Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Need help removing win32.downloader.gen and possible zlob.downloader v

Started by kuratowa2 , May 02 2014 12:10 PM
Windows 7 trojan zlob

  • This topic is locked This topic is locked

#31
kuratowa2
Posted 04 May 2014 - 07:05 AM

kuratowa2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

When I just clean booted it, explorer crashed, freezing me out again.  I'll need to manually restart.


  • 0

Advertisements

#32
Machiavelli
Posted 04 May 2014 - 07:11 AM

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,722 posts
OK I will talk with the techs on the forum. It is probably not a Malware issue. I will come back with further instructions later.
  • 0

#33
Machiavelli
Posted 04 May 2014 - 08:56 AM

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,722 posts

Hey,
please disable SpyBot for a while. Thanks.

Boot Into Safe Mode

  • Save any work and close all open windows
  • Restart your computer
  • When your computer has shutdown and is just starting to boot again press F8
  • Using the arrow keys, select Safe Mode with Networking and press enter

 

OTL Fix
 

  • Run OTL (If you have Windows Vista / Windows 7 / Windows 8 please do a Right click on the OTL icon and select Run as Administrator).
  • Copy (Ctrl+C) and Paste (Ctrl+V) all of the following text into the Custom Scans/Fixes box:


    :Commands
[CREATERESTOREPOINT]

:OTL
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - File not found
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - File not found
O20 - HKLM Winlogon: UserInit - (userinit.exe) - File not found
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - File not found

:Commands
[EMPTYTEMP]
  • Click the Run Fix button.
  • After your computer has rebooted, run OTL and click Quick Scan.
  • Copy and paste the contents of the log that it produces into your next post.

  • 0

#34
kuratowa2
Posted 04 May 2014 - 02:13 PM

kuratowa2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

Opened in safe mode w/ networking — ran the OTL fix, computer rebooted.  On reboot, it tried to automatically run OTL.exe, but crashed with I/O errors, and then had to be manually restarted.  Restarted again, and it finished the OTL.exe program, but then went to a blue screen:

 

STOP: c0000135 The program can't start because %hs is missing from your computer. Try reinstalling the program to fix this problem.

 

Manually restarted to run in safe mode with netowrking to get the log file it created.

 

05042014_155059.log:

 

��All processes killed
 
========== COMMANDS ==========
 
Unable to start System Restore Service. Error code 1084
 
========== OTL ==========
 
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:explorer.exe deleted successfully.
 
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:SystemPropertiesPerformance.exe deleted successfully.
 
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:explorer.exe deleted successfully.
 
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:userinit.exe deleted successfully.
 
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:SystemPropertiesPerformance.exe deleted successfully.
 
========== COMMANDS ==========
 
 
 
[EMPTYTEMP]
 
 
 
User: All Users
 
 
 
User: Default
 
->Temp folder emptied: 0 bytes
 
->Temporary Internet Files folder emptied: 0 bytes
 
->Flash cache emptied: 0 bytes
 
 
 
User: Default User
 
->Temp folder emptied: 0 bytes
 
->Temporary Internet Files folder emptied: 0 bytes
 
->Flash cache emptied: 0 bytes
 
 
 
User: Public
 
 
 
User: Union
 
->Temp folder emptied: 34080866 bytes
 
->Temporary Internet Files folder emptied: 1463252 bytes
 
->Java cache emptied: 0 bytes
 
->FireFox cache emptied: 0 bytes
 
->Google Chrome cache emptied: 10366954 bytes
 
->Flash cache emptied: 207 bytes
 
 
 
%systemdrive% .tmp files removed: 0 bytes
 
%systemroot% .tmp files removed: 0 bytes
 
%systemroot%\System32 .tmp files removed: 0 bytes
 
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
 
%systemroot%\System32\drivers .tmp files removed: 0 bytes
 
Windows Temp folder emptied: 82815 bytes
 
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
 
RecycleBin emptied: 0 bytes
 
 
 
Total Files Cleaned = 44.00 mb
 
 
 
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 05042014_155059
 
 
 
Files\Folders moved on Reboot...
 
C:\Users\Union\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
 
C:\Users\Union\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
 
 
 
PendingFileRenameOperations files...
 
 
 
Registry entries deleted on Reboot...
 
--------------
Then ran QuickScan in OTL (computer was running in Safe Mode with Networking; wouldn't stay open in Normal Mode).
 
OTL.txt:

OTL logfile created on: 5/4/2014 4:04:16 PM - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Union\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
5.99 Gb Total Physical Memory | 5.30 Gb Available Physical Memory | 88.53% Memory free
11.98 Gb Paging File | 11.32 Gb Available in Paging File | 94.48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 919.80 Gb Total Space | 761.94 Gb Free Space | 82.84% Space Free | Partition Type: NTFS
Drive D: | 11.43 Gb Total Space | 1.40 Gb Free Space | 12.22% Space Free | Partition Type: NTFS
Drive E: | 1397.26 Gb Total Space | 852.20 Gb Free Space | 60.99% Space Free | Partition Type: NTFS
Drive G: | 488.28 Gb Total Space | 446.21 Gb Free Space | 91.38% Space Free | Partition Type: NTFS
 
Computer Name: VULCAN | User Name: Union | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/05/02 14:48:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Union\Desktop\OTL.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/03/06 04:29:14 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/04/26 04:50:18 | 000,237,056 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/02/17 01:47:28 | 000,682,040 | ---- | M] (Hewlett-Packard) [Disabled | Stopped] -- C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe -- (HPAuto)
SRV:64bit: - [2010/10/11 05:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Disabled | Stopped] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/04/14 16:08:30 | 001,052,328 | ---- | M] ( ) [Disabled | Stopped] -- C:\Windows\SysNative\lxeccoms.exe -- (lxec_device)
SRV:64bit: - [2010/04/14 16:08:23 | 000,045,736 | ---- | M] () [Disabled | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxecserv.exe -- (lxecCATSCustConnectService)
SRV - [2014/04/29 16:10:21 | 000,119,408 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/04/29 10:07:25 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/04/18 15:18:48 | 003,645,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [Disabled | Stopped] -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2014/03/27 22:10:20 | 000,291,912 | ---- | M] (AVG Technologies CZ, s.r.o.) [Disabled | Stopped] -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
SRV - [2014/02/15 12:53:58 | 000,227,904 | ---- | M] (WildTangent) [Disabled | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe -- (GamesAppIntegrationService)
SRV - [2013/12/18 14:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/11/04 19:31:56 | 000,092,160 | ---- | M] (Hewlett-Packard Company) [Disabled | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2013/10/10 17:47:40 | 000,558,480 | ---- | M] (Cisco Systems, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012/03/28 23:47:48 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) [Disabled | Stopped] -- C:\Windows\SysWOW64\nlssrv32.exe -- (nlsX86cc)
SRV - [2011/12/07 11:19:02 | 000,066,376 | ---- | M] (Bsecure Technologies, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\AVG\AVG Family Safety\InetCtrl.exe -- (Bsecure)
SRV - [2011/10/15 14:05:04 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/02/01 04:49:44 | 001,127,448 | ---- | M] (PDF Complete Inc) [Disabled | Stopped] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2010/11/26 10:09:12 | 000,399,344 | ---- | M] (Roxio) [Disabled | Stopped] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)
SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/07/05 08:37:08 | 000,011,776 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe -- (DokanMounter)
SRV - [2010/04/14 16:08:23 | 000,045,736 | ---- | M] () [Disabled | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\\lxecserv.exe -- (lxecCATSCustConnectService)
SRV - [2010/04/14 16:08:12 | 000,598,696 | ---- | M] ( ) [Disabled | Stopped] -- C:\Windows\SysWOW64\lxeccoms.exe -- (lxec_device)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/12/15 20:40:00 | 000,122,880 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe -- (AMD_RAIDXpert)
SRV - [2009/07/22 12:58:18 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) [Auto | Stopped] -- C:\Windows\SysWOW64\ASTSRV.EXE -- (astcc)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/02/20 09:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/05/02 11:23:38 | 000,036,680 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV:64bit: - [2014/04/27 14:49:14 | 000,050,464 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2014/04/18 15:01:30 | 000,237,336 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2014/03/31 16:20:54 | 000,274,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2014/03/31 16:06:26 | 000,130,840 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2014/03/27 22:14:26 | 000,192,792 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2014/03/27 22:14:24 | 000,153,368 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\avgdiska.sys -- (Avgdiska)
DRV:64bit: - [2014/03/27 22:07:10 | 000,236,824 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2014/03/27 22:05:02 | 000,324,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2014/03/27 22:03:16 | 000,032,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2013/10/10 17:31:36 | 000,052,080 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64-6.sys -- (vpnva)
DRV:64bit: - [2013/10/10 17:29:28 | 000,112,496 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acsock64.sys -- (acsock)
DRV:64bit: - [2013/10/01 22:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/12/13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 10:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/04/26 06:47:20 | 011,172,864 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/04/26 03:32:46 | 000,339,456 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/04/09 16:27:34 | 000,352,144 | ---- | M] (EldoS Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cbfs3.sys -- (cbfs3)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/28 22:28:28 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2011/06/14 17:17:24 | 000,022,832 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BSecACFltr.sys -- (BSecACFltr)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/11 08:08:46 | 000,280,144 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ahcix64s.sys -- (ahcix64s)
DRV:64bit: - [2010/12/28 15:45:54 | 000,412,776 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/09/24 11:46:32 | 000,116,752 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010/07/05 21:29:12 | 000,106,888 | ---- | M] (Windows ® Win 7 DDK provider) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\dokan.sys -- (Dokan)
DRV:64bit: - [2010/03/10 11:33:52 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie)
DRV:64bit: - [2009/12/22 05:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/11/02 10:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 16:35:38 | 000,707,072 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr7364.sys -- (netr7364)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2013/12/21 11:34:19 | 000,011,973 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\SECDRV.SYS -- (SecDrv)
DRV - [2011/06/14 17:17:24 | 000,021,624 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\BSecACFltr.sys -- (BSecACFltr)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{E1220177-581E-49F3-8F8A-B710C631AAE3}: "URL" = http://www.amazon.co...s={searchTerms}
IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\10\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Union\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Union\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Union\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011/10/15 12:15:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2014/04/29 16:10:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2014/04/29 16:10:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files (x86)\AVG\AVG2012\Thunderbird\
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 24.5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2014/04/29 16:10:14 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 24.5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2014/04/29 16:10:18 | 000,000,000 | ---D | M]
 
[2012/03/19 03:31:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Union\AppData\Roaming\Mozilla\Extensions
[2012/03/19 03:31:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Union\AppData\Roaming\Mozilla\Extensions\[email protected]
[2014/05/02 13:15:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Union\AppData\Roaming\Mozilla\Firefox\Profiles\6ofm14l9.default\extensions
[2014/05/02 13:17:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/10/17 22:14:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
[2011/10/23 20:52:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: 
CHR - plugin: Error reading preferences file
CHR - Extension: Google Wallet = C:\Users\Union\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
 
O1 HOSTS File: ([2014/05/02 20:22:45 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (no name) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - No CLSID value found.
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Lexmark Printable Web) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 1
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - Reg Error: Value error. File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Free YouTube to MP3 Converter - Reg Error: Value error. File not found
O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files\AVG\AVG Family Safety\InetCtrl67.dll (Bsecure Technologies, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files\AVG\AVG Family Safety\InetCtrl67.dll (Bsecure Technologies, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files\AVG\AVG Family Safety\InetCtrl67.dll (Bsecure Technologies, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files\AVG\AVG Family Safety\InetCtrl67.dll (Bsecure Technologies, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files\AVG\AVG Family Safety\InetCtrl67.dll (Bsecure Technologies, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files\AVG\AVG Family Safety\InetCtrl67.dll (Bsecure Technologies, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files\AVG\AVG Family Safety\InetCtrl67.dll (Bsecure Technologies, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files\AVG\AVG Family Safety\InetCtrl67.dll (Bsecure Technologies, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Program Files\AVG\AVG Family Safety\InetCtrl67.dll (Bsecure Technologies, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Program Files\AVG\AVG Family Safety\InetCtrl67.dll (Bsecure Technologies, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000021 - C:\Program Files\AVG\AVG Family Safety\InetCtrl67.dll (Bsecure Technologies, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\AVG\AVG Family Safety\InetCtrl67.dll (Bsecure Technologies, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\AVG\AVG Family Safety\InetCtrl67.dll (Bsecure Technologies, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\AVG\AVG Family Safety\InetCtrl67.dll (Bsecure Technologies, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\AVG\AVG Family Safety\InetCtrl67.dll (Bsecure Technologies, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\AVG\AVG Family Safety\InetCtrl67.dll (Bsecure Technologies, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\AVG\AVG Family Safety\InetCtrl67.dll (Bsecure Technologies, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\AVG\AVG Family Safety\InetCtrl67.dll (Bsecure Technologies, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\AVG\AVG Family Safety\InetCtrl67.dll (Bsecure Technologies, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\AVG\AVG Family Safety\InetCtrl67.dll (Bsecure Technologies, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\AVG\AVG Family Safety\InetCtrl67.dll (Bsecure Technologies, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files (x86)\AVG\AVG Family Safety\InetCtrl67.dll (Bsecure Technologies, Inc.)
O1364bit: - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4F54A693-CF82-41C7-824A-5EF19095F5C9}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B270742B-D3AC-4234-B5A1-E76E6B2A34DA}: DhcpNameServer = 192.168.3.1
O18:64bit: - Protocol\Handler\belarc - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -  File not found
O20 - HKLM Winlogon: UserInit - (UserInit.exe) -  File not found
O21:64bit: - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysNative\CbFsMntNtf3.dll (EldoS Corporation)
O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
O22:64bit: - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\SysNative\CbFsMntNtf3.dll (EldoS Corporation)
O22 - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
O29:64bit: - HKLM SecurityProviders - (credssp.dll) -  File not found
O29 - HKLM SecurityProviders - (credssp.dll) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/12/29 12:47:21 | 000,000,090 | ---- | M] () - E:\AUTORUN.INF -- [ NTFS ]
O32 - AutoRun File - [2011/05/31 15:41:00 | 000,000,000 | ---- | M] () - G:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (/sync /restart)
O34 - HKLM BootExecute: (/sync /restart)
O34 - HKLM BootExecute: (/sync /restart)
O34 - HKLM BootExecute: (/sync /restart)
O34 - HKLM BootExecute: (/sync /restart)
O34 - HKLM BootExecute: (/sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/05/04 09:02:15 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2014/05/03 19:04:40 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2014/05/03 19:04:24 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\catroot2
[2014/05/03 18:50:17 | 000,000,000 | ---D | C] -- C:\RegBackup
[2014/05/03 16:01:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
[2014/05/03 16:01:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tweaking.com
[2014/05/03 14:16:23 | 000,000,000 | ---D | C] -- C:\Users\Union\Desktop\CBS
[2014/05/03 11:38:53 | 000,000,000 | ---D | C] -- C:\Users\Union\AppData\Local\CrashDumps
[2014/05/02 20:56:22 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/05/02 20:55:27 | 001,016,261 | ---- | C] (Thisisu) -- C:\Users\Union\Desktop\JRT.exe
[2014/05/02 20:35:33 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\SysWow64\sqlite3.dll
[2014/05/02 20:35:03 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/05/02 20:22:41 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/05/02 19:36:33 | 000,000,000 | -HSD | C] -- C:\found.000
[2014/05/02 18:42:25 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Union\Desktop\OTL.exe
[2014/05/02 15:07:42 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Union\Desktop\aswMBR.exe
[2014/05/02 12:45:34 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2014/05/02 12:44:25 | 010,094,400 | ---- | C] (SurfRight B.V.) -- C:\Users\Union\Desktop\HitmanPro.exe
[2014/05/02 12:12:36 | 000,000,000 | ---D | C] -- C:\Users\Union\Desktop\RK_Quarantine
[2014/05/02 11:23:17 | 000,000,000 | ---D | C] -- C:\Users\Union\Desktop\mbam-chameleon-1.62.1.1000
[2014/05/02 11:00:11 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2014/05/02 10:55:37 | 004,164,448 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Union\Desktop\tdsskiller.exe
[2014/05/02 08:43:39 | 004,745,984 | ---- | C] (Piriform Ltd) -- C:\Users\Union\Desktop\ccsetup413.exe
[2014/05/02 02:46:47 | 000,000,000 | --SD | C] -- C:\Windows\SysNative\CompatTel
[2014/04/29 16:10:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2014/04/28 18:48:54 | 000,000,000 | -HSD | C] -- C:\Users\Union\AppData\Local\EmieUserList
[2014/04/28 18:48:54 | 000,000,000 | -HSD | C] -- C:\Users\Union\AppData\Local\EmieSiteList
[2014/04/27 08:52:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/04/23 16:33:56 | 000,000,000 | -H-D | C] -- C:\Users\Union\Documents\My Media
[2014/04/23 16:33:56 | 000,000,000 | ---D | C] -- C:\Users\Union\AppData\Roaming\OverDrive
[2014/04/23 16:33:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OverDrive Media Console
[2014/04/23 16:33:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OverDrive Media Console
[2014/04/18 16:32:50 | 000,000,000 | -H-D | C] -- C:\Users\Union\Documents\Aimersoft Video Converter Ultimate
[2014/04/18 16:32:34 | 000,000,000 | ---D | C] -- C:\Users\Union\AppData\Local\Aimersoft
[2014/04/18 16:32:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Aimersoft
[2014/04/18 16:31:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Aimersoft Video Converter Ultimate
[2014/04/18 16:31:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Aimersoft
[2014/04/18 16:30:09 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Aimersoft
[2014/04/18 15:01:30 | 000,237,336 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/05/04 15:59:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/05/04 15:59:09 | 530,493,439 | -HS- | M] () -- C:\hiberfil.sys
[2014/05/04 15:57:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3164183197-2720610983-350624195-1000UA.job
[2014/05/04 15:56:33 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/05/04 15:50:20 | 000,702,876 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/05/04 15:50:20 | 000,139,090 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/05/04 15:50:20 | 000,006,412 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/05/04 02:00:04 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/05/04 02:00:04 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/05/04 01:06:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/05/04 01:01:44 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForUnion.job
[2014/05/04 00:45:12 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/05/03 18:55:39 | 000,848,970 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/05/03 18:50:50 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-VULCAN-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2014/05/03 16:25:43 | 000,013,248 | ---- | M] () -- C:\bootsqm.dat
[2014/05/03 16:03:22 | 000,002,161 | ---- | M] () -- C:\Users\Union\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2014/05/03 16:02:53 | 005,577,080 | ---- | M] () -- C:\Users\Union\Desktop\tweaking.com_windows_repair_aio_setup (1).exe
[2014/05/03 16:01:19 | 005,459,368 | ---- | M] () -- C:\Users\Union\Desktop\tweaking.com_windows_repair_aio_setup.exe
[2014/05/03 14:37:23 | 000,197,679 | ---- | M] () -- C:\Users\Union\Desktop\ListChkdskResult.exe
[2014/05/03 11:34:00 | 000,869,456 | ---- | M] () -- C:\Users\Union\Desktop\Norton_Removal_Tool.exe
[2014/05/02 20:55:16 | 001,016,261 | ---- | M] (Thisisu) -- C:\Users\Union\Desktop\JRT.exe
[2014/05/02 20:34:25 | 001,310,621 | ---- | M] () -- C:\Users\Union\Desktop\AdwCleaner.exe
[2014/05/02 20:22:45 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2014/05/02 18:44:19 | 000,984,576 | ---- | M] () -- C:\Users\Union\Desktop\MicrosoftFixit50906.msi
[2014/05/02 15:54:45 | 000,000,512 | ---- | M] () -- C:\Users\Union\Desktop\MBR.dat
[2014/05/02 15:07:52 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Union\Desktop\aswMBR.exe
[2014/05/02 14:48:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Union\Desktop\OTL.exe
[2014/05/02 13:41:55 | 000,000,171 | ---- | M] () -- C:\Windows\wininit.ini
[2014/05/02 12:45:43 | 000,128,958 | ---- | M] () -- C:\Users\Union\Desktop\Unconfirmed 377925.crdownload
[2014/05/02 12:45:20 | 010,094,400 | ---- | M] (SurfRight B.V.) -- C:\Users\Union\Desktop\HitmanPro.exe
[2014/05/02 12:12:31 | 003,972,608 | ---- | M] () -- C:\Users\Union\Desktop\RogueKiller.exe
[2014/05/02 11:23:38 | 000,036,680 | ---- | M] () -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/05/02 11:18:47 | 001,440,846 | ---- | M] () -- C:\Users\Union\Desktop\mbam-chameleon-1.62.1.1000.zip
[2014/05/02 10:55:45 | 004,164,448 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Union\Desktop\tdsskiller.exe
[2014/05/02 10:43:26 | 000,000,861 | ---- | M] () -- C:\Windows\SysWow64\InstallUtil.InstallLog
[2014/05/02 08:43:53 | 004,745,984 | ---- | M] (Piriform Ltd) -- C:\Users\Union\Desktop\ccsetup413.exe
[2014/05/01 13:57:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3164183197-2720610983-350624195-1000Core.job
[2014/05/01 02:06:26 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2014.lnk
[2014/04/29 20:55:09 | 000,002,112 | ---- | M] () -- C:\Users\Union\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2014/04/27 14:49:14 | 000,050,464 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2014/04/24 11:51:05 | 000,569,157 | -H-- | M] () -- C:\Users\Union\Documents\District-Assembly-delegates.PDF
[2014/04/24 09:45:40 | 000,001,456 | ---- | M] () -- C:\Users\Union\AppData\Local\Adobe Save for Web 12.0 Prefs
[2014/04/23 16:33:39 | 000,002,525 | ---- | M] () -- C:\Users\Public\Desktop\OverDrive Media Console.lnk
[2014/04/18 15:01:30 | 000,237,336 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys
[2014/04/12 21:21:01 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForVULCAN$.job
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/05/03 18:50:50 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-VULCAN-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2014/05/03 16:25:43 | 000,013,248 | ---- | C] () -- C:\bootsqm.dat
[2014/05/03 16:03:04 | 005,577,080 | ---- | C] () -- C:\Users\Union\Desktop\tweaking.com_windows_repair_aio_setup (1).exe
[2014/05/03 16:02:01 | 000,002,161 | ---- | C] () -- C:\Users\Union\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2014/05/03 16:01:32 | 005,459,368 | ---- | C] () -- C:\Users\Union\Desktop\tweaking.com_windows_repair_aio_setup.exe
[2014/05/03 14:37:45 | 000,197,679 | ---- | C] () -- C:\Users\Union\Desktop\ListChkdskResult.exe
[2014/05/03 11:34:26 | 000,869,456 | ---- | C] () -- C:\Users\Union\Desktop\Norton_Removal_Tool.exe
[2014/05/02 20:34:40 | 001,310,621 | ---- | C] () -- C:\Users\Union\Desktop\AdwCleaner.exe
[2014/05/02 18:44:32 | 000,984,576 | ---- | C] () -- C:\Users\Union\Desktop\MicrosoftFixit50906.msi
[2014/05/02 15:54:45 | 000,000,512 | ---- | C] () -- C:\Users\Union\Desktop\MBR.dat
[2014/05/02 13:34:42 | 000,000,171 | ---- | C] () -- C:\Windows\wininit.ini
[2014/05/02 12:45:43 | 000,128,958 | ---- | C] () -- C:\Users\Union\Desktop\Unconfirmed 377925.crdownload
[2014/05/02 12:12:23 | 003,972,608 | ---- | C] () -- C:\Users\Union\Desktop\RogueKiller.exe
[2014/05/02 11:23:38 | 000,036,680 | ---- | C] () -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/05/02 11:18:44 | 001,440,846 | ---- | C] () -- C:\Users\Union\Desktop\mbam-chameleon-1.62.1.1000.zip
[2014/05/02 10:43:25 | 000,000,861 | ---- | C] () -- C:\Windows\SysWow64\InstallUtil.InstallLog
[2014/05/01 02:06:26 | 000,000,967 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2014.lnk
[2014/04/24 11:51:05 | 000,569,157 | -H-- | C] () -- C:\Users\Union\Documents\District-Assembly-delegates.PDF
[2014/04/23 16:33:39 | 000,002,525 | ---- | C] () -- C:\Users\Public\Desktop\OverDrive Media Console.lnk
[2014/02/23 19:18:45 | 000,021,624 | ---- | C] () -- C:\Windows\SysWow64\drivers\BSecACFltr.sys
[2012/06/09 23:17:50 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2012/06/09 23:17:50 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2012/06/09 23:17:50 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2012/05/15 22:52:13 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012/05/15 22:52:13 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012/05/15 22:52:13 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012/05/15 22:52:12 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012/01/18 04:02:07 | 000,000,132 | ---- | C] () -- C:\Users\Union\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/11/30 00:08:25 | 000,000,218 | ---- | C] () -- C:\Users\Union\.recently-used.xbel
[2011/11/29 23:25:13 | 000,038,367 | ---- | C] () -- C:\Users\Union\descend_chart.pdf
[2011/11/29 23:24:41 | 000,005,592 | ---- | C] () -- C:\Users\Union\descend_chart.odt
[2011/10/18 02:37:25 | 000,001,456 | ---- | C] () -- C:\Users\Union\AppData\Local\Adobe Save for Web 12.0 Prefs
 
========== ZeroAccess Check ==========
 
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 22:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 21:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012/07/28 16:55:56 | 000,000,000 | ---D | M] -- C:\Users\Union\AppData\Roaming\Amazon
[2014/04/28 20:36:30 | 000,000,000 | ---D | M] -- C:\Users\Union\AppData\Roaming\Audacity
[2013/09/23 08:57:26 | 000,000,000 | ---D | M] -- C:\Users\Union\AppData\Roaming\AVG2014
[2012/02/15 15:49:02 | 000,000,000 | ---D | M] -- C:\Users\Union\AppData\Roaming\Barnes & Noble
[2012/02/15 15:47:08 | 000,000,000 | ---D | M] -- C:\Users\Union\AppData\Roaming\Blio
[2011/10/18 11:12:13 | 000,000,000 | ---D | M] -- C:\Users\Union\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/09/03 22:34:17 | 000,000,000 | ---D | M] -- C:\Users\Union\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2014/05/04 02:21:06 | 000,000,000 | ---D | M] -- C:\Users\Union\AppData\Roaming\Dropbox
[2014/03/28 08:33:49 | 000,000,000 | ---D | M] -- C:\Users\Union\AppData\Roaming\DropboxMaster
[2012/03/19 03:31:30 | 000,000,000 | ---D | M] -- C:\Users\Union\AppData\Roaming\Flickr
[2011/11/29 23:24:41 | 000,000,000 | ---D | M] -- C:\Users\Union\AppData\Roaming\gramps
[2012/10/13 13:35:44 | 000,000,000 | ---D | M] -- C:\Users\Union\AppData\Roaming\iFunbox_UserCache
[2014/03/17 15:19:29 | 000,000,000 | ---D | M] -- C:\Users\Union\AppData\Roaming\Leawo
[2011/11/01 13:01:17 | 000,000,000 | ---D | M] -- C:\Users\Union\AppData\Roaming\MusE
[2012/06/14 01:49:26 | 000,000,000 | ---D | M] -- C:\Users\Union\AppData\Roaming\Namco
[2013/06/10 12:08:27 | 000,000,000 | ---D | M] -- C:\Users\Union\AppData\Roaming\onOne Software
[2013/11/01 01:33:42 | 000,000,000 | ---D | M] -- C:\Users\Union\AppData\Roaming\Oracle
[2014/04/23 16:33:56 | 000,000,000 | ---D | M] -- C:\Users\Union\AppData\Roaming\OverDrive
[2011/11/04 21:24:57 | 000,000,000 | ---D | M] -- C:\Users\Union\AppData\Roaming\PACE Anti-Piracy
[2012/09/04 00:20:48 | 000,000,000 | ---D | M] -- C:\Users\Union\AppData\Roaming\PDAppFlex
[2012/10/13 13:00:19 | 000,000,000 | ---D | M] -- C:\Users\Union\AppData\Roaming\PhoneBrowse
[2011/11/04 21:25:58 | 000,000,000 | ---D | M] -- C:\Users\Union\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/10/15 01:22:37 | 000,000,000 | ---D | M] -- C:\Users\Union\AppData\Roaming\Thunderbird
[2012/12/11 07:38:00 | 000,000,000 | ---D | M] -- C:\Users\Union\AppData\Roaming\TuneUp Software
[2014/02/18 22:34:23 | 000,000,000 | ---D | M] -- C:\Users\Union\AppData\Roaming\Unity
[2012/06/14 01:47:56 | 000,000,000 | ---D | M] -- C:\Users\Union\AppData\Roaming\WildTangent
[2011/11/05 11:55:59 | 000,000,000 | ---D | M] -- C:\Users\Union\AppData\Roaming\WinBatch
[2011/10/15 15:06:56 | 000,000,000 | ---D | M] -- C:\Users\Union\AppData\Roaming\YouSendIt
[2012/02/15 15:49:06 | 000,000,000 | ---D | M] -- C:\Users\Union\AppData\Roaming\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 192 bytes -> C:\Windows:nlsPreferences
 
< End of report >
 

  • 0

#35
Machiavelli
Posted 04 May 2014 - 11:06 PM

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,722 posts
While I'm discussing with my colleagues , could you please tell me:

- the model of your main hard drive
- the model of your PC

Thanks! :)
  • 0

#36
kuratowa2
Posted 05 May 2014 - 06:17 AM

kuratowa2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

The PC is a HP Pavilion HPE Series. Model # h8-1000z.

 

The hard drive is a Hitachi # HDS721010CLA332.


  • 0

#37
Machiavelli
Posted 05 May 2014 - 08:08 AM

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,722 posts
Hi,

please follow the instructions here to perform a Repair Install.
  • 0

#38
kuratowa2
Posted 05 May 2014 - 08:37 AM

kuratowa2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

We do not have an installation disc for Windows 7 - it was loaded by the OEM. So we would need to do the following, correct?





Also, every attempt we have made to start in Normal mode has crashed the computer. It has to be done in normal mode in order to run, correct?


  • 0

#39
Machiavelli
Posted 05 May 2014 - 08:55 AM

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,722 posts

So we would need to do the following, correct?

Yes, download Windows 7 SP1 from here if you are using an English system.

Also, every attempt we have made to start in Normal mode has crashed the computer. It has to be done in normal mode in order to run, correct?

OK, if you can't to this in normal mode, then please try doing this in Safe Mode. It sounds like a hardware issue being honest. :/
  • 0

#40
kuratowa2
Posted 05 May 2014 - 11:56 AM

kuratowa2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

Since Windows isn't loading in Normal mode, AVG Family Safety is blocking our computer from accessing the internet in Safe Mode - should we go ahead and uninstall it for the time being so we can run the Repair Install?


  • 0

Advertisements

#41
Machiavelli
Posted 05 May 2014 - 12:03 PM

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,722 posts
Yes.
  • 0

#42
kuratowa2
Posted 05 May 2014 - 08:55 PM

kuratowa2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

When I open the .iso file with 7-zip, only two files are extracted: a README.txt file and an .img file in a folder labeled [BOOT].


  • 0

#43
Machiavelli
Posted 06 May 2014 - 08:07 AM

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,722 posts
Copy the iso to a CD and boot from it. ;) I gave you the correct file.
  • 0

#44
kuratowa2
Posted 08 May 2014 - 09:54 PM

kuratowa2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

I set up the installation disk. When I got to the compatibility report screen, it said:

"The computer started using the Windows installation disc. Remove the installation disc and restart your computer so that Windows starts normally. Then, insert the installation disc and restart the upgrade"

 

If I start Windows, either in normal or safe mode, I get an Error Code 0x583 and the setup stops.

 

The first time I attempted, I got past the first error code but got a pop-up about not having enough memory in the partition:

 

"Windows setup cannot find a location to store temporary files."

 

Then I got a blue screen from a physical memory dump:

Stop: 0x000000f4 (oxooooooooooooooo3, oxFFFFFA8007DE6520, 0xFFFFFA8007DE6800, 0xFFFFF800031807B0)


  • 0

#45
Machiavelli
Posted 09 May 2014 - 11:47 AM

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,722 posts
OK I have tried everything, but I think the techs know much more about something like that. So - please open a new topic here and tell them that I helped you removing the Malware.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics


Also tagged with one or more of these keywords: Windows 7, trojan, zlob

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP