Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Help Cannot run any Antivus and System restore

Started by latenaAKO , Feb 21 2014 04:58 AM

  • Please log in to reply

#1
latenaAKO
Posted 21 February 2014 - 04:58 AM

latenaAKO

    New Member

  • Member
  • Pip
  • 7 posts
I think my laptop is infected. I cannot run any anti-virus program(malwarebyte,MSE)and even sytem restore. Please help me I dont know what to do.
here is the otl
OTL logfile created on: 2/21/2014 6:42:35 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Administrator\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.11 Gb Total Physical Memory | 1.42 Gb Available Physical Memory | 45.55% Memory free
6.22 Gb Paging File | 4.07 Gb Available in Paging File | 65.38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 390.66 Gb Total Space | 165.60 Gb Free Space | 42.39% Space Free | Partition Type: NTFS
Drive D: | 29.98 Gb Total Space | 12.61 Gb Free Space | 42.04% Space Free | Partition Type: FAT32
Drive F: | 29.98 Gb Total Space | 29.98 Gb Free Space | 100.00% Space Free | Partition Type: FAT32
Drive I: | 20.38 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: LEO | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/02/21 18:37:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
PRC - [2014/02/21 17:18:28 | 000,244,736 | RHS- | M] () -- C:\ProgramData\load32.exe
PRC - [2014/02/21 17:18:28 | 000,244,736 | ---- | M] () -- C:\NTKernel\nt32.exe
PRC - [2014/02/21 12:58:27 | 001,863,560 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
PRC - [2014/02/15 18:47:08 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/11/17 20:06:00 | 000,442,712 | ---- | M] (Razer Inc.) -- C:\Program Files\Razer\Synapse\RzSynapse.exe
PRC - [2013/11/11 11:57:58 | 003,825,232 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IDMan.exe
PRC - [2013/11/07 19:17:30 | 000,269,848 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IEMonitor.exe
PRC - [2013/11/06 10:55:40 | 000,311,152 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
PRC - [2013/11/06 10:55:38 | 001,564,528 | ---- | M] (Samsung) -- C:\Program Files\Samsung\Kies\Kies.exe
PRC - [2013/10/09 10:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/08/25 14:43:31 | 000,086,016 | ---- | M] () -- C:\Windows\Installer\MSIB5BD.tmp
PRC - [2012/12/29 16:26:22 | 001,822,136 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2012/12/29 16:26:22 | 000,873,400 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2012/11/21 01:27:40 | 000,879,208 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
PRC - [2012/11/10 03:30:26 | 000,287,592 | ---- | M] (Connectify) -- C:\Program Files\Connectify\Connectifyd.exe
PRC - [2012/11/10 03:30:12 | 000,065,536 | ---- | M] () -- C:\Program Files\Connectify\ConnectifyService.exe
PRC - [2012/10/24 14:39:16 | 004,202,312 | ---- | M] () -- C:\Program Files\SMART BRO\UIMain.exe
PRC - [2012/10/24 14:39:02 | 000,724,296 | ---- | M] () -- C:\Program Files\SMART BRO\CMUpdater.exe
PRC - [2012/10/24 14:38:56 | 000,274,760 | ---- | M] () -- C:\Program Files\SMART BRO\AssistantServices.exe
PRC - [2012/09/23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/08/13 23:50:24 | 001,049,088 | ---- | M] (Autodesk Inc) -- C:\Program Files\Autodesk\SketchBook Pro 6\SketchBookSnapshot.exe
PRC - [2012/05/29 03:25:50 | 001,005,440 | ---- | M] (Crystal Rich Ltd) -- C:\Program Files\USB Safely Remove\USBSRService.exe
PRC - [2012/05/11 09:41:56 | 000,156,448 | ---- | M] () -- C:\Program Files\SMART BRO\UIExec.exe
PRC - [2012/03/28 16:03:16 | 016,957,056 | ---- | M] (Winstep Software Technologies) -- C:\Program Files\Winstep\Nexus.exe
PRC - [2012/01/27 01:40:44 | 000,291,608 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2012/01/04 18:46:14 | 007,991,200 | ---- | M] (Lenovo (Beijing) Limited) -- C:\Program Files\Lenovo\Energy Management\Energy Management.exe
PRC - [2011/12/26 13:48:48 | 005,937,056 | ---- | M] (Lenovo(beijing) Limited) -- C:\Program Files\Lenovo\Energy Management\utility.exe
PRC - [2011/12/08 10:44:04 | 000,722,704 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
PRC - [2011/12/08 10:43:42 | 000,653,584 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2011/12/08 10:43:40 | 000,107,792 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2011/12/05 09:30:26 | 000,509,440 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
PRC - [2011/11/28 20:47:42 | 002,589,832 | ---- | M] () -- C:\Program Files\Hear\Hear.exe
PRC - [2011/09/15 00:19:54 | 000,086,016 | ---- | M] () -- C:\Program Files\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_32server.exe
PRC - [2011/07/28 17:35:44 | 000,262,144 | ---- | M] (Arcai.com) -- C:\Program Files\netcut\services\aips.exe
PRC - [2011/06/02 00:42:28 | 000,014,088 | ---- | M] (Memeo) -- C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
PRC - [2011/02/11 19:26:22 | 000,377,344 | ---- | M] (Winstep Software Technologies) -- C:\Program Files\Winstep\WsxService.exe
PRC - [2010/11/21 05:29:20 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/21 05:29:10 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2010/11/21 05:29:07 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
PRC - [2010/02/04 19:25:50 | 000,135,168 | ---- | M] () -- C:\Windows\System32\ChgService.exe
PRC - [2009/12/01 10:43:12 | 002,519,040 | ---- | M] (Intel) -- C:\Program Files\Intel\AMT\UNS.exe
PRC - [2009/12/01 10:42:22 | 000,102,400 | ---- | M] (Intel) -- C:\Program Files\Intel\AMT\LMS.exe
PRC - [2009/11/20 19:17:54 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe


========== Modules (No Company Name) ==========

MOD - [2014/02/21 12:58:26 | 016,265,096 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_12_0_0_70.dll
MOD - [2014/02/15 18:46:54 | 003,578,992 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013/11/27 23:02:50 | 014,971,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Theme\46bbb33c59f04794a6688cdc28fd4802\Kies.Theme.ni.dll
MOD - [2013/11/27 23:02:38 | 000,232,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\bd38349bbe199a814b24e9344b53c836\ASF_cSharpAPI.ni.dll
MOD - [2013/11/27 23:02:12 | 000,183,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Commonc65c5a95#\f311308d760a90befb7c117b28f6d3e2\Kies.Common.DeviceServiceLib.Interface.ni.dll
MOD - [2013/11/27 23:02:03 | 001,816,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.UI\bfb0853c980ab15a55eda36a5717f981\Kies.UI.ni.dll
MOD - [2013/11/27 23:02:03 | 000,081,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\353d7eb4d057265988a2c6aacd8fb632\Kies.MVVM.ni.dll
MOD - [2013/09/13 19:51:44 | 000,087,952 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2013/09/13 19:51:20 | 001,242,952 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/11/22 18:57:06 | 000,056,424 | ---- | M] () -- C:\Windows\System32\PrxerNsp.dll
MOD - [2012/11/21 01:27:35 | 000,094,208 | ---- | M] () -- C:\Windows\System32\IccLibDll.dll
MOD - [2012/10/24 14:39:16 | 004,202,312 | ---- | M] () -- C:\Program Files\SMART BRO\UIMain.exe
MOD - [2012/10/24 14:39:02 | 000,724,296 | ---- | M] () -- C:\Program Files\SMART BRO\CMUpdater.exe
MOD - [2012/10/02 02:33:02 | 006,522,480 | ---- | M] () -- C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
MOD - [2012/05/11 09:41:56 | 000,156,448 | ---- | M] () -- C:\Program Files\SMART BRO\UIExec.exe
MOD - [2012/02/22 09:41:36 | 001,085,376 | ---- | M] () -- C:\Program Files\Winstep\wodTelnetDLX.dll
MOD - [2012/01/04 18:46:00 | 001,496,480 | ---- | M] () -- C:\Program Files\Lenovo\Energy Management\EMWpfUI.dll
MOD - [2011/11/28 20:47:42 | 002,589,832 | ---- | M] () -- C:\Program Files\Hear\Hear.exe
MOD - [2011/01/24 20:29:54 | 000,617,808 | ---- | M] () -- C:\Program Files\SMART BRO\UpdateAgent.dll
MOD - [2011/01/24 20:29:54 | 000,349,520 | ---- | M] () -- C:\Program Files\SMART BRO\UISkin.dll
MOD - [2011/01/24 20:29:54 | 000,238,928 | ---- | M] () -- C:\Program Files\SMART BRO\UICommonDlg.dll
MOD - [2011/01/24 20:29:54 | 000,165,712 | ---- | M] () -- C:\Program Files\SMART BRO\BIXml.dll
MOD - [2009/07/14 09:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\System32\msjetoledb40.dll
MOD - [2008/12/20 03:20:50 | 000,063,304 | ---- | M] () -- C:\Program Files\Lenovo\Energy Management\KbdHook.dll
MOD - [2008/12/20 03:20:08 | 000,051,016 | ---- | M] () -- C:\Program Files\Lenovo\Energy Management\HookLib.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/02/21 12:58:30 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/01/28 03:02:50 | 000,571,816 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2014/01/10 20:41:02 | 001,771,544 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe -- (vToolbarUpdater17.3.0)
SRV - [2013/10/24 16:15:45 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2013/10/14 18:34:58 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2013/10/09 10:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/08/25 14:43:31 | 000,086,016 | ---- | M] () [Auto | Running] -- C:\Windows\Installer\MSIB5BD.tmp -- (HyperDeskCustomThemeEnabler)
SRV - [2013/08/08 16:19:12 | 000,030,184 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe -- (LSCWinService)
SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/01/27 11:11:46 | 000,295,232 | ---- | M] () [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] () [Auto | Stopped] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/12/29 18:26:54 | 001,260,472 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/11/21 01:27:36 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/11/10 03:30:12 | 000,065,536 | ---- | M] () [Auto | Running] -- C:\Program Files\Connectify\ConnectifyService.exe -- (Connectify)
SRV - [2012/10/24 14:38:56 | 000,274,760 | ---- | M] () [Auto | Running] -- C:\Program Files\SMART BRO\AssistantServices.exe -- (UI Assistant Service)
SRV - [2012/09/23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/05/29 03:25:50 | 001,005,440 | ---- | M] (Crystal Rich Ltd) [Auto | Running] -- C:\Program Files\USB Safely Remove\USBSRService.exe -- (USBSafelyRemoveService)
SRV - [2011/12/08 10:44:04 | 000,722,704 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService)
SRV - [2011/12/08 10:43:50 | 000,241,936 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV - [2011/12/08 10:43:42 | 000,653,584 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2011/12/08 10:43:40 | 000,107,792 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2011/12/05 09:30:26 | 000,509,440 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV - [2011/12/05 08:55:36 | 000,104,208 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV - [2011/09/15 00:19:54 | 000,086,016 | ---- | M] () [Auto | Running] -- C:\Program Files\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_32server.exe -- (mi-raysat_3dsmax2013_32)
SRV - [2011/07/28 17:35:44 | 000,262,144 | ---- | M] (Arcai.com) [Auto | Running] -- C:\Program Files\netcut\services\aips.exe -- (AIPS)
SRV - [2011/06/02 00:42:28 | 000,014,088 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe -- (SeagateDashboardService)
SRV - [2011/02/11 19:26:22 | 000,377,344 | ---- | M] (Winstep Software Technologies) [Auto | Running] -- C:\Program Files\Winstep\WsxService.exe -- (Winstep Xtreme Service)
SRV - [2010/02/04 19:25:50 | 000,135,168 | ---- | M] () [Auto | Running] -- C:\Windows\System32\ChgService.exe -- (Change Modem Device Service)
SRV - [2009/12/01 10:43:12 | 002,519,040 | ---- | M] (Intel) [Auto | Running] -- C:\Program Files\Intel\AMT\UNS.exe -- (UNS)
SRV - [2009/12/01 10:42:22 | 000,102,400 | ---- | M] (Intel) [Auto | Running] -- C:\Program Files\Intel\AMT\LMS.exe -- (LMS)
SRV - [2009/07/14 09:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 09:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [System | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva401.sys -- (XDva401)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_juwwanecm.sys -- (huawei_wwanecm)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_juextctrl.sys -- (huawei_ext_ctrl)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_jubusenum.sys -- (huawei_enumerator)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_jucdcacm.sys -- (huawei_cdcacm)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Garena Plus\Room\safedrv.sys -- (GGSAFERDriver)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_usbenumfilter.sys -- (ew_usbenumfilter)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - [2014/01/18 22:10:03 | 000,050,728 | ---- | M] (Eugene V. Muzychenko) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vrtaucbl.sys -- (EuMusDesignVirtualAudioCableWdm)
DRV - [2013/11/26 21:31:11 | 000,037,664 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2013/11/15 14:36:50 | 000,125,992 | ---- | M] (Razer Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rzudd.sys -- (rzudd)
DRV - [2013/11/08 07:41:38 | 000,108,000 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\idmwfp.sys -- (IDMWFP)
DRV - [2013/09/20 17:44:25 | 000,027,248 | ---- | M] (Connectify) [Kernel | System | Running] -- C:\Windows\System32\drivers\cnnctfy2.sys -- (cnnctfy2)
DRV - [2013/08/21 12:31:38 | 000,182,680 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2013/08/21 12:31:38 | 000,084,248 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013/02/22 09:50:36 | 000,037,064 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\taphss6.sys -- (taphss6)
DRV - [2013/01/20 15:59:04 | 000,100,328 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012/12/29 18:26:54 | 008,904,632 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012/12/29 18:26:54 | 000,025,528 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvpciflt.sys -- (nvpciflt)
DRV - [2012/11/21 01:27:46 | 000,052,824 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AmUStor.sys -- (AmUStor)
DRV - [2012/11/21 01:27:44 | 000,024,672 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV - [2012/11/21 01:27:43 | 000,094,320 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2012/11/21 01:27:40 | 000,280,576 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud)
DRV - [2012/11/21 01:27:39 | 000,930,000 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vm332avs.sys -- (vm332avs)
DRV - [2012/11/21 01:27:34 | 000,143,528 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcbtums.sys -- (bcbtums)
DRV - [2012/08/24 15:57:00 | 000,113,104 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2012/08/01 15:44:04 | 000,014,416 | ---- | M] (OpenLibSys.org) [File_System | On_Demand | Stopped] -- C:\Program Files\Razer\Razer Game Booster\Driver\WinRing0.sys -- (WinRing0_1_2_0)
DRV - [2012/07/17 18:12:08 | 000,055,104 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (MEI)
DRV - [2012/07/04 13:47:00 | 000,073,728 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandnetndis.sys -- (andnetndis)
DRV - [2012/07/03 11:56:00 | 000,025,856 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandnetadb.sys -- (andnetadb)
DRV - [2012/07/03 11:43:00 | 000,027,776 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandnetmodem.sys -- (ANDNetModem)
DRV - [2012/07/03 11:43:00 | 000,023,040 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandnetdiag.sys -- (AndNetDiag)
DRV - [2012/05/21 15:25:32 | 000,793,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV - [2012/05/21 15:25:32 | 000,350,016 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\iusb3hub.sys -- (iusb3hub)
DRV - [2012/01/27 01:39:36 | 000,013,592 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV - [2012/01/04 22:28:36 | 000,016,128 | ---- | M] (Windows ® Win 7 DDK provider) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\gtkdrv.sys -- (TrojanKillerDriver)
DRV - [2011/12/05 09:22:32 | 000,141,312 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AmpPal.sys -- (AMPPALP)
DRV - [2011/12/05 09:22:32 | 000,141,312 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AmpPal.sys -- (AMPPAL)
DRV - [2011/11/30 15:58:04 | 000,067,584 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bpenum.sys -- (bpenum)
DRV - [2011/11/07 16:18:14 | 000,039,048 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ren2cap.sys -- (REN2CAP_DRIVER)
DRV - [2011/09/01 11:17:54 | 000,107,520 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ZTEusbvoice.sys -- (ZTEusbvoice)
DRV - [2011/08/29 11:42:56 | 000,107,520 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2011/08/29 11:42:56 | 000,107,520 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2011/08/29 11:42:56 | 000,107,520 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2011/08/29 11:42:56 | 000,009,216 | ---- | M] (MBB Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2011/05/12 12:08:14 | 000,022,632 | ---- | M] (TamoSoft) [Kernel | System | Running] -- C:\Windows\System32\drivers\TsLwWfF.sys -- (TsLwWfF)
DRV - [2011/03/19 00:08:54 | 000,025,240 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\Windows\System32\speedfan.sys -- (speedfan)
DRV - [2010/11/21 05:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/21 05:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010/11/21 05:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/21 05:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2010/11/21 05:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/21 05:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/21 05:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/01/20 17:28:58 | 000,105,984 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\cmnsusbser.sys -- (cmnsusbser)
DRV - [2010/01/15 18:08:42 | 000,032,352 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\LhdX86.sys -- (LHDmgr)
DRV - [2009/07/14 07:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [1996/04/04 03:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{758B870D-DF78-4A6A-9955-DEDDCACF94DC}: "URL" = http://www.google.co...age={startPage}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.search....45A4D4}&serpv=5
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,DefaultNetworkProfile = 53033119
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.beyluxe.com/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.google.co...age={startPage}
IE - HKCU\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://slirsredirect...mrud=30-07-2013
IE - HKCU\..\SearchScopes\{674AD490-4473-4E62-8262-7B8A21A8BEDA}: "URL" = http://search.us.com...k={searchTerms}
IE - HKCU\..\SearchScopes\{758B870D-DF78-4A6A-9955-DEDDCACF94DC}: "URL" = http://www.google.co...age={startPage}
IE - HKCU\..\SearchScopes\{85DD10EA-51F3-491A-924E-0F9EE13F2C2D}: "URL" = http://websearch.ask...2B-8E7C3ABDAE5F
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...sa&d=2012-11-21 14:51:02&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD}: "URL" = http://eu.ask.com/we...q={searchTerms}
IE - HKCU\..\SearchScopes\{C292F300-81A0-4C2D-92EC-D5C0025F007D}: "URL" = http://search.condui...3586971122&UM=2
IE - HKCU\..\SearchScopes\{E0EA1A58-ACFF-4D02-9E33-AC936BE667A1}: "URL" = http://search.yahoo....petb&type=10583
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.smartbro.net:8080


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.3.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@t.garena.com/garenatalk: C:\Program Files\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Administrator\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\17.3.0.49 File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2014/02/15 18:46:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/02/15 18:46:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Administrator\AppData\Roaming\IDM\idmmzcc5 [2013/11/20 20:22:14 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Users\Administrator\AppData\Roaming\IDM\idmmzcc5 [2013/11/20 20:22:14 | 000,000,000 | ---D | M]

[2013/05/11 15:31:42 | 000,000,000 | ---D | M] (No name found) -- \mozilla\Firefox\extensions
[2013/05/11 15:31:42 | 000,000,000 | ---D | M] (No name found) -- \mozilla\Firefox\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}
[2014/02/15 18:46:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2014/02/15 18:46:24 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2014/02/15 18:46:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/02/15 18:46:23 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2014/02/15 18:47:12 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/02/15 18:46:23 | 000,000,000 | ---D | M] (Hotspot Shield Extension) -- C:\Program Files\Mozilla Firefox\browser\extensions\[email protected]
[2012/10/02 02:33:44 | 000,034,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll

========== Chrome ==========

CHR - default_search_provider: AOL Search (Enabled)
CHR - default_search_provider: search_url = http://slirsredirect...mrud=30-07-2013
CHR - default_search_provider: suggest_url = ,
CHR - homepage: http://start.search....45A4D4}&serpv=5
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\32.0.1700.107\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\32.0.1700.107\pdf.dll
CHR - plugin: Skype Click to Call (Enabled) = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2013 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
CHR - plugin: Microsoft Office 2013 (Enabled) = C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U9 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll
CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - Extension: Google Drive = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: savensHare = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ephjndiglemjgfgdkcfmbihlobnhcbbf\1\
CHR - Extension: AdBlock = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.18_0\
CHR - Extension: IDM Integration Module = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn\6.18.7_0\
CHR - Extension: Cookie Manager = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbnfbcpkiaganjpcanopcgeoehkleeck\1.1_0\
CHR - Extension: Skype Click to Call = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.13.0.13771_0\
CHR - Extension: Need for Speed World = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnnelgnkomjdakpkjpkfehdipjifjmbk\1.0.0.4_0\
CHR - Extension: AVG Security Toolbar = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\17.3.0.49_0\
CHR - Extension: Google Wallet = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Battlefield Play4Free = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiokahphinmbmakkehgelkmpolmnbkdh\1.0.96.0_0\
CHR - Extension: Gmail = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/12/19 18:15:24 | 000,003,688 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: virscan.org
O1 - Hosts: virustotal.com
O1 - Hosts: virusscan.jotti.org
O1 - Hosts: vscan.novirusthanks.org
O1 - Hosts: metascan-online.com
O1 - Hosts: analysis.avira.com
O1 - Hosts: agnitum.com/support/submit_files.php
O1 - Hosts: global.ahnlab.com/en/site/support/virusreport/virusreport.do
O1 - Hosts: bitsdujour.com/software/rss-submit/virus-scan
O1 - Hosts: submit.symantec.com/false_positive
O1 - Hosts: f-prot.com/virusinfo/submission_forum.html
O1 - Hosts: f-secure.com/en_UK/security/security-lab/submit-samples
O1 - Hosts: samplesubmit.avg.com
O1 - Hosts: bitdefender.com/site/Defense/fileSubmission
O1 - Hosts: trendmicro.co.uk/security/-intelligence/current-threat-activity/submit-a-virus/index.html
O1 - Hosts: https://submit.syman...bmit/retail.cgi
O1 - Hosts: quickheal.com/submitticket
O1 - Hosts: http://cgi.clamav.net/sendvirus.cgi
O1 - Hosts: http://www.clamav.ne...ng/en/sendvirus
O1 - Hosts: http://www.clamav.ne...submit-malware/
O1 - Hosts: http://www.clamav.ne...irus/submit-fp/
O1 - Hosts: http://www.comodo.co...rity/submit.php
O1 - Hosts: http://camas.comodo.com
O1 - Hosts: https://vms.drweb.co...ndvirus/?lng=en
O1 - Hosts: www.emsisoft.com/en/support/submit/
O1 - Hosts: 56 more lines...
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\17.3.0.49\AVG Secure Search_toolbar.dll (AVG Secure Search)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\17.3.0.49\AVG Secure Search_toolbar.dll (AVG Secure Search)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Energy Management] C:\Program Files\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4 - HKLM..\Run: [EnergyUtility] C:\Program Files\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NT Kernel Service] C:\ProgramData\load32.exe -rundll32 /SYSTEM32 "C:\Windows\System32\taskmgr.exe" "C:\Program Files\Microsoft\Windows" File not found
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [Razer Synapse] C:\Program Files\Razer\Synapse\RzSynapse.exe (Razer Inc.)
O4 - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [UIExec] C:\Program Files\SMART BRO\UIExec.exe ()
O4 - HKLM..\Run: [USB3MON] C:\Program Files\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKLM..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" File not found
O4 - HKCU..\Run: [] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKCU..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKCU..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung)
O4 - HKCU..\Run: [NeXuS] C:\Program Files\Winstep\Nexus.exe (Winstep Software Technologies)
O4 - Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Update.Microsoft.com.url ()
F3 - HKCU WinNT: Load - (C:\NTKernel\nt32.exe) - C:\NTKernel\nt32.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Show all images in original quality - Reg Error: Value error. File not found
O8 - Extra context menu item: Show image in original quality - Reg Error: Value error. File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Windows\System32\PrxerNsp.dll ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\WTFastDrv.dll (Initex)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\WTFastDrv.dll (Initex)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\WTFastDrv.dll (Initex)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\WTFastDrv.dll (Initex)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\PrxerDrv.dll (Initex)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\PrxerDrv.dll (Initex)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\PrxerDrv.dll (Initex)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\PrxerDrv.dll (Initex)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\WTFastDrv.dll (Initex)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\PrxerDrv.dll (Initex)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{23E96B60-50F4-4C5A-A4FE-D8DCD569F78F}: NameServer = 121.1.3.172 121.1.3.89
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{327F27C9-D78B-4E27-865C-B0BD0762C877}: DhcpNameServer = 192.168.43.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BB2BED23-2221-4FE1-AAD4-2B0BD517157A}: DhcpNameServer = 192.168.42.129
O18 - Protocol\Handler\its - No CLSID value found
O18 - Protocol\Handler\ms-its - No CLSID value found
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll (AVG Secure Search)
O20 - AppInit_DLLs: (c:\windows\system32\nvinit.dll) - C:\Windows\System32\nvinit.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (c:\windows\system32\nvinit.dll) - C:\Windows\System32\nvinit.dll (NVIDIA Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - ("C:\ProgramData\load32.exe") - C:\ProgramData\load32.exe ()
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22 - SharedTaskScheduler: {F791A188-699D-4FD4-955A-EB59E89B1907} - Ave's 7StartButton Changer - C:\Program Files\The Skins Factory\Hyperdesk\Common\AveStartButtonChangerInProc.dll (AveApps, Andreas Verhoeven)
O27 - HKLM IFEO\AvastSvc.exe: Debugger - C:\Users\Administrator\Documents\315load32.exe (t24Mnh7P)
O27 - HKLM IFEO\AvastUI.exe: Debugger - C:\Users\Administrator\Documents\315load32.exe (t24Mnh7P)
O27 - HKLM IFEO\avcenter.exe: Debugger - C:\Users\Administrator\Documents\315load32.exe (t24Mnh7P)
O27 - HKLM IFEO\avconfig.exe: Debugger - C:\Users\Administrator\Documents\315load32.exe (t24Mnh7P)
O27 - HKLM IFEO\avgcsrvx.exe: Debugger - C:\Users\Administrator\Documents\315load32.exe (t24Mnh7P)
O27 - HKLM IFEO\avgidsagent.exe: Debugger - C:\Users\Administrator\Documents\315load32.exe (t24Mnh7P)
O27 - HKLM IFEO\avgnt.exe: Debugger - C:\Users\Administrator\Documents\315load32.exe (t24Mnh7P)
O27 - HKLM IFEO\avgrsx.exe: Debugger - C:\Users\Administrator\Documents\315load32.exe (t24Mnh7P)
O27 - HKLM IFEO\avguard.exe: Debugger - C:\Users\Administrator\Documents\315load32.exe (t24Mnh7P)
O27 - HKLM IFEO\avgui.exe: Debugger - C:\Users\Administrator\Documents\315load32.exe (t24Mnh7P)
O27 - HKLM IFEO\avgwdsvc.exe: Debugger - C:\Users\Administrator\Documents\315load32.exe (t24Mnh7P)
O27 - HKLM IFEO\avp.exe: Debugger - C:\Users\Administrator\Documents\315load32.exe (t24Mnh7P)
O27 - HKLM IFEO\avscan.exe: Debugger - C:\Users\Administrator\Documents\315load32.exe (t24Mnh7P)
O27 - HKLM IFEO\bdagent.exe: Debugger - C:\Users\Administrator\Documents\315load32.exe (t24Mnh7P)
O27 - HKLM IFEO\BTHSSecurityMgr.exe: Debugger - C:\Users\Administrator\Documents\315load32.exe (t24Mnh7P)
O27 - HKLM IFEO\ccuac.exe: Debugger - C:\Users\Administrator\Documents\315load32.exe (t24Mnh7P)
O27 - HKLM IFEO\ComboFix.exe: Debugger - C:\Users\Administrator\Documents\315load32.exe (t24Mnh7P)
O27 - HKLM IFEO\egui.exe: Debugger - C:\Users\Administrator\Documents\315load32.exe (t24Mnh7P)
O27 - HKLM IFEO\hijackthis.exe: Debugger - C:\Users\Administrator\Documents\315load32.exe (t24Mnh7P)
O27 - HKLM IFEO\instup.exe: Debugger - C:\Users\Administrator\Documents\315load32.exe (t24Mnh7P)
O27 - HKLM IFEO\keyscrambler.exe: Debugger - C:\Users\Administrator\Documents\315load32.exe (t24Mnh7P)
O27 - HKLM IFEO\loggingserver.exe: Debugger - C:\Users\Administrator\Documents\315load32.exe (t24Mnh7P)
O27 - HKLM IFEO\mbam.exe: Debugger - C:\Users\Administrator\Documents\315load32.exe (t24Mnh7P)
O27 - HKLM IFEO\mbamgui.exe: Debugger - C:\Users\Administrator\Documents\315load32.exe (t24Mnh7P)
O27 - HKLM IFEO\mbampt.exe: Debugger - C:\Users\Administrator\Documents\315load32.exe (t24Mnh7P)
O27 - HKLM IFEO\mbamscheduler.exe: Debugger - C:\Users\Administrator\Documents\315load32.exe (t24Mnh7P)
O27 - HKLM IFEO\mbamservice.exe: Debugger - C:\Users\Administrator\Documents\315load32.exe (t24Mnh7P)
O27 - HKLM IFEO\MpCmdRun.exe: Debugger - C:\Users\Administrator\Documents\315load32.exe (t24Mnh7P)
O27 - HKLM IFEO\MSASCui.exe: Debugger - C:\Users\Administrator\Documents\315load32.exe (t24Mnh7P)
O27 - HKLM IFEO\MsMpEng.exe: Debugger - C:\Users\Administrator\Documents\315load32.exe (t24Mnh7P)
O27 - HKLM IFEO\msseces.exe: Debugger - C:\Users\Administrator\Documents\315load32.exe (t24Mnh7P)
O27 - HKLM IFEO\NisSrv.exe: Debugger - C:\Users\Administrator\Documents\315load32.exe (t24Mnh7P)
O27 - HKLM IFEO\rstrui.exe: Debugger - C:\Users\Administrator\Documents\315load32.exe (t24Mnh7P)
O27 - HKLM IFEO\spybotsd.exe: Debugger - C:\Users\Administrator\Documents\315load32.exe (t24Mnh7P)
O27 - HKLM IFEO\ToolbarUpdater.exe: Debugger - C:\Users\Administrator\Documents\315load32.exe (t24Mnh7P)
O27 - HKLM IFEO\vprot.exe: Debugger - C:\Users\Administrator\Documents\315load32.exe (t24Mnh7P)
O27 - HKLM IFEO\wireshark.exe: Debugger - C:\Users\Administrator\Documents\315load32.exe (t24Mnh7P)
O27 - HKLM IFEO\zlclient.exe: Debugger - C:\Users\Administrator\Documents\315load32.exe (t24Mnh7P)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/12/23 15:54:56 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2009/06/11 05:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2012/10/18 22:54:34 | 000,000,650 | R--- | M] () - I:\AutoRun.dat -- [ CDFS ]
O32 - AutoRun File - [2011/04/21 02:20:50 | 000,334,672 | R--- | M] () - I:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2012/09/29 00:18:52 | 000,004,286 | R--- | M] () - I:\AutoRun.ico -- [ CDFS ]
O32 - AutoRun File - [2011/04/21 02:08:05 | 000,000,047 | R--- | M] () - I:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{0184f96d-f147-11e2-801e-3c970e19f3a6}\Shell - "" = AutoRun
O33 - MountPoints2\{0184f96d-f147-11e2-801e-3c970e19f3a6}\Shell\AutoRun\command - "" = G:\.\ShowModem.exe
O33 - MountPoints2\{04678425-0bf6-11e3-863b-08edb9a5d166}\Shell - "" = AutoRun
O33 - MountPoints2\{04678425-0bf6-11e3-863b-08edb9a5d166}\Shell\AutoRun\command - "" = F:\.\ShowModem.exe
O33 - MountPoints2\{084c2476-5c6b-11e2-a01d-08edb9a5d166}\Shell - "" = AutoRun
O33 - MountPoints2\{084c2476-5c6b-11e2-a01d-08edb9a5d166}\Shell\AutoRun\command - "" = G:\.\ShowModem.exe
O33 - MountPoints2\{0f13bd92-9e8f-11e2-8c21-3c970e19f3a6}\Shell - "" = AutoRun
O33 - MountPoints2\{0f13bd92-9e8f-11e2-8c21-3c970e19f3a6}\Shell\AutoRun\command - "" = F:\.\ShowModem.exe
O33 - MountPoints2\{10ac766a-3e06-11e2-b87e-08edb9a5d166}\Shell - "" = AutoRun
O33 - MountPoints2\{10ac766a-3e06-11e2-b87e-08edb9a5d166}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{18051439-17cc-11e3-bfc2-3c970e19f3a6}\Shell - "" = AutoRun
O33 - MountPoints2\{18051439-17cc-11e3-bfc2-3c970e19f3a6}\Shell\AutoRun\command - "" = G:\Autorun.exe
O33 - MountPoints2\{19c09400-f50c-11e2-8005-3c970e19f3a6}\Shell - "" = AutoRun
O33 - MountPoints2\{19c09400-f50c-11e2-8005-3c970e19f3a6}\Shell\AutoRun\command - "" = F:\LGAutoRun.exe
O33 - MountPoints2\{1e6ee12f-0fbf-11e3-bfc8-08edb9a5d166}\Shell - "" = AutoRun
O33 - MountPoints2\{1e6ee12f-0fbf-11e3-bfc8-08edb9a5d166}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{1e6ee136-0fbf-11e3-bfc8-08edb9a5d166}\Shell - "" = AutoRun
O33 - MountPoints2\{1e6ee136-0fbf-11e3-bfc8-08edb9a5d166}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{1f8185f9-aa94-11e2-97f6-3c970e19f3a6}\Shell - "" = AutoRun
O33 - MountPoints2\{1f8185f9-aa94-11e2-97f6-3c970e19f3a6}\Shell\AutoRun\command - "" = F:\.\ShowModem.exe
O33 - MountPoints2\{2e273393-073c-11e3-807f-3c970e19f3a6}\Shell - "" = AutoRun
O33 - MountPoints2\{2e273393-073c-11e3-807f-3c970e19f3a6}\Shell\AutoRun\command - "" = G:\.\ShowModem.exe
O33 - MountPoints2\{2e2812e1-3dfb-11e2-9db7-08edb9a5d166}\Shell - "" = AutoRun
O33 - MountPoints2\{2e2812e1-3dfb-11e2-9db7-08edb9a5d166}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{2e2812ef-3dfb-11e2-9db7-08edb9a5d166}\Shell - "" = AutoRun
O33 - MountPoints2\{2e2812ef-3dfb-11e2-9db7-08edb9a5d166}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{2f623265-4834-11e2-87f1-08edb9a5d166}\Shell - "" = AutoRun
O33 - MountPoints2\{2f623265-4834-11e2-87f1-08edb9a5d166}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{308b17e2-ae43-11e2-b07f-3c970e19f3a6}\Shell - "" = AutoRun
O33 - MountPoints2\{308b17e2-ae43-11e2-b07f-3c970e19f3a6}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{3b3d9119-161d-11e3-bacb-3c970e19f3a6}\Shell - "" = AutoRun
O33 - MountPoints2\{3b3d9119-161d-11e3-bacb-3c970e19f3a6}\Shell\AutoRun\command - "" = G:\Autorun.exe
O33 - MountPoints2\{4be33836-17d2-11e3-bf8e-3c970e19f3a6}\Shell - "" = AutoRun
O33 - MountPoints2\{4be33836-17d2-11e3-bf8e-3c970e19f3a6}\Shell\AutoRun\command - "" = I:\Autorun.exe -- [2011/04/21 02:20:50 | 000,334,672 | R--- | M] ()
O33 - MountPoints2\{4be3383d-17d2-11e3-bf8e-3c970e19f3a6}\Shell - "" = AutoRun
O33 - MountPoints2\{4be3383d-17d2-11e3-bf8e-3c970e19f3a6}\Shell\AutoRun\command - "" = G:\.\ShowModem.exe
O33 - MountPoints2\{4f7f88c4-62ef-11e2-ba7c-08edb9a5d166}\Shell - "" = AutoRun
O33 - MountPoints2\{4f7f88c4-62ef-11e2-ba7c-08edb9a5d166}\Shell\AutoRun\command - "" = G:\.\ShowModem.exe
O33 - MountPoints2\{4f7f88cc-62ef-11e2-ba7c-08edb9a5d166}\Shell - "" = AutoRun
O33 - MountPoints2\{4f7f88cc-62ef-11e2-ba7c-08edb9a5d166}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{5a2571a5-0e2c-11e3-bf9b-08edb9a5d166}\Shell - "" = AutoRun
O33 - MountPoints2\{5a2571a5-0e2c-11e3-bf9b-08edb9a5d166}\Shell\AutoRun\command - "" = I:\.\ShowModem.exe
O33 - MountPoints2\{64d1c521-0b13-11e3-856b-08edb9a5d166}\Shell - "" = AutoRun
O33 - MountPoints2\{64d1c521-0b13-11e3-856b-08edb9a5d166}\Shell\AutoRun\command - "" = F:\.\ShowModem.exe
O33 - MountPoints2\{6b020f0b-fc01-11e2-bf67-3c970e19f3a6}\Shell - "" = AutoRun
O33 - MountPoints2\{6b020f0b-fc01-11e2-bf67-3c970e19f3a6}\Shell\AutoRun\command - "" = G:\.\ShowModem.exe
O33 - MountPoints2\{75746dba-0cc2-11e3-83d7-08edb9a5d166}\Shell - "" = AutoRun
O33 - MountPoints2\{75746dba-0cc2-11e3-83d7-08edb9a5d166}\Shell\AutoRun\command - "" = G:\.\ShowModem.exe
O33 - MountPoints2\{7703b799-fb94-11e2-bf67-3c970e19f3a6}\Shell - "" = AutoRun
O33 - MountPoints2\{7703b799-fb94-11e2-bf67-3c970e19f3a6}\Shell\AutoRun\command - "" = F:\.\ShowModem.exe
O33 - MountPoints2\{7c4da601-f73f-11e2-bf82-3c970e19f3a6}\Shell - "" = AutoRun
O33 - MountPoints2\{7c4da601-f73f-11e2-bf82-3c970e19f3a6}\Shell\AutoRun\command - "" = F:\.\ShowModem.exe
O33 - MountPoints2\{802b6a73-33f1-11e2-a54c-08edb9a5d166}\Shell - "" = AutoRun
O33 - MountPoints2\{802b6a73-33f1-11e2-a54c-08edb9a5d166}\Shell\AutoRun\command - "" = F:\.\ShowModem.exe
O33 - MountPoints2\{884b8ce0-3bdd-11e2-893c-08edb9a5d166}\Shell - "" = AutoRun
O33 - MountPoints2\{884b8ce0-3bdd-11e2-893c-08edb9a5d166}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{884b8cea-3bdd-11e2-893c-08edb9a5d166}\Shell - "" = AutoRun
O33 - MountPoints2\{884b8cea-3bdd-11e2-893c-08edb9a5d166}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{893841c4-1c7a-11e3-a86e-3c970e19f3a6}\Shell - "" = AutoRun
O33 - MountPoints2\{893841c4-1c7a-11e3-a86e-3c970e19f3a6}\Shell\AutoRun\command - "" = F:\Autorun.exe
O33 - MountPoints2\{8f089376-f5f6-11e2-bbb0-3c970e19f3a6}\Shell - "" = AutoRun
O33 - MountPoints2\{8f089376-f5f6-11e2-bbb0-3c970e19f3a6}\Shell\AutoRun\command - "" = F:\.\ShowModem.exe
O33 - MountPoints2\{94775819-fb79-11e2-bb17-3c970e19f3a6}\Shell - "" = AutoRun
O33 - MountPoints2\{94775819-fb79-11e2-bb17-3c970e19f3a6}\Shell\AutoRun\command - "" = F:\.\ShowModem.exe
O33 - MountPoints2\{a7e86d1c-00fd-11e3-8021-3c970e19f3a6}\Shell - "" = AutoRun
O33 - MountPoints2\{a7e86d1c-00fd-11e3-8021-3c970e19f3a6}\Shell\AutoRun\command - "" = G:\.\ShowModem.exe
O33 - MountPoints2\{af282a9f-6088-11e2-badf-08edb9a5d166}\Shell - "" = AutoRun
O33 - MountPoints2\{af282a9f-6088-11e2-badf-08edb9a5d166}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{af282abd-6088-11e2-badf-08edb9a5d166}\Shell - "" = AutoRun
O33 - MountPoints2\{af282abd-6088-11e2-badf-08edb9a5d166}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{b7425453-fbeb-11e2-bc4e-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{b7425453-fbeb-11e2-bc4e-806e6f6e6963}\Shell\AutoRun\command - "" = F:\.\ShowModem.exe
O33 - MountPoints2\{b952ffe2-3501-11e2-a48a-08edb9a5d166}\Shell - "" = AutoRun
O33 - MountPoints2\{b952ffe2-3501-11e2-a48a-08edb9a5d166}\Shell\AutoRun\command - "" = L:\.\ShowModem.exe
O33 - MountPoints2\{b952ffe8-3501-11e2-a48a-08edb9a5d166}\Shell - "" = AutoRun
O33 - MountPoints2\{b952ffe8-3501-11e2-a48a-08edb9a5d166}\Shell\AutoRun\command - "" = G:\.\ShowModem.exe
O33 - MountPoints2\{bacc0b6f-a96d-11e2-93db-3c970e19f3a6}\Shell - "" = AutoRun
O33 - MountPoints2\{bacc0b6f-a96d-11e2-93db-3c970e19f3a6}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{bb353421-0cca-11e3-be16-08edb9a5d166}\Shell - "" = AutoRun
O33 - MountPoints2\{bb353421-0cca-11e3-be16-08edb9a5d166}\Shell\AutoRun\command - "" = F:\.\ShowModem.exe
O33 - MountPoints2\{c1b5e630-5be8-11e2-986c-08edb9a5d166}\Shell - "" = AutoRun
O33 - MountPoints2\{c1b5e630-5be8-11e2-986c-08edb9a5d166}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{c2f86a26-3271-11e3-b95c-3c970e19f3a6}\Shell - "" = AutoRun
O33 - MountPoints2\{c2f86a26-3271-11e3-b95c-3c970e19f3a6}\Shell\AutoRun\command - "" = G:\Autorun.exe
O33 - MountPoints2\{c48bb5ad-0c64-11e3-8454-08edb9a5d166}\Shell - "" = AutoRun
O33 - MountPoints2\{c48bb5ad-0c64-11e3-8454-08edb9a5d166}\Shell\AutoRun\command - "" = G:\.\ShowModem.exe
O33 - MountPoints2\{c5259861-4eb1-11e3-b9b0-3c970e19f3a6}\Shell - "" = AutoRun
O33 - MountPoints2\{c5259861-4eb1-11e3-b9b0-3c970e19f3a6}\Shell\AutoRun\command - "" = G:\Autorun.exe
O33 - MountPoints2\{c86fdf9e-1562-11e3-bacb-08edb9a5d166}\Shell - "" = AutoRun
O33 - MountPoints2\{c86fdf9e-1562-11e3-bacb-08edb9a5d166}\Shell\AutoRun\command - "" = F:\.\ShowModem.exe
O33 - MountPoints2\{cc38dc5f-735c-11e2-b525-3c970e19f3a6}\Shell - "" = AutoRun
O33 - MountPoints2\{cc38dc5f-735c-11e2-b525-3c970e19f3a6}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{cdb4b2b8-9894-11e3-83ed-3c970e19f3a6}\Shell - "" = AutoRun
O33 - MountPoints2\{cdb4b2b8-9894-11e3-83ed-3c970e19f3a6}\Shell\AutoRun\command - "" = I:\Autorun.exe -- [2011/04/21 02:20:50 | 000,334,672 | R--- | M] ()
O33 - MountPoints2\{d579786a-3ed5-11e2-9e1d-08edb9a5d166}\Shell - "" = AutoRun
O33 - MountPoints2\{d579786a-3ed5-11e2-9e1d-08edb9a5d166}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{da6074cc-9383-11e3-9664-3c970e19f3a6}\Shell - "" = AutoRun
O33 - MountPoints2\{da6074cc-9383-11e3-9664-3c970e19f3a6}\Shell\AutoRun\command - "" = G:\Autorun.exe
O33 - MountPoints2\{e6ccf62f-6358-11e2-b427-08edb9a5d166}\Shell - "" = AutoRun
O33 - MountPoints2\{e6ccf62f-6358-11e2-b427-08edb9a5d166}\Shell\AutoRun\command - "" = G:\.\ShowModem.exe
O33 - MountPoints2\{ea6947a3-880c-11e3-941c-3c970e19f3a6}\Shell - "" = AutoRun
O33 - MountPoints2\{ea6947a3-880c-11e3-941c-3c970e19f3a6}\Shell\AutoRun\command - "" = I:\Autorun.exe -- [2011/04/21 02:20:50 | 000,334,672 | R--- | M] ()
O33 - MountPoints2\{ee9587ef-b706-11e2-abe4-3c970e19f3a6}\Shell - "" = AutoRun
O33 - MountPoints2\{ee9587ef-b706-11e2-abe4-3c970e19f3a6}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{f11d2f2e-5c8a-11e2-ba6a-08edb9a5d166}\Shell - "" = AutoRun
O33 - MountPoints2\{f11d2f2e-5c8a-11e2-ba6a-08edb9a5d166}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{f2943ad6-59b5-11e3-9771-3c970e19f3a6}\Shell - "" = AutoRun
O33 - MountPoints2\{f2943ad6-59b5-11e3-9771-3c970e19f3a6}\Shell\AutoRun\command - "" = F:\Autorun.exe
O33 - MountPoints2\{f2ba6694-12f0-11e3-bad6-08edb9a5d166}\Shell - "" = AutoRun
O33 - MountPoints2\{f2ba6694-12f0-11e3-bad6-08edb9a5d166}\Shell\AutoRun\command - "" = I:\.\ShowModem.exe
O33 - MountPoints2\{fe687f7e-f531-11e2-bea6-3c970e19f3a6}\Shell - "" = AutoRun
O33 - MountPoints2\{fe687f7e-f531-11e2-bea6-3c970e19f3a6}\Shell\AutoRun\command - "" = F:\.\ShowModem.exe
O33 - MountPoints2\{fe8ea33f-0cc8-11e3-8493-08edb9a5d166}\Shell - "" = AutoRun
O33 - MountPoints2\{fe8ea33f-0cc8-11e3-8493-08edb9a5d166}\Shell\AutoRun\command - "" = G:\.\ShowModem.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Autorun.exe
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\Autorun.exe -- [2011/04/21 02:20:50 | 000,334,672 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (MACHINE BootExecut)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/02/21 18:36:37 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2014/02/21 17:18:34 | 000,244,736 | RHS- | C] (t24Mnh7P) -- C:\Users\Administrator\Documents\315load32.exe
[2014/02/21 17:18:34 | 000,000,000 | -H-D | C] -- C:\NTKernel
[2014/02/21 17:18:34 | 000,000,000 | -H-D | C] -- \NTKernel
[2014/02/18 20:54:51 | 000,107,520 | ---- | C] (ZTE Incorporated) -- C:\Windows\System32\drivers\ZTEusbvoice.sys
[2014/02/18 20:54:51 | 000,107,520 | ---- | C] (ZTE Incorporated) -- C:\Windows\System32\drivers\ZTEusbser6k.sys
[2014/02/18 20:54:51 | 000,107,520 | ---- | C] (ZTE Incorporated) -- C:\Windows\System32\drivers\ZTEusbnmea.sys
[2014/02/18 20:54:51 | 000,107,520 | ---- | C] (ZTE Incorporated) -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys
[2014/02/18 20:54:51 | 000,009,216 | ---- | C] (MBB Incorporated) -- C:\Windows\System32\drivers\massfilter.sys
[2014/02/18 20:54:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SMART BRO
[2014/02/18 20:54:26 | 000,000,000 | ---D | C] -- C:\Program Files\SMART BRO
[2014/02/15 18:46:21 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2014/02/05 19:04:23 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\files
[2014/02/02 14:12:46 | 000,000,000 | -HSD | C] -- C:\Boot
[2014/02/02 14:12:46 | 000,000,000 | -HSD | C] -- \Boot
[2014/01/31 22:05:19 | 000,000,000 | -HSD | C] -- C:\found.001
[2014/01/31 22:05:19 | 000,000,000 | -HSD | C] -- \found.001
[2014/01/26 12:23:43 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Prezi
[2014/01/26 12:17:27 | 000,000,000 | ---D | C] -- C:\Program Files\Prezi
[1 C:\*.tmp files -> C:\*.tmp -> ]
[1 \*.tmp files -> \*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/02/21 18:37:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2014/02/21 18:11:22 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2014/02/21 18:11:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/02/21 17:25:28 | 000,026,304 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/02/21 17:25:28 | 000,026,304 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/02/21 17:23:20 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/02/21 17:23:07 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
[2014/02/21 17:23:07 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job
[2014/02/21 17:18:52 | 000,000,046 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Update.Microsoft.com.url
[2014/02/21 17:18:28 | 000,244,736 | RHS- | M] (t24Mnh7P) -- C:\Users\Administrator\Documents\315load32.exe
[2014/02/21 17:18:28 | 000,244,736 | RHS- | M] () -- C:\ProgramData\load32.exe
[2014/02/21 17:16:31 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/02/21 16:55:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/02/21 16:27:05 | 000,000,960 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1593032993-883745454-2812622509-500UA.job
[2014/02/21 15:01:54 | 000,000,280 | ---- | M] () -- C:\Windows\tasks\RegClean Pro_DEFAULT.job
[2014/02/21 13:39:19 | 000,000,938 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1593032993-883745454-2812622509-500Core.job
[2014/02/19 10:42:10 | 000,000,288 | ---- | M] () -- C:\Windows\tasks\RegClean Pro_UPDATES.job
[2014/02/19 05:41:52 | 000,384,016 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/02/18 20:57:14 | 000,663,760 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/02/18 20:57:14 | 000,122,066 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/02/18 20:54:43 | 000,001,814 | ---- | M] () -- C:\Users\Public\Desktop\SMART BRO.lnk
[2014/02/18 06:46:37 | 000,116,844 | ---- | M] () -- C:\Users\Administrator\Desktop\1147523_773213309371837_1345100213_o.jpg
[2014/02/17 18:46:05 | 000,014,137 | ---- | M] () -- C:\Users\Administrator\Desktop\windows.8.1.heavier.edition.pre.activated.2014.64.bit.by.nishant.team.os.hkrg.torrent
[2014/02/15 17:09:03 | 000,001,618 | ---- | M] () -- C:\Users\Administrator\Desktop\Premium Browser.exe.lnk
[2014/02/12 13:11:31 | 000,001,684 | ---- | M] () -- C:\Windows\System32\ASOROSet.bin
[2014/02/07 17:50:57 | 010,509,074 | ---- | M] () -- C:\Users\Administrator\Desktop\Maths Formulas v3.3.apk
[2014/02/02 16:45:10 | 000,088,708 | ---- | M] () -- C:\Users\Administrator\Desktop\prexia.pez
[2014/02/02 14:24:02 | 000,012,288 | ---- | M] () -- C:\BCD_Backup
[2014/02/02 14:15:57 | 000,012,288 | ---- | M] () -- C:\bcd
[2014/02/02 00:27:00 | 013,718,332 | ---- | M] () -- C:\Users\Administrator\Desktop\Atlas Plug - Truth Be Known [DotaCinema Song] - YouTube.mp4
[2014/01/31 21:08:56 | 000,027,548 | ---- | M] () -- C:\Install-WindowsImage.ps1
[2014/01/26 12:19:11 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\Prezi.lnk
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/02/21 17:18:52 | 000,000,046 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Update.Microsoft.com.url
[2014/02/21 17:18:34 | 000,244,736 | RHS- | C] () -- C:\ProgramData\load32.exe
[2014/02/18 20:54:43 | 000,001,814 | ---- | C] () -- C:\Users\Public\Desktop\SMART BRO.lnk
[2014/02/18 06:46:42 | 000,116,844 | ---- | C] () -- C:\Users\Administrator\Desktop\1147523_773213309371837_1345100213_o.jpg
[2014/02/17 18:46:10 | 000,014,137 | ---- | C] () -- C:\Users\Administrator\Desktop\windows.8.1.heavier.edition.pre.activated.2014.64.bit.by.nishant.team.os.hkrg.torrent
[2014/02/15 17:09:03 | 000,001,618 | ---- | C] () -- C:\Users\Administrator\Desktop\Premium Browser.exe.lnk
[2014/02/12 22:47:53 | 345,861,670 | R--- | C] () -- C:\Users\Administrator\Desktop\Game.of.Thrones.S03E09.HDTV.x264-EVOLVE.mp4
[2014/02/12 09:33:35 | 000,001,684 | ---- | C] () -- C:\Windows\System32\ASOROSet.bin
[2014/02/07 17:50:34 | 010,509,074 | ---- | C] () -- C:\Users\Administrator\Desktop\Maths Formulas v3.3.apk
[2014/02/05 19:04:24 | 000,026,624 | ---- | C] () -- C:\Users\Administrator\Desktop\Dota2Slasher.exe
[2014/02/05 19:04:24 | 000,000,031 | ---- | C] () -- C:\Users\Administrator\Desktop\config.ini
[2014/02/02 16:45:09 | 000,088,708 | ---- | C] () -- C:\Users\Administrator\Desktop\prexia.pez
[2014/02/02 14:27:57 | 000,383,786 | RHS- | C] () -- C:\bootmgr
[2014/02/02 14:27:57 | 000,383,786 | RHS- | C] () -- \bootmgr
[2014/02/02 14:24:02 | 000,012,288 | ---- | C] () -- C:\BCD_Backup
[2014/02/02 14:24:02 | 000,012,288 | ---- | C] () -- \BCD_Backup
[2014/02/02 14:15:57 | 000,012,288 | ---- | C] () -- C:\bcd
[2014/02/02 14:15:57 | 000,012,288 | ---- | C] () -- \bcd
[2014/02/02 00:26:34 | 013,718,332 | ---- | C] () -- C:\Users\Administrator\Desktop\Atlas Plug - Truth Be Known [DotaCinema Song] - YouTube.mp4
[2014/01/31 21:10:07 | 000,027,548 | ---- | C] () -- C:\Install-WindowsImage.ps1
[2014/01/31 21:10:07 | 000,027,548 | ---- | C] () -- \Install-WindowsImage.ps1
[2014/01/26 12:19:11 | 000,001,795 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Prezi.lnk
[2014/01/26 12:19:11 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\Prezi.lnk
[2013/12/23 07:47:39 | 000,039,048 | ---- | C] () -- C:\Windows\System32\drivers\ren2cap.sys
[2013/12/22 10:45:22 | 000,269,061 | ---- | C] () -- C:\Users\Administrator\the_clash_by_trungth-d6yhjcb.jpg
[2013/12/06 19:36:01 | 000,000,000 | ---- | C] () -- C:\Users\Administrator\new
[2013/11/13 17:04:55 | 000,056,424 | ---- | C] () -- C:\Windows\System32\PrxerNsp.dll
[2013/10/30 12:07:00 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2013/10/30 12:06:54 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2013/10/30 12:06:54 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2013/10/30 12:06:54 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2013/10/30 12:06:54 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2013/09/20 21:58:54 | 000,000,406 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013/09/20 15:52:54 | 000,110,602 | ---- | C] () -- C:\Windows\System32\xcdsfx32.bin
[2013/09/19 20:54:32 | 000,138,032 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2013/09/19 20:54:28 | 000,281,688 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2013/09/19 20:54:13 | 000,076,888 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2013/09/07 23:46:07 | 000,000,261 | ---- | C] () -- \WirelessDiagLog.csv
[2013/06/22 16:27:10 | 000,000,000 | RHS- | C] () -- \MSDOS.SYS
[2013/06/22 16:27:10 | 000,000,000 | RHS- | C] () -- \IO.SYS
[2013/06/16 17:00:22 | 000,053,248 | ---- | C] () -- C:\Windows\System32\CommonDL.dll
[2013/06/16 17:00:22 | 000,002,413 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini
[2013/05/22 16:59:00 | 000,003,730 | ---- | C] () -- C:\Program Files\Mozilla Firefoxavg-secure-search.xml
[2013/05/11 15:30:41 | 000,000,009 | ---- | C] () -- \END
[2013/03/31 18:07:19 | 000,090,112 | ---- | C] () -- C:\Windows\System32\bsrlback.dll
[2013/03/31 18:07:19 | 000,090,112 | ---- | C] () -- C:\Windows\System32\bsreffs.dll
[2013/03/31 18:07:18 | 000,692,224 | ---- | C] () -- C:\Windows\System32\bsrmgcv.dll
[2013/03/31 18:07:18 | 000,192,512 | ---- | C] () -- C:\Windows\System32\bsrmgps.dll
[2013/03/31 18:07:18 | 000,081,920 | ---- | C] () -- C:\Windows\System32\bsrgvas.dll
[2013/03/31 18:06:34 | 000,585,728 | ---- | C] () -- C:\Windows\System32\bsratswf.dll
[2013/03/31 18:06:34 | 000,147,456 | ---- | C] () -- C:\Windows\System32\bsratwmv.dll
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\zzmbkjttcv.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\zyadeizbstq.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\zmpm.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\zlvlgaoro.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\zhbezzk.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\zbu.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\yztg.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ywcotf.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\yruogei.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\yqwnxmuqkr.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ynbpico.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\yft.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\yfddtyco.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\yeqc.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ybcwdcj.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\xrjmwls.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\xratz.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\xnrwoffi.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\xkiazoygsu.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\xitroqxj.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\xhliavnncf.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\xhi.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\xhepiahgu.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\xei.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\xdu.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\xbwudob.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\xabxrnwognq.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\wztapis.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\wvpmojcpagc.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\wvmaql.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\wuienx.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\wtkvqxla.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\wmaeoulj.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\wjjkwjxof.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\wjd.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\wgfzxqxc.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\vwx.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\vwvpxtf.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\vtccpjjxhbl.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\vpymgh.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\vky.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\vhgdwwy.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\vexcv.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\vekhfmquvd.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\uuknvmo.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\upqsk.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\uilhoi.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\uhgxcxne.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ugh.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ubomomrwsdk.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\uaqqwmjt.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\tubh.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\tmksiwyo.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\tjerrruiu.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\tgysztaa.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\tgp.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\tcu.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\szanch.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\swrosmstc.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\swmx.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\svh.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\surl.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\sthnpbr.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\sqrvkkbktxz.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\skjqlknoa.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\rzuc.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\rvitifkhda.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ruwy.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\rtsquze.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\rnni.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\rnaxcorvnpm.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\rmkgnn.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\riffaw.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\rifbww.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\rfbddh.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\refyhravcw.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\rckntimj.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\rbou.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\qzegqoobxiy.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\qxbus.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\qqqewpfdl.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\qpghwlpi.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\qnretzig.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\qheefqe.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\qgqkumwr.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\qbdvroefxtf.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\pxluctu.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\pvsbacopgo.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\puxozpwjj.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ptfcgaof.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\psxulyb.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\psuezqksw.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\pqjjgvrcrr.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\pplmagu.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\pefaimbebk.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\pedcjlq.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\pcpmvigyknw.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\oxxpcqneqfk.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\onuhfaqdr.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\olcfhmx.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\okbzdweogsf.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ogn.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ogknbwh.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ocduhsoaeky.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\netcd.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ndpxrjvfik.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\mxdvmytw.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\mpuqpwyjjoe.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\mlfml.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\mhymnl.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\mhefcltipun.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\mcrrrdylbyb.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\mbpbf.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\lxjydaq.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\lwcnbd.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\lvjfqnrfy.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\lmkwvtfa.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\liif.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\lhlcj.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ldna.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ktkvvqws.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\kokjkgnayl.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\kgqeevfnt.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\kfkegdfzsmf.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\kblu.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\kaddzumq.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\jxqxva.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\jvanbm.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\jscxtijpp.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ixrmyzmuf.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ivz.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\itshnv.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\isnvgwxvzx.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ikvd.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ifvbafbi.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\iduxw.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ict.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ibqvywo.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\hxpuo.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\htzs.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\htubwk.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\hqwxnfwmq.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\hoboh.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\hmzimwaq.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\hhxjfatux.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\hgu.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\hgdxppghmnp.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\hfaptb.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\hbqnkzjqm.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\gzswrdxw.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\gxveh.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\gxiglgpq.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\gswxesatox.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\gksspjwk.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\gjrxn.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\giemuzl.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ggjxmqh.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\gecrm.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\gcgii.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\gbx.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\fyvyvw.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\fqat.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\fnyj.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\fkuuzbgv.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\fhagevihj.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\fas.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ezafudvoiyt.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\err.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\epuzw.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ehe.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\egskehx.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\edsljcdivuy.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\ecisfvuhpa.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\dxrnzku.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\dqajfj.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\dmtlsnues.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\dkfd.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\defhdp.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\cqbt.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\cntaml.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\civwzqm.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\cfclssx.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\cdntf.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\cbgvboorrjj.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\bzyz.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\bxqecmpfn.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\bulcyfilrrd.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\bsmobir.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\blxcchdo.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\baxqskha.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ayyyufnvi.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\aso.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\arembuqqlhl.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\apluecjxljh.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\akjgqsepny.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ajnzyssdz.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ajfm.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\aesvs.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\aclcvmx.ini
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\zvxuplfqaiv.dat
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\zmulmsalvp.ini
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\zgtn.dat
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\yfguqg.dat
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\xibfo.dat
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\xhxj.ini
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\xbeumyws.ini
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\wmcwjfwebcg.dat
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\vuzy.ini
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\uvhkeoo.dat
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ujupkolaxz.ini
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\udixx.ini
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\tttpgilubhz.ini
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\tixbprzs.dat
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\srt.ini
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\sntlrnm.dat
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\slfzi.ini
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\skcx.dat
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\sjzadmi.ini
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\sfsz.dat
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\rumiqlhw.dat
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\rpz.ini
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\rhw.dat
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\qttwzyei.dat
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\qsopsnklrnj.dat
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\qrpcq.dat
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\qqqt.ini
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\pqognjycvt.dat
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\pjtdqi.ini
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\phcioojd.ini
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\pclkwlz.ini
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\pathdekgnl.dat
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ousspnt.ini
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\otvbczqzr.dat
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\otorwgb.ini
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\oofzxmm.dat
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\oofsbkfk.ini
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ooaomuyhvz.ini
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\olhdsirhbjm.dat
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\oicryjbsxhd.ini
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ntpp.ini
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\npuailglpt.dat
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\narceunvfsr.ini
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\mwzhlh.ini
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\mwuwz.dat
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\mvhxlyyr.dat
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\minowwpnhw.dat
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\mflohpswrxl.dat
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\mbufohzbd.dat
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\maynwlp.ini
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\lvzw.dat
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\lqya.dat
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\lnm.ini
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\lffhqjpt.dat
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\kragnbr.dat
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\kppamcnflm.dat
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\knk.ini
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\kkrk.ini
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\kjvzwobzke.ini
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\jvpytddxshm.ini
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\jecbuzopv.ini
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\jazdltqdat.ini
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ithugwck.dat
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\imisiwl.ini
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ilppyukvb.ini
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\hxokmtz.ini
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\hulemjbpzih.dat
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\hrfumedgw.ini
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\hiushfclfla.ini
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\gwegf.dat
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ghdvcccqxcv.ini
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\fzzu.dat
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\fnxe.dat
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\fmlgoxxnn.ini
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\eewo.ini
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\eesejbzog.ini
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\dmuuqmc.ini
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\djzobvavx.ini
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\dgppwo.dat
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\dgckkqqq.ini
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\dfswulgomz.ini
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\detwvkklv.ini
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ctxnogspj.ini
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\cbqynozbpo.ini
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\byoqvakieh.ini
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\bsxkwl.dat
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\betjex.ini
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\azuxhafgo.ini
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\auemdu.ini
[2012/11/21 23:45:12 | 000,135,168 | ---- | C] () -- C:\Windows\System32\ChgService.exe
[2012/11/21 20:17:37 | 000,000,112 | -H-- | C] () -- \38C27F7B60FF
[2012/11/21 20:17:37 | 000,000,040 | -H-- | C] () -- \5674C6EEAD79
[2012/11/21 20:06:07 | 000,203,464 | RHS- | C] () -- \grldr
[2012/11/21 20:06:07 | 000,000,014 | RHS- | C] () -- \win7.ld
[2012/11/21 11:20:17 | 000,384,016 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/11/21 01:32:43 | 002,923,201 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin
[2012/11/21 01:28:21 | 000,001,950 | ---- | C] () -- C:\Windows\vm332Rmv.ini
[2012/11/21 01:28:21 | 000,001,950 | ---- | C] () -- C:\Windows\System32\vm332Rmv.ini
[2012/11/21 01:28:20 | 000,735,796 | ---- | C] () -- C:\Windows\System32\igkrng700.bin
[2012/11/21 01:28:20 | 000,561,508 | ---- | C] () -- C:\Windows\System32\igfcg700m.bin
[2012/11/21 01:28:20 | 000,009,216 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2012/11/21 01:28:19 | 013,020,160 | ---- | C] () -- C:\Windows\System32\ig7icd32.dll
[2012/11/21 01:28:19 | 000,216,472 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2012/11/21 01:28:19 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IccLibDll.dll
[2012/11/21 01:28:19 | 000,058,880 | ---- | C] () -- C:\Windows\System32\igdde32.dll
[2012/11/21 01:28:19 | 000,000,264 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2012/11/21 01:28:18 | 001,048,576 | ---- | C] () -- C:\Windows\System32\syndata.bin
[2009/07/14 10:04:04 | 000,000,024 | ---- | C] () -- \autoexec.bat
[2009/07/14 10:04:04 | 000,000,010 | ---- | C] () -- \config.sys

========== ZeroAccess Check ==========

[2009/07/14 12:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010/11/21 05:29:11 | 012,872,192 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 05:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 09:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========


========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:A1EDB939
@Alternate Data Stream - 12 bytes -> C:\Windows\System32:{4B9A1497-0817-47C4-9612-D6A1C53ACF57}

< End of report >
  • 0

Advertisements

#2
Machiavelli
Posted 21 February 2014 - 05:52 AM

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,722 posts
Welcome to GeeksToGo, latenaAKO

My name is Machiavelli and I'll try to fix your PC problems. If you are in SafeMode then print my instructions! Removing Malware on a computer can be very complicated. Malware (malicious software) is able to hide and so I may not be able to find it so easily. In order to remove Malware from you Computer, you need to follow my instructions carefully. Don't be worried if you don't know what to do, just ask me! Please stay in contact with me until the problem is fixed.

Posted Image

Posted Image

!NOTE! Please respect my volunteered time and stay with me until I declare your computer clean. If you are going to be delayed for a while, please let me know.

I am currently in training and my posts will need to be reviewed by an expert, so expect a slight delay between posts. :)

 

I will come back with further instructions later.
  • 0

#3
latenaAKO
Posted 21 February 2014 - 06:01 AM

latenaAKO

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Thank you for the reply sir. Im new to this site. I will also add that i cant open the same programs at safe mode.
  • 0

#4
Machiavelli
Posted 21 February 2014 - 06:56 AM

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,722 posts

I will also add that i cant open the same programs at safe mode.

What do you mean?

Please do the following steps in Safe Mode.

OTL Fix

  • Right click on OTL and select Run as Administrator.
  • Copy (Ctrl+C) and Paste (Ctrl+V) all of the following text into the Custom Scans/Fixes box:


    :Commands
[CREATERESTOREPOINT]

:OTL
SRV - [2014/01/10 20:41:02 | 001,771,544 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe -- (vToolbarUpdater17.3.0)
SRV - [2013/08/25 14:43:31 | 000,086,016 | ---- | M] () [Auto | Running] -- C:\Windows\Installer\MSIB5BD.tmp -- (HyperDeskCustomThemeEnabler)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.search....45A4D4}&serpv=5
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,DefaultNetworkProfile = 53033119
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.beyluxe.com/
IE - HKCU\..\SearchScopes\{674AD490-4473-4E62-8262-7B8A21A8BEDA}: "URL" = http://search.us.com...k={searchTerms}
IE - HKCU\..\SearchScopes\{85DD10EA-51F3-491A-924E-0F9EE13F2C2D}: "URL" = http://websearch.ask...2B-8E7C3ABDAE5F
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...sa&d=2012-11-21 14:51:02&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD}: "URL" = http://eu.ask.com/we...q={searchTerms}
IE - HKCU\..\SearchScopes\{C292F300-81A0-4C2D-92EC-D5C0025F007D}: "URL" = http://search.condui...3586971122&UM=2
IE - HKCU\..\SearchScopes\{E0EA1A58-ACFF-4D02-9E33-AC936BE667A1}: "URL" = http://search.yahoo....petb&type=10583
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.smartbro.net:8080
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\17.3.0.49\AVG Secure Search_toolbar.dll (AVG Secure Search)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\17.3.0.49\AVG Secure Search_toolbar.dll (AVG Secure Search)
O4 - HKLM..\Run: [NT Kernel Service] C:\ProgramData\load32.exe -rundll32 /SYSTEM32 "C:\Windows\System32\taskmgr.exe" "C:\Program Files\Microsoft\Windows" File not found
O4 - HKLM..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" File not found
O4 - Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Update.Microsoft.com.url ()
F3 - HKCU WinNT: Load - (C:\NTKernel\nt32.exe) - C:\NTKernel\nt32.exe ()
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: Show all images in original quality - Reg Error: Value error. File not found
O8 - Extra context menu item: Show image in original quality - Reg Error: Value error. File not found
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{23E96B60-50F4-4C5A-A4FE-D8DCD569F78F}: NameServer = 121.1.3.172 121.1.3.89
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll (AVG Secure Search)
O20 - HKCU Winlogon: Shell - ("C:\ProgramData\load32.exe") - C:\ProgramData\load32.exe ()
O27 - HKLM IFEO\AvastSvc.exe: Debugger - C:\Users\Administrator\Documents\315load32.exe (t24Mnh7P)
O27 - HKLM IFEO\AvastUI.exe: Debugger - C:\Users\Administrator\Documents\315load32.exe (t24Mnh7P)
O27 - HKLM IFEO\avcenter.exe: Debugger - C:\Users\Administrator\Documents\315load32.exe (t24Mnh7P)
O27 - HKLM IFEO\avconfig.exe: Debugger - C:\Users\Administrator\Documents\315load32.exe (t24Mnh7P)
O27 - HKLM IFEO\avgcsrvx.exe: Debugger - C:\Users\Administrator\Documents\315load32.exe (t24Mnh7P)
O27 - HKLM IFEO\avgidsagent.exe: Debugger - C:\Users\Administrator\Documents\315load32.exe (t24Mnh7P)
O27 - HKLM IFEO\avgnt.exe: Debugger - C:\Users\Administrator\Documents\315load32.exe (t24Mnh7P)
O27 - HKLM IFEO\avgrsx.exe: Debugger - C:\Users\Administrator\Documents\315load32.exe (t24Mnh7P)
O27 - HKLM IFEO\avguard.exe: Debugger - C:\Users\Administrator\Documents\315load32.exe (t24Mnh7P)
O27 - HKLM IFEO\avgui.exe: Debugger - C:\Users\Administrator\Documents\315load32.exe (t24Mnh7P)
O27 - HKLM IFEO\avgwdsvc.exe: Debugger - C:\Users\Administrator\Documents\315load32.exe (t24Mnh7P)
O27 - HKLM IFEO\avp.exe: Debugger - C:\Users\Administrator\Documents\315load32.exe (t24Mnh7P)
O27 - HKLM IFEO\avscan.exe: Debugger - C:\Users\Administrator\Documents\315load32.exe (t24Mnh7P)
O27 - HKLM IFEO\bdagent.exe: Debugger - C:\Users\Administrator\Documents\315load32.exe (t24Mnh7P)
O27 - HKLM IFEO\BTHSSecurityMgr.exe: Debugger - C:\Users\Administrator\Documents\315load32.exe (t24Mnh7P)
O27 - HKLM IFEO\ccuac.exe: Debugger - C:\Users\Administrator\Documents\315load32.exe (t24Mnh7P)
O27 - HKLM IFEO\ComboFix.exe: Debugger - C:\Users\Administrator\Documents\315load32.exe (t24Mnh7P)
O27 - HKLM IFEO\egui.exe: Debugger - C:\Users\Administrator\Documents\315load32.exe (t24Mnh7P)
O27 - HKLM IFEO\hijackthis.exe: Debugger - C:\Users\Administrator\Documents\315load32.exe (t24Mnh7P)
O27 - HKLM IFEO\instup.exe: Debugger - C:\Users\Administrator\Documents\315load32.exe (t24Mnh7P)
O27 - HKLM IFEO\keyscrambler.exe: Debugger - C:\Users\Administrator\Documents\315load32.exe (t24Mnh7P)
O27 - HKLM IFEO\loggingserver.exe: Debugger - C:\Users\Administrator\Documents\315load32.exe (t24Mnh7P)
O27 - HKLM IFEO\mbam.exe: Debugger - C:\Users\Administrator\Documents\315load32.exe (t24Mnh7P)
O27 - HKLM IFEO\mbamgui.exe: Debugger - C:\Users\Administrator\Documents\315load32.exe (t24Mnh7P)
O27 - HKLM IFEO\mbampt.exe: Debugger - C:\Users\Administrator\Documents\315load32.exe (t24Mnh7P)
O27 - HKLM IFEO\mbamscheduler.exe: Debugger - C:\Users\Administrator\Documents\315load32.exe (t24Mnh7P)
O27 - HKLM IFEO\mbamservice.exe: Debugger - C:\Users\Administrator\Documents\315load32.exe (t24Mnh7P)
O27 - HKLM IFEO\MpCmdRun.exe: Debugger - C:\Users\Administrator\Documents\315load32.exe (t24Mnh7P)
O27 - HKLM IFEO\MSASCui.exe: Debugger - C:\Users\Administrator\Documents\315load32.exe (t24Mnh7P)
O27 - HKLM IFEO\MsMpEng.exe: Debugger - C:\Users\Administrator\Documents\315load32.exe (t24Mnh7P)
O27 - HKLM IFEO\msseces.exe: Debugger - C:\Users\Administrator\Documents\315load32.exe (t24Mnh7P)
O27 - HKLM IFEO\NisSrv.exe: Debugger - C:\Users\Administrator\Documents\315load32.exe (t24Mnh7P)
O27 - HKLM IFEO\rstrui.exe: Debugger - C:\Users\Administrator\Documents\315load32.exe (t24Mnh7P)
O27 - HKLM IFEO\spybotsd.exe: Debugger - C:\Users\Administrator\Documents\315load32.exe (t24Mnh7P)
O27 - HKLM IFEO\ToolbarUpdater.exe: Debugger - C:\Users\Administrator\Documents\315load32.exe (t24Mnh7P)
O27 - HKLM IFEO\vprot.exe: Debugger - C:\Users\Administrator\Documents\315load32.exe (t24Mnh7P)
O27 - HKLM IFEO\wireshark.exe: Debugger - C:\Users\Administrator\Documents\315load32.exe (t24Mnh7P)
O27 - HKLM IFEO\zlclient.exe: Debugger - C:\Users\Administrator\Documents\315load32.exe (t24Mnh7P)
O33 - MountPoints2\{0184f96d-f147-11e2-801e-3c970e19f3a6}\Shell - "" = AutoRun
O33 - MountPoints2\{0184f96d-f147-11e2-801e-3c970e19f3a6}\Shell\AutoRun\command - "" = G:\.\ShowModem.exe
O33 - MountPoints2\{04678425-0bf6-11e3-863b-08edb9a5d166}\Shell - "" = AutoRun
O33 - MountPoints2\{04678425-0bf6-11e3-863b-08edb9a5d166}\Shell\AutoRun\command - "" = F:\.\ShowModem.exe
O33 - MountPoints2\{084c2476-5c6b-11e2-a01d-08edb9a5d166}\Shell - "" = AutoRun
O33 - MountPoints2\{084c2476-5c6b-11e2-a01d-08edb9a5d166}\Shell\AutoRun\command - "" = G:\.\ShowModem.exe
O33 - MountPoints2\{0f13bd92-9e8f-11e2-8c21-3c970e19f3a6}\Shell - "" = AutoRun
O33 - MountPoints2\{0f13bd92-9e8f-11e2-8c21-3c970e19f3a6}\Shell\AutoRun\command - "" = F:\.\ShowModem.exe
O33 - MountPoints2\{10ac766a-3e06-11e2-b87e-08edb9a5d166}\Shell - "" = AutoRun
O33 - MountPoints2\{10ac766a-3e06-11e2-b87e-08edb9a5d166}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{18051439-17cc-11e3-bfc2-3c970e19f3a6}\Shell - "" = AutoRun
O33 - MountPoints2\{18051439-17cc-11e3-bfc2-3c970e19f3a6}\Shell\AutoRun\command - "" = G:\Autorun.exe
O33 - MountPoints2\{19c09400-f50c-11e2-8005-3c970e19f3a6}\Shell - "" = AutoRun
O33 - MountPoints2\{19c09400-f50c-11e2-8005-3c970e19f3a6}\Shell\AutoRun\command - "" = F:\LGAutoRun.exe
O33 - MountPoints2\{1e6ee12f-0fbf-11e3-bfc8-08edb9a5d166}\Shell - "" = AutoRun
O33 - MountPoints2\{1e6ee12f-0fbf-11e3-bfc8-08edb9a5d166}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{1e6ee136-0fbf-11e3-bfc8-08edb9a5d166}\Shell - "" = AutoRun
O33 - MountPoints2\{1e6ee136-0fbf-11e3-bfc8-08edb9a5d166}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{1f8185f9-aa94-11e2-97f6-3c970e19f3a6}\Shell - "" = AutoRun
O33 - MountPoints2\{1f8185f9-aa94-11e2-97f6-3c970e19f3a6}\Shell\AutoRun\command - "" = F:\.\ShowModem.exe
O33 - MountPoints2\{2e273393-073c-11e3-807f-3c970e19f3a6}\Shell - "" = AutoRun
O33 - MountPoints2\{2e273393-073c-11e3-807f-3c970e19f3a6}\Shell\AutoRun\command - "" = G:\.\ShowModem.exe
O33 - MountPoints2\{2e2812e1-3dfb-11e2-9db7-08edb9a5d166}\Shell - "" = AutoRun
O33 - MountPoints2\{2e2812e1-3dfb-11e2-9db7-08edb9a5d166}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{2e2812ef-3dfb-11e2-9db7-08edb9a5d166}\Shell - "" = AutoRun
O33 - MountPoints2\{2e2812ef-3dfb-11e2-9db7-08edb9a5d166}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{2f623265-4834-11e2-87f1-08edb9a5d166}\Shell - "" = AutoRun
O33 - MountPoints2\{2f623265-4834-11e2-87f1-08edb9a5d166}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{308b17e2-ae43-11e2-b07f-3c970e19f3a6}\Shell - "" = AutoRun
O33 - MountPoints2\{308b17e2-ae43-11e2-b07f-3c970e19f3a6}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{3b3d9119-161d-11e3-bacb-3c970e19f3a6}\Shell - "" = AutoRun
O33 - MountPoints2\{3b3d9119-161d-11e3-bacb-3c970e19f3a6}\Shell\AutoRun\command - "" = G:\Autorun.exe
O33 - MountPoints2\{4be33836-17d2-11e3-bf8e-3c970e19f3a6}\Shell - "" = AutoRun
O33 - MountPoints2\{4be33836-17d2-11e3-bf8e-3c970e19f3a6}\Shell\AutoRun\command - "" = I:\Autorun.exe -- [2011/04/21 02:20:50 | 000,334,672 | R--- | M] ()
O33 - MountPoints2\{4be3383d-17d2-11e3-bf8e-3c970e19f3a6}\Shell - "" = AutoRun
O33 - MountPoints2\{4be3383d-17d2-11e3-bf8e-3c970e19f3a6}\Shell\AutoRun\command - "" = G:\.\ShowModem.exe
O33 - MountPoints2\{4f7f88c4-62ef-11e2-ba7c-08edb9a5d166}\Shell - "" = AutoRun
O33 - MountPoints2\{4f7f88c4-62ef-11e2-ba7c-08edb9a5d166}\Shell\AutoRun\command - "" = G:\.\ShowModem.exe
O33 - MountPoints2\{4f7f88cc-62ef-11e2-ba7c-08edb9a5d166}\Shell - "" = AutoRun
O33 - MountPoints2\{4f7f88cc-62ef-11e2-ba7c-08edb9a5d166}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{5a2571a5-0e2c-11e3-bf9b-08edb9a5d166}\Shell - "" = AutoRun
O33 - MountPoints2\{5a2571a5-0e2c-11e3-bf9b-08edb9a5d166}\Shell\AutoRun\command - "" = I:\.\ShowModem.exe
O33 - MountPoints2\{64d1c521-0b13-11e3-856b-08edb9a5d166}\Shell - "" = AutoRun
O33 - MountPoints2\{64d1c521-0b13-11e3-856b-08edb9a5d166}\Shell\AutoRun\command - "" = F:\.\ShowModem.exe
O33 - MountPoints2\{6b020f0b-fc01-11e2-bf67-3c970e19f3a6}\Shell - "" = AutoRun
O33 - MountPoints2\{6b020f0b-fc01-11e2-bf67-3c970e19f3a6}\Shell\AutoRun\command - "" = G:\.\ShowModem.exe
O33 - MountPoints2\{75746dba-0cc2-11e3-83d7-08edb9a5d166}\Shell - "" = AutoRun
O33 - MountPoints2\{75746dba-0cc2-11e3-83d7-08edb9a5d166}\Shell\AutoRun\command - "" = G:\.\ShowModem.exe
O33 - MountPoints2\{7703b799-fb94-11e2-bf67-3c970e19f3a6}\Shell - "" = AutoRun
O33 - MountPoints2\{7703b799-fb94-11e2-bf67-3c970e19f3a6}\Shell\AutoRun\command - "" = F:\.\ShowModem.exe
O33 - MountPoints2\{7c4da601-f73f-11e2-bf82-3c970e19f3a6}\Shell - "" = AutoRun
O33 - MountPoints2\{7c4da601-f73f-11e2-bf82-3c970e19f3a6}\Shell\AutoRun\command - "" = F:\.\ShowModem.exe
O33 - MountPoints2\{802b6a73-33f1-11e2-a54c-08edb9a5d166}\Shell - "" = AutoRun
O33 - MountPoints2\{802b6a73-33f1-11e2-a54c-08edb9a5d166}\Shell\AutoRun\command - "" = F:\.\ShowModem.exe
O33 - MountPoints2\{884b8ce0-3bdd-11e2-893c-08edb9a5d166}\Shell - "" = AutoRun
O33 - MountPoints2\{884b8ce0-3bdd-11e2-893c-08edb9a5d166}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{884b8cea-3bdd-11e2-893c-08edb9a5d166}\Shell - "" = AutoRun
O33 - MountPoints2\{884b8cea-3bdd-11e2-893c-08edb9a5d166}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{893841c4-1c7a-11e3-a86e-3c970e19f3a6}\Shell - "" = AutoRun
O33 - MountPoints2\{893841c4-1c7a-11e3-a86e-3c970e19f3a6}\Shell\AutoRun\command - "" = F:\Autorun.exe
O33 - MountPoints2\{8f089376-f5f6-11e2-bbb0-3c970e19f3a6}\Shell - "" = AutoRun
O33 - MountPoints2\{8f089376-f5f6-11e2-bbb0-3c970e19f3a6}\Shell\AutoRun\command - "" = F:\.\ShowModem.exe
O33 - MountPoints2\{94775819-fb79-11e2-bb17-3c970e19f3a6}\Shell - "" = AutoRun
O33 - MountPoints2\{94775819-fb79-11e2-bb17-3c970e19f3a6}\Shell\AutoRun\command - "" = F:\.\ShowModem.exe
O33 - MountPoints2\{a7e86d1c-00fd-11e3-8021-3c970e19f3a6}\Shell - "" = AutoRun
O33 - MountPoints2\{a7e86d1c-00fd-11e3-8021-3c970e19f3a6}\Shell\AutoRun\command - "" = G:\.\ShowModem.exe
O33 - MountPoints2\{af282a9f-6088-11e2-badf-08edb9a5d166}\Shell - "" = AutoRun
O33 - MountPoints2\{af282a9f-6088-11e2-badf-08edb9a5d166}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{af282abd-6088-11e2-badf-08edb9a5d166}\Shell - "" = AutoRun
O33 - MountPoints2\{af282abd-6088-11e2-badf-08edb9a5d166}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{b7425453-fbeb-11e2-bc4e-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{b7425453-fbeb-11e2-bc4e-806e6f6e6963}\Shell\AutoRun\command - "" = F:\.\ShowModem.exe
O33 - MountPoints2\{b952ffe2-3501-11e2-a48a-08edb9a5d166}\Shell - "" = AutoRun
O33 - MountPoints2\{b952ffe2-3501-11e2-a48a-08edb9a5d166}\Shell\AutoRun\command - "" = L:\.\ShowModem.exe
O33 - MountPoints2\{b952ffe8-3501-11e2-a48a-08edb9a5d166}\Shell - "" = AutoRun
O33 - MountPoints2\{b952ffe8-3501-11e2-a48a-08edb9a5d166}\Shell\AutoRun\command - "" = G:\.\ShowModem.exe
O33 - MountPoints2\{bacc0b6f-a96d-11e2-93db-3c970e19f3a6}\Shell - "" = AutoRun
O33 - MountPoints2\{bacc0b6f-a96d-11e2-93db-3c970e19f3a6}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{bb353421-0cca-11e3-be16-08edb9a5d166}\Shell - "" = AutoRun
O33 - MountPoints2\{bb353421-0cca-11e3-be16-08edb9a5d166}\Shell\AutoRun\command - "" = F:\.\ShowModem.exe
O33 - MountPoints2\{c1b5e630-5be8-11e2-986c-08edb9a5d166}\Shell - "" = AutoRun
O33 - MountPoints2\{c1b5e630-5be8-11e2-986c-08edb9a5d166}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{c2f86a26-3271-11e3-b95c-3c970e19f3a6}\Shell - "" = AutoRun
O33 - MountPoints2\{c2f86a26-3271-11e3-b95c-3c970e19f3a6}\Shell\AutoRun\command - "" = G:\Autorun.exe
O33 - MountPoints2\{c48bb5ad-0c64-11e3-8454-08edb9a5d166}\Shell - "" = AutoRun
O33 - MountPoints2\{c48bb5ad-0c64-11e3-8454-08edb9a5d166}\Shell\AutoRun\command - "" = G:\.\ShowModem.exe
O33 - MountPoints2\{c5259861-4eb1-11e3-b9b0-3c970e19f3a6}\Shell - "" = AutoRun
O33 - MountPoints2\{c5259861-4eb1-11e3-b9b0-3c970e19f3a6}\Shell\AutoRun\command - "" = G:\Autorun.exe
O33 - MountPoints2\{c86fdf9e-1562-11e3-bacb-08edb9a5d166}\Shell - "" = AutoRun
O33 - MountPoints2\{c86fdf9e-1562-11e3-bacb-08edb9a5d166}\Shell\AutoRun\command - "" = F:\.\ShowModem.exe
O33 - MountPoints2\{cc38dc5f-735c-11e2-b525-3c970e19f3a6}\Shell - "" = AutoRun
O33 - MountPoints2\{cc38dc5f-735c-11e2-b525-3c970e19f3a6}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{cdb4b2b8-9894-11e3-83ed-3c970e19f3a6}\Shell - "" = AutoRun
O33 - MountPoints2\{cdb4b2b8-9894-11e3-83ed-3c970e19f3a6}\Shell\AutoRun\command - "" = I:\Autorun.exe -- [2011/04/21 02:20:50 | 000,334,672 | R--- | M] ()
O33 - MountPoints2\{d579786a-3ed5-11e2-9e1d-08edb9a5d166}\Shell - "" = AutoRun
O33 - MountPoints2\{d579786a-3ed5-11e2-9e1d-08edb9a5d166}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{da6074cc-9383-11e3-9664-3c970e19f3a6}\Shell - "" = AutoRun
O33 - MountPoints2\{da6074cc-9383-11e3-9664-3c970e19f3a6}\Shell\AutoRun\command - "" = G:\Autorun.exe
O33 - MountPoints2\{e6ccf62f-6358-11e2-b427-08edb9a5d166}\Shell - "" = AutoRun
O33 - MountPoints2\{e6ccf62f-6358-11e2-b427-08edb9a5d166}\Shell\AutoRun\command - "" = G:\.\ShowModem.exe
O33 - MountPoints2\{ea6947a3-880c-11e3-941c-3c970e19f3a6}\Shell - "" = AutoRun
O33 - MountPoints2\{ea6947a3-880c-11e3-941c-3c970e19f3a6}\Shell\AutoRun\command - "" = I:\Autorun.exe -- [2011/04/21 02:20:50 | 000,334,672 | R--- | M] ()
O33 - MountPoints2\{ee9587ef-b706-11e2-abe4-3c970e19f3a6}\Shell - "" = AutoRun
O33 - MountPoints2\{ee9587ef-b706-11e2-abe4-3c970e19f3a6}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{f11d2f2e-5c8a-11e2-ba6a-08edb9a5d166}\Shell - "" = AutoRun
O33 - MountPoints2\{f11d2f2e-5c8a-11e2-ba6a-08edb9a5d166}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{f2943ad6-59b5-11e3-9771-3c970e19f3a6}\Shell - "" = AutoRun
O33 - MountPoints2\{f2943ad6-59b5-11e3-9771-3c970e19f3a6}\Shell\AutoRun\command - "" = F:\Autorun.exe
O33 - MountPoints2\{f2ba6694-12f0-11e3-bad6-08edb9a5d166}\Shell - "" = AutoRun
O33 - MountPoints2\{f2ba6694-12f0-11e3-bad6-08edb9a5d166}\Shell\AutoRun\command - "" = I:\.\ShowModem.exe
O33 - MountPoints2\{fe687f7e-f531-11e2-bea6-3c970e19f3a6}\Shell - "" = AutoRun
O33 - MountPoints2\{fe687f7e-f531-11e2-bea6-3c970e19f3a6}\Shell\AutoRun\command - "" = F:\.\ShowModem.exe
O33 - MountPoints2\{fe8ea33f-0cc8-11e3-8493-08edb9a5d166}\Shell - "" = AutoRun
O33 - MountPoints2\{fe8ea33f-0cc8-11e3-8493-08edb9a5d166}\Shell\AutoRun\command - "" = G:\.\ShowModem.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Autorun.exe
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\Autorun.exe -- [2011/04/21 02:20:50 | 000,334,672 | R--- | M] ()
[2014/02/21 17:18:34 | 000,000,000 | -H-D | C] -- \NTKernel
[2014/02/21 17:18:34 | 000,000,000 | -H-D | C] -- C:\NTKernel
[2014/02/21 18:11:22 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2014/02/21 17:23:07 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
[2014/02/21 17:23:07 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job
[2014/02/21 16:27:05 | 000,000,960 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1593032993-883745454-2812622509-500UA.job
[2014/02/21 15:01:54 | 000,000,280 | ---- | M] () -- C:\Windows\tasks\RegClean Pro_DEFAULT.job
[2014/02/21 13:39:19 | 000,000,938 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1593032993-883745454-2812622509-500Core.job
[2014/02/19 10:42:10 | 000,000,288 | ---- | M] () -- C:\Windows\tasks\RegClean Pro_UPDATES.job
[2014/02/15 17:09:03 | 000,001,618 | ---- | M] () -- C:\Users\Administrator\Desktop\Premium Browser.exe.lnk
[2013/05/22 16:59:00 | 000,003,730 | ---- | C] () -- C:\Program Files\Mozilla Firefoxavg-secure-search.xml
[2013/05/11 15:30:41 | 000,000,009 | ---- | C] () -- \END
[2013/03/31 18:07:19 | 000,090,112 | ---- | C] () -- C:\Windows\System32\bsrlback.dll
[2013/03/31 18:07:19 | 000,090,112 | ---- | C] () -- C:\Windows\System32\bsreffs.dll
[2013/03/31 18:07:18 | 000,692,224 | ---- | C] () -- C:\Windows\System32\bsrmgcv.dll
[2013/03/31 18:07:18 | 000,192,512 | ---- | C] () -- C:\Windows\System32\bsrmgps.dll
[2013/03/31 18:07:18 | 000,081,920 | ---- | C] () -- C:\Windows\System32\bsrgvas.dll
[2013/03/31 18:06:34 | 000,585,728 | ---- | C] () -- C:\Windows\System32\bsratswf.dll
[2013/03/31 18:06:34 | 000,147,456 | ---- | C] () -- C:\Windows\System32\bsratwmv.dll
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\zzmbkjttcv.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\zyadeizbstq.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\zmpm.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\zlvlgaoro.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\zhbezzk.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\zbu.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\yztg.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ywcotf.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\yruogei.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\yqwnxmuqkr.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ynbpico.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\yft.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\yfddtyco.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\yeqc.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ybcwdcj.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\xrjmwls.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\xratz.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\xnrwoffi.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\xkiazoygsu.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\xitroqxj.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\xhliavnncf.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\xhi.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\xhepiahgu.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\xei.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\xdu.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\xbwudob.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\xabxrnwognq.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\wztapis.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\wvpmojcpagc.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\wvmaql.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\wuienx.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\wtkvqxla.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\wmaeoulj.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\wjjkwjxof.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\wjd.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\wgfzxqxc.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\vwx.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\vwvpxtf.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\vtccpjjxhbl.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\vpymgh.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\vky.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\vhgdwwy.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\vexcv.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\vekhfmquvd.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\uuknvmo.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\upqsk.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\uilhoi.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\uhgxcxne.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ugh.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ubomomrwsdk.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\uaqqwmjt.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\tubh.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\tmksiwyo.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\tjerrruiu.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\tgysztaa.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\tgp.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\tcu.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\szanch.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\swrosmstc.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\swmx.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\svh.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\surl.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\sthnpbr.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\sqrvkkbktxz.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\skjqlknoa.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\rzuc.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\rvitifkhda.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ruwy.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\rtsquze.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\rnni.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\rnaxcorvnpm.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\rmkgnn.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\riffaw.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\rifbww.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\rfbddh.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\refyhravcw.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\rckntimj.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\rbou.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\qzegqoobxiy.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\qxbus.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\qqqewpfdl.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\qpghwlpi.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\qnretzig.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\qheefqe.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\qgqkumwr.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\qbdvroefxtf.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\pxluctu.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\pvsbacopgo.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\puxozpwjj.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ptfcgaof.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\psxulyb.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\psuezqksw.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\pqjjgvrcrr.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\pplmagu.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\pefaimbebk.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\pedcjlq.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\pcpmvigyknw.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\oxxpcqneqfk.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\onuhfaqdr.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\olcfhmx.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\okbzdweogsf.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ogn.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ogknbwh.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ocduhsoaeky.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\netcd.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ndpxrjvfik.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\mxdvmytw.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\mpuqpwyjjoe.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\mlfml.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\mhymnl.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\mhefcltipun.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\mcrrrdylbyb.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\mbpbf.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\lxjydaq.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\lwcnbd.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\lvjfqnrfy.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\lmkwvtfa.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\liif.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\lhlcj.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ldna.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ktkvvqws.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\kokjkgnayl.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\kgqeevfnt.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\kfkegdfzsmf.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\kblu.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\kaddzumq.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\jxqxva.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\jvanbm.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\jscxtijpp.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ixrmyzmuf.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ivz.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\itshnv.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\isnvgwxvzx.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ikvd.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ifvbafbi.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\iduxw.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ict.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ibqvywo.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\hxpuo.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\htzs.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\htubwk.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\hqwxnfwmq.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\hoboh.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\hmzimwaq.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\hhxjfatux.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\hgu.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\hgdxppghmnp.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\hfaptb.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\hbqnkzjqm.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\gzswrdxw.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\gxveh.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\gxiglgpq.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\gswxesatox.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\gksspjwk.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\gjrxn.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\giemuzl.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ggjxmqh.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\gecrm.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\gcgii.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\gbx.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\fyvyvw.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\fqat.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\fnyj.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\fkuuzbgv.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\fhagevihj.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\fas.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ezafudvoiyt.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\err.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\epuzw.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ehe.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\egskehx.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\edsljcdivuy.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\ecisfvuhpa.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\dxrnzku.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\dqajfj.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\dmtlsnues.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\dkfd.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\defhdp.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\cqbt.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\cntaml.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\civwzqm.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\cfclssx.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\cdntf.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\cbgvboorrjj.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\bzyz.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\bxqecmpfn.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\bulcyfilrrd.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\bsmobir.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\blxcchdo.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\baxqskha.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ayyyufnvi.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\aso.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\arembuqqlhl.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\apluecjxljh.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\akjgqsepny.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ajnzyssdz.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ajfm.ini
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\aesvs.dat
[2012/11/23 10:20:51 | 000,000,028 | ---- | C] () -- C:\Windows\System32\aclcvmx.ini
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\zvxuplfqaiv.dat
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\zmulmsalvp.ini
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\zgtn.dat
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\yfguqg.dat
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\xibfo.dat
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\xhxj.ini
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\xbeumyws.ini
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\wmcwjfwebcg.dat
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\vuzy.ini
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\uvhkeoo.dat
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ujupkolaxz.ini
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\udixx.ini
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\tttpgilubhz.ini
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\tixbprzs.dat
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\srt.ini
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\sntlrnm.dat
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\slfzi.ini
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\skcx.dat
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\sjzadmi.ini
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\sfsz.dat
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\rumiqlhw.dat
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\rpz.ini
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\rhw.dat
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\qttwzyei.dat
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\qsopsnklrnj.dat
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\qrpcq.dat
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\qqqt.ini
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\pqognjycvt.dat
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\pjtdqi.ini
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\phcioojd.ini
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\pclkwlz.ini
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\pathdekgnl.dat
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ousspnt.ini
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\otvbczqzr.dat
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\otorwgb.ini
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\oofzxmm.dat
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\oofsbkfk.ini
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ooaomuyhvz.ini
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\olhdsirhbjm.dat
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\oicryjbsxhd.ini
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ntpp.ini
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\npuailglpt.dat
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\narceunvfsr.ini
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\mwzhlh.ini
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\mwuwz.dat
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\mvhxlyyr.dat
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\minowwpnhw.dat
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\mflohpswrxl.dat
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\mbufohzbd.dat
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\maynwlp.ini
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\lvzw.dat
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\lqya.dat
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\lnm.ini
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\lffhqjpt.dat
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\kragnbr.dat
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\kppamcnflm.dat
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\knk.ini
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\kkrk.ini
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\kjvzwobzke.ini
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\jvpytddxshm.ini
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\jecbuzopv.ini
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\jazdltqdat.ini
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ithugwck.dat
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\imisiwl.ini
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ilppyukvb.ini
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\hxokmtz.ini
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\hulemjbpzih.dat
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\hrfumedgw.ini
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\hiushfclfla.ini
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\gwegf.dat
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ghdvcccqxcv.ini
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\fzzu.dat
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\fnxe.dat
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\fmlgoxxnn.ini
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\eewo.ini
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\eesejbzog.ini
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\dmuuqmc.ini
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\djzobvavx.ini
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\dgppwo.dat
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\dgckkqqq.ini
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\dfswulgomz.ini
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\detwvkklv.ini
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\ctxnogspj.ini
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\cbqynozbpo.ini
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\byoqvakieh.ini
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\bsxkwl.dat
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\betjex.ini
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\azuxhafgo.ini
[2012/11/23 10:20:50 | 000,000,028 | ---- | C] () -- C:\Windows\System32\auemdu.ini
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:A1EDB939
@Alternate Data Stream - 12 bytes -> C:\Windows\System32:{4B9A1497-0817-47C4-9612-D6A1C53ACF57}

:Files
dir C:\Program Files\Prezi /S /C
dir C:\Users\Administrator\Prezi /S /C

:Commands
[EMPTYTEMP]
  • Click the Run Fix button.
  • After your computer has rebooted, run OTL and click Quick Scan.
  • Copy and paste the contents of the log that it produces into your next post.

 

Tell me how the computer is behaving now.
  • 0

#5
latenaAKO
Posted 21 February 2014 - 07:49 AM

latenaAKO

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
thanks :D here is the new log

OTL logfile created on: 2/21/2014 9:42:14 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Administrator\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.11 Gb Total Physical Memory | 1.94 Gb Available Physical Memory | 62.43% Memory free
6.22 Gb Paging File | 4.91 Gb Available in Paging File | 78.91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 390.66 Gb Total Space | 172.77 Gb Free Space | 44.23% Space Free | Partition Type: NTFS
Drive D: | 29.98 Gb Total Space | 12.61 Gb Free Space | 42.04% Space Free | Partition Type: FAT32
Drive F: | 29.98 Gb Total Space | 29.98 Gb Free Space | 100.00% Space Free | Partition Type: FAT32
Drive I: | 20.38 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: LEO | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2014/02/21 18:37:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
PRC - [2014/02/15 18:47:08 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/11/17 20:06:00 | 000,442,712 | ---- | M] (Razer Inc.) -- C:\Program Files\Razer\Synapse\RzSynapse.exe
PRC - [2013/11/11 11:57:58 | 003,825,232 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IDMan.exe
PRC - [2013/11/07 19:17:30 | 000,269,848 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IEMonitor.exe
PRC - [2013/11/06 10:55:46 | 000,845,168 | ---- | M] (Samsung) -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2013/11/06 10:55:40 | 000,311,152 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
PRC - [2013/11/06 10:55:38 | 001,564,528 | ---- | M] (Samsung) -- C:\Program Files\Samsung\Kies\Kies.exe
PRC - [2013/10/09 10:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) -- C:\Program Files\Skype\Updater\Updater.exe
PRC - [2012/12/29 16:26:22 | 001,822,136 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2012/12/29 16:26:22 | 000,873,400 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2012/11/21 01:27:40 | 000,879,208 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
PRC - [2012/11/10 03:30:26 | 000,287,592 | ---- | M] (Connectify) -- C:\Program Files\Connectify\Connectifyd.exe
PRC - [2012/11/10 03:30:12 | 000,065,536 | ---- | M] () -- C:\Program Files\Connectify\ConnectifyService.exe
PRC - [2012/10/24 14:39:16 | 004,202,312 | ---- | M] () -- C:\Program Files\SMART BRO\UIMain.exe
PRC - [2012/10/24 14:39:02 | 000,724,296 | ---- | M] () -- C:\Program Files\SMART BRO\CMUpdater.exe
PRC - [2012/10/24 14:38:56 | 000,274,760 | ---- | M] () -- C:\Program Files\SMART BRO\AssistantServices.exe
PRC - [2012/09/23 20:43:40 | 000,040,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 11.0\Reader\reader_sl.exe
PRC - [2012/09/23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/08/13 23:50:24 | 001,049,088 | ---- | M] (Autodesk Inc) -- C:\Program Files\Autodesk\SketchBook Pro 6\SketchBookSnapshot.exe
PRC - [2012/05/29 03:25:50 | 001,005,440 | ---- | M] (Crystal Rich Ltd) -- C:\Program Files\USB Safely Remove\USBSRService.exe
PRC - [2012/05/11 09:41:56 | 000,156,448 | ---- | M] () -- C:\Program Files\SMART BRO\UIExec.exe
PRC - [2012/03/28 16:03:16 | 016,957,056 | ---- | M] (Winstep Software Technologies) -- C:\Program Files\Winstep\Nexus.exe
PRC - [2012/01/27 01:40:44 | 000,291,608 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2012/01/04 18:46:14 | 007,991,200 | ---- | M] (Lenovo (Beijing) Limited) -- C:\Program Files\Lenovo\Energy Management\Energy Management.exe
PRC - [2011/12/26 13:48:48 | 005,937,056 | ---- | M] (Lenovo(beijing) Limited) -- C:\Program Files\Lenovo\Energy Management\utility.exe
PRC - [2011/12/08 10:44:04 | 000,722,704 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
PRC - [2011/12/08 10:43:42 | 000,653,584 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2011/12/08 10:43:40 | 000,107,792 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2011/11/28 20:47:42 | 002,589,832 | ---- | M] () -- C:\Program Files\Hear\Hear.exe
PRC - [2011/09/15 00:19:54 | 000,086,016 | ---- | M] () -- C:\Program Files\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_32server.exe
PRC - [2011/07/28 17:35:44 | 000,262,144 | ---- | M] (Arcai.com) -- C:\Program Files\netcut\services\aips.exe
PRC - [2011/06/02 00:42:28 | 000,014,088 | ---- | M] (Memeo) -- C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
PRC - [2011/02/11 19:26:22 | 000,377,344 | ---- | M] (Winstep Software Technologies) -- C:\Program Files\Winstep\WsxService.exe
PRC - [2010/11/21 05:29:20 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/21 05:29:10 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2010/11/21 05:29:07 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
PRC - [2010/02/04 19:25:50 | 000,135,168 | ---- | M] () -- C:\Windows\System32\ChgService.exe
PRC - [2009/12/01 10:43:12 | 002,519,040 | ---- | M] (Intel) -- C:\Program Files\Intel\AMT\UNS.exe
PRC - [2009/12/01 10:42:22 | 000,102,400 | ---- | M] (Intel) -- C:\Program Files\Intel\AMT\LMS.exe
PRC - [2009/11/20 19:17:54 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe


========== Modules (No Company Name) ==========

MOD - [2014/02/15 18:46:54 | 003,578,992 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013/11/27 23:02:50 | 014,971,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Theme\46bbb33c59f04794a6688cdc28fd4802\Kies.Theme.ni.dll
MOD - [2013/11/27 23:02:38 | 000,232,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\bd38349bbe199a814b24e9344b53c836\ASF_cSharpAPI.ni.dll
MOD - [2013/11/27 23:02:12 | 000,183,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Commonc65c5a95#\f311308d760a90befb7c117b28f6d3e2\Kies.Common.DeviceServiceLib.Interface.ni.dll
MOD - [2013/11/27 23:02:03 | 001,816,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.UI\bfb0853c980ab15a55eda36a5717f981\Kies.UI.ni.dll
MOD - [2013/11/27 23:02:03 | 000,081,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\353d7eb4d057265988a2c6aacd8fb632\Kies.MVVM.ni.dll
MOD - [2013/09/13 19:51:44 | 000,087,952 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2013/09/13 19:51:20 | 001,242,952 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/11/22 18:57:06 | 000,056,424 | ---- | M] () -- C:\Windows\System32\PrxerNsp.dll
MOD - [2012/11/21 01:27:35 | 000,094,208 | ---- | M] () -- C:\Windows\System32\IccLibDll.dll
MOD - [2012/10/24 14:39:16 | 004,202,312 | ---- | M] () -- C:\Program Files\SMART BRO\UIMain.exe
MOD - [2012/10/24 14:39:02 | 000,724,296 | ---- | M] () -- C:\Program Files\SMART BRO\CMUpdater.exe
MOD - [2012/10/02 02:33:02 | 006,522,480 | ---- | M] () -- C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
MOD - [2012/05/11 09:41:56 | 000,156,448 | ---- | M] () -- C:\Program Files\SMART BRO\UIExec.exe
MOD - [2012/02/22 09:41:36 | 001,085,376 | ---- | M] () -- C:\Program Files\Winstep\wodTelnetDLX.dll
MOD - [2012/01/04 18:46:00 | 001,496,480 | ---- | M] () -- C:\Program Files\Lenovo\Energy Management\EMWpfUI.dll
MOD - [2011/11/28 20:47:42 | 002,589,832 | ---- | M] () -- C:\Program Files\Hear\Hear.exe
MOD - [2011/01/24 20:29:54 | 000,617,808 | ---- | M] () -- C:\Program Files\SMART BRO\UpdateAgent.dll
MOD - [2011/01/24 20:29:54 | 000,349,520 | ---- | M] () -- C:\Program Files\SMART BRO\UISkin.dll
MOD - [2011/01/24 20:29:54 | 000,238,928 | ---- | M] () -- C:\Program Files\SMART BRO\UICommonDlg.dll
MOD - [2011/01/24 20:29:54 | 000,165,712 | ---- | M] () -- C:\Program Files\SMART BRO\BIXml.dll
MOD - [2009/07/14 09:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\System32\msjetoledb40.dll
MOD - [2008/12/20 03:20:50 | 000,063,304 | ---- | M] () -- C:\Program Files\Lenovo\Energy Management\KbdHook.dll
MOD - [2008/12/20 03:20:08 | 000,051,016 | ---- | M] () -- C:\Program Files\Lenovo\Energy Management\HookLib.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - File not found [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/02/21 12:58:30 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/01/28 03:02:50 | 000,571,816 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/10/24 16:15:45 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2013/10/14 18:34:58 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2013/10/09 10:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/08/08 16:19:12 | 000,030,184 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe -- (LSCWinService)
SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/12/29 18:26:54 | 001,260,472 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/11/21 01:27:36 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/11/10 03:30:12 | 000,065,536 | ---- | M] () [Auto | Running] -- C:\Program Files\Connectify\ConnectifyService.exe -- (Connectify)
SRV - [2012/10/24 14:38:56 | 000,274,760 | ---- | M] () [Auto | Running] -- C:\Program Files\SMART BRO\AssistantServices.exe -- (UI Assistant Service)
SRV - [2012/09/23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/05/29 03:25:50 | 001,005,440 | ---- | M] (Crystal Rich Ltd) [Auto | Running] -- C:\Program Files\USB Safely Remove\USBSRService.exe -- (USBSafelyRemoveService)
SRV - [2011/12/08 10:44:04 | 000,722,704 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService)
SRV - [2011/12/08 10:43:50 | 000,241,936 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV - [2011/12/08 10:43:42 | 000,653,584 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2011/12/08 10:43:40 | 000,107,792 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2011/12/05 09:30:26 | 000,509,440 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV - [2011/12/05 08:55:36 | 000,104,208 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV - [2011/09/15 00:19:54 | 000,086,016 | ---- | M] () [Auto | Running] -- C:\Program Files\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_32server.exe -- (mi-raysat_3dsmax2013_32)
SRV - [2011/07/28 17:35:44 | 000,262,144 | ---- | M] (Arcai.com) [Auto | Running] -- C:\Program Files\netcut\services\aips.exe -- (AIPS)
SRV - [2011/06/02 00:42:28 | 000,014,088 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe -- (SeagateDashboardService)
SRV - [2011/02/11 19:26:22 | 000,377,344 | ---- | M] (Winstep Software Technologies) [Auto | Running] -- C:\Program Files\Winstep\WsxService.exe -- (Winstep Xtreme Service)
SRV - [2010/02/04 19:25:50 | 000,135,168 | ---- | M] () [Auto | Running] -- C:\Windows\System32\ChgService.exe -- (Change Modem Device Service)
SRV - [2009/12/01 10:43:12 | 002,519,040 | ---- | M] (Intel) [Auto | Running] -- C:\Program Files\Intel\AMT\UNS.exe -- (UNS)
SRV - [2009/12/01 10:42:22 | 000,102,400 | ---- | M] (Intel) [Auto | Running] -- C:\Program Files\Intel\AMT\LMS.exe -- (LMS)
SRV - [2009/07/14 09:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 09:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [System | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva401.sys -- (XDva401)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_juwwanecm.sys -- (huawei_wwanecm)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_juextctrl.sys -- (huawei_ext_ctrl)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_jubusenum.sys -- (huawei_enumerator)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_jucdcacm.sys -- (huawei_cdcacm)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Garena Plus\Room\safedrv.sys -- (GGSAFERDriver)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_usbenumfilter.sys -- (ew_usbenumfilter)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - [2014/01/18 22:10:03 | 000,050,728 | ---- | M] (Eugene V. Muzychenko) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vrtaucbl.sys -- (EuMusDesignVirtualAudioCableWdm)
DRV - [2013/11/26 21:31:11 | 000,037,664 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2013/11/15 14:36:50 | 000,125,992 | ---- | M] (Razer Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rzudd.sys -- (rzudd)
DRV - [2013/11/08 07:41:38 | 000,108,000 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\idmwfp.sys -- (IDMWFP)
DRV - [2013/09/20 17:44:25 | 000,027,248 | ---- | M] (Connectify) [Kernel | System | Running] -- C:\Windows\System32\drivers\cnnctfy2.sys -- (cnnctfy2)
DRV - [2013/08/21 12:31:38 | 000,182,680 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2013/08/21 12:31:38 | 000,084,248 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013/02/22 09:50:36 | 000,037,064 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\taphss6.sys -- (taphss6)
DRV - [2013/01/20 15:59:04 | 000,100,328 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012/12/29 18:26:54 | 008,904,632 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012/12/29 18:26:54 | 000,025,528 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvpciflt.sys -- (nvpciflt)
DRV - [2012/11/21 01:27:46 | 000,052,824 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AmUStor.sys -- (AmUStor)
DRV - [2012/11/21 01:27:44 | 000,024,672 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV - [2012/11/21 01:27:43 | 000,094,320 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2012/11/21 01:27:40 | 000,280,576 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud)
DRV - [2012/11/21 01:27:39 | 000,930,000 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vm332avs.sys -- (vm332avs)
DRV - [2012/11/21 01:27:34 | 000,143,528 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcbtums.sys -- (bcbtums)
DRV - [2012/08/24 15:57:00 | 000,113,104 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2012/08/01 15:44:04 | 000,014,416 | ---- | M] (OpenLibSys.org) [File_System | On_Demand | Stopped] -- C:\Program Files\Razer\Razer Game Booster\Driver\WinRing0.sys -- (WinRing0_1_2_0)
DRV - [2012/07/17 18:12:08 | 000,055,104 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (MEI)
DRV - [2012/07/04 13:47:00 | 000,073,728 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandnetndis.sys -- (andnetndis)
DRV - [2012/07/03 11:56:00 | 000,025,856 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandnetadb.sys -- (andnetadb)
DRV - [2012/07/03 11:43:00 | 000,027,776 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandnetmodem.sys -- (ANDNetModem)
DRV - [2012/07/03 11:43:00 | 000,023,040 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandnetdiag.sys -- (AndNetDiag)
DRV - [2012/05/21 15:25:32 | 000,793,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV - [2012/05/21 15:25:32 | 000,350,016 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\iusb3hub.sys -- (iusb3hub)
DRV - [2012/01/27 01:39:36 | 000,013,592 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV - [2012/01/04 22:28:36 | 000,016,128 | ---- | M] (Windows ® Win 7 DDK provider) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\gtkdrv.sys -- (TrojanKillerDriver)
DRV - [2011/12/05 09:22:32 | 000,141,312 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AmpPal.sys -- (AMPPALP)
DRV - [2011/12/05 09:22:32 | 000,141,312 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AmpPal.sys -- (AMPPAL)
DRV - [2011/11/30 15:58:04 | 000,067,584 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bpenum.sys -- (bpenum)
DRV - [2011/11/07 16:18:14 | 000,039,048 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ren2cap.sys -- (REN2CAP_DRIVER)
DRV - [2011/09/01 11:17:54 | 000,107,520 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ZTEusbvoice.sys -- (ZTEusbvoice)
DRV - [2011/08/29 11:42:56 | 000,107,520 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2011/08/29 11:42:56 | 000,107,520 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2011/08/29 11:42:56 | 000,107,520 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2011/08/29 11:42:56 | 000,009,216 | ---- | M] (MBB Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2011/05/12 12:08:14 | 000,022,632 | ---- | M] (TamoSoft) [Kernel | System | Running] -- C:\Windows\System32\drivers\TsLwWfF.sys -- (TsLwWfF)
DRV - [2011/03/19 00:08:54 | 000,025,240 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\Windows\System32\speedfan.sys -- (speedfan)
DRV - [2010/11/21 05:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/21 05:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010/11/21 05:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/21 05:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2010/11/21 05:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/21 05:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/21 05:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/01/20 17:28:58 | 000,105,984 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\cmnsusbser.sys -- (cmnsusbser)
DRV - [2010/01/15 18:08:42 | 000,032,352 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\LhdX86.sys -- (LHDmgr)
DRV - [2009/07/14 07:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [1996/04/04 03:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{758B870D-DF78-4A6A-9955-DEDDCACF94DC}: "URL" = http://www.google.co...age={startPage}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,DefaultNetworkProfile =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.google.co...age={startPage}
IE - HKCU\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://slirsredirect...mrud=30-07-2013
IE - HKCU\..\SearchScopes\{758B870D-DF78-4A6A-9955-DEDDCACF94DC}: "URL" = http://www.google.co...age={startPage}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.smartbro.net:8080


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.3.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@t.garena.com/garenatalk: C:\Program Files\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Administrator\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\17.3.0.49 File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2014/02/15 18:46:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/02/15 18:46:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Administrator\AppData\Roaming\IDM\idmmzcc5 [2013/11/20 20:22:14 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Users\Administrator\AppData\Roaming\IDM\idmmzcc5 [2013/11/20 20:22:14 | 000,000,000 | ---D | M]

[2013/05/11 15:31:42 | 000,000,000 | ---D | M] (No name found) -- \mozilla\Firefox\extensions
[2013/05/11 15:31:42 | 000,000,000 | ---D | M] (No name found) -- \mozilla\Firefox\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}
[2014/02/15 18:46:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2014/02/15 18:46:24 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2014/02/15 18:46:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/02/15 18:46:23 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2014/02/15 18:47:12 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/02/15 18:46:23 | 000,000,000 | ---D | M] (Hotspot Shield Extension) -- C:\Program Files\Mozilla Firefox\browser\extensions\[email protected]
[2012/10/02 02:33:44 | 000,034,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll

========== Chrome ==========

CHR - default_search_provider: AOL Search (Enabled)
CHR - default_search_provider: search_url = http://slirsredirect...mrud=30-07-2013
CHR - default_search_provider: suggest_url = ,
CHR - homepage: http://start.search....45A4D4}&serpv=5
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\32.0.1700.107\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\32.0.1700.107\pdf.dll
CHR - plugin: Skype Click to Call (Enabled) = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2013 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
CHR - plugin: Microsoft Office 2013 (Enabled) = C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U9 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll
CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - Extension: Google Drive = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: savensHare = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ephjndiglemjgfgdkcfmbihlobnhcbbf\1\
CHR - Extension: AdBlock = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.18_0\
CHR - Extension: IDM Integration Module = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn\6.18.7_0\
CHR - Extension: Cookie Manager = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbnfbcpkiaganjpcanopcgeoehkleeck\1.1_0\
CHR - Extension: Skype Click to Call = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.13.0.13771_0\
CHR - Extension: Need for Speed World = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnnelgnkomjdakpkjpkfehdipjifjmbk\1.0.0.4_0\
CHR - Extension: AVG Security Toolbar = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\17.3.0.49_0\
CHR - Extension: Google Wallet = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Battlefield Play4Free = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiokahphinmbmakkehgelkmpolmnbkdh\1.0.96.0_0\
CHR - Extension: Gmail = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/12/19 18:15:24 | 000,003,688 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: virscan.org
O1 - Hosts: virustotal.com
O1 - Hosts: virusscan.jotti.org
O1 - Hosts: vscan.novirusthanks.org
O1 - Hosts: metascan-online.com
O1 - Hosts: analysis.avira.com
O1 - Hosts: agnitum.com/support/submit_files.php
O1 - Hosts: global.ahnlab.com/en/site/support/virusreport/virusreport.do
O1 - Hosts: bitsdujour.com/software/rss-submit/virus-scan
O1 - Hosts: submit.symantec.com/false_positive
O1 - Hosts: f-prot.com/virusinfo/submission_forum.html
O1 - Hosts: f-secure.com/en_UK/security/security-lab/submit-samples
O1 - Hosts: samplesubmit.avg.com
O1 - Hosts: bitdefender.com/site/Defense/fileSubmission
O1 - Hosts: trendmicro.co.uk/security/-intelligence/current-threat-activity/submit-a-virus/index.html
O1 - Hosts: https://submit.syman...bmit/retail.cgi
O1 - Hosts: quickheal.com/submitticket
O1 - Hosts: http://cgi.clamav.net/sendvirus.cgi
O1 - Hosts: http://www.clamav.ne...ng/en/sendvirus
O1 - Hosts: http://www.clamav.ne...submit-malware/
O1 - Hosts: http://www.clamav.ne...irus/submit-fp/
O1 - Hosts: http://www.comodo.co...rity/submit.php
O1 - Hosts: http://camas.comodo.com
O1 - Hosts: https://vms.drweb.co...ndvirus/?lng=en
O1 - Hosts: www.emsisoft.com/en/support/submit/
O1 - Hosts: 56 more lines...
O2 - BHO: (no name) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - No CLSID value found.
O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Energy Management] C:\Program Files\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4 - HKLM..\Run: [EnergyUtility] C:\Program Files\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey File not found
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [Razer Synapse] C:\Program Files\Razer\Synapse\RzSynapse.exe (Razer Inc.)
O4 - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [UIExec] C:\Program Files\SMART BRO\UIExec.exe ()
O4 - HKLM..\Run: [USB3MON] C:\Program Files\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKCU..\Run: [] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKCU..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKCU..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung)
O4 - HKCU..\Run: [NeXuS] C:\Program Files\Winstep\Nexus.exe (Winstep Software Technologies)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm File not found
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Windows\System32\PrxerNsp.dll ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\WTFastDrv.dll (Initex)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\WTFastDrv.dll (Initex)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\WTFastDrv.dll (Initex)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\WTFastDrv.dll (Initex)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\PrxerDrv.dll (Initex)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\PrxerDrv.dll (Initex)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\PrxerDrv.dll (Initex)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\PrxerDrv.dll (Initex)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\WTFastDrv.dll (Initex)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\PrxerDrv.dll (Initex)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{23E96B60-50F4-4C5A-A4FE-D8DCD569F78F}: NameServer = 121.1.3.172 121.1.3.89
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{327F27C9-D78B-4E27-865C-B0BD0762C877}: DhcpNameServer = 192.168.43.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BB2BED23-2221-4FE1-AAD4-2B0BD517157A}: DhcpNameServer = 192.168.42.129
O18 - Protocol\Handler\its - No CLSID value found
O18 - Protocol\Handler\ms-its - No CLSID value found
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (c:\windows\system32\nvinit.dll) - C:\Windows\System32\nvinit.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (c:\windows\system32\nvinit.dll) - C:\Windows\System32\nvinit.dll (NVIDIA Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22 - SharedTaskScheduler: {F791A188-699D-4FD4-955A-EB59E89B1907} - Ave's 7StartButton Changer - C:\Program Files\The Skins Factory\Hyperdesk\Common\AveStartButtonChangerInProc.dll (AveApps, Andreas Verhoeven)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/12/23 15:54:56 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2009/06/11 05:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2012/10/18 22:54:34 | 000,000,650 | R--- | M] () - I:\AutoRun.dat -- [ CDFS ]
O32 - AutoRun File - [2011/04/21 02:20:50 | 000,334,672 | R--- | M] () - I:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2012/09/29 00:18:52 | 000,004,286 | R--- | M] () - I:\AutoRun.ico -- [ CDFS ]
O32 - AutoRun File - [2011/04/21 02:08:05 | 000,000,047 | R--- | M] () - I:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (MACHINE BootExecut)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/02/21 21:45:13 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\otl
[2014/02/21 21:24:12 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/02/21 21:24:12 | 000,000,000 | ---D | C] -- \_OTL
[2014/02/21 18:36:37 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2014/02/18 20:54:51 | 000,107,520 | ---- | C] (ZTE Incorporated) -- C:\Windows\System32\drivers\ZTEusbvoice.sys
[2014/02/18 20:54:51 | 000,107,520 | ---- | C] (ZTE Incorporated) -- C:\Windows\System32\drivers\ZTEusbser6k.sys
[2014/02/18 20:54:51 | 000,107,520 | ---- | C] (ZTE Incorporated) -- C:\Windows\System32\drivers\ZTEusbnmea.sys
[2014/02/18 20:54:51 | 000,107,520 | ---- | C] (ZTE Incorporated) -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys
[2014/02/18 20:54:51 | 000,009,216 | ---- | C] (MBB Incorporated) -- C:\Windows\System32\drivers\massfilter.sys
[2014/02/18 20:54:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SMART BRO
[2014/02/18 20:54:26 | 000,000,000 | ---D | C] -- C:\Program Files\SMART BRO
[2014/02/15 18:46:21 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2014/02/05 19:04:23 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\files
[2014/02/02 14:12:46 | 000,000,000 | -HSD | C] -- C:\Boot
[2014/02/02 14:12:46 | 000,000,000 | -HSD | C] -- \Boot
[2014/01/31 22:05:19 | 000,000,000 | -HSD | C] -- C:\found.001
[2014/01/31 22:05:19 | 000,000,000 | -HSD | C] -- \found.001
[2014/01/26 12:23:43 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Prezi
[2014/01/26 12:17:27 | 000,000,000 | ---D | C] -- C:\Program Files\Prezi

========== Files - Modified Within 30 Days ==========

[2014/02/21 21:41:10 | 000,000,406 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2014/02/21 21:41:03 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2014/02/21 21:40:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/02/21 21:18:38 | 000,109,459 | ---- | M] () -- C:\Users\Administrator\Desktop\fix.jpg
[2014/02/21 18:37:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2014/02/21 17:25:28 | 000,026,304 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/02/21 17:25:28 | 000,026,304 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/02/21 17:23:20 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/02/21 17:16:31 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/02/21 16:55:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/02/19 05:41:52 | 000,384,016 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/02/18 20:57:14 | 000,663,760 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/02/18 20:57:14 | 000,122,066 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/02/18 20:54:43 | 000,001,814 | ---- | M] () -- C:\Users\Public\Desktop\SMART BRO.lnk
[2014/02/12 13:11:31 | 000,001,684 | ---- | M] () -- C:\Windows\System32\ASOROSet.bin
[2014/02/07 17:50:57 | 010,509,074 | ---- | M] () -- C:\Users\Administrator\Desktop\Maths Formulas v3.3.apk
[2014/02/02 16:45:10 | 000,088,708 | ---- | M] () -- C:\Users\Administrator\Desktop\prexia.pez
[2014/02/02 14:24:02 | 000,012,288 | ---- | M] () -- C:\BCD_Backup
[2014/02/02 14:15:57 | 000,012,288 | ---- | M] () -- C:\bcd
[2014/01/31 21:08:56 | 000,027,548 | ---- | M] () -- C:\Install-WindowsImage.ps1
[2014/01/26 12:19:11 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\Prezi.lnk

========== Files Created - No Company Name ==========

[2014/02/21 21:41:03 | 000,065,536 | ---- | C] () -- C:\Windows\System32\Ikeext.etl
[2014/02/21 21:18:36 | 000,109,459 | ---- | C] () -- C:\Users\Administrator\Desktop\fix.jpg
[2014/02/18 20:54:43 | 000,001,814 | ---- | C] () -- C:\Users\Public\Desktop\SMART BRO.lnk
[2014/02/12 22:47:53 | 345,861,670 | R--- | C] () -- C:\Users\Administrator\Desktop\Game.of.Thrones.S03E09.HDTV.x264-EVOLVE.mp4
[2014/02/12 09:33:35 | 000,001,684 | ---- | C] () -- C:\Windows\System32\ASOROSet.bin
[2014/02/07 17:50:34 | 010,509,074 | ---- | C] () -- C:\Users\Administrator\Desktop\Maths Formulas v3.3.apk
[2014/02/05 19:04:24 | 000,000,031 | ---- | C] () -- C:\Users\Administrator\Desktop\config.ini
[2014/02/02 16:45:09 | 000,088,708 | ---- | C] () -- C:\Users\Administrator\Desktop\prexia.pez
[2014/02/02 14:27:57 | 000,383,786 | RHS- | C] () -- C:\bootmgr
[2014/02/02 14:27:57 | 000,383,786 | RHS- | C] () -- \bootmgr
[2014/02/02 14:24:02 | 000,012,288 | ---- | C] () -- C:\BCD_Backup
[2014/02/02 14:24:02 | 000,012,288 | ---- | C] () -- \BCD_Backup
[2014/02/02 14:15:57 | 000,012,288 | ---- | C] () -- C:\bcd
[2014/02/02 14:15:57 | 000,012,288 | ---- | C] () -- \bcd
[2014/01/31 21:10:07 | 000,027,548 | ---- | C] () -- C:\Install-WindowsImage.ps1
[2014/01/31 21:10:07 | 000,027,548 | ---- | C] () -- \Install-WindowsImage.ps1
[2014/01/26 12:19:11 | 000,001,795 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Prezi.lnk
[2014/01/26 12:19:11 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\Prezi.lnk
[2013/12/23 07:47:39 | 000,039,048 | ---- | C] () -- C:\Windows\System32\drivers\ren2cap.sys
[2013/12/22 10:45:22 | 000,269,061 | ---- | C] () -- C:\Users\Administrator\the_clash_by_trungth-d6yhjcb.jpg
[2013/12/06 19:36:01 | 000,000,000 | ---- | C] () -- C:\Users\Administrator\new
[2013/11/13 17:04:55 | 000,056,424 | ---- | C] () -- C:\Windows\System32\PrxerNsp.dll
[2013/10/30 12:07:00 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2013/10/30 12:06:54 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2013/10/30 12:06:54 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2013/10/30 12:06:54 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2013/10/30 12:06:54 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2013/09/20 21:58:54 | 000,000,406 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013/09/20 15:52:54 | 000,110,602 | ---- | C] () -- C:\Windows\System32\xcdsfx32.bin
[2013/09/19 20:54:32 | 000,138,032 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2013/09/19 20:54:28 | 000,281,688 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2013/09/19 20:54:13 | 000,076,888 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2013/09/07 23:46:07 | 000,000,261 | ---- | C] () -- \WirelessDiagLog.csv
[2013/06/22 16:27:10 | 000,000,000 | RHS- | C] () -- \MSDOS.SYS
[2013/06/22 16:27:10 | 000,000,000 | RHS- | C] () -- \IO.SYS
[2013/06/16 17:00:22 | 000,053,248 | ---- | C] () -- C:\Windows\System32\CommonDL.dll
[2013/06/16 17:00:22 | 000,002,413 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini
[2013/05/11 15:30:41 | 000,000,009 | ---- | C] () -- \END
[2012/11/21 23:45:12 | 000,135,168 | ---- | C] () -- C:\Windows\System32\ChgService.exe
[2012/11/21 20:17:37 | 000,000,112 | -H-- | C] () -- \38C27F7B60FF
[2012/11/21 20:17:37 | 000,000,040 | -H-- | C] () -- \5674C6EEAD79
[2012/11/21 20:06:07 | 000,203,464 | RHS- | C] () -- \grldr
[2012/11/21 20:06:07 | 000,000,014 | RHS- | C] () -- \win7.ld
[2012/11/21 11:20:17 | 000,384,016 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/11/21 01:32:43 | 002,923,201 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin
[2012/11/21 01:28:21 | 000,001,950 | ---- | C] () -- C:\Windows\vm332Rmv.ini
[2012/11/21 01:28:21 | 000,001,950 | ---- | C] () -- C:\Windows\System32\vm332Rmv.ini
[2012/11/21 01:28:20 | 000,735,796 | ---- | C] () -- C:\Windows\System32\igkrng700.bin
[2012/11/21 01:28:20 | 000,561,508 | ---- | C] () -- C:\Windows\System32\igfcg700m.bin
[2012/11/21 01:28:20 | 000,009,216 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2012/11/21 01:28:19 | 013,020,160 | ---- | C] () -- C:\Windows\System32\ig7icd32.dll
[2012/11/21 01:28:19 | 000,216,472 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2012/11/21 01:28:19 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IccLibDll.dll
[2012/11/21 01:28:19 | 000,058,880 | ---- | C] () -- C:\Windows\System32\igdde32.dll
[2012/11/21 01:28:19 | 000,000,264 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2012/11/21 01:28:18 | 001,048,576 | ---- | C] () -- C:\Windows\System32\syndata.bin
[2009/07/14 10:04:04 | 000,000,024 | ---- | C] () -- \autoexec.bat
[2009/07/14 10:04:04 | 000,000,010 | ---- | C] () -- \config.sys

========== ZeroAccess Check ==========

[2009/07/14 12:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010/11/21 05:29:11 | 012,872,192 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 05:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 09:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========


========== Purity Check ==========



< End of report >
  • 0

#6
Machiavelli
Posted 21 February 2014 - 07:59 AM

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,722 posts

Tell me how the computer is behaving now.


  • 0

#7
latenaAKO
Posted 21 February 2014 - 08:20 AM

latenaAKO

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
still cant run antivirus programs :(
  • 0

#8
latenaAKO
Posted 21 February 2014 - 08:31 AM

latenaAKO

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
thanks for the reply let us just continue this tomorrow. im going to sleep
  • 0

#9
Machiavelli
Posted 21 February 2014 - 08:50 AM

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,722 posts
OK Good Night.
  • 0

#10
Machiavelli
Posted 21 February 2014 - 09:52 AM

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,722 posts
===== > Step 1: Chrome's Homepage < =====

Please visit this site here and change the homepage to whatever you want. I recommend changing it to Google.com.

===== > Step 2: Chrome Extensions < =====

Run Chrome and please enter this into the address bar: chrome:extensions
This will display a page of all installed extensions. Please remove the extensions in the list below by clicking the trash can icon beside each one.

Extensions to be removed:

  • AVG Security Toolbar
  • savensHare

===== > Step 3: OTL Fix < =====

  • Right click on OTL and select Run as Administrator.
  • Copy (Ctrl+C) and Paste (Ctrl+V) all of the following text into the Custom Scans/Fixes box:


    :Commands
[CreateRestorePoint]

:OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.smartbro.net:8080
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\17.3.0.49 File not found
[2013/05/11 15:31:42 | 000,000,000 | ---D | M] (No name found) -- \mozilla\Firefox\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}
O2 - BHO: (no name) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - No CLSID value found.
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm File not found
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm File not found
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{23E96B60-50F4-4C5A-A4FE-D8DCD569F78F}: NameServer = 121.1.3.172 121.1.3.89
[2014/02/21 21:41:03 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl

:Files
C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ephjndiglemjgfgdkcfmbihlobnhcbbf\1\

:Commands
[RESETHOSTS] 
[EMPTYTEMP]
  • Click the Run Fix button.
  • After your computer has rebooted, run OTL and click Quick Scan.
  • Copy and paste the contents of the log that it produces into your next post.

===== > Step 4: Question Time < =====

I. How is your PC behaving now?
II. Which error do you get when you try to start an AntiVirus?
III. Are you able to work in normal mode?
  • 0

#11
latenaAKO
Posted 21 February 2014 - 05:05 PM

latenaAKO

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
OTL logfile created on: 2/22/2014 7:00:44 AM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Administrator\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.11 Gb Total Physical Memory | 1.55 Gb Available Physical Memory | 49.79% Memory free
6.22 Gb Paging File | 4.47 Gb Available in Paging File | 71.82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 390.66 Gb Total Space | 172.62 Gb Free Space | 44.19% Space Free | Partition Type: NTFS
Drive D: | 29.98 Gb Total Space | 12.61 Gb Free Space | 42.04% Space Free | Partition Type: FAT32
Drive F: | 29.98 Gb Total Space | 29.98 Gb Free Space | 100.00% Space Free | Partition Type: FAT32
Drive I: | 20.38 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: LEO | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/02/21 18:37:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
PRC - [2014/02/21 12:58:27 | 001,863,560 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
PRC - [2014/02/15 18:47:08 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/11/17 20:06:00 | 000,442,712 | ---- | M] (Razer Inc.) -- C:\Program Files\Razer\Synapse\RzSynapse.exe
PRC - [2013/11/11 11:57:58 | 003,825,232 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IDMan.exe
PRC - [2013/11/07 19:17:30 | 000,269,848 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IEMonitor.exe
PRC - [2013/11/06 10:55:40 | 000,311,152 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
PRC - [2013/11/06 10:55:38 | 001,564,528 | ---- | M] (Samsung) -- C:\Program Files\Samsung\Kies\Kies.exe
PRC - [2013/10/09 10:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] () -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/12/29 16:26:22 | 001,822,136 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2012/12/29 16:26:22 | 000,873,400 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2012/11/21 01:27:40 | 000,879,208 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
PRC - [2012/11/10 03:30:26 | 000,287,592 | ---- | M] (Connectify) -- C:\Program Files\Connectify\Connectifyd.exe
PRC - [2012/11/10 03:30:12 | 000,065,536 | ---- | M] () -- C:\Program Files\Connectify\ConnectifyService.exe
PRC - [2012/10/24 14:39:16 | 004,202,312 | ---- | M] () -- C:\Program Files\SMART BRO\UIMain.exe
PRC - [2012/10/24 14:39:02 | 000,724,296 | ---- | M] () -- C:\Program Files\SMART BRO\CMUpdater.exe
PRC - [2012/10/24 14:38:56 | 000,274,760 | ---- | M] () -- C:\Program Files\SMART BRO\AssistantServices.exe
PRC - [2012/09/23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/08/13 23:50:24 | 001,049,088 | ---- | M] (Autodesk Inc) -- C:\Program Files\Autodesk\SketchBook Pro 6\SketchBookSnapshot.exe
PRC - [2012/05/29 03:25:50 | 001,005,440 | ---- | M] (Crystal Rich Ltd) -- C:\Program Files\USB Safely Remove\USBSRService.exe
PRC - [2012/05/11 09:41:56 | 000,156,448 | ---- | M] () -- C:\Program Files\SMART BRO\UIExec.exe
PRC - [2012/03/28 16:03:16 | 016,957,056 | ---- | M] (Winstep Software Technologies) -- C:\Program Files\Winstep\Nexus.exe
PRC - [2012/01/27 01:40:44 | 000,291,608 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2012/01/04 18:46:14 | 007,991,200 | ---- | M] (Lenovo (Beijing) Limited) -- C:\Program Files\Lenovo\Energy Management\Energy Management.exe
PRC - [2011/12/26 13:48:48 | 005,937,056 | ---- | M] (Lenovo(beijing) Limited) -- C:\Program Files\Lenovo\Energy Management\utility.exe
PRC - [2011/12/08 10:44:04 | 000,722,704 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
PRC - [2011/12/08 10:43:42 | 000,653,584 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2011/12/08 10:43:40 | 000,107,792 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2011/12/05 09:30:26 | 000,509,440 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
PRC - [2011/11/28 20:47:42 | 002,589,832 | ---- | M] () -- C:\Program Files\Hear\Hear.exe
PRC - [2011/09/15 00:19:54 | 000,086,016 | ---- | M] () -- C:\Program Files\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_32server.exe
PRC - [2011/07/28 17:35:44 | 000,262,144 | ---- | M] (Arcai.com) -- C:\Program Files\netcut\services\aips.exe
PRC - [2011/06/02 00:42:28 | 000,014,088 | ---- | M] (Memeo) -- C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
PRC - [2011/02/11 19:26:22 | 000,377,344 | ---- | M] (Winstep Software Technologies) -- C:\Program Files\Winstep\WsxService.exe
PRC - [2010/11/21 05:29:20 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/21 05:29:10 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2010/11/21 05:29:07 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
PRC - [2010/02/04 19:25:50 | 000,135,168 | ---- | M] () -- C:\Windows\System32\ChgService.exe
PRC - [2009/12/01 10:43:12 | 002,519,040 | ---- | M] (Intel) -- C:\Program Files\Intel\AMT\UNS.exe
PRC - [2009/12/01 10:42:22 | 000,102,400 | ---- | M] (Intel) -- C:\Program Files\Intel\AMT\LMS.exe
PRC - [2009/11/20 19:17:54 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe


========== Modules (No Company Name) ==========

MOD - [2014/02/21 12:58:26 | 016,265,096 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_12_0_0_70.dll
MOD - [2014/02/15 18:46:54 | 003,578,992 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013/11/27 23:02:50 | 014,971,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Theme\46bbb33c59f04794a6688cdc28fd4802\Kies.Theme.ni.dll
MOD - [2013/11/27 23:02:38 | 000,232,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\bd38349bbe199a814b24e9344b53c836\ASF_cSharpAPI.ni.dll
MOD - [2013/11/27 23:02:12 | 000,183,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Commonc65c5a95#\f311308d760a90befb7c117b28f6d3e2\Kies.Common.DeviceServiceLib.Interface.ni.dll
MOD - [2013/11/27 23:02:03 | 001,816,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.UI\bfb0853c980ab15a55eda36a5717f981\Kies.UI.ni.dll
MOD - [2013/11/27 23:02:03 | 000,081,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\353d7eb4d057265988a2c6aacd8fb632\Kies.MVVM.ni.dll
MOD - [2013/09/13 19:51:44 | 000,087,952 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2013/09/13 19:51:20 | 001,242,952 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/11/22 18:57:06 | 000,056,424 | ---- | M] () -- C:\Windows\System32\PrxerNsp.dll
MOD - [2012/11/21 01:27:35 | 000,094,208 | ---- | M] () -- C:\Windows\System32\IccLibDll.dll
MOD - [2012/10/24 14:39:16 | 004,202,312 | ---- | M] () -- C:\Program Files\SMART BRO\UIMain.exe
MOD - [2012/10/24 14:39:02 | 000,724,296 | ---- | M] () -- C:\Program Files\SMART BRO\CMUpdater.exe
MOD - [2012/10/02 02:33:02 | 006,522,480 | ---- | M] () -- C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
MOD - [2012/05/11 09:41:56 | 000,156,448 | ---- | M] () -- C:\Program Files\SMART BRO\UIExec.exe
MOD - [2012/02/22 09:41:36 | 001,085,376 | ---- | M] () -- C:\Program Files\Winstep\wodTelnetDLX.dll
MOD - [2012/01/04 18:46:00 | 001,496,480 | ---- | M] () -- C:\Program Files\Lenovo\Energy Management\EMWpfUI.dll
MOD - [2011/11/28 20:47:42 | 002,589,832 | ---- | M] () -- C:\Program Files\Hear\Hear.exe
MOD - [2011/10/26 17:41:20 | 000,325,120 | ---- | M] () -- C:\Program Files\TeraCopy\TeraCopy.dll
MOD - [2011/01/24 20:29:54 | 000,617,808 | ---- | M] () -- C:\Program Files\SMART BRO\UpdateAgent.dll
MOD - [2011/01/24 20:29:54 | 000,349,520 | ---- | M] () -- C:\Program Files\SMART BRO\UISkin.dll
MOD - [2011/01/24 20:29:54 | 000,238,928 | ---- | M] () -- C:\Program Files\SMART BRO\UICommonDlg.dll
MOD - [2011/01/24 20:29:54 | 000,165,712 | ---- | M] () -- C:\Program Files\SMART BRO\BIXml.dll
MOD - [2009/07/14 09:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\System32\msjetoledb40.dll
MOD - [2008/12/20 03:20:50 | 000,063,304 | ---- | M] () -- C:\Program Files\Lenovo\Energy Management\KbdHook.dll
MOD - [2008/12/20 03:20:08 | 000,051,016 | ---- | M] () -- C:\Program Files\Lenovo\Energy Management\HookLib.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/02/21 12:58:30 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/01/28 03:02:50 | 000,571,816 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/10/24 16:15:45 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2013/10/14 18:34:58 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2013/10/09 10:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/08/08 16:19:12 | 000,030,184 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe -- (LSCWinService)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/01/27 11:11:46 | 000,295,232 | ---- | M] () [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] () [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/12/29 18:26:54 | 001,260,472 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/11/21 01:27:36 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/11/10 03:30:12 | 000,065,536 | ---- | M] () [Auto | Running] -- C:\Program Files\Connectify\ConnectifyService.exe -- (Connectify)
SRV - [2012/10/24 14:38:56 | 000,274,760 | ---- | M] () [Auto | Running] -- C:\Program Files\SMART BRO\AssistantServices.exe -- (UI Assistant Service)
SRV - [2012/09/23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/05/29 03:25:50 | 001,005,440 | ---- | M] (Crystal Rich Ltd) [Auto | Running] -- C:\Program Files\USB Safely Remove\USBSRService.exe -- (USBSafelyRemoveService)
SRV - [2011/12/08 10:44:04 | 000,722,704 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService)
SRV - [2011/12/08 10:43:50 | 000,241,936 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV - [2011/12/08 10:43:42 | 000,653,584 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2011/12/08 10:43:40 | 000,107,792 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2011/12/05 09:30:26 | 000,509,440 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV - [2011/12/05 08:55:36 | 000,104,208 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV - [2011/09/15 00:19:54 | 000,086,016 | ---- | M] () [Auto | Running] -- C:\Program Files\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_32server.exe -- (mi-raysat_3dsmax2013_32)
SRV - [2011/07/28 17:35:44 | 000,262,144 | ---- | M] (Arcai.com) [Auto | Running] -- C:\Program Files\netcut\services\aips.exe -- (AIPS)
SRV - [2011/06/02 00:42:28 | 000,014,088 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe -- (SeagateDashboardService)
SRV - [2011/02/11 19:26:22 | 000,377,344 | ---- | M] (Winstep Software Technologies) [Auto | Running] -- C:\Program Files\Winstep\WsxService.exe -- (Winstep Xtreme Service)
SRV - [2010/02/04 19:25:50 | 000,135,168 | ---- | M] () [Auto | Running] -- C:\Windows\System32\ChgService.exe -- (Change Modem Device Service)
SRV - [2009/12/01 10:43:12 | 002,519,040 | ---- | M] (Intel) [Auto | Running] -- C:\Program Files\Intel\AMT\UNS.exe -- (UNS)
SRV - [2009/12/01 10:42:22 | 000,102,400 | ---- | M] (Intel) [Auto | Running] -- C:\Program Files\Intel\AMT\LMS.exe -- (LMS)
SRV - [2009/07/14 09:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 09:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [System | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva401.sys -- (XDva401)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_juwwanecm.sys -- (huawei_wwanecm)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_juextctrl.sys -- (huawei_ext_ctrl)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_jubusenum.sys -- (huawei_enumerator)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_jucdcacm.sys -- (huawei_cdcacm)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Garena Plus\Room\safedrv.sys -- (GGSAFERDriver)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_usbenumfilter.sys -- (ew_usbenumfilter)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - [2014/02/21 22:10:34 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2014/01/18 22:10:03 | 000,050,728 | ---- | M] (Eugene V. Muzychenko) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vrtaucbl.sys -- (EuMusDesignVirtualAudioCableWdm)
DRV - [2013/11/26 21:31:11 | 000,037,664 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2013/11/15 14:36:50 | 000,125,992 | ---- | M] (Razer Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rzudd.sys -- (rzudd)
DRV - [2013/11/08 07:41:38 | 000,108,000 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\idmwfp.sys -- (IDMWFP)
DRV - [2013/09/20 17:44:25 | 000,027,248 | ---- | M] (Connectify) [Kernel | System | Running] -- C:\Windows\System32\drivers\cnnctfy2.sys -- (cnnctfy2)
DRV - [2013/08/21 12:31:38 | 000,182,680 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2013/08/21 12:31:38 | 000,084,248 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013/02/22 09:50:36 | 000,037,064 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\taphss6.sys -- (taphss6)
DRV - [2013/01/20 15:59:04 | 000,100,328 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012/12/29 18:26:54 | 008,904,632 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012/12/29 18:26:54 | 000,025,528 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvpciflt.sys -- (nvpciflt)
DRV - [2012/11/21 01:27:46 | 000,052,824 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AmUStor.sys -- (AmUStor)
DRV - [2012/11/21 01:27:44 | 000,024,672 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV - [2012/11/21 01:27:43 | 000,094,320 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2012/11/21 01:27:40 | 000,280,576 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud)
DRV - [2012/11/21 01:27:39 | 000,930,000 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vm332avs.sys -- (vm332avs)
DRV - [2012/11/21 01:27:34 | 000,143,528 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcbtums.sys -- (bcbtums)
DRV - [2012/08/24 15:57:00 | 000,113,104 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2012/08/01 15:44:04 | 000,014,416 | ---- | M] (OpenLibSys.org) [File_System | On_Demand | Stopped] -- C:\Program Files\Razer\Razer Game Booster\Driver\WinRing0.sys -- (WinRing0_1_2_0)
DRV - [2012/07/17 18:12:08 | 000,055,104 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (MEI)
DRV - [2012/07/04 13:47:00 | 000,073,728 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandnetndis.sys -- (andnetndis)
DRV - [2012/07/03 11:56:00 | 000,025,856 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandnetadb.sys -- (andnetadb)
DRV - [2012/07/03 11:43:00 | 000,027,776 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandnetmodem.sys -- (ANDNetModem)
DRV - [2012/07/03 11:43:00 | 000,023,040 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandnetdiag.sys -- (AndNetDiag)
DRV - [2012/05/21 15:25:32 | 000,793,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV - [2012/05/21 15:25:32 | 000,350,016 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\iusb3hub.sys -- (iusb3hub)
DRV - [2012/01/27 01:39:36 | 000,013,592 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV - [2012/01/04 22:28:36 | 000,016,128 | ---- | M] (Windows ® Win 7 DDK provider) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\gtkdrv.sys -- (TrojanKillerDriver)
DRV - [2011/12/05 09:22:32 | 000,141,312 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AmpPal.sys -- (AMPPALP)
DRV - [2011/12/05 09:22:32 | 000,141,312 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AmpPal.sys -- (AMPPAL)
DRV - [2011/11/30 15:58:04 | 000,067,584 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bpenum.sys -- (bpenum)
DRV - [2011/11/07 16:18:14 | 000,039,048 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ren2cap.sys -- (REN2CAP_DRIVER)
DRV - [2011/09/01 11:17:54 | 000,107,520 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ZTEusbvoice.sys -- (ZTEusbvoice)
DRV - [2011/08/29 11:42:56 | 000,107,520 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2011/08/29 11:42:56 | 000,107,520 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2011/08/29 11:42:56 | 000,107,520 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2011/08/29 11:42:56 | 000,009,216 | ---- | M] (MBB Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2011/05/12 12:08:14 | 000,022,632 | ---- | M] (TamoSoft) [Kernel | System | Running] -- C:\Windows\System32\drivers\TsLwWfF.sys -- (TsLwWfF)
DRV - [2011/03/19 00:08:54 | 000,025,240 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\Windows\System32\speedfan.sys -- (speedfan)
DRV - [2010/11/21 05:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/21 05:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010/11/21 05:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/21 05:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2010/11/21 05:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/21 05:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/21 05:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/01/20 17:28:58 | 000,105,984 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\cmnsusbser.sys -- (cmnsusbser)
DRV - [2010/01/15 18:08:42 | 000,032,352 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\LhdX86.sys -- (LHDmgr)
DRV - [2009/07/14 07:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [1996/04/04 03:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{758B870D-DF78-4A6A-9955-DEDDCACF94DC}: "URL" = http://www.google.co...age={startPage}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,DefaultNetworkProfile =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.google.co...age={startPage}
IE - HKCU\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://slirsredirect...mrud=30-07-2013
IE - HKCU\..\SearchScopes\{758B870D-DF78-4A6A-9955-DEDDCACF94DC}: "URL" = http://www.google.co...age={startPage}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.smartbro.net:8080


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.3.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@t.garena.com/garenatalk: C:\Program Files\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Administrator\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2014/02/15 18:46:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/02/15 18:46:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Administrator\AppData\Roaming\IDM\idmmzcc5 [2013/11/20 20:22:14 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Users\Administrator\AppData\Roaming\IDM\idmmzcc5 [2013/11/20 20:22:14 | 000,000,000 | ---D | M]

[2013/05/11 15:31:42 | 000,000,000 | ---D | M] (No name found) -- \mozilla\Firefox\extensions
[2013/05/11 15:31:42 | 000,000,000 | ---D | M] (No name found) -- \mozilla\Firefox\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}
[2014/02/15 18:46:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2014/02/15 18:46:24 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2014/02/15 18:46:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/02/15 18:46:23 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2014/02/15 18:47:12 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/02/15 18:46:23 | 000,000,000 | ---D | M] (Hotspot Shield Extension) -- C:\Program Files\Mozilla Firefox\browser\extensions\[email protected]
[2012/10/02 02:33:44 | 000,034,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll

========== Chrome ==========

CHR - default_search_provider: AOL Search (Enabled)
CHR - default_search_provider: search_url = http://slirsredirect...mrud=30-07-2013
CHR - default_search_provider: suggest_url = ,
CHR - homepage: http://google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\32.0.1700.107\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\32.0.1700.107\pdf.dll
CHR - plugin: Skype Click to Call (Enabled) = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2013 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
CHR - plugin: Microsoft Office 2013 (Enabled) = C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U9 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll
CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - Extension: Google Drive = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: AdBlock = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.18_0\
CHR - Extension: IDM Integration Module = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn\6.18.7_0\
CHR - Extension: Cookie Manager = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbnfbcpkiaganjpcanopcgeoehkleeck\1.1_0\
CHR - Extension: Skype Click to Call = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.13.0.13771_0\
CHR - Extension: Need for Speed World = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnnelgnkomjdakpkjpkfehdipjifjmbk\1.0.0.4_0\
CHR - Extension: Google Wallet = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Battlefield Play4Free = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiokahphinmbmakkehgelkmpolmnbkdh\1.0.96.0_0\
CHR - Extension: Gmail = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2014/02/22 06:51:21 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - No CLSID value found.
O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Energy Management] C:\Program Files\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4 - HKLM..\Run: [EnergyUtility] C:\Program Files\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [Razer Synapse] C:\Program Files\Razer\Synapse\RzSynapse.exe (Razer Inc.)
O4 - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [UIExec] C:\Program Files\SMART BRO\UIExec.exe ()
O4 - HKLM..\Run: [USB3MON] C:\Program Files\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKCU..\Run: [] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKCU..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKCU..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung)
O4 - HKCU..\Run: [NeXuS] C:\Program Files\Winstep\Nexus.exe (Winstep Software Technologies)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm File not found
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Windows\System32\PrxerNsp.dll ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\WTFastDrv.dll (Initex)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\WTFastDrv.dll (Initex)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\WTFastDrv.dll (Initex)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\WTFastDrv.dll (Initex)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\PrxerDrv.dll (Initex)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\PrxerDrv.dll (Initex)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\PrxerDrv.dll (Initex)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\PrxerDrv.dll (Initex)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\WTFastDrv.dll (Initex)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\PrxerDrv.dll (Initex)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{23E96B60-50F4-4C5A-A4FE-D8DCD569F78F}: NameServer = 121.1.3.172 121.1.3.89
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{327F27C9-D78B-4E27-865C-B0BD0762C877}: DhcpNameServer = 192.168.43.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BB2BED23-2221-4FE1-AAD4-2B0BD517157A}: DhcpNameServer = 192.168.42.129
O18 - Protocol\Handler\its - No CLSID value found
O18 - Protocol\Handler\ms-its - No CLSID value found
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (c:\windows\system32\nvinit.dll) - C:\Windows\System32\nvinit.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (c:\windows\system32\nvinit.dll) - C:\Windows\System32\nvinit.dll (NVIDIA Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22 - SharedTaskScheduler: {F791A188-699D-4FD4-955A-EB59E89B1907} - Ave's 7StartButton Changer - C:\Program Files\The Skins Factory\Hyperdesk\Common\AveStartButtonChangerInProc.dll (AveApps, Andreas Verhoeven)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/12/23 15:54:56 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2009/06/11 05:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2012/10/18 22:54:34 | 000,000,650 | R--- | M] () - I:\AutoRun.dat -- [ CDFS ]
O32 - AutoRun File - [2011/04/21 02:20:50 | 000,334,672 | R--- | M] () - I:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2012/09/29 00:18:52 | 000,004,286 | R--- | M] () - I:\AutoRun.ico -- [ CDFS ]
O32 - AutoRun File - [2011/04/21 02:08:05 | 000,000,047 | R--- | M] () - I:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{cdb4b2b8-9894-11e3-83ed-3c970e19f3a6}\Shell - "" = AutoRun
O33 - MountPoints2\{cdb4b2b8-9894-11e3-83ed-3c970e19f3a6}\Shell\AutoRun\command - "" = I:\Autorun.exe -- [2011/04/21 02:20:50 | 000,334,672 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (MACHINE BootExecut)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/02/21 22:10:25 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2014/02/21 21:45:13 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\otl
[2014/02/21 21:24:12 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/02/21 21:24:12 | 000,000,000 | ---D | C] -- \_OTL
[2014/02/21 18:36:37 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2014/02/18 20:54:51 | 000,107,520 | ---- | C] (ZTE Incorporated) -- C:\Windows\System32\drivers\ZTEusbvoice.sys
[2014/02/18 20:54:51 | 000,107,520 | ---- | C] (ZTE Incorporated) -- C:\Windows\System32\drivers\ZTEusbser6k.sys
[2014/02/18 20:54:51 | 000,107,520 | ---- | C] (ZTE Incorporated) -- C:\Windows\System32\drivers\ZTEusbnmea.sys
[2014/02/18 20:54:51 | 000,107,520 | ---- | C] (ZTE Incorporated) -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys
[2014/02/18 20:54:51 | 000,009,216 | ---- | C] (MBB Incorporated) -- C:\Windows\System32\drivers\massfilter.sys
[2014/02/18 20:54:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SMART BRO
[2014/02/18 20:54:26 | 000,000,000 | ---D | C] -- C:\Program Files\SMART BRO
[2014/02/15 18:46:21 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2014/02/05 19:04:23 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\files
[2014/02/02 14:12:46 | 000,000,000 | -HSD | C] -- C:\Boot
[2014/02/02 14:12:46 | 000,000,000 | -HSD | C] -- \Boot
[2014/01/31 22:05:19 | 000,000,000 | -HSD | C] -- C:\found.001
[2014/01/31 22:05:19 | 000,000,000 | -HSD | C] -- \found.001
[2014/01/26 12:23:43 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Prezi
[2014/01/26 12:17:27 | 000,000,000 | ---D | C] -- C:\Program Files\Prezi

========== Files - Modified Within 30 Days ==========

[2014/02/22 06:56:56 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2014/02/22 06:56:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/02/22 06:51:21 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2014/02/21 22:10:34 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2014/02/21 21:41:10 | 000,000,406 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2014/02/21 21:18:38 | 000,109,459 | ---- | M] () -- C:\Users\Administrator\Desktop\fix.jpg
[2014/02/21 18:37:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2014/02/21 17:25:28 | 000,026,304 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/02/21 17:25:28 | 000,026,304 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/02/21 17:23:20 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/02/21 17:16:31 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/02/21 16:55:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/02/19 05:41:52 | 000,384,016 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/02/18 20:57:14 | 000,663,760 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/02/18 20:57:14 | 000,122,066 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/02/18 20:54:43 | 000,001,814 | ---- | M] () -- C:\Users\Public\Desktop\SMART BRO.lnk
[2014/02/12 13:11:31 | 000,001,684 | ---- | M] () -- C:\Windows\System32\ASOROSet.bin
[2014/02/07 17:50:57 | 010,509,074 | ---- | M] () -- C:\Users\Administrator\Desktop\Maths Formulas v3.3.apk
[2014/02/02 16:45:10 | 000,088,708 | ---- | M] () -- C:\Users\Administrator\Desktop\prexia.pez
[2014/02/02 14:24:02 | 000,012,288 | ---- | M] () -- C:\BCD_Backup
[2014/02/02 14:15:57 | 000,012,288 | ---- | M] () -- C:\bcd
[2014/01/31 21:08:56 | 000,027,548 | ---- | M] () -- C:\Install-WindowsImage.ps1
[2014/01/26 12:19:11 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\Prezi.lnk

========== Files Created - No Company Name ==========

[2014/02/22 06:56:56 | 000,065,536 | ---- | C] () -- C:\Windows\System32\Ikeext.etl
[2014/02/21 21:18:36 | 000,109,459 | ---- | C] () -- C:\Users\Administrator\Desktop\fix.jpg
[2014/02/18 20:54:43 | 000,001,814 | ---- | C] () -- C:\Users\Public\Desktop\SMART BRO.lnk
[2014/02/12 22:47:53 | 345,861,670 | R--- | C] () -- C:\Users\Administrator\Desktop\Game.of.Thrones.S03E09.HDTV.x264-EVOLVE.mp4
[2014/02/12 09:33:35 | 000,001,684 | ---- | C] () -- C:\Windows\System32\ASOROSet.bin
[2014/02/07 17:50:34 | 010,509,074 | ---- | C] () -- C:\Users\Administrator\Desktop\Maths Formulas v3.3.apk
[2014/02/05 19:04:24 | 000,000,031 | ---- | C] () -- C:\Users\Administrator\Desktop\config.ini
[2014/02/02 16:45:09 | 000,088,708 | ---- | C] () -- C:\Users\Administrator\Desktop\prexia.pez
[2014/02/02 14:27:57 | 000,383,786 | RHS- | C] () -- C:\bootmgr
[2014/02/02 14:27:57 | 000,383,786 | RHS- | C] () -- \bootmgr
[2014/02/02 14:24:02 | 000,012,288 | ---- | C] () -- C:\BCD_Backup
[2014/02/02 14:24:02 | 000,012,288 | ---- | C] () -- \BCD_Backup
[2014/02/02 14:15:57 | 000,012,288 | ---- | C] () -- C:\bcd
[2014/02/02 14:15:57 | 000,012,288 | ---- | C] () -- \bcd
[2014/01/31 21:10:07 | 000,027,548 | ---- | C] () -- C:\Install-WindowsImage.ps1
[2014/01/31 21:10:07 | 000,027,548 | ---- | C] () -- \Install-WindowsImage.ps1
[2014/01/26 12:19:11 | 000,001,795 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Prezi.lnk
[2014/01/26 12:19:11 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\Prezi.lnk
[2013/12/23 07:47:39 | 000,039,048 | ---- | C] () -- C:\Windows\System32\drivers\ren2cap.sys
[2013/12/22 10:45:22 | 000,269,061 | ---- | C] () -- C:\Users\Administrator\the_clash_by_trungth-d6yhjcb.jpg
[2013/12/06 19:36:01 | 000,000,000 | ---- | C] () -- C:\Users\Administrator\new
[2013/11/13 17:04:55 | 000,056,424 | ---- | C] () -- C:\Windows\System32\PrxerNsp.dll
[2013/10/30 12:07:00 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2013/10/30 12:06:54 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2013/10/30 12:06:54 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2013/10/30 12:06:54 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2013/10/30 12:06:54 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2013/09/20 21:58:54 | 000,000,406 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013/09/20 15:52:54 | 000,110,602 | ---- | C] () -- C:\Windows\System32\xcdsfx32.bin
[2013/09/19 20:54:32 | 000,138,032 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2013/09/19 20:54:28 | 000,281,688 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2013/09/19 20:54:13 | 000,076,888 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2013/09/07 23:46:07 | 000,000,261 | ---- | C] () -- \WirelessDiagLog.csv
[2013/06/22 16:27:10 | 000,000,000 | RHS- | C] () -- \MSDOS.SYS
[2013/06/22 16:27:10 | 000,000,000 | RHS- | C] () -- \IO.SYS
[2013/06/16 17:00:22 | 000,053,248 | ---- | C] () -- C:\Windows\System32\CommonDL.dll
[2013/06/16 17:00:22 | 000,002,413 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini
[2013/05/11 15:30:41 | 000,000,009 | ---- | C] () -- \END
[2012/11/21 23:45:12 | 000,135,168 | ---- | C] () -- C:\Windows\System32\ChgService.exe
[2012/11/21 20:17:37 | 000,000,112 | -H-- | C] () -- \38C27F7B60FF
[2012/11/21 20:17:37 | 000,000,040 | -H-- | C] () -- \5674C6EEAD79
[2012/11/21 20:06:07 | 000,203,464 | RHS- | C] () -- \grldr
[2012/11/21 20:06:07 | 000,000,014 | RHS- | C] () -- \win7.ld
[2012/11/21 11:20:17 | 000,384,016 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/11/21 01:32:43 | 002,923,201 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin
[2012/11/21 01:28:21 | 000,001,950 | ---- | C] () -- C:\Windows\vm332Rmv.ini
[2012/11/21 01:28:21 | 000,001,950 | ---- | C] () -- C:\Windows\System32\vm332Rmv.ini
[2012/11/21 01:28:20 | 000,735,796 | ---- | C] () -- C:\Windows\System32\igkrng700.bin
[2012/11/21 01:28:20 | 000,561,508 | ---- | C] () -- C:\Windows\System32\igfcg700m.bin
[2012/11/21 01:28:20 | 000,009,216 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2012/11/21 01:28:19 | 013,020,160 | ---- | C] () -- C:\Windows\System32\ig7icd32.dll
[2012/11/21 01:28:19 | 000,216,472 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2012/11/21 01:28:19 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IccLibDll.dll
[2012/11/21 01:28:19 | 000,058,880 | ---- | C] () -- C:\Windows\System32\igdde32.dll
[2012/11/21 01:28:19 | 000,000,264 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2012/11/21 01:28:18 | 001,048,576 | ---- | C] () -- C:\Windows\System32\syndata.bin
[2009/07/14 10:04:04 | 000,000,024 | ---- | C] () -- \autoexec.bat
[2009/07/14 10:04:04 | 000,000,010 | ---- | C] () -- \config.sys

========== ZeroAccess Check ==========

[2009/07/14 12:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010/11/21 05:29:11 | 012,872,192 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 05:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 09:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========


========== Purity Check ==========



< End of report >
  • 0

#12
latenaAKO
Posted 21 February 2014 - 05:10 PM

latenaAKO

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Other programs are workng fine. Except for AVs. There is a lock icon on their folder at program files

Malwarebytes can be run but force close when I try to scan. MSE has 0xc000002 error .
  • 0

#13
Machiavelli
Posted 22 February 2014 - 11:24 AM

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,722 posts
===== > Step 1: OTL Fix < =====

  • Run OTL.
  • Copy (Ctrl+C) and Paste (Ctrl+V) all of the following text into the Custom Scans/Fixes box:


    :Commands
[CREATERESTOREPOINT]

:OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.smartbro.net:8080
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.3.0\\npsitesafety.dll ()
[2014/02/15 18:46:23 | 000,000,000 | ---D | M] (Hotspot Shield Extension) -- C:\Program Files\Mozilla Firefox\browser\extensions\[email protected]
O2 - BHO: (no name) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - No CLSID value found.
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm File not found
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm File not found
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{23E96B60-50F4-4C5A-A4FE-D8DCD569F78F}: NameServer = 121.1.3.172 121.1.3.89
O32 - AutoRun File - [2012/10/18 22:54:34 | 000,000,650 | R--- | M] () - I:\AutoRun.dat -- [ CDFS ]
O32 - AutoRun File - [2011/04/21 02:20:50 | 000,334,672 | R--- | M] () - I:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2012/09/29 00:18:52 | 000,004,286 | R--- | M] () - I:\AutoRun.ico -- [ CDFS ]
O32 - AutoRun File - [2011/04/21 02:08:05 | 000,000,047 | R--- | M] () - I:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{cdb4b2b8-9894-11e3-83ed-3c970e19f3a6}\Shell - "" = AutoRun
O33 - MountPoints2\{cdb4b2b8-9894-11e3-83ed-3c970e19f3a6}\Shell\AutoRun\command - "" = I:\Autorun.exe -- [2011/04/21 02:20:50 | 000,334,672 | R--- | M] ()
[2014/02/22 06:56:56 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2013/05/11 15:30:41 | 000,000,009 | ---- | C] () -- \END

:Files
C:\Program Files\Common Files\AVG Secure Search

:Commands
[EMPTYTEMP]
  • Click the Run Fix button.
  • After your computer has rebooted, please post the Fixlog into your next reply.

===== > Step 2: Adwarecleaner < =====

Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1


  • Right-click on AdwCleaner.exe and select Run as administrator. (If you have Windows XP the just run it)
  • Click Scan and let the scan run.
  • When it finishes, click Clean, following the on screen prompts
  • After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.

Note: The log can also be found in here: C:\AdwCleaner\

===== > Step 3: JRT < =====

Posted Image  Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

===== > Step 4: FRST < =====

Please download FRST (by Farbar) from the link below and save it to your Desktop.

Download Mirror #1

If you are unsure whether you have 32-Bit or 64-Bit Windows, see here

  • Disable all anti-virus and anti-malware software to prevent them inhibiting FRST in any way. If you are unsure how to do this, see THIS.
  • Double-click FRST.exe/FRST64.exe (depending on which version you downloaded) to run it. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • When the disclaimer appears, click Yes.
  • Click Scan to start FRST.
  • When FRST finishes scanning, two logs, FRST.txt and Addition.txt will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of both of these logs into your next post please.

===== > Step 5: Reminder < =====

Please try to do Windows Updates. First, click Start and search for Windows Update - then select the Windows Update item and a window will open. Then please try to search for Windows Update. If there are Updates available please do them and report if there are any error. Also a question related to Windows Update: Did you had any problems with Updates in the past? Any errors?

Don't forget to post these logs into your next reply:

  • OTL Fixlog
  • Adwarecleaner Log
  • JRT.txt
  • FRST.txt
  • Addition.txt

  • 0

#14
Machiavelli
Posted 25 February 2014 - 07:05 AM

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,722 posts
Are you still with me?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP