Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

spyware/malware/virus

Started by clockworkc5 , Jun 05 2013 02:50 PM

  • Please log in to reply

#1
clockworkc5
Posted 05 June 2013 - 02:50 PM

clockworkc5

    New Member

  • Member
  • Pip
  • 2 posts
hello all. i appreciate any input help in advance. been fighting this thing for a few weeks. ive never had anything get past avg and spybot. but it
did. computer runs fine. windows 7 64 bit. outlook 2010. some days i will get to the office and have several maelerdemons. somedays none. also
somedays my email works all day, otherdays it i keep getting an error message about saving password. i hit ok and the error message just pops up again. i put malware on the computer. updated avg, spybot, and malware. booted into safe mode and ran each as an administrater. malware picked up
funmood and a few other things. removed them. however they just come back. any ideas? thanks again



OTL logfile created on: 6/5/2013 4:18:57 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\eric\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.97 Gb Total Physical Memory | 1.93 Gb Available Physical Memory | 24.21% Memory free
15.93 Gb Paging File | 10.39 Gb Available in Paging File | 65.24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 917.23 Gb Total Space | 792.40 Gb Free Space | 86.39% Space Free | Partition Type: NTFS

Computer Name: ERIC-PC | User Name: eric | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2013/06/05 16:18:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\eric\Downloads\OTL.exe
PRC - [2013/05/21 10:01:22 | 001,226,928 | ---- | M] (AVG Secure Search) -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2013/05/21 10:01:22 | 001,015,984 | ---- | M] (AVG Secure Search) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe
PRC - [2013/05/14 00:54:12 | 004,937,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
PRC - [2013/05/10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/29 00:58:42 | 004,408,368 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
PRC - [2013/04/18 04:34:38 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
PRC - [2013/02/01 14:50:22 | 001,641,368 | ---- | M] (Autodesk, Inc.) -- C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe
PRC - [2013/01/26 07:08:30 | 004,480,768 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\eric\AppData\Local\Akamai\netsession_win.exe
PRC - [2013/01/18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/02/07 21:53:34 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2012/02/07 21:53:32 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2012/02/07 21:52:04 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
PRC - [2012/02/06 23:39:04 | 000,132,520 | ---- | M] (Autodesk, Inc.) -- C:\Program Files\Autodesk\AutoCAD 2013\AdExchange\AcBrowserHost.exe
PRC - [2012/02/06 23:38:24 | 000,092,072 | ---- | M] (Autodesk Inc.) -- C:\Program Files\Common Files\Autodesk Shared\AcHelp2.exe
PRC - [2012/01/31 13:46:56 | 000,019,232 | ---- | M] (Autodesk, Inc.) -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
PRC - [2011/12/29 00:02:14 | 001,088,128 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Instant On\AsInstantOn.exe
PRC - [2011/10/28 21:59:26 | 000,918,448 | ---- | M] () -- C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe
PRC - [2011/09/02 05:41:07 | 001,399,296 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AsusFanControlService\1.00.06\AsusFanControlService.exe
PRC - [2011/09/01 18:45:34 | 001,256,576 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
PRC - [2011/08/21 13:48:28 | 000,090,024 | ---- | M] (Autodesk, Inc.) -- C:\Program Files\Common Files\Autodesk Shared\DirectConnect2013 (64-bit)\bin\Aruba\Aec32BitAppServer57.exe
PRC - [2011/08/08 22:56:04 | 000,947,328 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AAHM\1.00.16\aaHMSvc.exe
PRC - [2011/07/12 21:10:20 | 000,116,632 | ---- | M] (NewSoft Technology Corporation) -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.02\PMSpeed.exe
PRC - [2011/05/18 20:06:52 | 000,518,144 | ---- | M] (Brother International) -- C:\Program Files (x86)\Brother\DSmobileSCAN II\DSmobileSCAN.exe
PRC - [2010/11/27 01:50:04 | 002,931,328 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
PRC - [2010/10/21 05:52:26 | 000,586,880 | ---- | M] () -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
PRC - [2009/12/23 17:59:22 | 000,203,392 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Windows\SysWOW64\AsHookDevice.exe
PRC - [2009/07/23 18:16:54 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2009/03/05 19:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 18:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2006/09/13 03:00:00 | 000,045,056 | ---- | M] (brother Industries Ltd) -- C:\Windows\SysWOW64\BRSS01A.EXE
PRC - [2004/06/14 03:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) -- C:\Windows\SysWOW64\BRSVC01A.EXE


========== Modules (No Company Name) ==========

MOD - [2013/05/23 01:44:07 | 000,393,168 | ---- | M] () -- C:\Users\eric\AppData\Local\Google\Chrome\Application\27.0.1453.94\ppgooglenaclpluginchrome.dll
MOD - [2013/05/23 01:44:06 | 013,136,336 | ---- | M] () -- C:\Users\eric\AppData\Local\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll
MOD - [2013/05/23 01:43:59 | 004,051,408 | ---- | M] () -- C:\Users\eric\AppData\Local\Google\Chrome\Application\27.0.1453.94\pdf.dll
MOD - [2013/05/23 01:43:06 | 000,599,504 | ---- | M] () -- C:\Users\eric\AppData\Local\Google\Chrome\Application\27.0.1453.94\libglesv2.dll
MOD - [2013/05/23 01:43:05 | 000,124,368 | ---- | M] () -- C:\Users\eric\AppData\Local\Google\Chrome\Application\27.0.1453.94\libegl.dll
MOD - [2013/05/23 01:43:03 | 001,597,392 | ---- | M] () -- C:\Users\eric\AppData\Local\Google\Chrome\Application\27.0.1453.94\ffmpegsumo.dll
MOD - [2013/05/21 10:01:23 | 000,158,384 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.2.0\SiteSafety.dll
MOD - [2012/08/27 21:33:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/08/27 21:33:08 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/07/08 16:19:28 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.02\PMOffice.dll
MOD - [2011/07/07 14:03:20 | 000,258,048 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.02\PMScnSet.dll
MOD - [2011/07/07 14:01:40 | 000,098,304 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.02\PMSave.dll
MOD - [2011/07/07 14:00:40 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.02\PMCommon.dll
MOD - [2011/07/01 12:40:56 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.02\PMISM.dll
MOD - [2011/06/13 13:53:24 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Instant On\MSPowerLib.dll
MOD - [2011/03/17 03:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/12/21 04:15:30 | 001,041,248 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
MOD - [2010/06/13 02:35:22 | 000,146,944 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.02\ScanModule.dll
MOD - [2010/06/10 20:42:18 | 001,036,288 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.02\SlideBarDLL.dll
MOD - [2010/05/21 12:42:26 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.02\PMImageSplitter.dll
MOD - [2010/05/21 12:42:16 | 004,567,040 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.02\PMView.dll
MOD - [2010/05/21 12:39:44 | 000,614,400 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.02\PMDB_N.dll
MOD - [2010/05/17 13:53:12 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.02\PMPDFView.dll
MOD - [2010/05/17 13:52:10 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.02\PMSet.dll
MOD - [2010/05/07 14:46:38 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.02\PerformOcr.dll
MOD - [2010/04/27 18:20:18 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.02\PMStatus.dll
MOD - [2010/04/23 07:23:44 | 000,011,264 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Instant On\Images\AsMultiLang.dll
MOD - [2010/04/14 19:38:30 | 000,352,256 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.02\PMTree.dll
MOD - [2010/03/31 13:25:28 | 000,073,728 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.02\OutlookVBA.dll
MOD - [2010/03/17 14:49:58 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.02\PMINSO.dll
MOD - [2010/03/02 18:10:02 | 000,430,080 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.02\PMPageVW.dll
MOD - [2010/03/02 18:09:08 | 000,102,400 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.02\PMDocVW.dll
MOD - [2009/12/04 20:20:52 | 000,323,584 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.02\PMAnoSet.dll
MOD - [2009/11/27 20:38:52 | 000,331,776 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.02\PMAppBar.dll
MOD - [2009/11/26 20:49:38 | 000,081,920 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.02\NetFun2K.dll
MOD - [2009/11/09 21:35:52 | 000,184,320 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.02\PMImgVW.dll
MOD - [2009/09/09 17:44:26 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.02\PMANO.dll
MOD - [2009/08/06 13:22:18 | 000,421,888 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.02\FT.dll
MOD - [2009/06/26 12:03:42 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.02\PMApSet.dll
MOD - [2008/12/12 19:52:04 | 000,106,496 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.02\PMProp.dll
MOD - [2008/11/17 17:56:24 | 000,102,400 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.02\nsSign.dll
MOD - [2008/08/25 20:19:34 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.02\PHooKDlg.dll
MOD - [2008/08/25 19:16:44 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.02\PMIEVW.dll
MOD - [2007/08/31 20:51:04 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.02\PMVoice.dll
MOD - [2007/03/30 13:24:12 | 000,104,528 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.02\Qem.dll
MOD - [2007/03/30 13:01:28 | 000,038,992 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.02\NsOEMKey.dll
MOD - [2007/03/30 12:57:04 | 000,034,896 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.02\Import.dll
MOD - [2007/03/30 12:49:38 | 000,104,528 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.02\ComClass.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/06/03 09:03:03 | 000,109,352 | ---- | M] (SurfRight B.V.) [Auto | Running] -- C:\Program Files\HitmanPro\hmpsched.exe -- (HitmanProScheduler)
SRV:64bit: - [2012/08/28 14:55:42 | 001,432,400 | ---- | M] (Flexera Software, Inc.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2012/02/03 02:29:52 | 000,628,448 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV:64bit: - [2010/09/22 22:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/05/21 10:01:22 | 001,015,984 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe -- (vToolbarUpdater15.2.0)
SRV - [2013/05/15 12:17:23 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/14 00:54:12 | 004,937,264 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/05/10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/18 04:34:38 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2013/01/18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/12/29 06:34:47 | 001,260,472 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/11/02 08:07:49 | 000,147,888 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\LogMeIn\x64\ramaint.exe -- (LMIMaint)
SRV - [2012/11/02 08:07:32 | 000,375,728 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2012/06/08 12:06:24 | 000,407,424 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn)
SRV - [2012/02/07 21:53:34 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/02/07 21:53:32 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/02/07 21:52:04 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2012/01/31 13:46:56 | 000,019,232 | ---- | M] (Autodesk, Inc.) [Auto | Running] -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe -- (Autodesk Content Service)
SRV - [2011/10/28 21:59:26 | 000,918,448 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe -- (asComSvc)
SRV - [2011/09/02 05:41:07 | 001,399,296 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\AsusFanControlService\1.00.06\AsusFanControlService.exe -- (AsusFanControlService)
SRV - [2011/08/08 22:56:04 | 000,947,328 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\AAHM\1.00.16\aaHMSvc.exe -- (asHmComSvc)
SRV - [2010/10/21 05:52:26 | 000,586,880 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2010/03/18 16:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/23 17:59:22 | 000,203,392 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysWOW64\AsHookDevice.exe -- (Device Handle Service)
SRV - [2009/07/23 18:16:54 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2004/06/14 03:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) [Auto | Running] -- C:\Windows\SysWOW64\BRSVC01A.EXE -- (Brother XP spl Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV:64bit: - [2013/05/21 10:01:23 | 000,045,856 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2013/03/29 02:53:48 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2013/03/21 03:08:24 | 000,240,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2013/02/08 04:37:56 | 000,116,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2013/02/08 04:37:54 | 000,311,096 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2013/02/08 04:37:50 | 000,071,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2013/02/08 04:37:42 | 000,206,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2013/02/08 04:37:40 | 000,045,880 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2012/11/02 08:07:33 | 000,088,008 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 10:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 10:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/03 11:25:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/06/08 12:06:24 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2012/06/08 12:05:56 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)
DRV:64bit: - [2012/04/11 00:21:23 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/04/11 00:21:23 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/03/06 10:17:00 | 000,093,184 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandnetndis64.sys -- (andnetndis)
DRV:64bit: - [2012/03/06 10:04:00 | 000,036,352 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandnetmodem64.sys -- (ANDNetModem)
DRV:64bit: - [2012/03/06 10:04:00 | 000,029,184 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandnetdiag64.sys -- (AndNetDiag)
DRV:64bit: - [2012/03/04 19:31:18 | 000,398,656 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvstusb.sys -- (NvStUSB)
DRV:64bit: - [2012/03/02 19:03:00 | 000,034,816 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2012/03/02 19:03:00 | 000,028,160 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag)
DRV:64bit: - [2012/03/02 19:03:00 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)
DRV:64bit: - [2012/03/02 19:02:00 | 000,034,304 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandmodem64.sys -- (ANDModem)
DRV:64bit: - [2012/03/02 19:02:00 | 000,027,648 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lganddiag64.sys -- (AndDiag)
DRV:64bit: - [2012/03/02 19:02:00 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandgps64.sys -- (AndGps)
DRV:64bit: - [2012/03/02 19:02:00 | 000,019,456 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandbus64.sys -- (Andbus)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/05 22:44:12 | 000,049,760 | ---- | M] (Asmedia Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\asahci64.sys -- (asahci64)
DRV:64bit: - [2011/11/29 07:40:32 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/11/10 05:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2011/09/29 05:30:34 | 000,646,248 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/09/14 21:05:34 | 000,394,216 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011/09/14 21:05:34 | 000,129,000 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2011/05/13 19:37:54 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2011/04/19 15:32:50 | 001,488,448 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/08/02 19:19:00 | 000,031,744 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandadb.sys -- (androidusb)
DRV:64bit: - [2009/12/30 11:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2012/06/08 12:06:24 | 000,015,928 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008/01/04 17:34:48 | 000,011,832 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\AsInsHelp64.sys -- (ASInsHelp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}: "URL" = http://searchfunmood...E&cr=1997909770
IE - HKLM\..\URLSearchHook: {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - C:\Program Files (x86)\BitTorrentControl_v12\prxtbBitT.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{6F554E8E-2B48-4414-EC2F-1596276CF754}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}: "URL" = http://searchfunmood...E&cr=1997909770


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3322359365-2495936149-1110404415-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com/
IE - HKU\S-1-5-21-3322359365-2495936149-1110404415-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-3322359365-2495936149-1110404415-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
IE - HKU\S-1-5-21-3322359365-2495936149-1110404415-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3322359365-2495936149-1110404415-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKU\S-1-5-21-3322359365-2495936149-1110404415-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://mixidj.delta-...E1010BF484EA9AF
IE - HKU\S-1-5-21-3322359365-2495936149-1110404415-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...fr&d=2013-04-29 10:02:49&v=15.2.0.5&pid=avg&sg=&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-3322359365-2495936149-1110404415-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3322359365-2495936149-1110404415-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\eric\AppData\Local\Citrix\Plugins\92\npappdetector.dll (Citrix Online)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\eric\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\eric\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\ProgramData\AVG Secure Search\FireFoxExt\14.2.0.1 [2013/02/19 09:40:06 | 000,000,000 | ---D | M]

[2012/09/14 15:35:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\eric\AppData\Roaming\Mozilla\Firefox\extensions
[2012/09/14 15:35:54 | 000,000,000 | ---D | M] (BitTorrentControl_v12) -- C:\Users\eric\AppData\Roaming\Mozilla\Firefox\extensions\{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14}
[2013/05/23 12:26:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\eric\AppData\Local\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\eric\AppData\Local\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\eric\AppData\Local\Google\Chrome\Application\27.0.1453.94\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.2.0\\npsitesafety.dll
CHR - plugin: Intel Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Windows Live Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Best Buy pc app Detector (Enabled) = C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll
CHR - plugin: Citrix Online Web Deployment Plugin 1.0.0.92 (Enabled) = C:\Users\eric\AppData\Local\Citrix\Plugins\92\npappdetector.dll
CHR - plugin: Google Update (Enabled) = C:\Users\eric\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - Extension: BitTorrentControl_v12 = C:\Users\eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf\2.3.19.11_0\
CHR - Extension: AVG Security Toolbar = C:\Users\eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\14.2.0.1_1\

O1 HOSTS File: ([2012/08/28 13:03:11 | 000,444,105 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.123fporn.info
O1 - Hosts: 15252 more lines...
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SelectionLinksBHO Class) - {300BEC06-B743-4D19-86B9-11DC711D7FFB} - C:\Program Files (x86)\OApps\SelectionLinks.dll File not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.2.0.5\AVG Secure Search_toolbar.dll (AVG Secure Search)
O2 - BHO: (BitTorrentControl_v12 Toolbar) - {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - C:\Program Files (x86)\BitTorrentControl_v12\prxtbBitT.dll (Conduit Ltd.)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.2.0.5\AVG Secure Search_toolbar.dll (AVG Secure Search)
O3 - HKLM\..\Toolbar: (BitTorrentControl_v12 Toolbar) - {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - C:\Program Files (x86)\BitTorrentControl_v12\prxtbBitT.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3322359365-2495936149-1110404415-1000\..\Toolbar\WebBrowser: (BitTorrentControl_v12 Toolbar) - {B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14} - C:\Program Files (x86)\BitTorrentControl_v12\prxtbBitT.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe (Autodesk, Inc.)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [WrtMon.exe] C:\Windows\SysNative\spool\drivers\x64\3\WrtMon.exe (NewSoft Technology Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ADSK DLMSession] C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe (Autodesk, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.104.216\AsusWSPanel.exe (ecareme)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [PMSpeed] C:\Program Files (x86)\NewSoft\Presto! PageManager 9.02\PMSpeed.exe (NewSoft Technology Corporation)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe (AVG Secure Search)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3322359365-2495936149-1110404415-1000..\Run: [Akamai NetSession Interface] C:\Users\eric\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-3322359365-2495936149-1110404415-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSmobileSCAN II.lnk = C:\Program Files (x86)\Brother\DSmobileSCAN II\DSmobileSCAN.exe (Brother International)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-3322359365-2495936149-1110404415-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3322359365-2495936149-1110404415-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3322359365-2495936149-1110404415-1000\..Trusted Domains: us.com ([www.walbridgehome] https in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4FE086C1-264B-49F9-852A-45A05855AC7D}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7FFB1E20-FC30-4420-A44C-84A18332D538}: DhcpNameServer = 192.168.42.129
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\gopher - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.2.0\ViProtocol.dll (AVG Secure Search)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/03/29 15:49:04 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2013/05/17 10:09:06 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{d9302071-6493-11e2-b236-10bf484ea9af}\Shell - "" = AutoRun
O33 - MountPoints2\{d9302071-6493-11e2-b236-10bf484ea9af}\Shell\AutoRun\command - "" = I:\LGAutoRun.exe
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/05/23 12:26:26 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\Extensions
[2013/05/23 12:26:25 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\searchplugins
[2013/05/23 12:26:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/05/23 12:25:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Convert Audio Free
[2013/05/23 12:25:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Convert Audio Free
[2013/05/23 12:25:40 | 000,000,000 | ---D | C] -- C:\Users\eric\AppData\Roaming\Babylon
[2013/05/23 12:25:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2013/05/21 09:51:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013/05/17 16:42:47 | 000,000,000 | ---D | C] -- C:\Users\eric\Desktop\new check
[2013/05/17 10:08:49 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013/05/17 10:07:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2013/05/16 10:48:06 | 000,000,000 | ---D | C] -- C:\Users\eric\Desktop\current
[2013/05/15 17:00:19 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2013/05/15 17:00:19 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2013/05/15 17:00:19 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe
[2013/05/15 17:00:18 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2013/05/15 17:00:18 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesysprep.dll
[2013/05/15 17:00:18 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesysprep.dll
[2013/05/15 17:00:18 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\RegisterIEPKEYs.exe
[2013/05/15 17:00:18 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\RegisterIEPKEYs.exe
[2013/05/15 17:00:18 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll
[2013/05/15 17:00:18 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll
[2013/05/15 17:00:18 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll
[2013/05/15 17:00:18 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll
[2013/05/15 17:00:17 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2013/05/15 17:00:17 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2013/05/15 17:00:17 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2013/05/15 09:03:27 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\dxgmms1.sys
[2013/05/15 09:03:27 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cdd.dll
[2013/05/15 09:03:18 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\authui.dll
[2013/05/15 09:03:18 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\authui.dll
[2013/05/15 09:03:18 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\shdocvw.dll
[2013/05/15 09:03:18 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\consent.exe
[2013/05/15 09:03:16 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wwanprotdim.dll
[2013/05/09 12:49:26 | 000,000,000 | ---D | C] -- C:\Users\eric\Desktop\New folder
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/06/05 16:11:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/06/05 15:59:00 | 000,000,904 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3322359365-2495936149-1110404415-1000UA.job
[2013/06/05 14:16:16 | 000,000,060 | ---- | M] () -- C:\windows\wpd99.drv
[2013/06/05 13:59:02 | 000,000,852 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3322359365-2495936149-1110404415-1000Core.job
[2013/06/05 08:50:07 | 000,016,976 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/05 08:50:07 | 000,016,976 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/05 08:45:57 | 000,798,302 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/06/05 08:45:57 | 000,674,422 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/06/05 08:45:57 | 000,125,630 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/06/05 08:41:18 | 000,001,148 | ---- | M] () -- C:\Users\eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSmobileSCAN II.lnk
[2013/06/05 08:40:34 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/06/05 08:40:31 | 2119,868,415 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/22 08:29:19 | 000,973,976 | ---- | M] () -- C:\Users\eric\Desktop\seven seas roof.pdf
[2013/05/21 10:01:23 | 000,045,856 | ---- | M] (AVG Technologies) -- C:\windows\SysNative\drivers\avgtpx64.sys
[2013/05/17 14:07:17 | 001,148,551 | ---- | M] () -- C:\Users\eric\Desktop\ken.png
[2013/05/17 10:09:06 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2013/05/16 08:31:45 | 000,421,936 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013/05/15 12:17:22 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2013/05/15 12:17:22 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/05/30 09:22:23 | 000,001,148 | ---- | C] () -- C:\Users\eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSmobileSCAN II.lnk
[2013/05/22 08:29:18 | 000,973,976 | ---- | C] () -- C:\Users\eric\Desktop\seven seas roof.pdf
[2013/05/17 14:07:16 | 001,148,551 | ---- | C] () -- C:\Users\eric\Desktop\ken.png
[2013/05/17 10:09:06 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2013/01/11 14:40:57 | 000,000,157 | ---- | C] () -- C:\windows\wininit.ini
[2012/10/16 13:13:17 | 004,369,408 | ---- | C] () -- C:\windows\SysWow64\pdftk.exe
[2012/10/16 13:13:17 | 001,503,232 | ---- | C] () -- C:\windows\SysWow64\ptj.exe
[2012/10/16 13:13:17 | 001,103,360 | ---- | C] () -- C:\windows\SysWow64\cidfont.dll
[2012/10/16 13:13:17 | 000,235,008 | ---- | C] () -- C:\windows\SysWow64\office.exe
[2012/09/17 10:12:39 | 000,007,593 | ---- | C] () -- C:\Users\eric\AppData\Local\resmon.resmoncfg
[2012/09/14 15:35:49 | 000,000,258 | RHS- | C] () -- C:\Users\eric\ntuser.pol
[2012/09/06 14:29:42 | 000,053,248 | ---- | C] () -- C:\windows\SysWow64\CommonDL.dll
[2012/09/06 14:29:42 | 000,002,413 | ---- | C] () -- C:\windows\SysWow64\lgAxconfig.ini
[2012/08/30 14:00:29 | 000,484,352 | ---- | C] () -- C:\windows\SysWow64\lame_enc.dll
[2012/08/28 14:56:16 | 000,000,153 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2012/08/28 14:39:00 | 000,792,026 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012/08/28 13:32:24 | 000,040,448 | ---- | C] () -- C:\windows\SysWow64\pdf995mon64.dll
[2012/08/28 13:32:24 | 000,000,060 | ---- | C] () -- C:\windows\wpd99.drv
[2012/08/28 13:22:20 | 000,000,030 | ---- | C] () -- C:\windows\SysWow64\brss01a.ini
[2012/08/28 13:22:19 | 000,000,410 | ---- | C] () -- C:\windows\BRWMARK.INI
[2012/08/28 13:22:19 | 000,000,026 | ---- | C] () -- C:\windows\BRPP2KA.INI
[2012/04/11 01:24:53 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/04/11 01:03:42 | 000,014,464 | ---- | C] () -- C:\windows\SysWow64\drivers\AsUpIO.sys
[2012/04/11 01:02:49 | 000,013,440 | ---- | C] () -- C:\windows\SysWow64\drivers\AsIO.sys
[2012/04/11 01:02:44 | 000,221,184 | ---- | C] () -- C:\windows\SysWow64\drivers\ServiceHelp.dll
[2012/04/11 01:02:43 | 000,011,832 | ---- | C] () -- C:\windows\SysWow64\drivers\AsInsHelp64.sys
[2012/04/11 01:02:43 | 000,010,216 | ---- | C] () -- C:\windows\SysWow64\drivers\AsInsHelp32.sys
[2012/04/11 00:57:49 | 000,014,119 | ---- | C] () -- C:\windows\SysWow64\RaCoInst.dat
[2012/04/11 00:49:42 | 000,002,279 | ---- | C] () -- C:\windows\Ascd_log.ini
[2012/04/11 00:49:36 | 000,001,769 | ---- | C] () -- C:\windows\Language_trs.ini
[2012/04/11 00:49:35 | 000,010,296 | ---- | C] () -- C:\windows\SysWow64\drivers\ASUSHWIO.SYS
[2012/04/11 00:49:35 | 000,002,222 | ---- | C] () -- C:\windows\Ascd_tmp.ini
[2012/02/03 02:08:26 | 000,001,536 | ---- | C] () -- C:\windows\SysWow64\IusEventLog.dll

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 01:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/04/11 01:05:16 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\ASUS WebStorage
[2012/10/15 12:24:50 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2012/04/11 01:05:16 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\ASUS WebStorage
[2012/10/15 12:24:50 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
[2013/06/05 08:41:24 | 000,000,000 | ---D | M] -- C:\Users\eric\AppData\Roaming\.oit
[2012/04/11 01:05:16 | 000,000,000 | ---D | M] -- C:\Users\eric\AppData\Roaming\ASUS WebStorage
[2013/02/21 17:57:47 | 000,000,000 | ---D | M] -- C:\Users\eric\AppData\Roaming\Autodesk
[2012/10/26 12:53:19 | 000,000,000 | ---D | M] -- C:\Users\eric\AppData\Roaming\Autodesk Navisworks Freedom 2013
[2013/02/21 17:43:04 | 000,000,000 | ---D | M] -- C:\Users\eric\AppData\Roaming\Autodesk Navisworks Simulate 2013
[2012/10/01 12:14:36 | 000,000,000 | ---D | M] -- C:\Users\eric\AppData\Roaming\AVG2013
[2013/05/23 12:25:40 | 000,000,000 | ---D | M] -- C:\Users\eric\AppData\Roaming\Babylon
[2013/06/05 11:39:08 | 000,000,000 | ---D | M] -- C:\Users\eric\AppData\Roaming\BitTorrent
[2013/03/22 14:33:18 | 000,000,000 | ---D | M] -- C:\Users\eric\AppData\Roaming\com.pandora.desktop.E7C14276FFE9EEF0BC7DCE654C467D9A299EFD21.1
[2013/03/26 12:56:54 | 000,000,000 | ---D | M] -- C:\Users\eric\AppData\Roaming\Cuhai
[2012/08/30 14:00:34 | 000,000,000 | ---D | M] -- C:\Users\eric\AppData\Roaming\FreeAudioPack
[2012/10/18 15:46:05 | 000,000,000 | ---D | M] -- C:\Users\eric\AppData\Roaming\NewSoft
[2012/08/28 14:07:54 | 000,000,000 | ---D | M] -- C:\Users\eric\AppData\Roaming\pdf995
[2013/02/12 12:32:41 | 000,000,000 | ---D | M] -- C:\Users\eric\AppData\Roaming\TeamViewer
[2012/10/01 11:22:45 | 000,000,000 | ---D | M] -- C:\Users\eric\AppData\Roaming\TuneUp Software
[2012/04/11 01:05:16 | 000,000,000 | ---D | M] -- C:\Users\UpdatusUser\AppData\Roaming\ASUS WebStorage

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
clockworkc5
Posted 05 June 2013 - 02:51 PM

clockworkc5

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
no browser hijack
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP