.09 Gb Paging File | 3.11 Gb Available in Paging File | 60.98% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 53.48 Gb Free Space | 17.94% Space Free | Partition Type: NTFS
Drive D: | 298.08 Gb Total Space | 116.47 Gb Free Space | 39.07% Space Free | Partition Type: NTFS
Drive E: | 27.85 Gb Total Space | 25.36 Gb Free Space | 91.04% Space Free | Partition Type: FAT32
Drive H: | 3.77 Gb Total Space | 0.16 Gb Free Space | 4.33% Space Free | Partition Type: FAT32

Computer Name: CHRIS-8F370AB9F | User Name: cookie | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/11/23 00:32:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\cookie\My Documents\Downloads\OTL.exe
PRC - [2013/11/14 06:29:33 | 000,863,184 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2013/11/06 16:25:52 | 000,066,624 | ---- | M] (Raptr, Inc) -- C:\Program Files\Raptr\raptr.exe
PRC - [2013/11/06 16:25:52 | 000,046,144 | ---- | M] (Raptr, Inc) -- C:\Program Files\Raptr\raptr_im.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2013/11/20 17:26:17 | 004,591,616 | ---- | M] () -- C:\Documents and Settings\cookie\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\1.0.5.0\libGLESv2.dll
MOD - [2013/11/20 17:26:17 | 000,112,128 | ---- | M] () -- C:\Documents and Settings\cookie\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\1.0.5.0\libEGL.dll
MOD - [2013/11/14 06:29:31 | 000,399,312 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.57\ppgooglenaclpluginchrome.dll
MOD - [2013/11/14 06:29:30 | 013,582,800 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll
MOD - [2013/11/14 06:29:29 | 004,055,504 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.57\pdf.dll
MOD - [2013/11/14 06:28:34 | 001,619,408 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.57\ffmpegsumo.dll
MOD - [2013/05/09 18:52:58 | 001,183,699 | ---- | M] () -- C:\Program Files\Raptr\liboscar.dll
MOD - [2013/05/09 18:52:58 | 000,483,306 | ---- | M] () -- C:\Program Files\Raptr\plugins\libicq.dll
MOD - [2013/05/09 18:52:56 | 000,495,680 | ---- | M] () -- C:\Program Files\Raptr\plugins\libaim.dll
MOD - [2013/05/03 13:57:16 | 001,640,221 | ---- | M] () -- C:\Program Files\Raptr\libjabber.dll
MOD - [2013/05/03 13:57:14 | 001,053,730 | ---- | M] () -- C:\Program Files\Raptr\libymsg.dll
MOD - [2013/05/03 13:57:06 | 000,655,356 | ---- | M] () -- C:\Program Files\Raptr\plugins\libirc.dll
MOD - [2013/05/03 13:57:04 | 000,603,326 | ---- | M] () -- C:\Program Files\Raptr\plugins\ssl-nss.dll
MOD - [2013/05/03 13:57:02 | 000,474,199 | ---- | M] () -- C:\Program Files\Raptr\plugins\ssl.dll
MOD - [2013/05/03 13:57:00 | 000,497,782 | ---- | M] () -- C:\Program Files\Raptr\plugins\libyahoojp.dll
MOD - [2013/05/03 13:56:50 | 001,306,387 | ---- | M] () -- C:\Program Files\Raptr\plugins\libmsn.dll
MOD - [2013/05/03 13:56:46 | 000,565,461 | ---- | M] () -- C:\Program Files\Raptr\plugins\libxmpp.dll
MOD - [2013/05/03 13:56:44 | 000,506,276 | ---- | M] () -- C:\Program Files\Raptr\plugins\libyahoo.dll
MOD - [2012/10/27 02:53:18 | 002,717,595 | ---- | M] () -- C:\Program Files\Raptr\heliotrope._purple.pyd
MOD - [2012/06/22 16:59:52 | 000,313,856 | ---- | M] () -- C:\Program Files\Raptr\PyQt4.QtWebKit.pyd
MOD - [2012/06/22 16:55:58 | 000,494,592 | ---- | M] () -- C:\Program Files\Raptr\PyQt4.QtNetwork.pyd
MOD - [2012/06/22 16:53:22 | 005,812,736 | ---- | M] () -- C:\Program Files\Raptr\PyQt4.QtGui.pyd
MOD - [2012/06/22 16:39:06 | 001,662,464 | ---- | M] () -- C:\Program Files\Raptr\PyQt4.QtCore.pyd
MOD - [2012/06/22 16:24:28 | 000,067,584 | ---- | M] () -- C:\Program Files\Raptr\sip.pyd
MOD - [2012/02/06 15:28:48 | 000,011,264 | ---- | M] () -- C:\Program Files\Raptr\Crypto.Util._counter.pyd
MOD - [2012/02/06 15:28:42 | 000,031,744 | ---- | M] () -- C:\Program Files\Raptr\Crypto.Cipher.AES.pyd
MOD - [2012/02/06 15:28:34 | 000,010,752 | ---- | M] () -- C:\Program Files\Raptr\Crypto.Random.OSRNG.winrandom.pyd
MOD - [2011/05/10 14:01:42 | 000,030,208 | ---- | M] () -- C:\Program Files\Raptr\simplejson._speedups.pyd
MOD - [2011/02/15 13:17:28 | 001,213,633 | ---- | M] () -- C:\Program Files\Raptr\libxml2-2.dll
MOD - [2011/02/15 13:17:28 | 000,417,501 | ---- | M] () -- C:\Program Files\Raptr\sqlite3.dll
MOD - [2010/11/22 18:06:22 | 000,055,808 | ---- | M] () -- C:\Program Files\Raptr\zlib1.dll
MOD - [2010/11/22 17:57:34 | 000,167,936 | ---- | M] () -- C:\Program Files\Raptr\win32gui.pyd
MOD - [2010/11/22 17:57:34 | 000,111,104 | ---- | M] () -- C:\Program Files\Raptr\win32file.pyd
MOD - [2010/11/22 17:57:34 | 000,096,256 | ---- | M] () -- C:\Program Files\Raptr\win32api.pyd
MOD - [2010/11/22 17:57:34 | 000,036,352 | ---- | M] () -- C:\Program Files\Raptr\win32process.pyd
MOD - [2010/11/22 17:57:34 | 000,016,384 | ---- | M] () -- C:\Program Files\Raptr\win32trace.pyd
MOD - [2010/11/22 17:57:18 | 000,141,312 | ---- | M] () -- C:\Program Files\Raptr\gobject._gobject.pyd
MOD - [2010/11/22 17:57:06 | 000,263,168 | ---- | M] () -- C:\Program Files\Raptr\win32com.shell.shell.pyd
MOD - [2010/11/22 17:56:56 | 000,354,304 | ---- | M] () -- C:\Program Files\Raptr\pythoncom26.dll
MOD - [2010/11/22 17:56:56 | 000,110,592 | ---- | M] () -- C:\Program Files\Raptr\pywintypes26.dll
MOD - [2010/11/22 17:56:26 | 000,324,608 | ---- | M] () -- C:\Program Files\Raptr\PIL._imaging.pyd
MOD - [2010/11/22 17:56:02 | 000,805,376 | ---- | M] () -- C:\Program Files\Raptr\_ssl.pyd
MOD - [2010/11/22 17:56:02 | 000,583,680 | ---- | M] () -- C:\Program Files\Raptr\unicodedata.pyd
MOD - [2010/11/22 17:56:02 | 000,356,864 | ---- | M] () -- C:\Program Files\Raptr\_hashlib.pyd
MOD - [2010/11/22 17:56:02 | 000,127,488 | ---- | M] () -- C:\Program Files\Raptr\pyexpat.pyd
MOD - [2010/11/22 17:56:02 | 000,124,928 | ---- | M] () -- C:\Program Files\Raptr\_elementtree.pyd
MOD - [2010/11/22 17:56:02 | 000,087,040 | ---- | M] () -- C:\Program Files\Raptr\_ctypes.pyd
MOD - [2010/11/22 17:56:02 | 000,044,544 | ---- | M] () -- C:\Program Files\Raptr\_sqlite3.pyd
MOD - [2010/11/22 17:56:02 | 000,043,008 | ---- | M] () -- C:\Program Files\Raptr\_socket.pyd
MOD - [2010/11/22 17:56:02 | 000,010,240 | ---- | M] () -- C:\Program Files\Raptr\select.pyd
MOD - [2010/11/22 17:56:02 | 000,009,216 | ---- | M] () -- C:\Program Files\Raptr\winsound.pyd
MOD - [2008/04/13 19:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 19:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll


========== Services (SafeList) ==========

SRV - [2013/11/16 00:52:41 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/11/13 06:43:22 | 001,734,680 | ---- | M] (AVG Secure Search) [Auto | Stopped] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe -- (vToolbarUpdater17.1.2)
SRV - [2013/11/04 21:59:47 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/10/08 06:48:23 | 000,182,696 | ---- | M] (Oracle Corporation) [Auto | Stopped] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/10/01 07:14:40 | 005,087,584 | ---- | M] (TeamViewer GmbH) [Auto | Stopped] -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2013/07/25 07:52:52 | 000,162,672 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/07/23 18:09:28 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2013/07/04 14:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/05/23 20:56:47 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/07/25 14:32:00 | 004,622,336 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\system32\GameMon.des -- (npggsvc)
SRV - [2011/08/02 19:37:50 | 000,400,368 | ---- | M] (Rovi Corporation) [Auto | Stopped] -- C:\Program Files\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)
SRV - [2011/03/16 09:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2003/07/13 01:49:24 | 000,766,004 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Ahead\InCD\incdsrv.exe -- (InCDsrv)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\PC Alert 4\NTGLM7X.sys -- (PCAlertDriver)
DRV - File not found [Kernel | On_Demand | Stopped] -- G:\CDriver.sys -- (MSICDSetup)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- G:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013/11/22 02:30:26 | 000,204,896 | ---- | M] (Kaspersky Lab, Yury Parshin) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\46061997.sys -- (22292193)
DRV - [2013/11/13 06:43:22 | 000,037,664 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2013/09/10 20:40:40 | 005,559,512 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2013/09/10 00:34:48 | 000,022,328 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2013/09/05 00:43:42 | 000,039,224 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2013/07/20 00:51:00 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avglogx.sys -- (Avglogx)
DRV - [2013/07/20 00:50:56 | 000,208,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2013/07/20 00:50:56 | 000,060,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2013/07/20 00:50:50 | 000,171,320 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2013/07/01 00:45:28 | 000,096,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2013/06/24 10:41:40 | 000,406,104 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2013/06/06 01:24:06 | 000,025,088 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV - [2013/03/21 02:08:24 | 000,182,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/06/18 12:58:52 | 000,016,000 | ---- | M] (SysNucleus) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\udsstub.sys -- (udsstub)
DRV - [2011/03/25 09:58:06 | 000,075,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ksudbus.sys -- (dg_ksudbus)
DRV - [2011/03/18 11:08:54 | 000,025,240 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2011/01/06 10:04:00 | 000,007,680 | ---- | M] (MSI) [Kernel | On_Demand | Stopped] -- C:\Program Files\Setup Files\Ms7592v7C0\NTIOLib.sys -- (NTIOLib_1_0_6)
DRV - [2010/11/04 14:18:04 | 000,102,728 | ---- | M] (Matrox Graphics Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\MxEFUF32.sys -- (MxEFUF)
DRV - [2010/10/20 13:43:08 | 000,007,680 | ---- | M] (MSI) [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\Live Update 5\NTIOLib.sys -- (NTIOLib_1_0_4)
DRV - [2009/11/18 06:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/11/18 06:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008/07/10 18:42:44 | 000,030,080 | ---- | M] (SerComm) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\scnuhub20.sys -- (SCNUHUB20)
DRV - [2008/06/06 16:13:14 | 000,011,264 | ---- | M] (SerComm) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\scnuhst20.sys -- (scnuhst20)
DRV - [2007/06/15 01:47:26 | 001,127,936 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\P17.sys -- (P17)
DRV - [2007/04/17 13:42:00 | 000,028,160 | ---- | M] (MICRO-STAR INT'L CO., LTD.) [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\DualCoreCenter\NTGLM7X.sys -- (DualCoreCenter)
DRV - [2005/04/14 21:00:00 | 000,273,296 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97)
DRV - [2005/01/10 09:15:30 | 000,106,496 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2005/01/10 09:15:24 | 000,138,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2003/07/13 01:49:24 | 000,085,360 | ---- | M] () [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\incdfs.sys -- (InCDfs)
DRV - [2003/07/13 01:49:24 | 000,026,784 | ---- | M] (Ahead Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\incdpass.sys -- (InCDPass)
DRV - [2003/07/13 01:49:24 | 000,004,976 | ---- | M] (Ahead Software AG) [Recognizer | System | Unknown] -- C:\WINDOWS\System32\drivers\incdrec.sys -- (InCDrec)
DRV - [1996/04/03 14:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1123561945-287218729-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/rewards/dashboard
IE - HKU\S-1-5-21-1123561945-287218729-682003330-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1123561945-287218729-682003330-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKU\S-1-5-21-1123561945-287218729-682003330-1003\..\SearchScopes\{73F770C7-4123-415E-99DB-093354C68BC8}: "URL" = http://www.bing.com/...ms}&form=OSDSRC
IE - HKU\S-1-5-21-1123561945-287218729-682003330-1003\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://mysearch.avg....fr&d=2013-09-10 10:10:32&v=17.0.1.4&pid=safeguard&sg=0&sap=dsp&q={searchTerms}&cmpid=0913a
IE - HKU\S-1-5-21-1123561945-287218729-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1123561945-287218729-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: %7Bb1df372d-8b32-4c7d-b6b4-9c5b78cf6fb1%7D:0.87
FF - prefs.js..extensions.enabledAddons: %7Bb0e1b4a6-2c6f-4e99-94f2-8e625d7ae255%7D:3.5.0
FF - prefs.js..extensions.enabledAddons: ConsumerInput%40Compete:12152
FF - prefs.js..extensions.enabledAddons: https-everywhere%40eff.org:3.4.2
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.1.2\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@raidcall.en/RCplugin: C:\Documents and Settings\cookie\Application Data\raidcall\plugins\nprcplugin.dll (Raidcall)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\cookie\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\thehappycloud.com/HappyCloudPlugin: C:\Documents and Settings\All Users\HappyCloud\Application\npHappyCloudPlugin.dll (The Happy Cloud)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Documents and Settings\All Users\Application Data\AVG SafeGuard toolbar\FireFoxExt\17.1.2.1 [2013/11/13 06:43:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/10/15 00:41:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/10/15 00:41:11 | 000,000,000 | ---D | M]

[2012/06/21 00:41:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\cookie\Application Data\Mozilla\Extensions
[2013/11/16 04:27:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\cookie\Application Data\Mozilla\Firefox\Profiles\kpxtwbeq.default\extensions
[2013/10/11 13:21:19 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Documents and Settings\cookie\Application Data\Mozilla\Firefox\Profiles\kpxtwbeq.default\extensions\[email protected]
[2013/11/16 04:27:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\cookie\Application Data\Mozilla\Firefox\Profiles\kpxtwbeq.default\extensions\staged
[2013/10/11 13:21:19 | 000,296,929 | ---- | M] () (No name found) -- C:\Documents and Settings\cookie\Application Data\Mozilla\Firefox\Profiles\kpxtwbeq.default\extensions\[email protected]
[2013/09/07 15:11:20 | 000,242,531 | ---- | M] () (No name found) -- C:\Documents and Settings\cookie\Application Data\Mozilla\Firefox\Profiles\kpxtwbeq.default\extensions\{b0e1b4a6-2c6f-4e99-94f2-8e625d7ae255}.xpi
[2013/03/30 20:42:35 | 000,039,512 | ---- | M] () (No name found) -- C:\Documents and Settings\cookie\Application Data\Mozilla\Firefox\Profiles\kpxtwbeq.default\extensions\{b1df372d-8b32-4c7d-b6b4-9c5b78cf6fb1}.xpi
[2013/11/16 04:27:42 | 000,296,749 | ---- | M] () (No name found) -- C:\Documents and Settings\cookie\Application Data\Mozilla\Firefox\Profiles\kpxtwbeq.default\extensions\staged\[email protected]
[2013/04/16 16:29:23 | 000,002,281 | ---- | M] () -- C:\Documents and Settings\cookie\Application Data\Mozilla\Firefox\Profiles\kpxtwbeq.default\searchplugins\s-amazon.xml
[2013/10/01 19:05:51 | 000,003,741 | ---- | M] () -- C:\Documents and Settings\cookie\Application Data\Mozilla\Firefox\Profiles\kpxtwbeq.default\searchplugins\safeguard-secure-search.xml
[2013/01/23 14:03:55 | 000,002,763 | ---- | M] () -- C:\Documents and Settings\cookie\Application Data\Mozilla\Firefox\Profiles\kpxtwbeq.default\searchplugins\web-search.xml
[2013/10/15 00:40:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/11/04 21:59:48 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/11/16 03:39:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\updated\browser\extensions
[2013/11/16 03:39:59 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\updated\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011/03/17 17:29:27 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/03/17 17:29:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - Extension: Google Wallet = C:\Documents and Settings\cookie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\

O1 HOSTS File: ([2013/10/11 12:06:00 | 000,000,815 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 0.0.0.0 geo.messenger.services.live.com
O1 - Hosts: 0.0.0.0 geo.gateway.messenger.live.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\17.1.2.1\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\17.1.2.1\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O3 - HKU\S-1-5-21-1123561945-287218729-682003330-1003\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe (Ahead Software AG)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [LifeChat] C:\Program Files\Microsoft LifeChat\LifeChat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Live Update 5] C:\Program Files\MSI\Live Update 5\BootStartLiveupdate.exe ()
O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG SafeGuard toolbar\vprot.exe ()
O4 - HKU\S-1-5-21-1123561945-287218729-682003330-1003..\Run: [DriverMax] C:\Program Files\Innovative Solutions\DriverMax\drivermax.exe (Innovative Solutions)
O4 - HKU\S-1-5-21-1123561945-287218729-682003330-1003..\Run: [DriverMax_RESTART] File not found
O4 - HKU\S-1-5-21-1123561945-287218729-682003330-1003..\Run: [Spotify Web Helper] C:\Documents and Settings\cookie\Application Data\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DualCoreCenter.lnk = C:\Program Files\MSI\DualCoreCenter\StartUpDualCoreCenter.exe ()
O4 - Startup: C:\Documents and Settings\cookie\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\cookie\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1123561945-287218729-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\cookie\Start Menu\Programs\IMVU\Run IMVU.lnk File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1123561945-287218729-682003330-1003\..Trusted Domains: cinemanow.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1123561945-287218729-682003330-1003\..Trusted Domains: cinemanow.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-1123561945-287218729-682003330-1003\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1123561945-287218729-682003330-1003\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1123561945-287218729-682003330-1003\..Trusted Domains: roxio.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1123561945-287218729-682003330-1003\..Trusted Domains: roxio.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-1123561945-287218729-682003330-1003\..Trusted Domains: roxionow.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1123561945-287218729-682003330-1003\..Trusted Domains: roxionow.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-1123561945-287218729-682003330-1003\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1123561945-287218729-682003330-1003\..Trusted Domains: sonic.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1123561945-287218729-682003330-1003\..Trusted Domains: sonic.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-1123561945-287218729-682003330-1003\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop...t/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1341105082765 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1344119510671 (MUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6BE329D8-ED25-4184-94B3-DC7D25B9432A}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\17.1.2\ViProtocol.dll (AVG Secure Search)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\cookie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\cookie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/06/15 23:54:45 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/12/07 12:45:25 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/11/22 02:30:26 | 000,204,896 | ---- | C] (Kaspersky Lab, Yury Parshin) -- C:\WINDOWS\System32\drivers\46061997.sys
[2013/11/20 17:02:15 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2013/11/16 17:51:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\The Mighty Quest For Epic Loot
[2013/11/16 17:51:01 | 000,000,000 | ---D | C] -- C:\Program Files\The Mighty Quest For Epic Loot
[2013/11/08 15:44:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2013/11/08 15:44:01 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/11/08 15:43:55 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/11/08 15:43:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013/11/08 05:17:07 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\cookie\Recent
[2013/11/06 19:14:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\cookie\Application Data\MSI
[2013/11/01 20:10:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\cookie\My Documents\sort pics
[2013/10/26 15:22:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\cookie\My Documents\Red Kawa
[2013/10/26 15:22:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\cookie\Application Data\Red Kawa
[2013/10/26 15:22:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\cookie\Local Settings\Application Data\Geckofx
[2013/10/26 15:18:53 | 000,000,000 | ---D | C] -- C:\Program Files\Regensoft
[2013/10/26 15:18:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Regensoft
[2013/10/26 15:18:46 | 000,000,000 | ---D | C] -- C:\Program Files\AviSynth 2.5
[2013/10/26 15:18:36 | 000,000,000 | ---D | C] -- C:\Program Files\Red Kawa
[2013/10/26 15:18:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Red Kawa

========== Files - Modified Within 30 Days ==========

[2013/11/22 23:05:45 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/11/22 02:36:02 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/11/22 02:35:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/11/22 02:35:30 | 120,029,184 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2013/11/22 02:30:26 | 000,204,896 | ---- | M] (Kaspersky Lab, Yury Parshin) -- C:\WINDOWS\System32\drivers\46061997.sys
[2013/11/20 17:03:58 | 000,001,100 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2013/11/20 16:48:49 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{1FF7446C-4854-4BB3-BB67-87617B84A70F}.job
[2013/11/20 16:33:17 | 000,015,948 | ---- | M] () -- C:\WINDOWS\System32\nvAppTimestamps
[2013/11/20 16:27:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/11/20 16:18:10 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/11/19 21:18:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/11/17 22:58:28 | 000,275,146 | ---- | M] () -- C:\Documents and Settings\cookie\Desktop\iso-8.jpg
[2013/11/17 22:51:49 | 001,088,460 | ---- | M] () -- C:\Documents and Settings\cookie\Desktop\PvP_Tier_List.jpg
[2013/11/16 17:51:11 | 000,001,051 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\The Mighty Quest For Epic Loot.lnk
[2013/11/14 21:49:29 | 002,502,326 | ---- | M] () -- C:\Documents and Settings\cookie\Desktop\1310.7983v1.pdf
[2013/11/13 06:43:53 | 000,003,741 | ---- | M] () -- C:\Program Files\Mozilla Firefoxsafeguard-secure-search.xml
[2013/11/13 06:43:22 | 000,037,664 | ---- | M] (AVG Technologies) -- C:\WINDOWS\System32\drivers\avgtpx86.sys
[2013/11/12 22:20:23 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/11/12 14:59:02 | 000,000,081 | ---- | M] () -- C:\Documents and Settings\cookie\Desktop\Hero for the Household Holiday Edition 2013.url
[2013/11/08 04:08:16 | 000,000,067 | ---- | M] () -- C:\Documents and Settings\cookie\Desktop\15 Places Google Doesn’t Want You to See.URL
[2013/11/06 19:14:25 | 000,001,656 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VideoGenie.lnk
[2013/11/06 19:13:31 | 000,523,448 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/11/06 19:13:30 | 000,095,238 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/11/04 22:04:52 | 000,008,179 | ---- | M] () -- C:\WINDOWS\lviewp.ini
[2013/10/30 21:43:03 | 000,000,081 | ---- | M] () -- C:\Documents and Settings\cookie\Desktop\Superman 75th Sweepstakes.url
[2013/10/29 23:14:29 | 001,127,156 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2013/10/29 23:14:29 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2013/10/29 23:14:24 | 001,127,156 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2013/10/28 03:04:06 | 000,011,264 | ---- | M] () -- C:\Documents and Settings\cookie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/10/26 23:50:40 | 000,000,040 | ---- | M] () -- C:\WINDOWS\nero.INI
[2013/10/26 15:18:53 | 000,001,791 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\YouTube Downloader App.lnk

========== Files Created - No Company Name ==========

[2013/11/17 22:58:27 | 000,275,146 | ---- | C] () -- C:\Documents and Settings\cookie\Desktop\iso-8.jpg
[2013/11/17 22:51:47 | 001,088,460 | ---- | C] () -- C:\Documents and Settings\cookie\Desktop\PvP_Tier_List.jpg
[2013/11/16 17:51:11 | 000,001,051 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\The Mighty Quest For Epic Loot.lnk
[2013/11/14 21:49:27 | 002,502,326 | ---- | C] () -- C:\Documents and Settings\cookie\Desktop\1310.7983v1.pdf
[2013/11/12 14:59:02 | 000,000,081 | ---- | C] () -- C:\Documents and Settings\cookie\Desktop\Hero for the Household Holiday Edition 2013.url
[2013/11/08 04:08:16 | 000,000,067 | ---- | C] () -- C:\Documents and Settings\cookie\Desktop\15 Places Google Doesn’t Want You to See.URL
[2013/11/06 19:14:25 | 000,001,656 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VideoGenie.lnk
[2013/10/30 21:43:03 | 000,000,081 | ---- | C] () -- C:\Documents and Settings\cookie\Desktop\Superman 75th Sweepstakes.url
[2013/10/26 15:18:53 | 000,001,791 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\YouTube Downloader App.lnk
[2013/10/13 18:20:35 | 000,115,880 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2013/09/15 20:54:53 | 000,000,218 | ---- | C] () -- C:\Documents and Settings\cookie\.recently-used.xbel
[2013/09/10 09:10:17 | 000,003,741 | ---- | C] () -- C:\Program Files\Mozilla Firefoxsafeguard-secure-search.xml
[2013/09/08 22:36:11 | 000,001,100 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2013/06/09 10:26:20 | 000,000,032 | R--- | C] () -- C:\Documents and Settings\All Users\hash.dat
[2013/03/30 18:12:43 | 000,000,884 | RHS- | C] () -- C:\Documents and Settings\cookie\ntuser.pol
[2013/01/27 20:11:49 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\CopyHubDrv.exe
[2012/11/23 13:20:35 | 000,000,064 | ---- | C] () -- C:\Documents and Settings\cookie\jagex_cl_speccollect_LIVE.dat
[2012/11/23 13:20:35 | 000,000,001 | ---- | C] () -- C:\Documents and Settings\cookie\random.dat
[2012/10/12 13:23:30 | 000,000,040 | ---- | C] () -- C:\WINDOWS\nero.INI
[2012/09/27 11:18:11 | 000,000,036 | ---- | C] () -- C:\WINDOWS\avgui.INI
[2012/09/03 14:28:01 | 000,085,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\incdfs.sys
[2012/08/17 11:40:05 | 000,008,179 | ---- | C] () -- C:\WINDOWS\lviewp.ini
[2012/08/15 10:42:43 | 000,027,520 | ---- | C] () -- C:\Documents and Settings\cookie\Local Settings\Application Data\dt.dat
[2012/06/26 21:10:13 | 000,025,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTAIODAT.DAT
[2012/06/26 20:31:42 | 000,508,560 | R--- | C] () -- C:\WINDOWS\System32\drivers\rtvienna.dat
[2012/06/20 15:52:40 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2012/06/16 04:33:05 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2012/06/16 03:27:18 | 000,217,088 | ---- | C] () -- C:\WINDOWS\NVGfxOgl.dll
[2012/06/16 02:26:39 | 001,127,156 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2012/06/16 02:26:39 | 001,127,156 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2012/06/16 02:26:39 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2012/06/16 02:13:56 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/06/16 00:15:16 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/06/16 00:07:23 | 000,011,264 | ---- | C] () -- C:\Documents and Settings\cookie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/06/15 23:56:24 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/06/15 23:52:11 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012/06/15 19:43:48 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012/06/15 19:42:44 | 001,437,064 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/02/09 21:40:00 | 003,555,144 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data

========== ZeroAccess Check ==========

[2012/06/16 03:26:03 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2012/04/20 14:29:52 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/10/12 21:24:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TuneUp Software
[2013/11/08 15:44:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012/07/30 18:46:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\1F167
[2013/01/21 06:35:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG January 2013 Campaign
[2013/09/10 21:46:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG SafeGuard toolbar
[2013/01/21 15:34:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2012/11/08 18:03:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2013
[2012/06/16 04:25:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Battle.net
[2013/10/30 21:56:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BlueStacksSetup
[2012/06/16 00:09:26 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/08/06 21:56:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hi-Rez Studios
[2013/11/20 07:16:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2013/06/18 19:00:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PassMark
[2013/11/20 23:10:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2013/10/14 18:19:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SystemRequirementsLab
[2012/07/04 14:24:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2013/11/22 14:19:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cookie\Application Data\.purple
[2013/10/10 01:40:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cookie\Application Data\0S1F1O2Z0S2Y1H1T
[2012/11/01 02:33:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cookie\Application Data\Ad-Aware Antivirus
[2013/09/10 09:10:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cookie\Application Data\AVG SafeGuard toolbar
[2012/11/08 18:03:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cookie\Application Data\AVG2013
[2013/02/26 22:58:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cookie\Application Data\Awesomium
[2012/08/10 00:23:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cookie\Application Data\calibre
[2013/04/17 23:12:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cookie\Application Data\Compete
[2013/08/02 00:10:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cookie\Application Data\Curse Advertising
[2013/11/19 18:06:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cookie\Application Data\Dropbox
[2012/06/16 03:05:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cookie\Application Data\enchant
[2012/10/04 20:09:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cookie\Application Data\EoN
[2013/03/08 02:34:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cookie\Application Data\gtk-2.0
[2013/10/04 12:35:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cookie\Application Data\Guild Wars 2
[2013/10/10 01:46:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cookie\Application Data\ImgBurn
[2013/07/18 12:16:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cookie\Application Data\library_dir
[2012/06/24 00:59:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cookie\Application Data\LolClient
[2013/04/06 13:40:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cookie\Application Data\Moonchild Productions
[2013/11/06 19:14:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cookie\Application Data\MSI
[2013/07/20 23:00:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cookie\Application Data\raidcall
[2013/11/22 22:19:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cookie\Application Data\Raptr
[2013/07/20 23:56:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cookie\Application Data\RCTW
[2013/10/26 15:22:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cookie\Application Data\Red Kawa
[2013/10/02 00:41:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cookie\Application Data\RIFT
[2013/09/09 22:55:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cookie\Application Data\Riot Games
[2013/04/15 22:56:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cookie\Application Data\Sony Online Entertainment
[2012/11/15 22:14:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cookie\Application Data\SpiderOak
[2013/11/18 01:20:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cookie\Application Data\Spotify
[2012/11/03 17:37:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cookie\Application Data\SystemRequirementsLab
[2012/12/12 04:18:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cookie\Application Data\TeamViewer
[2013/11/20 17:19:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cookie\Application Data\TS3Client
[2012/09/27 11:12:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cookie\Application Data\TuneUp Software
[2013/10/11 20:26:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cookie\Application Data\Ubisoft
[2012/09/19 12:10:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cookie\Application Data\Unity
[2013/11/02 05:09:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cookie\Application Data\uTorrent
[2012/11/08 18:09:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cookie\Application Data\Windows Desktop Search
[2012/11/25 03:15:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cookie\Application Data\Windows Search
[2013/10/11 20:26:26 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\cookie\Application Data\wyUpdate AU
[2012/10/12 21:24:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\TuneUp Software

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#2
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts
Hello cmislin,

Welcome to the Malware forum.

Nice to see you. :)

I do see one or two things there that need adressing but I am not sure they are the cause of your problem.

Lets have a deeper look.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. The one you will need is the 32-bit version.

  • Right click to run as administrator. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called (FRST.txt) in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run, it makes also another log (Addition.txt). Please also paste that into your reply.

  • 0

#3
cmislin

cmislin

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 384 posts
Should I run this out of safemode or in safemode?
  • 0

#4
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts
If you can run it in normal mode that would be best but safe mode will be fine. :)
  • 0

#5
cmislin

cmislin

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 384 posts
This is from safemode if ya need me to run it in normal mode I can do that now let me know.
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-11-2013
Ran by cookie (administrator) on CHRIS-8F370AB9F on 23-11-2013 01:48:45
Running from C:\Documents and Settings\cookie\My Documents\Downloads
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Safe Mode (with Networking)

==================== Processes (Whitelisted) ===================

(Raptr, Inc) C:\Program Files\Raptr\raptr.exe
(Raptr, Inc) C:\Program Files\Raptr\raptr_im.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [NeroCheck] - C:\WINDOWS\system32\NeroCheck.exe [155648 2003-07-13] (Ahead Software Gmbh)
HKLM\...\Run: [InCD] - C:\Program Files\Ahead\InCD\InCD.exe [974898 2003-07-13] (Ahead Software AG)
HKLM\...\Run: [AVG_UI] - C:\Program Files\AVG\AVG2013\avgui.exe [4411952 2013-09-23] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [LifeChat] - C:\Program Files\Microsoft LifeChat\LifeChat.exe [264040 2009-09-28] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [vProt] - C:\Program Files\AVG SafeGuard toolbar\vprot.exe [2420248 2013-11-13] ()
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [Live Update 5] - C:\Program Files\MSI\Live Update 5\BootStartLiveupdate.exe [315392 2012-01-30] ()
HKLM\...\Run: [RTHDCPL] - C:\WINDOWS\RTHDCPL.EXE [20145368 2013-06-24] (Realtek Semiconductor Corp.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM\...\Run: [KernelFaultCheck] - %systemroot%\system32\dumprep 0 -k
HKCU\...\Run: [Spotify Web Helper] - C:\Documents and Settings\cookie\Application Data\Spotify\Data\SpotifyWebHelper.exe [1168896 2013-11-14] (Spotify Ltd)
HKCU\...\Run: [DriverMax] - C:\Program Files\Innovative Solutions\DriverMax\drivermax.exe [7350648 2013-11-11] (Innovative Solutions)
HKCU\...\Run: [DriverMax_RESTART] - [x]
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DualCoreCenter.lnk
ShortcutTarget: DualCoreCenter.lnk -> C:\Program Files\MSI\DualCoreCenter\StartUpDualCoreCenter.exe ()
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
ShortcutTarget: Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
Startup: C:\Documents and Settings\cookie\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Documents and Settings\cookie\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/rewards/dashboard
SearchScopes: HKCU - {73F770C7-4123-415E-99DB-093354C68BC8} URL = http://www.bing.com/...ms}&form=OSDSRC
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg....fr&d=2013-09-10 10:10:32&v=17.0.1.4&pid=safeguard&sg=0&sap=dsp&q={searchTerms}&cmpid=0913a
BHO: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\17.1.2.1\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\17.1.2.1\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop...t/PCPitStop.CAB
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\17.1.2\ViProtocol.dll (AVG Secure Search)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\cookie\Application Data\Mozilla\Firefox\Profiles\kpxtwbeq.default
FF user.js: detected! => C:\Documents and Settings\cookie\Application Data\Mozilla\Firefox\Profiles\kpxtwbeq.default\user.js
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.1.2\\npsitesafety.dll (AVG Technologies)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin: @raidcall.en/RCplugin - C:\Documents and Settings\cookie\Application Data\raidcall\plugins\nprcplugin.dll (Raidcall)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Documents and Settings\cookie\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: thehappycloud.com/HappyCloudPlugin - C:\Documents and Settings\All Users\HappyCloud\Application\npHappyCloudPlugin.dll (The Happy Cloud)
FF SearchPlugin: C:\Documents and Settings\cookie\Application Data\Mozilla\Firefox\Profiles\kpxtwbeq.default\searchplugins\s-amazon.xml
FF SearchPlugin: C:\Documents and Settings\cookie\Application Data\Mozilla\Firefox\Profiles\kpxtwbeq.default\searchplugins\safeguard-secure-search.xml
FF SearchPlugin: C:\Documents and Settings\cookie\Application Data\Mozilla\Firefox\Profiles\kpxtwbeq.default\searchplugins\web-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml
FF Extension: HTTPS-Everywhere - C:\Documents and Settings\cookie\Application Data\Mozilla\Firefox\Profiles\kpxtwbeq.default\Extensions\[email protected]
FF Extension: No Name - C:\Documents and Settings\cookie\Application Data\Mozilla\Firefox\Profiles\kpxtwbeq.default\Extensions\staged
FF Extension: ConsumerInput - C:\Documents and Settings\cookie\Application Data\Mozilla\Firefox\Profiles\kpxtwbeq.default\Extensions\[email protected]
FF Extension: defaults - C:\Documents and Settings\cookie\Application Data\Mozilla\Firefox\Profiles\kpxtwbeq.default\Extensions\{b0e1b4a6-2c6f-4e99-94f2-8e625d7ae255}.xpi
FF Extension: No Name - C:\Documents and Settings\cookie\Application Data\Mozilla\Firefox\Profiles\kpxtwbeq.default\Extensions\{b1df372d-8b32-4c7d-b6b4-9c5b78cf6fb1}.xpi
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Documents and Settings\All Users\Application Data\AVG SafeGuard toolbar\FireFoxExt\17.1.2.1
FF Extension: AVG SafeGuard toolbar - C:\Documents and Settings\All Users\Application Data\AVG SafeGuard toolbar\FireFoxExt\17.1.2.1

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR Extension: (Google Wallet) - C:\DOCUME~1\cookie\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\Documents and Settings\All Users\Application Data\AVG SafeGuard toolbar\ChromeExt\17.1.2.1\avg.crx

========================== Services (Whitelisted) =================

S2 AVGIDSAgent; C:\Program Files\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files\AVG\AVG2013\avgwdsvc.exe [283136 2013-07-23] (AVG Technologies CZ, s.r.o.)
S2 InCDsrv; C:\Program Files\Ahead\InCD\InCDsrv.exe [766004 2003-07-13] ()
S3 npggsvc; C:\WINDOWS\system32\GameMon.des [4622336 2012-07-25] (INCA Internet Co., Ltd.)
S2 RoxioNow Service; C:\Program Files\Roxio\RoxioNow Player\RNowSvc.exe [400368 2011-08-02] (Rovi Corporation)
S2 vToolbarUpdater17.1.2; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe [1734680 2013-11-13] (AVG Secure Search)
S2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf"

==================== Drivers (Whitelisted) ====================

S3 22292193; C:\Windows\System32\drivers\46061997.sys [204896 2013-11-22] (Kaspersky Lab, Yury Parshin)
S3 Ambfilt; C:\Windows\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [208184 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [60216 2013-07-20] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22328 2013-09-10] (AVG Technologies CZ, s.r.o.)
S1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [171320 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [246072 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [96568 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [39224 2013-09-05] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [182072 2013-03-21] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [37664 2013-11-13] (AVG Technologies)
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S3 dg_ksudbus; C:\Windows\System32\DRIVERS\ksudbus.sys [75776 2011-03-25] (Microsoft Corporation)
S3 DualCoreCenter; C:\Program Files\MSI\DualCoreCenter\NTGLM7X.sys [28160 2007-04-17] (MICRO-STAR INT'L CO., LTD.)
R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] ()
S4 InCDfs; C:\Windows\System32\Drivers\InCDfs.sys [85360 2003-07-13] ()
R1 InCDPass; C:\Windows\System32\DRIVERS\InCDPass.sys [26784 2003-07-13] (Ahead Software)
U1 InCDrec; C:\Windows\System32\Drivers\InCDrec.sys [4976 2003-07-13] (Ahead Software AG)
S3 Monfilt; C:\Windows\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
R0 MxEFUF; C:\Windows\System32\DRIVERS\MxEFUF32.sys [102728 2010-11-04] (Matrox Graphics Inc.)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 NTIOLib_1_0_4; C:\Program Files\MSI\Live Update 5\NTIOLib.sys [7680 2010-10-20] (MSI)
S3 NTIOLib_1_0_6; C:\Program Files\Setup Files\Ms7592v7C0\NTIOLib.sys [7680 2011-01-06] (MSI)
S3 P17; C:\Windows\System32\drivers\P17.sys [1127936 2007-06-15] (Creative Technology Ltd.)
R3 scnuhst20; C:\Windows\System32\DRIVERS\scnuhst20.sys [11264 2008-06-06] (SerComm)
R3 SCNUHUB20; C:\Windows\System32\DRIVERS\scnuhub20.sys [30080 2008-07-10] (SerComm)
R0 speedfan; C:\Windows\System32\speedfan.sys [25240 2011-03-18] (Almico Software)
S3 STAC97; C:\Windows\System32\drivers\STAC97.sys [273296 2005-04-14] (SigmaTel, Inc.)
R3 teamviewervpn; C:\Windows\System32\DRIVERS\teamviewervpn.sys [25088 2013-06-06] (TeamViewer GmbH)
S3 udsstub; C:\Windows\System32\DRIVERS\udsstub.sys [16000 2012-06-18] (SysNucleus)
S3 GMSIPCI; \??\G:\INSTALL\GMSIPCI.SYS [x]
S3 MSICDSetup; \??\G:\CDriver.sys [x]
S3 PCAlertDriver; \??\C:\Program Files\MSI\PC Alert 4\NTGLM7X.sys [x]
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U1 WS2IFSL;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-23 01:48 - 2013-11-23 01:48 - 00000000 ____D C:\FRST
2013-11-22 02:35 - 2013-11-22 02:35 - 00065536 _____ C:\WINDOWS\Minidump\Mini112213-01.dmp
2013-11-22 02:30 - 2013-11-22 02:30 - 00204896 _____ (Kaspersky Lab, Yury Parshin) C:\WINDOWS\system32\Drivers\46061997.sys
2013-11-20 17:03 - 2013-11-20 17:03 - 00000884 __RSH C:\Documents and Settings\Administrator\ntuser.pol
2013-11-20 17:03 - 2013-11-20 17:03 - 00000020 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2013-11-20 17:03 - 2013-11-20 17:03 - 00000000 __SHD C:\Documents and Settings\Administrator\IETldCache
2013-11-20 17:03 - 2013-11-20 17:03 - 00000000 ____D C:\Documents and Settings\Administrator
2013-11-20 17:03 - 2012-10-12 21:24 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\TuneUp Software
2013-11-20 17:03 - 2012-06-15 23:54 - 00001599 _____ C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
2013-11-20 17:03 - 2012-06-15 23:54 - 00000792 _____ C:\Documents and Settings\Administrator\Start Menu\Programs\Windows Media Player.lnk
2013-11-20 17:03 - 2012-06-15 23:54 - 00000000 ___RD C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories
2013-11-20 17:02 - 2013-11-22 02:35 - 00000000 __SHD C:\WINDOWS\CSC
2013-11-19 18:02 - 2013-11-19 18:03 - 00065536 _____ C:\WINDOWS\Minidump\Mini111913-01.dmp
2013-11-16 17:51 - 2013-11-16 17:56 - 00000000 ____D C:\Program Files\The Mighty Quest For Epic Loot
2013-11-16 17:51 - 2013-11-16 17:51 - 00001051 _____ C:\Documents and Settings\All Users\Desktop\The Mighty Quest For Epic Loot.lnk
2013-11-16 17:51 - 2013-11-16 17:51 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\The Mighty Quest For Epic Loot
2013-11-12 22:20 - 2013-11-12 22:20 - 00009468 _____ C:\WINDOWS\KB2900986.log
2013-11-12 22:20 - 2013-11-12 22:20 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2900986$
2013-11-12 22:20 - 2013-11-12 22:20 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876331$
2013-11-12 22:20 - 2013-11-12 22:20 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868626$
2013-11-12 22:20 - 2013-11-12 22:20 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862152$
2013-11-12 22:19 - 2013-11-12 22:20 - 00011508 _____ C:\WINDOWS\KB2888505-IE8.log
2013-11-12 22:12 - 2013-11-12 22:20 - 00015074 _____ C:\WINDOWS\KB2868626.log
2013-11-12 22:12 - 2013-11-12 22:20 - 00014047 _____ C:\WINDOWS\KB2862152.log
2013-11-12 22:12 - 2013-11-12 22:20 - 00013541 _____ C:\WINDOWS\KB2876331.log
2013-11-12 14:59 - 2013-11-12 14:59 - 00000081 _____ C:\Documents and Settings\cookie\Desktop\Hero for the Household Holiday Edition 2013.url
2013-11-08 15:44 - 2013-11-08 15:44 - 00000000 ____D C:\Program Files\iPod
2013-11-08 15:44 - 2013-11-08 15:44 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
2013-11-08 15:43 - 2013-11-08 15:44 - 00000000 ____D C:\Program Files\iTunes
2013-11-08 15:43 - 2013-11-08 15:44 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-11-08 04:08 - 2013-11-08 04:08 - 00000067 _____ C:\Documents and Settings\cookie\Desktop\15 Places Google Doesn’t Want You to See.URL
2013-11-06 19:14 - 2013-11-06 19:14 - 00001656 _____ C:\Documents and Settings\All Users\Desktop\VideoGenie.lnk
2013-11-06 19:14 - 2013-11-06 19:14 - 00000000 ____D C:\Documents and Settings\cookie\Application Data\MSI
2013-11-02 12:58 - 2013-11-02 12:58 - 00065536 _____ C:\WINDOWS\Minidump\Mini110213-01.dmp
2013-11-01 20:10 - 2013-11-04 00:02 - 00000000 ____D C:\Documents and Settings\cookie\My Documents\sort pics
2013-10-30 21:43 - 2013-10-30 21:43 - 00000081 _____ C:\Documents and Settings\cookie\Desktop\Superman 75th Sweepstakes.url
2013-10-29 23:13 - 2013-10-23 03:14 - 01049888 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco3233165.dll
2013-10-29 23:13 - 2013-10-23 03:14 - 00893728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco3233165.dll
2013-10-26 15:22 - 2013-10-26 15:22 - 00000000 ____D C:\Documents and Settings\cookie\My Documents\Red Kawa
2013-10-26 15:22 - 2013-10-26 15:22 - 00000000 ____D C:\Documents and Settings\cookie\Local Settings\Application Data\Geckofx
2013-10-26 15:22 - 2013-10-26 15:22 - 00000000 ____D C:\Documents and Settings\cookie\Application Data\Red Kawa
2013-10-26 15:18 - 2013-10-26 23:37 - 00000000 ____D C:\Program Files\AviSynth 2.5
2013-10-26 15:18 - 2013-10-26 15:18 - 00001791 _____ C:\Documents and Settings\All Users\Desktop\YouTube Downloader App.lnk
2013-10-26 15:18 - 2013-10-26 15:18 - 00000000 ____D C:\Program Files\Regensoft
2013-10-26 15:18 - 2013-10-26 15:18 - 00000000 ____D C:\Program Files\Red Kawa
2013-10-26 15:18 - 2013-10-26 15:18 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Regensoft
2013-10-26 15:18 - 2013-10-26 15:18 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Red Kawa

==================== One Month Modified Files and Folders =======

2013-11-23 01:48 - 2013-11-23 01:48 - 00000000 ____D C:\FRST
2013-11-23 01:41 - 2013-09-02 20:08 - 00000000 ____D C:\Documents and Settings\cookie\Application Data\Skype
2013-11-22 23:05 - 2012-06-16 00:15 - 00001324 _____ C:\WINDOWS\system32\d3d9caps.dat
2013-11-22 22:19 - 2013-03-29 18:44 - 00000000 ____D C:\Documents and Settings\cookie\Application Data\Raptr
2013-11-22 21:41 - 2012-10-15 14:45 - 00000000 ____D C:\Program Files\WhoCrashed
2013-11-22 14:19 - 2012-06-16 03:04 - 00000000 ____D C:\Documents and Settings\cookie\Application Data\.purple
2013-11-22 02:36 - 2006-02-28 07:00 - 00013646 _____ C:\WINDOWS\system32\wpa.dbl
2013-11-22 02:35 - 2013-11-22 02:35 - 00065536 _____ C:\WINDOWS\Minidump\Mini112213-01.dmp
2013-11-22 02:35 - 2013-11-20 17:02 - 00000000 __SHD C:\WINDOWS\CSC
2013-11-22 02:35 - 2013-01-24 20:04 - 120029184 _____ C:\WINDOWS\MEMORY.DMP
2013-11-22 02:35 - 2012-06-26 19:59 - 00000000 ____D C:\WINDOWS\Minidump
2013-11-22 02:30 - 2013-11-22 02:30 - 00204896 _____ (Kaspersky Lab, Yury Parshin) C:\WINDOWS\system32\Drivers\46061997.sys
2013-11-20 23:10 - 2013-09-09 23:06 - 00000000 ____D C:\Documents and Settings\cookie\Local Settings\Application Data\PMB Files
2013-11-20 23:10 - 2013-09-09 23:05 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\PMB Files
2013-11-20 17:19 - 2012-06-16 04:47 - 00000000 ____D C:\Documents and Settings\cookie\Application Data\TS3Client
2013-11-20 17:03 - 2013-11-20 17:03 - 00000884 __RSH C:\Documents and Settings\Administrator\ntuser.pol
2013-11-20 17:03 - 2013-11-20 17:03 - 00000020 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2013-11-20 17:03 - 2013-11-20 17:03 - 00000000 __SHD C:\Documents and Settings\Administrator\IETldCache
2013-11-20 17:03 - 2013-11-20 17:03 - 00000000 ____D C:\Documents and Settings\Administrator
2013-11-20 17:03 - 2013-09-08 22:36 - 00001100 _____ C:\WINDOWS\system32\d3d8caps.dat
2013-11-20 17:01 - 2013-04-21 10:20 - 01257787 _____ C:\WINDOWS\WindowsUpdate.log
2013-11-20 17:01 - 2012-06-16 00:02 - 00000178 ___SH C:\Documents and Settings\cookie\ntuser.ini
2013-11-20 17:01 - 2012-06-16 00:02 - 00000000 ____D C:\Documents and Settings\cookie
2013-11-20 17:01 - 2012-06-16 00:01 - 00032416 _____ C:\WINDOWS\SchedLgU.Txt
2013-11-20 17:01 - 2012-06-16 00:01 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-11-20 17:01 - 2012-06-15 19:45 - 00000216 _____ C:\WINDOWS\wiadebug.log
2013-11-20 17:01 - 2012-06-15 19:45 - 00000050 _____ C:\WINDOWS\wiaservc.log
2013-11-20 16:48 - 2012-06-16 02:32 - 00000424 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{1FF7446C-4854-4BB3-BB67-87617B84A70F}.job
2013-11-20 16:33 - 2013-08-28 02:26 - 00015948 _____ C:\WINDOWS\system32\nvAppTimestamps
2013-11-20 16:27 - 2012-06-16 03:34 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-11-20 16:18 - 2013-09-18 14:08 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-20 07:16 - 2012-11-08 17:55 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MFAData
2013-11-20 00:45 - 2013-10-09 17:20 - 00443989 _____ C:\WINDOWS\setupapi.log
2013-11-20 00:44 - 2012-06-16 03:58 - 00000000 ____D C:\Program Files\Steam
2013-11-19 21:18 - 2013-09-18 14:08 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-19 18:06 - 2012-06-30 18:39 - 00000000 ___RD C:\Documents and Settings\cookie\My Documents\Dropbox
2013-11-19 18:06 - 2012-06-30 02:50 - 00000000 ____D C:\Documents and Settings\cookie\Application Data\Dropbox
2013-11-19 18:03 - 2013-11-19 18:02 - 00065536 _____ C:\WINDOWS\Minidump\Mini111913-01.dmp
2013-11-18 01:20 - 2013-09-02 15:20 - 00000000 ____D C:\Documents and Settings\cookie\Application Data\Spotify
2013-11-17 05:04 - 2012-06-24 20:03 - 00000000 ____D C:\Documents and Settings\cookie\Application Data\vlc
2013-11-16 17:56 - 2013-11-16 17:51 - 00000000 ____D C:\Program Files\The Mighty Quest For Epic Loot
2013-11-16 17:51 - 2013-11-16 17:51 - 00001051 _____ C:\Documents and Settings\All Users\Desktop\The Mighty Quest For Epic Loot.lnk
2013-11-16 17:51 - 2013-11-16 17:51 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\The Mighty Quest For Epic Loot
2013-11-16 17:51 - 2012-06-15 23:53 - 00000000 ____D C:\WINDOWS\system32\DirectX
2013-11-16 03:39 - 2013-10-15 00:40 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-11-16 00:58 - 2012-07-27 14:13 - 00000000 ____D C:\Documents and Settings\cookie\Local Settings\Application Data\Adobe
2013-11-16 00:52 - 2012-06-16 03:33 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-11-16 00:52 - 2012-06-16 03:33 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-11-15 21:27 - 2013-09-02 15:21 - 00000000 ____D C:\Documents and Settings\cookie\Local Settings\Application Data\Spotify
2013-11-13 06:43 - 2013-09-10 09:10 - 00037664 _____ (AVG Technologies) C:\WINDOWS\system32\Drivers\avgtpx86.sys
2013-11-13 06:43 - 2013-09-10 09:10 - 00003741 _____ C:\Program Files\Mozilla Firefoxsafeguard-secure-search.xml
2013-11-13 06:43 - 2013-09-10 09:10 - 00000000 ____D C:\Program Files\AVG SafeGuard toolbar
2013-11-13 06:43 - 2012-06-19 15:27 - 00000000 ____D C:\WINDOWS\system32\cache
2013-11-12 22:50 - 2012-10-15 16:10 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\DriverMax
2013-11-12 22:20 - 2013-11-12 22:20 - 00009468 _____ C:\WINDOWS\KB2900986.log
2013-11-12 22:20 - 2013-11-12 22:20 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2900986$
2013-11-12 22:20 - 2013-11-12 22:20 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876331$
2013-11-12 22:20 - 2013-11-12 22:20 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868626$
2013-11-12 22:20 - 2013-11-12 22:20 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862152$
2013-11-12 22:20 - 2013-11-12 22:19 - 00011508 _____ C:\WINDOWS\KB2888505-IE8.log
2013-11-12 22:20 - 2013-11-12 22:12 - 00015074 _____ C:\WINDOWS\KB2868626.log
2013-11-12 22:20 - 2013-11-12 22:12 - 00014047 _____ C:\WINDOWS\KB2862152.log
2013-11-12 22:20 - 2013-11-12 22:12 - 00013541 _____ C:\WINDOWS\KB2876331.log
2013-11-12 22:20 - 2013-07-09 14:59 - 00180557 _____ C:\WINDOWS\iis6.log
2013-11-12 22:20 - 2013-07-09 14:59 - 00166945 _____ C:\WINDOWS\FaxSetup.log
2013-11-12 22:20 - 2013-07-09 14:59 - 00079812 _____ C:\WINDOWS\ocgen.log
2013-11-12 22:20 - 2013-07-09 14:59 - 00076167 _____ C:\WINDOWS\tsoc.log
2013-11-12 22:20 - 2013-07-09 14:59 - 00055621 _____ C:\WINDOWS\comsetup.log
2013-11-12 22:20 - 2013-07-09 14:59 - 00051018 _____ C:\WINDOWS\msmqinst.log
2013-11-12 22:20 - 2013-07-09 14:59 - 00033668 _____ C:\WINDOWS\ntdtcsetup.log
2013-11-12 22:20 - 2013-07-09 14:59 - 00029241 _____ C:\WINDOWS\netfxocm.log
2013-11-12 22:20 - 2013-07-09 14:59 - 00018679 _____ C:\WINDOWS\updspapi.log
2013-11-12 22:20 - 2013-07-09 14:59 - 00011475 _____ C:\WINDOWS\MedCtrOC.log
2013-11-12 22:20 - 2013-07-09 14:59 - 00009234 _____ C:\WINDOWS\ocmsn.log
2013-11-12 22:20 - 2013-07-09 14:59 - 00008397 _____ C:\WINDOWS\tabletoc.log
2013-11-12 22:20 - 2013-07-09 14:59 - 00008343 _____ C:\WINDOWS\msgsocm.log
2013-11-12 22:20 - 2013-07-09 14:59 - 00001393 _____ C:\WINDOWS\imsins.log
2013-11-12 22:20 - 2013-07-09 14:59 - 00001393 _____ C:\WINDOWS\imsins.BAK
2013-11-12 22:19 - 2013-07-27 00:35 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-11-12 22:19 - 2012-06-16 02:24 - 00000000 ____D C:\WINDOWS\ie8updates
2013-11-12 22:15 - 2012-06-16 01:07 - 80340640 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-11-12 14:59 - 2013-11-12 14:59 - 00000081 _____ C:\Documents and Settings\cookie\Desktop\Hero for the Household Holiday Edition 2013.url
2013-11-11 15:24 - 2013-08-16 00:38 - 00257852 _____ C:\WINDOWS\DPINST.LOG
2013-11-11 15:24 - 2012-06-16 01:39 - 00000000 ____D C:\WINDOWS\system32\ReinstallBackups
2013-11-08 15:44 - 2013-11-08 15:44 - 00000000 ____D C:\Program Files\iPod
2013-11-08 15:44 - 2013-11-08 15:44 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
2013-11-08 15:44 - 2013-11-08 15:43 - 00000000 ____D C:\Program Files\iTunes
2013-11-08 15:44 - 2013-11-08 15:43 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-11-08 15:44 - 2012-07-04 14:22 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-11-08 04:08 - 2013-11-08 04:08 - 00000067 _____ C:\Documents and Settings\cookie\Desktop\15 Places Google Doesn’t Want You to See.URL
2013-11-06 19:15 - 2013-03-29 18:44 - 00000000 ____D C:\Program Files\Raptr
2013-11-06 19:14 - 2013-11-06 19:14 - 00001656 _____ C:\Documents and Settings\All Users\Desktop\VideoGenie.lnk
2013-11-06 19:14 - 2013-11-06 19:14 - 00000000 ____D C:\Documents and Settings\cookie\Application Data\MSI
2013-11-06 19:14 - 2012-06-16 02:47 - 00000000 ____D C:\Program Files\MSI
2013-11-06 19:14 - 2012-06-16 02:47 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\MSI
2013-11-06 19:13 - 2012-06-15 19:43 - 00632062 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-11-06 19:10 - 2012-07-28 19:52 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-11-06 00:16 - 2012-10-18 19:24 - 00000000 ____D C:\Program Files\SpeedFan
2013-11-05 23:31 - 2012-06-16 04:26 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Diablo III
2013-11-04 22:04 - 2012-08-17 11:40 - 00008179 _____ C:\WINDOWS\lviewp.ini
2013-11-04 00:02 - 2013-11-01 20:10 - 00000000 ____D C:\Documents and Settings\cookie\My Documents\sort pics
2013-11-02 12:58 - 2013-11-02 12:58 - 00065536 _____ C:\WINDOWS\Minidump\Mini110213-01.dmp
2013-11-02 05:09 - 2012-06-16 04:31 - 00000000 ____D C:\Documents and Settings\cookie\Application Data\uTorrent
2013-10-31 05:14 - 2012-06-16 03:25 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2013-10-30 21:43 - 2013-10-30 21:43 - 00000081 _____ C:\Documents and Settings\cookie\Desktop\Superman 75th Sweepstakes.url
2013-10-29 23:14 - 2012-06-16 02:26 - 01127156 _____ C:\WINDOWS\system32\nvdrsdb1.bin
2013-10-29 23:14 - 2012-06-16 02:26 - 01127156 _____ C:\WINDOWS\system32\nvdrsdb0.bin
2013-10-29 23:14 - 2012-06-16 02:26 - 00000001 _____ C:\WINDOWS\system32\nvdrssel.bin
2013-10-29 23:14 - 2012-06-16 02:26 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-10-28 03:04 - 2012-06-16 00:07 - 00011264 _____ C:\Documents and Settings\cookie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-10-26 23:50 - 2012-10-12 13:23 - 00000040 _____ C:\WINDOWS\nero.INI
2013-10-26 23:37 - 2013-10-26 15:18 - 00000000 ____D C:\Program Files\AviSynth 2.5
2013-10-26 15:22 - 2013-10-26 15:22 - 00000000 ____D C:\Documents and Settings\cookie\My Documents\Red Kawa
2013-10-26 15:22 - 2013-10-26 15:22 - 00000000 ____D C:\Documents and Settings\cookie\Local Settings\Application Data\Geckofx
2013-10-26 15:22 - 2013-10-26 15:22 - 00000000 ____D C:\Documents and Settings\cookie\Application Data\Red Kawa
2013-10-26 15:18 - 2013-10-26 15:18 - 00001791 _____ C:\Documents and Settings\All Users\Desktop\YouTube Downloader App.lnk
2013-10-26 15:18 - 2013-10-26 15:18 - 00000000 ____D C:\Program Files\Regensoft
2013-10-26 15:18 - 2013-10-26 15:18 - 00000000 ____D C:\Program Files\Red Kawa
2013-10-26 15:18 - 2013-10-26 15:18 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Regensoft
2013-10-26 15:18 - 2013-10-26 15:18 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Red Kawa
2013-10-26 05:22 - 2013-03-29 12:30 - 00000000 ____D C:\Program Files\Defraggler
2013-10-26 05:21 - 2012-06-16 04:33 - 00000000 ____D C:\Documents and Settings\cookie\Application Data\Ventrilo
2013-10-26 05:18 - 2012-06-16 00:12 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-10-26 05:17 - 2013-02-26 02:38 - 00000000 ____D C:\Program Files\CCleaner
2013-10-24 22:49 - 2012-06-16 04:46 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2013-10-24 00:34 - 2012-10-16 20:19 - 00000000 ____D C:\Documents and Settings\cookie\My Documents\Adventures

Files to move or delete:
====================
C:\Documents and Settings\All Users\hash.dat
C:\Documents and Settings\cookie\jagex_cl_speccollect_LIVE.dat
C:\Documents and Settings\cookie\random.dat


Some content of TEMP:
====================
C:\Documents and Settings\cookie\Local Settings\Temp\Uninstaller-2356.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 23-11-2013
Ran by cookie at 2013-11-23 01:49:47
Running from C:\Documents and Settings\cookie\My Documents\Downloads
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Security Center ========================

AV: AVG AntiVirus Free Edition 2013 (Disabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

==================== Installed Programs ======================

µTorrent (HKCU Version: 3.3.2.30180)
µTorrent (Version: 3.3.0.29625)
7-Zip 9.20
Adobe Anchor Service CS3 (Version: 1.0)
Adobe Asset Services CS3 (Version: 3)
Adobe Bridge CS3 (Version: 2)
Adobe Bridge Start Meeting (Version: 1.0)
Adobe Camera Raw 4.0 (Version: 4.0)
Adobe CMaps (Version: 1.0)
Adobe Color - Photoshop Specific (Version: 1.0)
Adobe Color Common Settings (Version: 1.0)
Adobe Color EU Extra Settings (Version: 1.0)
Adobe Color JA Extra Settings (Version: 1.0)
Adobe Color NA Recommended Settings (Version: 1.0)
Adobe Default Language CS3 (Version: 1.0)
Adobe Device Central CS3 (Version: 1.0)
Adobe ExtendScript Toolkit 2 (Version: 2.0)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (Version: 11.9.900.152)
Adobe Fonts All (Version: 1.0)
Adobe Help Viewer CS3 (Version: 1)
Adobe Linguistics CS3 (Version: 3.0.0)
Adobe PDF Library Files (Version: 8.0)
Adobe Photoshop CS3 (Version: 10)
Adobe Photoshop CS3 (Version: 10.0)
Adobe Reader XI (11.0.05) (Version: 11.0.05)
Adobe Setup (Version: 1.0)
Adobe Stock Photos CS3 (Version: 1.5)
Adobe Type Support (Version: 1.0)
Adobe Update Manager CS3 (Version: 5.1.0)
Adobe Version Cue CS3 Client (Version: 3)
Adobe WinSoft Linguistics Plugin (Version: 1.0)
Adobe XMP Panels CS3 (Version: 1.0)
Ahead InCD
Ahead Nero Burning ROM
Ahead NeroVision Express
Apple Application Support (Version: 2.3.6)
Apple Mobile Device Support (Version: 7.0.0.117)
Apple Software Update (Version: 2.1.3.127)
applicationupdater
AVG 2013 (Version: 13.0.3426)
AVG 2013 (Version: 13.0.3629)
AVG 2013 (Version: 2013.0.3426)
AVG SafeGuard toolbar (Version: 17.1.2.1)
Bonjour (Version: 3.0.0.10)
BurnInTest v7.1 Standard (Version: 7.1)
calibre (Version: 0.8.63)
CCleaner (Version: 4.07)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Coupon Printer for Windows (Version: 5.0.0.1)
Data Lifeguard Diagnostic for Windows 1.24
Defraggler (Version: 2.16)
Diablo III
Dota 2
DriverMax 7 (Version: 7.22.0.143)
Dropbox (HKCU Version: 2.0.22)
DualCoreCenter
Duel of Champions
Dungeon Defenders
Free YouTube Downloader 3.5.126
Google Chrome (Version: 31.0.1650.57)
Google Update Helper (Version: 1.3.21.165)
Guild Wars 2
Happy Cloud Client (HKCU Version: 1.374)
ImgBurn (Version: 2.5.8.0)
ImgBurn Packages
iTunes (Version: 11.1.3.8)
Java 7 Update 45 (Version: 7.0.450)
Java Auto Updater (Version: 2.1.9.8)
League of Legends (Version: 3.0.0)
Left 4 Dead 2
Live Update 5 (Version: 5.0.109)
Magicka
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Marvel Heroes
McAfee Security Scan Plus (Version: 3.8.130.8)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft LifeChat (Version: 1.40.224.0)
Microsoft Office Word Viewer 2003 (Version: 11.0.8173.0)
Microsoft Office XP Professional with FrontPage (Version: 10.0.6626.0)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (Version: 9.0.30411)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft XNA Framework Redistributable 3.1 (Version: 3.1.10527.0)
Mozilla Firefox 25.0 (x86 en-US) (Version: 25.0)
Mozilla Maintenance Service (Version: 25.0)
NirSoft BlueScreenView
NVIDIA Control Panel 320.49 (Version: 320.49)
NVIDIA Install Application (Version: 2.1002.124.810)
NVIDIA PhysX (Version: 9.13.0604)
NVIDIA PhysX System Software 9.13.0604 (Version: 9.13.0604)
Orb Runtime libraries (Version: 1.0.0)
Pando Media Booster (Version: 2.6.0.7)
PDF Settings (Version: 1.0)
Photo Viewer S2.5 (Version: 2.5)
Pidgin (Version: 2.10.7)
Poker Night at the Inventory
PSP Video 9 6 (Version: 6)
QuickTime (Version: 7.74.80.86)
RaidCall (Version: 7.2.6-1.0.8500.17)
Raptr
REALTEK GbE & FE Ethernet PCI-E NIC Driver (Version: 1.35.0000)
Realtek High Definition Audio Driver (Version: 5.10.0.7037)
RIFT
RoxioNow Player (Version: 1.9.6.4)
SeaTools for Windows (Version: 1.2.0.6)
Skype™ 6.7 (Version: 6.7.102)
SOE Web Installer (HKCU Version: 1.0.3.171)
SpeedFan (remove only)
SpiderOak
Spiral Knights
Spotify (HKCU Version: 0.9.6.72.ge389c074)
Star Wars: The Old Republic (Version: 1.00)
Steam (Version: 1.0.0.0)
System Requirements Lab CYRI (Version: 6.0.7.0)
Team Fortress 2
TeamSpeak 3 Client (Version: 3.0.13.1)
TeamViewer 8 (Version: 8.0.22298)
The Mighty Quest For Epic Loot version 1.220469 (Version: 1.220469)
Torchlight II
Unity Web Player (HKCU Version: )
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows Internet Explorer 8 (KB2632503) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2492386) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB2808679) (Version: 1)
Update for Windows XP (KB2863058) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
Ventrilo Client (Version: 3.0.8)
VideoGenie (Version: 1.0.0.12)
VLC media player 2.0.8 (Version: 2.0.8)
WebFldrs XP (Version: 9.50.7523)
WhoCrashed 5.00
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0 (Version: 04.00.6001.503)
Windows XP Service Pack 3 (Version: 20080414.031525)
World of Warcraft (Version: 5.4.0.17371)
Xiph.Org Open Codecs 0.85.17777 (Version: 0.85.17777)
Yahoo! Messenger
Yahoo! Software Update
YouTube Downloader App 3.00 (Version: 3.00)

==================== Restore Points =========================

27-10-2013 14:53:18 System Checkpoint
28-10-2013 19:06:35 System Checkpoint
29-10-2013 22:13:58 System Checkpoint
30-10-2013 04:13:19 DMX_DriverMax Driver Installation
31-10-2013 03:59:31 Removed BlueStacks Notification Center
31-10-2013 04:00:13 Removed BlueStacks Notification Center
01-11-2013 17:04:10 System Checkpoint
02-11-2013 18:55:09 System Checkpoint
04-11-2013 01:37:50 System Checkpoint
05-11-2013 16:53:47 System Checkpoint
06-11-2013 22:12:17 System Checkpoint
07-11-2013 22:43:47 System Checkpoint
09-11-2013 00:26:46 System Checkpoint
10-11-2013 03:46:45 System Checkpoint
11-11-2013 04:12:37 System Checkpoint
11-11-2013 20:23:39 DMX_DriverMax Driver Installation
12-11-2013 22:43:51 System Checkpoint
13-11-2013 03:15:28 Software Distribution Service 3.0
14-11-2013 09:34:33 System Checkpoint
15-11-2013 09:49:28 System Checkpoint
16-11-2013 20:22:59 System Checkpoint
16-11-2013 22:51:18 Installed DirectX
18-11-2013 10:11:56 System Checkpoint
19-11-2013 10:17:39 System Checkpoint
20-11-2013 16:51:14 System Checkpoint

==================== Hosts content: ==========================

2006-02-28 07:00 - 2013-10-11 12:06 - 00000815 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
0.0.0.0 geo.messenger.services.live.com
0.0.0.0 geo.gateway.messenger.live.com


==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{1FF7446C-4854-4BB3-BB67-87617B84A70F}.job => C:\WINDOWS\system32\msfeedssync.exe

==================== Loaded Modules (whitelisted) =============

2010-11-22 17:56 - 2010-11-22 17:56 - 00087040 _____ () C:\Program Files\Raptr\_ctypes.pyd
2010-11-22 17:56 - 2010-11-22 17:56 - 00043008 _____ () C:\Program Files\Raptr\_socket.pyd
2010-11-22 17:56 - 2010-11-22 17:56 - 00805376 _____ () C:\Program Files\Raptr\_ssl.pyd
2012-06-22 16:53 - 2012-06-22 16:53 - 05812736 _____ () C:\Program Files\Raptr\PyQt4.QtGui.pyd
2012-06-22 16:24 - 2012-06-22 16:24 - 00067584 _____ () C:\Program Files\Raptr\sip.pyd
2012-06-22 16:39 - 2012-06-22 16:39 - 01662464 _____ () C:\Program Files\Raptr\PyQt4.QtCore.pyd
2012-06-22 16:55 - 2012-06-22 16:55 - 00494592 _____ () C:\Program Files\Raptr\PyQt4.QtNetwork.pyd
2010-11-22 17:57 - 2010-11-22 17:57 - 00096256 _____ () C:\Program Files\Raptr\win32api.pyd
2010-11-22 17:56 - 2010-11-22 17:56 - 00110592 _____ () C:\Program Files\Raptr\pywintypes26.dll
2010-11-22 17:56 - 2010-11-22 17:56 - 00324608 _____ () C:\Program Files\Raptr\PIL._imaging.pyd
2010-11-22 17:56 - 2010-11-22 17:56 - 00356864 _____ () C:\Program Files\Raptr\_hashlib.pyd
2010-11-22 17:57 - 2010-11-22 17:57 - 00036352 _____ () C:\Program Files\Raptr\win32process.pyd
2010-11-22 17:57 - 2010-11-22 17:57 - 00111104 _____ () C:\Program Files\Raptr\win32file.pyd
2010-11-22 17:56 - 2010-11-22 17:56 - 00124928 _____ () C:\Program Files\Raptr\_elementtree.pyd
2010-11-22 17:56 - 2010-11-22 17:56 - 00127488 _____ () C:\Program Files\Raptr\pyexpat.pyd
2012-02-06 15:28 - 2012-02-06 15:28 - 00031744 _____ () C:\Program Files\Raptr\Crypto.Cipher.AES.pyd
2012-02-06 15:28 - 2012-02-06 15:28 - 00010752 _____ () C:\Program Files\Raptr\Crypto.Random.OSRNG.winrandom.pyd
2012-02-06 15:28 - 2012-02-06 15:28 - 00011264 _____ () C:\Program Files\Raptr\Crypto.Util._counter.pyd
2011-05-10 14:01 - 2011-05-10 14:01 - 00030208 _____ () C:\Program Files\Raptr\simplejson._speedups.pyd
2012-06-22 16:59 - 2012-06-22 16:59 - 00313856 _____ () C:\Program Files\Raptr\PyQt4.QtWebKit.pyd
2010-11-22 17:56 - 2010-11-22 17:56 - 00044544 _____ () C:\Program Files\Raptr\_sqlite3.pyd
2011-02-15 13:17 - 2011-02-15 13:17 - 00417501 _____ () C:\Program Files\Raptr\sqlite3.dll
2010-11-22 17:56 - 2010-11-22 17:56 - 00354304 _____ () C:\Program Files\Raptr\pythoncom26.dll
2010-11-22 17:57 - 2010-11-22 17:57 - 00016384 _____ () C:\Program Files\Raptr\win32trace.pyd
2010-11-22 17:57 - 2010-11-22 17:57 - 00167936 _____ () C:\Program Files\Raptr\win32gui.pyd
2010-11-22 17:56 - 2010-11-22 17:56 - 00009216 _____ () C:\Program Files\Raptr\winsound.pyd
2010-11-22 17:56 - 2010-11-22 17:56 - 00010240 _____ () C:\Program Files\Raptr\select.pyd
2010-11-22 17:56 - 2010-11-22 17:56 - 00583680 _____ () C:\Program Files\Raptr\unicodedata.pyd
2010-11-22 17:57 - 2010-11-22 17:57 - 00263168 _____ () C:\Program Files\Raptr\win32com.shell.shell.pyd
2010-11-22 17:57 - 2010-11-22 17:57 - 00141312 _____ () C:\Program Files\Raptr\gobject._gobject.pyd
2012-10-27 02:53 - 2012-10-27 02:53 - 02717595 _____ () C:\Program Files\Raptr\heliotrope._purple.pyd
2011-02-15 13:17 - 2011-02-15 13:17 - 01213633 _____ () C:\Program Files\Raptr\libxml2-2.dll
2010-11-22 18:06 - 2010-11-22 18:06 - 00055808 _____ () C:\Program Files\Raptr\zlib1.dll
2013-05-09 18:52 - 2013-05-09 18:52 - 00495680 _____ () C:\Program Files\Raptr\plugins\libaim.dll
2013-05-09 18:52 - 2013-05-09 18:52 - 01183699 _____ () C:\Program Files\Raptr\liboscar.dll
2013-05-09 18:52 - 2013-05-09 18:52 - 00483306 _____ () C:\Program Files\Raptr\plugins\libicq.dll
2013-05-03 13:57 - 2013-05-03 13:57 - 00655356 _____ () C:\Program Files\Raptr\plugins\libirc.dll
2013-05-03 13:56 - 2013-05-03 13:56 - 01306387 _____ () C:\Program Files\Raptr\plugins\libmsn.dll
2013-05-03 13:56 - 2013-05-03 13:56 - 00565461 _____ () C:\Program Files\Raptr\plugins\libxmpp.dll
2013-05-03 13:57 - 2013-05-03 13:57 - 01640221 _____ () C:\Program Files\Raptr\libjabber.dll
2013-05-03 13:56 - 2013-05-03 13:56 - 00506276 _____ () C:\Program Files\Raptr\plugins\libyahoo.dll
2013-05-03 13:57 - 2013-05-03 13:57 - 01053730 _____ () C:\Program Files\Raptr\libymsg.dll
2013-05-03 13:57 - 2013-05-03 13:57 - 00497782 _____ () C:\Program Files\Raptr\plugins\libyahoojp.dll
2013-05-03 13:57 - 2013-05-03 13:57 - 00603326 _____ () C:\Program Files\Raptr\plugins\ssl-nss.dll
2013-05-03 13:57 - 2013-05-03 13:57 - 00474199 _____ () C:\Program Files\Raptr\plugins\ssl.dll
2006-02-28 07:00 - 2008-04-13 19:11 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2006-02-28 07:00 - 2008-04-13 19:11 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2013-11-14 20:20 - 2013-11-14 06:29 - 04055504 _____ () C:\Program Files\Google\Chrome\Application\31.0.1650.57\pdf.dll
2013-11-14 20:20 - 2013-11-14 06:29 - 00399312 _____ () C:\Program Files\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll
2013-11-14 20:20 - 2013-11-14 06:28 - 01619408 _____ () C:\Program Files\Google\Chrome\Application\31.0.1650.57\ffmpegsumo.dll
2013-11-14 20:20 - 2013-11-14 06:29 - 13582800 _____ () C:\Program Files\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll
2013-11-20 17:26 - 2013-11-20 17:26 - 04591616 _____ () C:\Documents and Settings\cookie\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\1.0.5.0\libglesv2.dll
2013-11-20 17:26 - 2013-11-20 17:26 - 00112128 _____ () C:\Documents and Settings\cookie\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\1.0.5.0\libegl.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\22292193.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\22292193.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/05/2013 10:33:23 PM) (Source: Application Error) (User: )
Description: Fault bucket -1741641449.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.

Error: (11/05/2013 10:33:20 PM) (Source: Application Error) (User: )
Description: Faulting application ventrilo.exe, version 3.0.8.0, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x000113c0.
Processing media-specific event for [ventrilo.exe!ws!]

Error: (11/02/2013 01:02:10 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\DOCUMENTS AND SETTINGS\COOKIE\RECENT\SORT PICS.LNK> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog


Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (10/28/2013 08:32:54 PM) (Source: Chrome) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=30.0.1599.101;lang=;id=;is_machine=1;oop=1;upload=1;minidump=C:\Program Files\Google\CrashReports\e16fa9d7-8f3f-4416-acca-e044239152a0.dmp

Error: (10/28/2013 08:32:54 PM) (Source: Chrome) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=30.0.1599.101;lang=;id=;is_machine=1;oop=1;upload=1;minidump=C:\Program Files\Google\CrashReports\f8635cb0-bc13-4c38-8eb5-c380b0aff52d.dmp

Error: (10/26/2013 05:18:14 AM) (Source: Application Error) (User: )
Description: Faulting application uninstaller-2356.exe, version 1.0.3.159, faulting module uninstaller-2356.exe, version 1.0.3.159, fault address 0x0002dd8f.
Processing media-specific event for [uninstaller-2356.exe!ws!]

Error: (10/22/2013 10:55:49 PM) (Source: Application Hang) (User: )
Description: Hanging application rundll32.exe, version 5.1.2600.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (10/11/2013 09:45:52 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\DOCUMENTS AND SETTINGS\COOKIE\MY DOCUMENTS\DOWNLOADS\JRE-7U40-WINDOWS-I586.GZ> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog


Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (10/11/2013 01:28:00 PM) (Source: Application Error) (User: )
Description: Faulting application javara.exe, version 1.16.1.1763, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x0000100b.
Processing media-specific event for [javara.exe!ws!]

Error: (10/04/2013 08:56:54 PM) (Source: Chrome) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=29.0.1547.76;lang=;id=;is_machine=1;upload=1;minidump=C:\Program Files\Google\CrashReports\d852afc6-2aa7-4db2-850a-63dbc6922fcd.dmp


System errors:
=============
Error: (11/22/2013 08:39:46 PM) (Source: DCOM) (User: CHRIS-8F370AB9F)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (11/22/2013 02:37:15 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AVGIDSDriver
AVGIDSShim
Avgldx86
Fips
intelppm

Error: (11/22/2013 02:37:15 AM) (Source: Service Control Manager) (User: )
Description: The AVGIDSAgent service depends on the AVGIDSDriver service which failed to start because of the following error:
%%31

Error: (11/22/2013 02:36:17 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (11/21/2013 09:24:45 PM) (Source: DCOM) (User: CHRIS-8F370AB9F)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (11/21/2013 09:24:33 PM) (Source: DCOM) (User: CHRIS-8F370AB9F)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (11/21/2013 09:24:19 PM) (Source: DCOM) (User: CHRIS-8F370AB9F)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (11/21/2013 09:23:40 PM) (Source: DCOM) (User: CHRIS-8F370AB9F)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (11/21/2013 09:23:27 PM) (Source: DCOM) (User: CHRIS-8F370AB9F)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (11/20/2013 11:09:57 PM) (Source: DCOM) (User: CHRIS-8F370AB9F)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}


Microsoft Office Sessions:
=========================
Error: (11/05/2013 10:33:23 PM) (Source: Application Error)(User: )
Description: -1741641449

Error: (11/05/2013 10:33:20 PM) (Source: Application Error)(User: )
Description: ventrilo.exe3.0.8.0ntdll.dll5.1.2600.6055000113c0

Error: (11/02/2013 01:02:10 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog


Details:
A device attached to the system is not functioning. (0x8007001f)
C:\DOCUMENTS AND SETTINGS\COOKIE\RECENT\SORT PICS.LNK

Error: (10/28/2013 08:32:54 PM) (Source: Chrome)(User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=30.0.1599.101;lang=;id=;is_machine=1;oop=1;upload=1;minidump=C:\Program Files\Google\CrashReports\e16fa9d7-8f3f-4416-acca-e044239152a0.dmp

Error: (10/28/2013 08:32:54 PM) (Source: Chrome)(User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=30.0.1599.101;lang=;id=;is_machine=1;oop=1;upload=1;minidump=C:\Program Files\Google\CrashReports\f8635cb0-bc13-4c38-8eb5-c380b0aff52d.dmp

Error: (10/26/2013 05:18:14 AM) (Source: Application Error)(User: )
Description: uninstaller-2356.exe1.0.3.159uninstaller-2356.exe1.0.3.1590002dd8f

Error: (10/22/2013 10:55:49 PM) (Source: Application Hang)(User: )
Description: rundll32.exe5.1.2600.5512hungapp0.0.0.000000000

Error: (10/11/2013 09:45:52 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog


Details:
A device attached to the system is not functioning. (0x8007001f)
C:\DOCUMENTS AND SETTINGS\COOKIE\MY DOCUMENTS\DOWNLOADS\JRE-7U40-WINDOWS-I586.GZ

Error: (10/11/2013 01:28:00 PM) (Source: Application Error)(User: )
Description: javara.exe1.16.1.1763ntdll.dll5.1.2600.60550000100b

Error: (10/04/2013 08:56:54 PM) (Source: Chrome)(User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=29.0.1547.76;lang=;id=;is_machine=1;upload=1;minidump=C:\Program Files\Google\CrashReports\d852afc6-2aa7-4db2-850a-63dbc6922fcd.dmp


==================== Memory info ===========================

Percentage of memory in use: 22%
Total physical RAM: 3327.17 MB
Available physical RAM: 2595.13 MB
Total Pagefile: 5215.69 MB
Available Pagefile: 4607.74 MB
Total Virtual: 2047.88 MB
Available Virtual: 1955.36 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:298.08 GB) (Free:53.38 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (Backup) (Fixed) (Total:298.08 GB) (Free:116.47 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive e: (CHRISMISLIN) (Removable) (Total:27.85 GB) (Free:25.36 GB) FAT32
Drive h: (HP 4GIG) (Removable) (Total:3.77 GB) (Free:0.16 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 298 GB) (Disk ID: FFFFFFFF)
Partition 1: (Active) - (Size=298 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 298 GB) (Disk ID: 34084AE9)
Partition 1: (Active) - (Size=298 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 4 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=4 GB) - (Type=0B)

========================================================
Disk: 3 (Size: 28 GB) (Disk ID: 20202020)
Partition 1: (Not Active) - (Size=78 MB) - (Type=00)
Partition 2: (Not Active) - (Size=28 GB) - (Type=0B)

==================== End Of Log ============================
  • 0

#6
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts
Hello cmislin,

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right click JRT.exe and "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

  • 0

#7
cmislin

cmislin

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 384 posts
This will be fine to run still in safemode?
  • 0

#8
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts
I should add to my last post.

If you are running in Safe Mode don't worry about your security programs.
  • 0

#9
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts
Oh I see we cross posted.

Yes this is fine to run in Safe Mode.
  • 0

#10
cmislin

cmislin

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 384 posts
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Microsoft Windows XP x86
Ran by cookie on Sat 11/23/2013 at 2:08:09.98
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\scripthelper.exe
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\viprotocol.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\igearsettings
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\protocols\handler\viprotocol
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\s
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}



~~~ Files

Successfully deleted: [File] "C:\Program Files\mozilla firefox\plugins\npcouponprinter.dll"
Successfully deleted: [File] "C:\Program Files\mozilla firefox\plugins\npmozcouponprinter.dll"



~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\cookie\Application Data\red kawa"
Successfully deleted: [Folder] "C:\Documents and Settings\cookie\Local Settings\Application Data\visi_coupon"
Successfully deleted: [Folder] "C:\Documents and Settings\cookie\Local Settings\Application Data\wajam"
Successfully deleted: [Folder] "C:\Program Files\coupons"
Successfully deleted: [Folder] "C:\Program Files\free youtube downloader"
Successfully deleted: [Folder] "C:\Program Files\red kawa"
Successfully deleted: [Folder] "C:\WINDOWS\system32\ai_recyclebin"



~~~ FireFox

Successfully deleted: [File] C:\Documents and Settings\cookie\Application Data\mozilla\firefox\profiles\kpxtwbeq.default\user.js
Successfully deleted: [Folder] C:\Documents and Settings\cookie\Application Data\mozilla\firefox\profiles\kpxtwbeq.default\extensions\staged
Successfully deleted the following from C:\Documents and Settings\cookie\Application Data\mozilla\firefox\profiles\kpxtwbeq.default\prefs.js

user_pref("avg.install.extHomepage", "hxxp://mysearch.avg.com?pid=safeguard&sg=&cid=%7Ba8effbc5-4e35-423e-a0cf-10f2710de9c8%7D&mid=a6320218e97047d0981f16d06321048f-369925f3671
user_pref("playbryte.defaultsearchprocessed", true);
user_pref("playbryte.installpixelfired", true);
user_pref("playbryte.pingdate", "Sat Sep 08 2012 13:38:56 GMT-0400 (Eastern Daylight Time)");
Emptied folder: C:\Documents and Settings\cookie\Application Data\mozilla\firefox\profiles\kpxtwbeq.default\minidumps [3 files]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 11/23/2013 at 2:10:39.09
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • 0

Advertisements


#11
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts
Please download ComboFix from this location:

Link

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.

  • Double click on ComboFix.exe & follow the prompts.
  • If you have an older Operating System you may be asked whether you want to install the Recovery Console. Click yes and follow any prompts.
  • Your desktop may go blank. This is normal.
  • ComboFix may appear to be doing nothing for quite long periods, this is normal, just leave it to do it's job.
  • ComboFix may reboot your machine. This is normal too.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#12
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts
Oh I should have said this one is fine to run in Safe Mode too. :)
  • 0

#13
cmislin

cmislin

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 384 posts
safemode still ok to run this program in and such?
  • 0

#14
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts
Yep. :thumbsup:
  • 0

#15
cmislin

cmislin

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 384 posts
ComboFix 13-11-22.01 - cookie 11/23/2013 2:34.1.2 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2798 [GMT -5:00]
Running from: c:\documents and settings\cookie\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\msvcr71.dll
c:\windows\system32\Cache
c:\windows\system32\Cache\075884af680ff6dc.fb
c:\windows\system32\Cache\154cebc509d4b3cd.fb
c:\windows\system32\Cache\227113dfa1ca894d.fb
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
c:\windows\system32\Cache\32c84fe32bb74d60.fb
c:\windows\system32\Cache\34eb83625ad7359b.fb
c:\windows\system32\Cache\35d0fd9b35b8c084.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\49fbbc5a8678d502.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\5c54eb1a1655b076.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\613e8ce7ab7106af.fb
c:\windows\system32\Cache\633a76311867bd11.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\68e782b71c1814a2.fb
c:\windows\system32\Cache\691f14230153a9e1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6cb409d7ac73d9f1.fb
c:\windows\system32\Cache\6d03dad1035885d3.fb
c:\windows\system32\Cache\7614bd6cfa99e546.fb
c:\windows\system32\Cache\77664b6ccc36be9f.fb
c:\windows\system32\Cache\881b3593316772f0.fb
c:\windows\system32\Cache\98657d0579ae1930.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\c1fa887b03019701.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d5c0f4e7bbe35bf3.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\d9ca663388d21ec0.fb
c:\windows\system32\Cache\e8bb726860f27224.fb
c:\windows\system32\Cache\f159db8091f8fd82.fb
c:\windows\system32\Cache\f2cda51fd108941f.fb
c:\windows\system32\Cache\f34d8db84131d925.fb
c:\windows\system32\Cache\f998975c9cc711ee.fb
c:\windows\system32\FlashPlayerApp.exe
c:\windows\system32\Temp
c:\windows\system32\Temp\DE99B537R3
.
.
((((((((((((((((((((((((( Files Created from 2013-10-23 to 2013-11-23 )))))))))))))))))))))))))))))))
.
.
2013-11-23 07:08 . 2013-11-23 07:08 -------- d-----w- c:\windows\ERUNT
2013-11-23 06:48 . 2013-11-23 06:48 -------- d-----w- C:\FRST
2013-11-22 07:30 . 2013-11-22 07:30 204896 ----a-w- c:\windows\system32\drivers\46061997.sys
2013-11-20 22:03 . 2013-11-20 22:03 -------- d-----w- c:\documents and settings\Administrator
2013-11-16 22:51 . 2013-11-16 22:56 -------- d-----w- c:\program files\The Mighty Quest For Epic Loot
2013-11-08 20:44 . 2013-11-08 20:44 -------- d-----w- c:\program files\iPod
2013-11-08 20:43 . 2013-11-08 20:44 -------- d-----w- c:\program files\iTunes
2013-11-08 20:43 . 2013-11-08 20:44 -------- d-----w- c:\documents and settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-11-07 00:14 . 2013-11-07 00:14 -------- d-----w- c:\documents and settings\cookie\Application Data\MSI
2013-10-30 04:13 . 2013-10-23 08:14 893728 ----a-w- c:\windows\system32\nvdispgenco3233165.dll
2013-10-30 04:13 . 2013-10-23 08:14 1049888 ----a-w- c:\windows\system32\nvdispco3233165.dll
2013-10-26 20:22 . 2013-10-26 20:22 -------- d-----w- c:\documents and settings\cookie\Local Settings\Application Data\Geckofx
2013-10-26 20:18 . 2013-10-26 20:18 -------- d-----w- c:\program files\Regensoft
2013-10-26 20:18 . 2013-10-27 04:37 -------- d-----w- c:\program files\AviSynth 2.5
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-16 05:52 . 2012-06-16 08:33 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-11-13 11:43 . 2013-09-10 14:10 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-10-23 08:14 . 2012-09-17 23:37 9465856 ----a-w- c:\windows\system32\nvopencl.dll
2013-10-23 08:14 . 2012-06-16 08:03 17551360 ----a-w- c:\windows\system32\nvcompiler.dll
2013-10-23 08:14 . 2012-06-16 05:42 12658336 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2013-10-23 08:14 . 2012-02-10 02:40 9506816 ----a-w- c:\windows\system32\nvcuda.dll
2013-10-23 08:14 . 2012-02-10 02:40 2951968 ----a-w- c:\windows\system32\nvcuvid.dll
2013-10-23 08:14 . 2012-02-10 02:40 2747168 ----a-w- c:\windows\system32\nvcuvenc.dll
2013-10-23 08:14 . 2012-02-10 02:40 2631680 ----a-w- c:\windows\system32\nvapi.dll
2013-10-23 08:14 . 2012-02-10 02:40 22171648 ----a-w- c:\windows\system32\nvoglnt.dll
2013-10-23 08:14 . 2008-04-14 00:12 4073472 ----a-w- c:\windows\system32\nv4_disp.dll
2013-10-15 22:32 . 2013-10-23 03:48 1049888 ----a-w- c:\windows\system32\nvdispco3233158.dll
2013-10-15 22:32 . 2013-10-23 03:48 893728 ----a-w- c:\windows\system32\nvdispgenco3233158.dll
2013-10-13 07:25 . 2006-02-28 12:00 920064 ----a-w- c:\windows\system32\wininet.dll
2013-10-13 07:25 . 2006-02-28 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2013-10-13 07:25 . 2006-02-28 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-10-13 07:24 . 2006-02-28 12:00 18944 ----a-w- c:\windows\system32\corpol.dll
2013-10-13 06:57 . 2006-02-28 12:00 385024 ------w- c:\windows\system32\html.iec
2013-10-12 15:56 . 2006-02-28 12:00 278528 ----a-w- c:\windows\system32\oakley.dll
2013-10-09 13:12 . 2006-02-28 12:00 287744 ----a-w- c:\windows\system32\gdi32.dll
2013-10-08 11:50 . 2013-10-19 17:11 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-10-08 11:29 . 2013-10-19 17:11 145408 ----a-w- c:\windows\system32\javacpl.cpl
2013-10-07 10:59 . 2006-02-28 12:00 603136 ----a-w- c:\windows\system32\crypt32.dll
2013-10-05 01:14 . 2012-06-16 05:32 7168 ----a-w- c:\windows\system32\xpsp4res.dll
2013-09-27 14:43 . 2013-10-04 18:35 1049888 ----a-w- c:\windows\system32\nvdispco3233140.dll
2013-09-27 14:43 . 2013-10-04 18:35 893728 ----a-w- c:\windows\system32\nvdispgenco3233140.dll
2013-09-12 14:42 . 2013-10-04 02:38 1049376 ----a-w- c:\windows\system32\nvdispco3232723.dll
2013-09-12 14:42 . 2013-10-04 02:38 893728 ----a-w- c:\windows\system32\nvdispgenco3232723.dll
2013-09-11 01:40 . 2012-06-27 01:31 5559512 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2013-09-10 20:16 . 2012-06-27 02:10 84696 ----a-w- c:\windows\system32\RtkCoInstIIXP.dll
2013-09-10 05:34 . 2012-09-21 08:45 22328 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2013-09-05 05:43 . 2012-09-14 08:05 39224 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2013-09-03 15:16 . 2012-06-27 01:14 2080472 ----a-w- c:\windows\RtlExUpd.dll
2013-08-29 01:31 . 2006-02-28 12:00 1878656 ----a-w- c:\windows\system32\win32k.sys
2013-08-27 18:08 . 2012-10-23 05:29 679128 ----a-w- c:\windows\system32\drivers\Rt86win7.sys
2013-08-27 18:08 . 2012-06-16 05:12 77528 ----a-w- c:\windows\system32\RtNicProp32.dll
2013-08-27 18:08 . 2010-01-12 09:35 102104 ----a-w- c:\windows\system32\RTNUninst32.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\documents and settings\cookie\Application Data\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\documents and settings\cookie\Application Data\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\documents and settings\cookie\Application Data\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\documents and settings\cookie\Application Data\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="c:\documents and settings\cookie\Application Data\Spotify\Data\SpotifyWebHelper.exe" [2013-11-15 1168896]
"DriverMax"="c:\program files\Innovative Solutions\DriverMax\drivermax.exe" [2013-11-11 7350648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2003-07-13 155648]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2003-07-13 974898]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2013-09-23 4411952]
"LifeChat"="c:\program files\Microsoft LifeChat\LifeChat.exe" [2009-09-28 264040]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2013-05-01 421888]
"vProt"="c:\program files\AVG SafeGuard toolbar\vprot.exe" [2013-11-13 2420248]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"Live Update 5"="c:\program files\MSI\Live Update 5\BootStartLiveupdate.exe" [2012-01-30 315392]
"RTHDCPL"="RTHDCPL.EXE" [2013-06-24 20145368]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-11-02 152392]
.
c:\documents and settings\cookie\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\cookie\Application Data\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-24 27776968]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
DualCoreCenter.lnk - c:\program files\MSI\DualCoreCenter\StartUpDualCoreCenter.exe [2012-6-16 192512]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE -b -l [2001-2-13 83360]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe /startup [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2013\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"YahooAUService"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Diablo III\\Diablo III.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Documents and Settings\\cookie\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Roxio\\RoxioNow Player\\RNowShell.exe"=
"c:\\Program Files\\SpiderOak\\SpiderOak.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgmfapx.exe"=
"c:\\Program Files\\Guild Wars 2\\Gw2.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\Torchlight II\\Torchlight2.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\Poker Night at the Inventory\\CelebrityPoker.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\Torchlight II\\ModLauncher.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\Dungeon Defenders\\Binaries\\Win32\\DungeonDefenders.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Battle.net\\Agent\\Agent.2045\\Agent.exe"=
"c:\\Program Files\\Electronic Arts\\BioWare\\Star Wars-The Old Republic\\launcher.exe"=
"c:\\Documents and Settings\\cookie\\Application Data\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\cookie\\Application Data\\Spotify\\spotify.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\TeamViewer\\Version8\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version8\\TeamViewer_Service.exe"=
"c:\\Documents and Settings\\cookie\\Application Data\\Ubisoft\\MMDoC-PDCLive\\Launcher.exe"=
"c:\\Documents and Settings\\cookie\\Application Data\\Ubisoft\\MMDoC-PDCLive\\GameData\\Game.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgdiagex.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\spiral knights\\java_vm\\bin\\javaw.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\Marvel Heroes\\UnrealEngine3\\Binaries\\Win32\\MarvelGame.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\Magicka\\Magicka.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\dota 2 beta\\dota.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Battle.net\\Agent\\Agent.2328\\Agent.exe"=
"c:\\Program Files\\Raptr\\raptr.exe"=
"c:\\Program Files\\Raptr\\raptr_im.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\Team Fortress 2\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead 2\\left4dead2.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
"58206:TCP"= 58206:TCP:Pando Media Booster
"58206:UDP"= 58206:UDP:Pando Media Booster
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [10/15/2012 3:48 AM 60216]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [9/21/2012 3:46 AM 246072]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/14/2012 3:05 AM 39224]
R0 MxEFUF;Matrox Extio Upper Function Filter;c:\windows\system32\drivers\MxEFUF32.sys [10/16/2012 5:55 PM 102728]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [9/21/2012 3:46 AM 182072]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [9/10/2013 9:10 AM 37664]
R3 scnuhst20;SC NUSB Host 20;c:\windows\system32\drivers\scnuhst20.sys [1/27/2013 8:11 PM 11264]
R3 SCNUHUB20;SC NUSB Hub 20;c:\windows\system32\drivers\scnuhub20.sys [1/27/2013 8:11 PM 30080]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [7/5/2012 7:23 PM 25088]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [10/22/2012 1:02 PM 208184]
S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [9/21/2012 3:45 AM 22328]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [10/2/2012 3:30 AM 171320]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [7/4/2013 2:53 PM 4939312]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [7/23/2013 6:09 PM 283136]
S2 RoxioNow Service;RoxioNow Service;c:\program files\Roxio\RoxioNow Player\RNowSvc.exe [8/2/2011 7:37 PM 400368]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7/25/2013 7:52 AM 162672]
S2 TeamViewer8;TeamViewer 8;c:\program files\TeamViewer\Version8\TeamViewer_Service.exe [12/20/2012 3:53 PM 5087584]
S2 vToolbarUpdater17.1.2;vToolbarUpdater17.1.2;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe [11/13/2013 6:43 AM 1734680]
S3 22292193;22292193;c:\windows\system32\drivers\46061997.sys [11/22/2013 2:30 AM 204896]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [6/26/2012 8:31 PM 1691480]
S3 dg_ksudbus;Common USB Composite Device Driver (ijinshan.com);c:\windows\system32\drivers\ksudbus.sys [10/8/2013 9:06 PM 75776]
S3 DualCoreCenter;DualCoreCenter;c:\program files\MSI\DualCoreCenter\NTGLM7X.sys [6/16/2012 3:27 AM 28160]
S3 MSICDSetup;MSICDSetup;\??\g:\cdriver.sys --> g:\CDriver.sys [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files\MSI\Live Update 5\NTIOLib.sys [10/22/2013 10:31 AM 7680]
S3 NTIOLib_1_0_6;NTIOLib_1_0_6;c:\program files\Setup Files\Ms7592v7C0\NTIOLib.sys [1/6/2011 10:04 AM 7680]
S3 PCAlertDriver;PCAlertDriver;\??\c:\program files\MSI\PC Alert 4\NTGLM7X.sys --> c:\program files\MSI\PC Alert 4\NTGLM7X.sys [?]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [10/23/2012 12:29 AM 679128]
S3 udsstub;USBDeviceShare USB Device Stub;c:\windows\system32\drivers\udsstub.sys [10/19/2012 3:09 PM 16000]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 32283234
*Deregistered* - 32283234
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-11-15 01:18 1210320 ----a-w- c:\program files\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-11-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-16 05:52]
.
2013-11-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-09-18 19:07]
.
2013-11-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-09-18 19:07]
.
2013-11-20 c:\windows\Tasks\User_Feed_Synchronization-{1FF7446C-4854-4BB3-BB67-87617B84A70F}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com/rewards/dashboard
uInternet Settings,ProxyOverride = *.local
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\cookie\Start Menu\Programs\IMVU\Run IMVU.lnk
Trusted Zone: cinemanow.com
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: roxio.com
Trusted Zone: roxionow.com
Trusted Zone: soe.com
Trusted Zone: sonic.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\documents and settings\cookie\Application Data\Mozilla\Firefox\Profiles\kpxtwbeq.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
HKCU-Run-DriverMax_RESTART - (no file)
SafeBoot-22292193.sys
MSConfigStartUp-GoogleDriveSync - c:\program files\Google\Drive\googledrivesync.exe
AddRemove-Coupon Printer for Windows5.0.0.1 - c:\program files\Coupons\uninstall.exe
AddRemove-McAfee Security Scan - c:\program files\McAfee Security Scan\uninstall.exe
AddRemove-PSP Video 9 - c:\program files\Red Kawa\Video Converter App\uninstaller.exe
AddRemove-{A7E19604-93AF-4611-8C9F-CE509C2B286F}_is1 - c:\program files\Free YouTube Downloader\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-11-23 02:38
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
Completion time: 2013-11-23 02:39:42
ComboFix-quarantined-files.txt 2013-11-23 07:39
.
Pre-Run: 57,181,949,952 bytes free
Post-Run: 57,210,064,896 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 80DEC6860413161E1A6B40CF18E20521
8F558EB6672622401DA993E1E865C861
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP