Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser Hijacked and redirected


  • This topic is locked This topic is locked
37 replies to this topic

#1 notactjack

notactjack

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:15 PM

Posted 18 July 2012 - 08:27 AM

I get redirected to several sites (ilivid.com russianbrides.com etc etc) This happens whenever I click inside of a browser. This happens in IE, Chrome, and Firefox.
I believe the infection started after my niece used my computer to play facebook games.
I ran spyhunter and It found whazit hijacker and tracur.j downloader. Spybot, and AVG and Malware Bytes do not find anything.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_33
Run by Notactjack at 8:18:20 on 2012-07-18
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4094.859 [GMT -5:00]
.
AV: AVG Internet Security 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Internet Security 2012 *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Updater\FantapperUpdater.exe
C:\Windows\system32\svchost.exe -k bthaudiosvc
C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Users\Notactjack\AppData\Local\TVersity\Media Server\MediaServer.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\AASP\1.00.64\aaCenter.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe
C:\Program Files (x86)\Google\Update\1.3.21.115\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.21.115\GoogleCrashHandler64.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Program Files (x86)\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
E:\Program Files\Steam\Steam.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files (x86)\Wondershare\MobileGo\MobileGoService.exe
C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\SimpleCenter\bin\win\sclauncher.exe
C:\Program Files (x86)\Portrait Displays\Pivot Software\wpCtrl.exe
C:\Program Files (x86)\Acer Display\eDisplay Management\DTHtml.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Users\Notactjack\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Portrait Displays\Pivot Software\floater.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Users\Notactjack\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Notactjack\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Notactjack\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Notactjack\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\Notactjack\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Notactjack\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Notactjack\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Users\Notactjack\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Notactjack\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\McUICnt.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
C:\Users\Notactjack\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Notactjack\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Notactjack\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Notactjack\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyServer = http=127.0.0.1:50370
uInternet Settings,ProxyOverride = <local>;*.local
uURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
mURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
mWinlogon: Userinit=C:\Windows\system32\userinit.exe,C:\Program Files (x86)\LeechLLC\mstorr.exe,
uWindows: Load=C:\Users\NOTACT~1\AppData\Local\Temp\dwm.exe
BHO: Giant Savings: {11111111-1111-1111-1111-110011441179} - C:\Program Files (x86)\Giant Savings\Giant Savings.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Fantapper: {8a86d350-37ab-410a-8531-7d1363f317b3} - C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Player\\IEInstaller.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
TB: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [Steam] "e:\program files\steam\steam.exe" -silent
uRun: [EPSON Stylus CX9400Fax Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICFA.EXE /FU "C:\Windows\TEMP\E_S189E.tmp" /EF "HKCU"
uRun: [MsnMsgr] "C:\Program Files (x86)\Windows Live\Messenger\MsnMsgr.Exe" /background
uRun: [Google Update] "C:\Users\Notactjack\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [nvcpl] C:\Program Files (x86)\LeechLLC\mstorr.exe
uRun: [Logitech Vid] "C:\Program Files (x86)\Logitech\Logitech Vid\vid.exe" -bootmode
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRun: [KSS] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" /autorun
mRun: [Ai Nap] "C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe"
mRun: [QFan Help] "C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe"
mRun: [Cpu Level Up help] "C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe"
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [sclauncher] "C:\Program Files (x86)\SimpleCenter\bin\win\sclauncher.exe"
mRun: [PivotSoftware] "C:\Program Files (x86)\Portrait Displays\Pivot Software\wpctrl.exe"
mRun: [DT ACR] "C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe" -ACR
mRun: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
dRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files\Logitech\SetPoint\SetPoint.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MOBILE~1.LNK - C:\Program Files (x86)\Wondershare\MobileGo\MobileGoService.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MI1933~1\Office12\EXCEL.EXE/3000
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MI1933~1\Office12\ONBttnIE.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MI1933~1\Office12\REFIEBAR.DLL
Trusted Zone: turbotax.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{2FF57131-1AF0-42E8-9DFA-58031E2E9461} : DhcpNameServer = 172.16.68.215 172.16.68.215 8.8.8.8
TCP: Interfaces\{532EA2C7-C218-4B44-9290-D7CA4982968E} : DhcpNameServer = 69.78.96.14 66.174.92.14
TCP: Interfaces\{C5050877-D2AA-4668-86CB-AAF05A0C7ED2} : DhcpNameServer = 192.168.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: Giant Savings: {11111111-1111-1111-1111-110011441179} - C:\Program Files (x86)\Giant Savings\Giant Savings.dll
BHO-X64: CrossriderApp0004479 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO-X64: AVG Do Not Track - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
BHO-X64: uTorrentControl2 - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Fantapper: {8A86D350-37AB-410A-8531-7D1363F317B3} - C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Player\\IEInstaller.dll
BHO-X64: Fantapper - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Google Gears Helper: {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
BHO-X64: Google Gears Helper - No File
TB-X64: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
TB-X64: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [Ai Nap] "C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe"
mRun-x64: [QFan Help] "C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe"
mRun-x64: [Cpu Level Up help] "C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe"
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun-x64: [sclauncher] "C:\Program Files (x86)\SimpleCenter\bin\win\sclauncher.exe"
mRun-x64: [PivotSoftware] "C:\Program Files (x86)\Portrait Displays\Pivot Software\wpctrl.exe"
mRun-x64: [DT ACR] "C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe" -ACR
mRun-x64: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Notactjack\AppData\Roaming\Mozilla\Firefox\Profiles\8jpul60o.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Program Files (x86)\Google\Google Gears\Firefox\lib\ff36\gears.dll
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - component: C:\Users\Notactjack\AppData\Roaming\Mozilla\Firefox\Profiles\8jpul60o.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCoreGecko19.dll
FF - component: C:\Users\Notactjack\AppData\Roaming\Mozilla\Firefox\Profiles\8jpul60o.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCoreGecko5.dll
FF - component: C:\Users\Notactjack\AppData\Roaming\Mozilla\Firefox\Profiles\8jpul60o.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCoreGecko6.dll
FF - component: C:\Users\Notactjack\AppData\Roaming\Mozilla\Firefox\Profiles\8jpul60o.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCoreGecko7.dll
FF - component: C:\Users\Notactjack\AppData\Roaming\Mozilla\Firefox\Profiles\8jpul60o.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPMySrch.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Notactjack\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Users\Notactjack\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Notactjack\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: C:\Users\Notactjack\AppData\Roaming\Move Networks\plugins\npqmp071505000010.dll
FF - plugin: C:\Users\Notactjack\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll
FF - plugin: C:\Users\Notactjack\AppData\Roaming\Mozilla\Firefox\Profiles\8jpul60o.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\plugins\np-mswmp.dll
FF - plugin: C:\Users\Notactjack\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Notactjack\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true);user_pref(extensions.BabylonToolbar_i.babTrack, affID=109935
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - a8e6e0d7000000000000001bdc0feae4
FF - user.js: extensions.BabylonToolbar_i.hardId - a8e6e0d7000000000000001bdc0feae4
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15526
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1710:55:27
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R1 Avgfwfd;AVG network filter service;C:\Windows\system32\DRIVERS\avgfwd6a.sys --> C:\Windows\system32\DRIVERS\avgfwd6a.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-17 14920]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-17 12360]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2010-6-29 128752]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2012\avgfws.exe [2012-6-13 2321560]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-7-4 5160568]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 FTSvc;Fantapper Player Update Service;C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Updater\FantapperUpdater.exe [2012-4-23 14336]
R2 HFGService;Handsfree Headset Service;C:\Windows\system32\svchost.exe -k bthaudiosvc [2008-1-20 21504]
R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-5-1 8704]
R2 KSS;Kaspersky Security Scan Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [2012-4-25 202296]
R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe [2009-10-7 191000]
R2 PdiService;Portrait Displays SDK Service;C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2010-3-25 90112]
R2 SpyHunter 4 Service;SpyHunter 4 Service;C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [2012-6-2 1019328]
R2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-7-15 935008]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AmdLLD64;AMD Low Level Device Driver;C:\Windows\system32\DRIVERS\AmdLLD64.sys --> C:\Windows\system32\DRIVERS\AmdLLD64.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdLH6.sys --> C:\Windows\system32\drivers\AtihdLH6.sys [?]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]
R3 BthAudioHF;BthAudioHF Service;C:\Windows\system32\DRIVERS\BthAudioHF.sys --> C:\Windows\system32\DRIVERS\BthAudioHF.sys [?]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\system32\DRIVERS\LEqdUsb.Sys --> C:\Windows\system32\DRIVERS\LEqdUsb.Sys [?]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\system32\DRIVERS\LHidEqd.Sys --> C:\Windows\system32\DRIVERS\LHidEqd.Sys [?]
R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\system32\DRIVERS\LVPr2M64.sys --> C:\Windows\system32\DRIVERS\LVPr2M64.sys [?]
R3 LVUVC64;Logitech Webcam 120(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
R3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S2 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate1c9eb6a673f660e;Google Update Service (gupdate1c9eb6a673f660e);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-6-12 133104]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-7-8 250056]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;E:\Program Files\Steam\steamapps\common\dragon age origins\bin_ship\daupdatersvc.service.exe [2010-3-8 25832]
S3 esgiguard;esgiguard;C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [2011-3-2 13088]
S3 fssfltr;FssFltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2009-8-5 704864]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-6-12 133104]
S3 motandroidusb;Mot ADB Interface Driver;C:\Windows\system32\Drivers\motoandroid.sys --> C:\Windows\system32\Drivers\motoandroid.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-6-8 129976]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\system32\DRIVERS\netaapl64.sys --> C:\Windows\system32\DRIVERS\netaapl64.sys [?]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-9-24 89920]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-07-16 01:24:46 974848 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll
2012-07-15 21:28:51 -------- d-----w- C:\Users\Notactjack\AppData\Roaming\AVG2012
2012-07-15 21:28:40 -------- d-----w- C:\Users\Notactjack\AppData\Local\AVG Secure Search
2012-07-15 21:28:19 -------- d-----w- C:\ProgramData\AVG Secure Search
2012-07-15 21:28:17 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search
2012-07-15 21:28:17 -------- d-----w- C:\Program Files (x86)\AVG Secure Search
2012-07-15 21:27:17 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
2012-07-15 21:26:18 -------- d--h--w- C:\$AVG
2012-07-15 21:26:18 -------- d-----w- C:\Windows\System32\drivers\AVG
2012-07-15 21:26:18 -------- d-----w- C:\ProgramData\AVG2012
2012-07-15 21:25:12 -------- d-----w- C:\Program Files (x86)\AVG
2012-07-15 21:05:20 35712 ----a-w- C:\Windows\SysWow64\drivers\BlackBox.sys
2012-07-13 07:19:19 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0644C8E8-5FAF-436A-B036-646CFAF99FCB}\offreg.dll
2012-07-13 06:59:03 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0644C8E8-5FAF-436A-B036-646CFAF99FCB}\mpengine.dll
2012-07-10 05:32:04 -------- d--h--w- C:\ProgramData\Common Files
2012-07-10 05:32:04 -------- d-----w- C:\ProgramData\MFAData
2012-07-08 18:32:37 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-08 07:44:46 -------- d--h--w- C:\kleaner.tmp
2012-07-08 07:34:17 -------- d-----w- C:\ProgramData\Kaspersky Lab
2012-07-08 07:34:17 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab
2012-07-07 18:25:43 110080 ----a-r- C:\Users\Notactjack\AppData\Roaming\Microsoft\Installer\{18F97AF0-4F88-4494-AFE2-5A5702E142CC}\IconF7A21AF7.exe
2012-07-07 18:25:43 110080 ----a-r- C:\Users\Notactjack\AppData\Roaming\Microsoft\Installer\{18F97AF0-4F88-4494-AFE2-5A5702E142CC}\IconD7F16134.exe
2012-07-07 18:25:43 110080 ----a-r- C:\Users\Notactjack\AppData\Roaming\Microsoft\Installer\{18F97AF0-4F88-4494-AFE2-5A5702E142CC}\Icon1226A4C5.exe
2012-07-07 18:25:36 -------- d-----w- C:\sh4ldr
2012-07-07 18:25:36 -------- d-----w- C:\Program Files\Enigma Software Group
2012-07-07 18:21:29 -------- d-----w- C:\Windows\18F97AF04F884494AFE25A5702E142CC.TMP
2012-07-05 15:55:09 -------- d-----w- C:\Users\Notactjack\AppData\Local\Giant Savings
2012-07-05 15:55:08 -------- d-----w- C:\Users\Notactjack\AppData\Roaming\Go PDF Reader
2012-07-05 15:55:07 -------- d-----w- C:\Program Files (x86)\Giant Savings
2012-07-05 15:55:06 -------- d-----w- C:\Users\Notactjack\AppData\Roaming\Babylon
2012-07-05 15:55:06 -------- d-----w- C:\ProgramData\Babylon
2012-07-05 15:55:05 -------- d-----w- C:\Program Files (x86)\Go PDF Reader
2012-06-21 03:08:09 476936 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
.
==================== Find3M ====================
.
2012-07-12 07:27:14 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-21 03:08:02 472840 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-06-13 13:58:27 2769408 ----a-w- C:\Windows\System32\win32k.sys
2012-06-05 16:47:28 1401856 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-05 16:47:27 1248768 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-05 16:22:47 1797120 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-05 16:22:46 1869824 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-04 15:29:59 516480 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 22:12:13 88576 ----a-w- C:\Windows\SysWow64\wudriver.dll
2012-06-02 20:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 20:19:42 171904 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2012-06-02 20:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 20:12:20 33792 ----a-w- C:\Windows\SysWow64\wuapp.exe
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 00:22:56 347136 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 00:22:10 254464 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 00:05:11 77312 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 00:04:25 278528 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 00:03:42 204288 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-05-01 14:29:44 209920 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-23 16:25:30 174592 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-04-23 16:25:30 132096 ----a-w- C:\Windows\System32\cryptnet.dll
2012-04-23 16:25:30 1267200 ----a-w- C:\Windows\System32\crypt32.dll
2012-04-23 16:00:53 984064 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-04-23 16:00:53 98304 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-04-23 16:00:53 133120 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
.
============= FINISH: 8:19:47.29 ===============

Edited by notactjack, 18 July 2012 - 08:29 AM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:15 AM

Posted 21 July 2012 - 11:27 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 notactjack

notactjack
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:15 PM

Posted 23 July 2012 - 07:00 AM

I am still receiving the pop ups.


Ok first tool's log


Results of screen317's Security Check version 0.99.43
Windows Vista Service Pack 2 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
AVG Internet Security 2012
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Java™ 6 Update 33
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 11.3.300.265
Adobe Reader 8 Adobe Reader out of Date!
Adobe Reader X (10.1.3)
Mozilla Firefox 12.0 Firefox out of Date!
Google Chrome 20.0.1132.47
Google Chrome 20.0.1132.57
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
AVG avgtray.exe
Notactjack Desktop malware fix SecurityCheck.exe
Kaspersky Lab Kaspersky Security Scan 2.0 kss.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0 %
````````````````````End of Log``````````````````````


******************************************************************
Combofix's Log


ComboFix 12-07-21.01 - Notactjack 07/22/2012 23:49:59.2.4 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4094.2003 [GMT -5:00]
Running from: c:\users\Notactjack\Desktop\malware fix\ComboFix.exe
AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Internet Security 2012 *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\install.exe
c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\ChromeInstaller.dll
c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\ChromeInstaller.InstallState
c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\Fantapper.crx
c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\Fantapper.xpi
c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\FirefoxInstaller.dll
c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\FirefoxInstaller.InstallState
c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\FT_Enabled.ico
c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\FT_Plugin_Installer.jpg
c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\IEInstaller.dll
c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\OpenIE.dll
c:\program files (x86)\Brand Affinity Technologies\Fantapper Player\OpenIE.InstallState
c:\program files (x86)\Brand Affinity Technologies\Fantapper Updater\FantapperUpdater.exe
c:\program files (x86)\Brand Affinity Technologies\Fantapper Updater\FantapperUpdater.InstallState
c:\program files (x86)\Brand Affinity Technologies\Fantapper Updater\FT_Enabled.ico
c:\program files (x86)\Brand Affinity Technologies\Fantapper Updater\FT_Plugin_Installer.jpg
c:\program files (x86)\Mozilla Firefox\components\AskHPRFF.js
c:\users\Notactjack\AppData\Roaming\Desktopicon\eBayShortcuts.exe
c:\users\Notactjack\AppData\Roaming\Microsoft\stor.cfg
c:\users\Notactjack\AppData\Roaming\Mozilla\Firefox\Profiles\8jpul60o.default\extensions\crossriderapp4479@crossrider.com\chrome.manifest
c:\users\Notactjack\AppData\Roaming\Mozilla\Firefox\Profiles\8jpul60o.default\extensions\crossriderapp4479@crossrider.com\chrome\content\background.html
c:\users\Notactjack\AppData\Roaming\Mozilla\Firefox\Profiles\8jpul60o.default\extensions\crossriderapp4479@crossrider.com\chrome\content\browser.xul
c:\users\Notactjack\AppData\Roaming\Mozilla\Firefox\Profiles\8jpul60o.default\extensions\crossriderapp4479@crossrider.com\chrome\content\crossrider.js
c:\users\Notactjack\AppData\Roaming\Mozilla\Firefox\Profiles\8jpul60o.default\extensions\crossriderapp4479@crossrider.com\chrome\content\crossriderapi.js
c:\users\Notactjack\AppData\Roaming\Mozilla\Firefox\Profiles\8jpul60o.default\extensions\crossriderapp4479@crossrider.com\chrome\content\dialog.js
c:\users\Notactjack\AppData\Roaming\Mozilla\Firefox\Profiles\8jpul60o.default\extensions\crossriderapp4479@crossrider.com\chrome\content\options.js
c:\users\Notactjack\AppData\Roaming\Mozilla\Firefox\Profiles\8jpul60o.default\extensions\crossriderapp4479@crossrider.com\chrome\content\options.xul
c:\users\Notactjack\AppData\Roaming\Mozilla\Firefox\Profiles\8jpul60o.default\extensions\crossriderapp4479@crossrider.com\chrome\content\search_dialog.xul
c:\users\Notactjack\AppData\Roaming\Mozilla\Firefox\Profiles\8jpul60o.default\extensions\crossriderapp4479@crossrider.com\chrome\content\update.html
c:\users\Notactjack\AppData\Roaming\Mozilla\Firefox\Profiles\8jpul60o.default\extensions\crossriderapp4479@crossrider.com\defaults\preferences\prefs.js
c:\users\Notactjack\AppData\Roaming\Mozilla\Firefox\Profiles\8jpul60o.default\extensions\crossriderapp4479@crossrider.com\install.rdf
c:\users\Notactjack\AppData\Roaming\Mozilla\Firefox\Profiles\8jpul60o.default\extensions\crossriderapp4479@crossrider.com\locale\en-US\translations.dtd
c:\users\Notactjack\AppData\Roaming\Mozilla\Firefox\Profiles\8jpul60o.default\extensions\crossriderapp4479@crossrider.com\skin\button1.png
c:\users\Notactjack\AppData\Roaming\Mozilla\Firefox\Profiles\8jpul60o.default\extensions\crossriderapp4479@crossrider.com\skin\button2.png
c:\users\Notactjack\AppData\Roaming\Mozilla\Firefox\Profiles\8jpul60o.default\extensions\crossriderapp4479@crossrider.com\skin\button3.png
c:\users\Notactjack\AppData\Roaming\Mozilla\Firefox\Profiles\8jpul60o.default\extensions\crossriderapp4479@crossrider.com\skin\button4.png
c:\users\Notactjack\AppData\Roaming\Mozilla\Firefox\Profiles\8jpul60o.default\extensions\crossriderapp4479@crossrider.com\skin\button5.png
c:\users\Notactjack\AppData\Roaming\Mozilla\Firefox\Profiles\8jpul60o.default\extensions\crossriderapp4479@crossrider.com\skin\crossrider_statusbar.png
c:\users\Notactjack\AppData\Roaming\Mozilla\Firefox\Profiles\8jpul60o.default\extensions\crossriderapp4479@crossrider.com\skin\icon128.png
c:\users\Notactjack\AppData\Roaming\Mozilla\Firefox\Profiles\8jpul60o.default\extensions\crossriderapp4479@crossrider.com\skin\icon16.png
c:\users\Notactjack\AppData\Roaming\Mozilla\Firefox\Profiles\8jpul60o.default\extensions\crossriderapp4479@crossrider.com\skin\icon24.png
c:\users\Notactjack\AppData\Roaming\Mozilla\Firefox\Profiles\8jpul60o.default\extensions\crossriderapp4479@crossrider.com\skin\icon48.png
c:\users\Notactjack\AppData\Roaming\Mozilla\Firefox\Profiles\8jpul60o.default\extensions\crossriderapp4479@crossrider.com\skin\panelarrow-up.png
c:\users\Notactjack\AppData\Roaming\Mozilla\Firefox\Profiles\8jpul60o.default\extensions\crossriderapp4479@crossrider.com\skin\popup.css
c:\users\Notactjack\AppData\Roaming\Mozilla\Firefox\Profiles\8jpul60o.default\extensions\crossriderapp4479@crossrider.com\skin\popup.html
c:\users\Notactjack\AppData\Roaming\Mozilla\Firefox\Profiles\8jpul60o.default\extensions\crossriderapp4479@crossrider.com\skin\popup_binding.xml
c:\users\Notactjack\AppData\Roaming\Mozilla\Firefox\Profiles\8jpul60o.default\extensions\crossriderapp4479@crossrider.com\skin\skin.css
c:\users\Notactjack\AppData\Roaming\Mozilla\Firefox\Profiles\8jpul60o.default\extensions\crossriderapp4479@crossrider.com\skin\update.css
c:\windows\iun6002.exe
c:\windows\TEMP\logishrd\LVPrcInj01.dll . . . . Failed to delete
c:\windows\TEMP\logishrd\LVPrcInj02.dll . . . . Failed to delete
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_FTSvc
-------\Service_FTSvc
.
.
((((((((((((((((((((((((( Files Created from 2012-06-23 to 2012-07-23 )))))))))))))))))))))))))))))))
.
.
2012-07-23 05:01 . 2012-07-23 05:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-16 01:24 . 2012-06-05 16:47 708608 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
2012-07-15 21:28 . 2012-07-15 21:28 -------- d-----w- c:\users\Notactjack\AppData\Roaming\AVG2012
2012-07-15 21:28 . 2012-07-15 21:28 -------- d-----w- c:\users\Notactjack\AppData\Local\AVG Secure Search
2012-07-15 21:28 . 2012-07-15 21:28 -------- d-----w- c:\programdata\AVG Secure Search
2012-07-15 21:28 . 2012-07-19 00:23 -------- d-----w- c:\program files (x86)\AVG Secure Search
2012-07-15 21:28 . 2012-07-15 21:28 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2012-07-15 21:27 . 2012-07-15 21:27 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2012-07-15 21:26 . 2012-07-22 14:12 -------- d-----w- c:\windows\system32\drivers\AVG
2012-07-15 21:26 . 2012-07-15 21:42 -------- d-----w- c:\programdata\AVG2012
2012-07-15 21:26 . 2012-07-15 21:26 -------- d-----w- C:\$AVG
2012-07-15 21:25 . 2012-07-15 21:25 -------- d-----w- c:\program files (x86)\AVG
2012-07-15 21:05 . 2012-07-15 21:06 35712 ----a-w- c:\windows\SysWow64\drivers\BlackBox.sys
2012-07-13 07:19 . 2012-07-13 07:19 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0644C8E8-5FAF-436A-B036-646CFAF99FCB}\offreg.dll
2012-07-13 06:59 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0644C8E8-5FAF-436A-B036-646CFAF99FCB}\mpengine.dll
2012-07-10 05:32 . 2012-07-22 19:05 -------- d-----w- c:\programdata\MFAData
2012-07-10 05:32 . 2012-07-10 05:32 -------- d--h--w- c:\programdata\Common Files
2012-07-08 18:32 . 2012-07-12 07:27 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-08 07:44 . 2012-07-08 07:44 -------- d-----w- C:\kleaner.tmp
2012-07-08 07:34 . 2012-07-10 05:42 -------- d-----w- c:\program files (x86)\Kaspersky Lab
2012-07-08 07:34 . 2012-07-10 05:42 -------- d-----w- c:\programdata\Kaspersky Lab
2012-07-07 18:25 . 2012-07-07 18:25 110080 ----a-r- c:\users\Notactjack\AppData\Roaming\Microsoft\Installer\{18F97AF0-4F88-4494-AFE2-5A5702E142CC}\IconF7A21AF7.exe
2012-07-07 18:25 . 2012-07-07 18:25 110080 ----a-r- c:\users\Notactjack\AppData\Roaming\Microsoft\Installer\{18F97AF0-4F88-4494-AFE2-5A5702E142CC}\IconD7F16134.exe
2012-07-07 18:25 . 2012-07-07 18:25 110080 ----a-r- c:\users\Notactjack\AppData\Roaming\Microsoft\Installer\{18F97AF0-4F88-4494-AFE2-5A5702E142CC}\Icon1226A4C5.exe
2012-07-07 18:25 . 2012-07-07 18:26 -------- d-----w- C:\sh4ldr
2012-07-07 18:25 . 2012-07-07 18:25 -------- d-----w- c:\program files\Enigma Software Group
2012-07-07 18:21 . 2012-07-07 18:25 -------- d-----w- c:\windows\18F97AF04F884494AFE25A5702E142CC.TMP
2012-07-05 15:55 . 2012-07-05 15:55 237 ----a-w- C:\user.js
2012-07-05 15:55 . 2012-07-05 15:55 -------- d-----w- c:\users\Notactjack\AppData\Local\Giant Savings
2012-07-05 15:55 . 2012-07-05 15:55 -------- d-----w- c:\users\Notactjack\AppData\Roaming\Go PDF Reader
2012-07-05 15:55 . 2012-07-05 15:55 -------- d-----w- c:\program files (x86)\Giant Savings
2012-07-05 15:55 . 2012-07-05 15:55 -------- d-----w- c:\users\Notactjack\AppData\Roaming\Babylon
2012-07-05 15:55 . 2012-07-05 15:55 -------- d-----w- c:\programdata\Babylon
2012-07-05 15:55 . 2012-07-05 15:55 -------- d-----w- c:\program files (x86)\Go PDF Reader
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 08:01 . 2006-11-02 12:35 59701280 ----a-w- c:\windows\system32\mrt.exe
2012-07-12 07:27 . 2011-08-02 07:20 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-21 03:08 . 2012-06-21 03:08 476936 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-06-21 03:08 . 2011-01-02 08:41 472840 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-05-01 14:29 . 2012-06-13 06:55 209920 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files (x86)\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{687578b9-7132-4a7a-80e4-30ee31099e03}]
2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\uTorrentControl2\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-07-15 21:28 2074208 ----a-w- c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files (x86)\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-07-15 2074208]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="e:\program files\steam\steam.exe" [2011-08-02 1242448]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2010-03-09 26100520]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"Logitech Vid"="c:\program files (x86)\Logitech\Logitech Vid\vid.exe" [2009-07-16 5458704]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-07-19 2957040]
"PeerGuardian"="c:\program files\PeerGuardian2\pg2.exe" [2007-06-02 2273792]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-05-11 880496]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"KSS"="c:\program files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" [2012-04-26 202296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Ai Nap"="c:\program files (x86)\ASUS\AI Suite\AiNap\AiNap.exe" [2008-05-21 1423360]
"QFan Help"="c:\program files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe" [2008-05-06 594432]
"Cpu Level Up help"="c:\program files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe" [2007-12-01 881152]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-05-26 85160]
"sclauncher"="c:\program files (x86)\SimpleCenter\bin\win\sclauncher.exe" [2007-01-30 94208]
"PivotSoftware"="c:\program files (x86)\Portrait Displays\Pivot Software\wpctrl.exe" [2007-02-09 694008]
"DT ACR"="c:\program files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe" [2008-06-06 81920]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]
"Monitor"="c:\program files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" [2011-08-23 211296]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-06 641664]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-07-15 1107552]
"HF_G_Jul"="c:\program files (x86)\AVG Secure Search\HF_G_Jul.exe" [2012-07-19 36960]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-12-07 2387968]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-10-21 1207312]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
MobileGo Service.lnk - c:\program files (x86)\Wondershare\MobileGo\MobileGoService.exe [2012-2-22 245608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2010-06-29 128752]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-12-07 05:18 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-08 07:27]
.
2012-07-22 c:\windows\Tasks\Google Software Updater.job
- c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-12 22:09]
.
2012-07-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-06-12 14:30]
.
2012-07-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-06-12 14:30]
.
2012-07-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-74704441-3100272475-3625200479-1000Core.job
- c:\users\Notactjack\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-16 20:56]
.
2012-07-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-74704441-3100272475-3625200479-1000UA.job
- c:\users\Notactjack\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-16 20:56]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = http=127.0.0.1:50370
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~2\MI1933~1\Office12\EXCEL.EXE/3000
Trusted Zone: turbotax.com
TCP: DhcpNameServer = 192.168.0.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Notactjack\AppData\Roaming\Mozilla\Firefox\Profiles\8jpul60o.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.homepage.dontask - true);user_pref(extensions.BabylonToolbar_i.babTrack, affID=109935
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - a8e6e0d7000000000000001bdc0feae4
FF - user.js: extensions.BabylonToolbar_i.hardId - a8e6e0d7000000000000001bdc0feae4
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15526
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1710:55
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-EA Core - c:\program files (x86)\Electronic Arts\EADM\Core.exe
Wow6432Node-HKCU-Run-nvcpl - c:\program files (x86)\LeechLLC\mstorr.exe
WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
HKLM-Run-combofix - c:\combofix\CF389.3XE
AddRemove-Free Barcode Generator6.3.2 - c:\windows\iun6002.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB} - c:\program files (x86)\Common Files\BioWare\Uninstall Mass Effect 2.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files (x86)\DivX\DivXCodecUninstall.exe
AddRemove-{8ADFC4160D694100B5B8A22DE9DCABD9} - c:\program files (x86)\DivX\DivXPlayerUninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-74704441-3100272475-3625200479-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:18,77,e3,35,d7,d8,34,b8,74,32,6b,26,b7,4a,eb,ee,c1,e4,a7,c5,27,bb,d7,
53,99,6c,fb,58,5c,f0,00,bd,21,98,af,67,8e,c5,1d,32,e1,13,f2,a5,fd,d5,5e,d7,\
"??"=hex:46,86,a2,26,bc,87,b3,f7,82,c8,70,7a,09,4b,e7,59
.
Completion time: 2012-07-23 00:18:10
ComboFix-quarantined-files.txt 2012-07-23 05:18
.
Pre-Run: 285,365,637,120 bytes free
Post-Run: 289,717,129,216 bytes free
.
- - End Of File - - F78E421D4D298A7E96CEB8284FE864B2

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:15 AM

Posted 23 July 2012 - 12:11 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 notactjack

notactjack
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:15 PM

Posted 24 July 2012 - 06:20 AM

Ok, I ran both tools. The problem is still present and I'm getting the redirects and pop ups.
**************
TDSSkiller report


02:33:28.0951 5080 TDSS rootkit removing tool 2.7.47.0 Jul 20 2012 20:36:30
02:33:29.0489 5080 ============================================================
02:33:29.0489 5080 Current date / time: 2012/07/24 02:33:29.0489
02:33:29.0489 5080 SystemInfo:
02:33:29.0489 5080
02:33:29.0489 5080 OS Version: 6.0.6002 ServicePack: 2.0
02:33:29.0489 5080 Product type: Workstation
02:33:29.0489 5080 ComputerName: FOXBOXVER2
02:33:29.0489 5080 UserName: Notactjack
02:33:29.0489 5080 Windows directory: C:\Windows
02:33:29.0489 5080 System windows directory: C:\Windows
02:33:29.0489 5080 Running under WOW64
02:33:29.0489 5080 Processor architecture: Intel x64
02:33:29.0489 5080 Number of processors: 4
02:33:29.0489 5080 Page size: 0x1000
02:33:29.0489 5080 Boot type: Normal boot
02:33:29.0489 5080 ============================================================
02:33:30.0522 5080 Drive \Device\Harddisk0\DR0 - Size: 0x12A15C00000 (1192.34 Gb), SectorSize: 0x200, Cylinders: 0x26002, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
02:33:30.0558 5080 ============================================================
02:33:30.0558 5080 \Device\Harddisk0\DR0:
02:33:30.0558 5080 MBR partitions:
02:33:30.0558 5080 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x4C5CE7F8
02:33:30.0558 5080 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x4C5CF000, BlocksNum 0x48ADE000
02:33:30.0558 5080 ============================================================
02:33:30.0635 5080 C: <-> \Device\Harddisk0\DR0\Partition0
02:33:30.0689 5080 E: <-> \Device\Harddisk0\DR0\Partition1
02:33:30.0771 5080 ============================================================
02:33:30.0771 5080 Initialize success
02:33:30.0771 5080 ============================================================
02:33:33.0292 6980 ============================================================
02:33:33.0292 6980 Scan started
02:33:33.0292 6980 Mode: Manual;
02:33:33.0292 6980 ============================================================
02:33:34.0491 6980 !SASCORE (a0709b82fa3b5afad1467e565b8b3ba0) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
02:33:34.0562 6980 !SASCORE - ok
02:33:34.0916 6980 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
02:33:35.0035 6980 ACPI - ok
02:33:35.0192 6980 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
02:33:35.0193 6980 AdobeARMservice - ok
02:33:35.0428 6980 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
02:33:35.0457 6980 AdobeFlashPlayerUpdateSvc - ok
02:33:35.0518 6980 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
02:33:35.0546 6980 adp94xx - ok
02:33:35.0630 6980 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
02:33:35.0663 6980 adpahci - ok
02:33:35.0689 6980 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
02:33:35.0704 6980 adpu160m - ok
02:33:35.0730 6980 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
02:33:35.0734 6980 adpu320 - ok
02:33:35.0785 6980 AeLookupSvc (0f421175574bfe0bf2f4d8e910a253bb) C:\Windows\System32\aelupsvc.dll
02:33:35.0786 6980 AeLookupSvc - ok
02:33:35.0855 6980 AFD (c4f6ce6087760ad70960c9eb130e7943) C:\Windows\system32\drivers\afd.sys
02:33:35.0887 6980 AFD - ok
02:33:35.0927 6980 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
02:33:35.0929 6980 agp440 - ok
02:33:35.0972 6980 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
02:33:35.0975 6980 aic78xx - ok
02:33:35.0999 6980 ALG (5922f4f59b7868f3d74bbbbeb7b825a3) C:\Windows\System32\alg.exe
02:33:36.0000 6980 ALG - ok
02:33:36.0019 6980 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
02:33:36.0020 6980 aliide - ok
02:33:36.0123 6980 AMD External Events Utility (20c8a3e435a47f0408a1ea674afa6194) C:\Windows\system32\atiesrxx.exe
02:33:36.0159 6980 AMD External Events Utility - ok
02:33:36.0177 6980 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
02:33:36.0178 6980 amdide - ok
02:33:36.0202 6980 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
02:33:36.0203 6980 AmdK8 - ok
02:33:37.0152 6980 amdkmdag (0b45c18b0f3ee996d25baa4e74884b83) C:\Windows\system32\DRIVERS\atikmdag.sys
02:33:37.0339 6980 amdkmdag - ok
02:33:37.0616 6980 amdkmdap (0e57258e5cc4cc7a9a9a877afdf0cec6) C:\Windows\system32\DRIVERS\atikmpag.sys
02:33:37.0661 6980 amdkmdap - ok
02:33:37.0721 6980 AmdLLD64 (f5761675da9d15d7ae0e40907a8f4404) C:\Windows\system32\DRIVERS\AmdLLD64.sys
02:33:37.0722 6980 AmdLLD64 - ok
02:33:37.0793 6980 Appinfo (9c37b3fd5615477cb9a0cd116cf43f5c) C:\Windows\System32\appinfo.dll
02:33:37.0794 6980 Appinfo - ok
02:33:38.0285 6980 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
02:33:38.0286 6980 Apple Mobile Device - ok
02:33:38.0366 6980 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
02:33:38.0392 6980 arc - ok
02:33:38.0432 6980 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
02:33:38.0439 6980 arcsas - ok
02:33:38.0615 6980 AsIO (8065a7659562005127673ac52898675f) C:\Windows\syswow64\drivers\AsIO.sys
02:33:38.0616 6980 AsIO - ok
02:33:38.0843 6980 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
02:33:38.0847 6980 aspnet_state - ok
02:33:38.0942 6980 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
02:33:38.0943 6980 AsyncMac - ok
02:33:38.0987 6980 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\DRIVERS\atapi.sys
02:33:38.0988 6980 atapi - ok
02:33:39.0040 6980 AtiHDAudioService (917692cdf8e1ce00d9752fa40615338b) C:\Windows\system32\drivers\AtihdLH6.sys
02:33:39.0042 6980 AtiHDAudioService - ok
02:33:39.0044 6980 AtiHdmiService - ok
02:33:39.0870 6980 atikmdag (0b45c18b0f3ee996d25baa4e74884b83) C:\Windows\system32\DRIVERS\atikmdag.sys
02:33:39.0916 6980 atikmdag - ok
02:33:40.0105 6980 atksgt (fc0e8778c000291caf60eb88c011e931) C:\Windows\system32\DRIVERS\atksgt.sys
02:33:40.0173 6980 atksgt - ok
02:33:40.0269 6980 AudioEndpointBuilder (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
02:33:40.0343 6980 AudioEndpointBuilder - ok
02:33:40.0347 6980 AudioSrv (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
02:33:40.0349 6980 AudioSrv - ok
02:33:40.0410 6980 Avgfwfd (96b4456f1dca4eda506ed31c7d2d6b05) C:\Windows\system32\DRIVERS\avgfwd6a.sys
02:33:40.0411 6980 Avgfwfd - ok
02:33:40.0841 6980 avgfws (bd5d11cedbcde4fa97d2387e7069b1ff) C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
02:33:40.0926 6980 avgfws - ok
02:33:41.0519 6980 AVGIDSAgent (d67719bcfde5798f5c30d14efed3bcaf) C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
02:33:41.0652 6980 AVGIDSAgent - ok
02:33:41.0944 6980 AVGIDSDriver (1b2e9fcdc26dc7c81d4131430e2dc936) C:\Windows\system32\DRIVERS\avgidsdrivera.sys
02:33:41.0994 6980 AVGIDSDriver - ok
02:33:42.0056 6980 AVGIDSFilter (0f293406f64b48d5d2f0d3a1117f3a83) C:\Windows\system32\DRIVERS\avgidsfiltera.sys
02:33:42.0058 6980 AVGIDSFilter - ok
02:33:42.0081 6980 AVGIDSHA (cffc3a4a638f462e0561cb368b9a7a3a) C:\Windows\system32\DRIVERS\avgidsha.sys
02:33:42.0082 6980 AVGIDSHA - ok
02:33:42.0121 6980 Avgldx64 (59955b4c288dd2a8b9fd2cd5158355c5) C:\Windows\system32\DRIVERS\avgldx64.sys
02:33:42.0146 6980 Avgldx64 - ok
02:33:42.0164 6980 Avgmfx64 (a6aec362aae5e2dda7445e7690cb0f33) C:\Windows\system32\DRIVERS\avgmfx64.sys
02:33:42.0165 6980 Avgmfx64 - ok
02:33:42.0175 6980 Avgrkx64 (645c7f0a0e39758a0024a9b1748273c0) C:\Windows\system32\DRIVERS\avgrkx64.sys
02:33:42.0176 6980 Avgrkx64 - ok
02:33:42.0204 6980 Avgtdia (1bee674ad792b1c63bb0dac5fa724b23) C:\Windows\system32\DRIVERS\avgtdia.sys
02:33:42.0208 6980 Avgtdia - ok
02:33:42.0360 6980 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
02:33:42.0474 6980 avgwd - ok
02:33:42.0629 6980 BBSvc (01a24b415926bb5f772dbe12459d97de) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
02:33:42.0659 6980 BBSvc - ok
02:33:42.0731 6980 BBUpdate (785de7abda13309d6065305542829e76) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
02:33:42.0745 6980 BBUpdate - ok
02:33:42.0748 6980 Beep - ok
02:33:42.0916 6980 BFE (ffb96c2589ffa60473ead78b39fbde29) C:\Windows\System32\bfe.dll
02:33:42.0941 6980 BFE - ok
02:33:43.0122 6980 BITS (6d316f4859634071cc25c4fd4589ad2c) C:\Windows\system32\qmgr.dll
02:33:43.0186 6980 BITS - ok
02:33:43.0233 6980 BlackBox - ok
02:33:43.0259 6980 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
02:33:43.0263 6980 blbdrive - ok
02:33:43.0514 6980 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
02:33:43.0516 6980 Bonjour Service - ok
02:33:43.0646 6980 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
02:33:43.0656 6980 bowser - ok
02:33:43.0738 6980 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
02:33:43.0741 6980 BrFiltLo - ok
02:33:43.0757 6980 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
02:33:43.0758 6980 BrFiltUp - ok
02:33:43.0840 6980 Browser (a1b39de453433b115b4ea69ee0343816) C:\Windows\System32\browser.dll
02:33:43.0889 6980 Browser - ok
02:33:43.0947 6980 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
02:33:43.0962 6980 Brserid - ok
02:33:43.0979 6980 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
02:33:43.0981 6980 BrSerWdm - ok
02:33:43.0993 6980 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
02:33:43.0994 6980 BrUsbMdm - ok
02:33:43.0998 6980 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
02:33:43.0999 6980 BrUsbSer - ok
02:33:44.0027 6980 BthAudioHF (e788fbf0e8771b42a5d894832dc7d9f3) C:\Windows\system32\DRIVERS\BthAudioHF.sys
02:33:44.0028 6980 BthAudioHF - ok
02:33:44.0102 6980 BthEnum (09f926a0d9c0bafd8417a4307d2ed13c) C:\Windows\system32\DRIVERS\BthEnum.sys
02:33:44.0107 6980 BthEnum - ok
02:33:44.0151 6980 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
02:33:44.0152 6980 BTHMODEM - ok
02:33:44.0240 6980 BthPan (befc5311736b475ac5b60c14ff7c775a) C:\Windows\system32\DRIVERS\bthpan.sys
02:33:44.0296 6980 BthPan - ok
02:33:44.0377 6980 BTHPORT (e1466882252ff51edde48c3f7eda2591) C:\Windows\system32\Drivers\BTHport.sys
02:33:44.0438 6980 BTHPORT - ok
02:33:44.0470 6980 BthServ (22e65ffd640f16968f855f5b3528d366) C:\Windows\System32\bthserv.dll
02:33:44.0471 6980 BthServ - ok
02:33:44.0504 6980 BTHUSB (970192cded77a128e7e30722e5ee6b9c) C:\Windows\system32\Drivers\BTHUSB.sys
02:33:44.0514 6980 BTHUSB - ok
02:33:44.0516 6980 catchme - ok
02:33:44.0537 6980 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
02:33:44.0553 6980 cdfs - ok
02:33:44.0622 6980 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
02:33:44.0623 6980 cdrom - ok
02:33:44.0664 6980 CertPropSvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
02:33:44.0665 6980 CertPropSvc - ok
02:33:44.0682 6980 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
02:33:44.0683 6980 circlass - ok
02:33:44.0757 6980 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
02:33:44.0760 6980 CLFS - ok
02:33:44.0953 6980 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
02:33:44.0977 6980 clr_optimization_v2.0.50727_32 - ok
02:33:45.0047 6980 clr_optimization_v2.0.50727_64 (ce07a466201096f021cd09d631b21540) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
02:33:45.0048 6980 clr_optimization_v2.0.50727_64 - ok
02:33:45.0215 6980 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
02:33:45.0249 6980 clr_optimization_v4.0.30319_32 - ok
02:33:45.0342 6980 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
02:33:45.0350 6980 clr_optimization_v4.0.30319_64 - ok
02:33:45.0362 6980 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
02:33:45.0363 6980 cmdide - ok
02:33:45.0373 6980 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys
02:33:45.0374 6980 Compbatt - ok
02:33:45.0376 6980 COMSysApp - ok
02:33:45.0382 6980 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
02:33:45.0383 6980 crcdisk - ok
02:33:45.0475 6980 CryptSvc (62740b9d2a137e8ced41a9e4239a7a31) C:\Windows\system32\cryptsvc.dll
02:33:45.0523 6980 CryptSvc - ok
02:33:45.0870 6980 DAUpdaterSvc (914a7156b0c0f10be645a02e13f576b2) e:\program files\steam\steamapps\common\dragon age origins\bin_ship\DAUpdaterSvc.Service.exe
02:33:45.0870 6980 DAUpdaterSvc - ok
02:33:45.0965 6980 DcomLaunch (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
02:33:45.0989 6980 DcomLaunch - ok
02:33:46.0091 6980 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
02:33:46.0093 6980 DfsC - ok
02:33:46.0453 6980 DFSR (c647f468f7de343df8c143655c5557d4) C:\Windows\system32\DFSR.exe
02:33:46.0549 6980 DFSR - ok
02:33:46.0892 6980 Dhcp (3ed0321127ce70acdaabbf77e157c2a7) C:\Windows\System32\dhcpcsvc.dll
02:33:46.0937 6980 Dhcp - ok
02:33:46.0986 6980 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
02:33:46.0987 6980 disk - ok
02:33:47.0051 6980 Dnscache (06230f1b721494a6df8d47fd395bb1b0) C:\Windows\System32\dnsrslvr.dll
02:33:47.0053 6980 Dnscache - ok
02:33:47.0113 6980 dot3svc (1a7156dd1e850e9914e5e991e3225b94) C:\Windows\System32\dot3svc.dll
02:33:47.0122 6980 dot3svc - ok
02:33:47.0193 6980 DPS (1583b39790db3eaec7edb0cb0140c708) C:\Windows\system32\dps.dll
02:33:47.0202 6980 DPS - ok
02:33:47.0260 6980 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
02:33:47.0260 6980 drmkaud - ok
02:33:47.0406 6980 DTSRVC (3430a3d6a97c0e827db0930fee017499) C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
02:33:47.0407 6980 DTSRVC - ok
02:33:47.0499 6980 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
02:33:47.0523 6980 DXGKrnl - ok
02:33:47.0574 6980 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
02:33:47.0587 6980 E1G60 - ok
02:33:47.0634 6980 EapHost (c2303883fd9be49dc36a6400643002ea) C:\Windows\System32\eapsvc.dll
02:33:47.0637 6980 EapHost - ok
02:33:47.0707 6980 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
02:33:47.0713 6980 Ecache - ok
02:33:47.0797 6980 ehRecvr (14ce384d2e27b64c256bda4dc39c312d) C:\Windows\ehome\ehRecvr.exe
02:33:47.0818 6980 ehRecvr - ok
02:33:47.0844 6980 ehSched (b93159c1313d66fdfbbe876f5189cd52) C:\Windows\ehome\ehsched.exe
02:33:47.0850 6980 ehSched - ok
02:33:47.0869 6980 ehstart (f5ee2527d74449868e3c3227a59bcd28) C:\Windows\ehome\ehstart.dll
02:33:47.0869 6980 ehstart - ok
02:33:47.0892 6980 ElbyCDIO (702d5606cf2199e0edea6f0e0d27cd10) C:\Windows\system32\Drivers\ElbyCDIO.sys
02:33:47.0894 6980 ElbyCDIO - ok
02:33:47.0945 6980 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
02:33:47.0951 6980 elxstor - ok
02:33:48.0035 6980 EMDMgmt (a9b18b63a4fd6baab83326706d857fab) C:\Windows\system32\emdmgmt.dll
02:33:48.0055 6980 EMDMgmt - ok
02:33:48.0078 6980 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
02:33:48.0079 6980 ErrDev - ok
02:33:48.0239 6980 esgiguard (df96c3cd6ae15f6d0a6bcb70f9c1e88d) C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys
02:33:48.0247 6980 esgiguard - ok
02:33:48.0433 6980 EventSystem (e12f22b73f153dece721cd45ec05b4af) C:\Windows\system32\es.dll
02:33:48.0450 6980 EventSystem - ok
02:33:48.0509 6980 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
02:33:48.0518 6980 exfat - ok
02:33:48.0568 6980 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
02:33:48.0577 6980 fastfat - ok
02:33:48.0592 6980 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
02:33:48.0593 6980 fdc - ok
02:33:48.0625 6980 fdPHost (bb9267acacd8b7533dd936c34a0cba5e) C:\Windows\system32\fdPHost.dll
02:33:48.0626 6980 fdPHost - ok
02:33:48.0650 6980 FDResPub (300c80931eabbe1db7591c516efe8d0f) C:\Windows\system32\fdrespub.dll
02:33:48.0651 6980 FDResPub - ok
02:33:48.0672 6980 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
02:33:48.0673 6980 FileInfo - ok
02:33:48.0695 6980 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
02:33:48.0696 6980 Filetrace - ok
02:33:48.0868 6980 FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
02:33:48.0899 6980 FLEXnet Licensing Service - ok
02:33:48.0937 6980 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
02:33:48.0939 6980 flpydisk - ok
02:33:48.0977 6980 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
02:33:48.0985 6980 FltMgr - ok
02:33:49.0207 6980 FontCache (be1c5bd1ca7ed015bc6fa1ae67e592c8) C:\Windows\system32\FntCache.dll
02:33:49.0244 6980 FontCache - ok
02:33:49.0348 6980 FontCache3.0.0.0 (bc5b0be5af3510b0fd8c140ee42c6d3e) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
02:33:49.0353 6980 FontCache3.0.0.0 - ok
02:33:49.0434 6980 fssfltr (53dab1791917a72738539ad25c4eed7f) C:\Windows\system32\DRIVERS\fssfltr.sys
02:33:49.0439 6980 fssfltr - ok
02:33:49.0568 6980 fsssvc (206ad9a89bf05dfa1621f1fc7b82592d) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
02:33:49.0591 6980 fsssvc - ok
02:33:49.0601 6980 Fs_Rec (5779b86cd8b32519fbecb136394d946a) C:\Windows\system32\drivers\Fs_Rec.sys
02:33:49.0602 6980 Fs_Rec - ok
02:33:49.0628 6980 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
02:33:49.0630 6980 gagp30kx - ok
02:33:49.0662 6980 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
02:33:49.0663 6980 GEARAspiWDM - ok
02:33:49.0754 6980 gpsvc (a0e1b575ba8f504968cd40c0faeb2384) C:\Windows\System32\gpsvc.dll
02:33:49.0768 6980 gpsvc - ok
02:33:49.0816 6980 grmnusb (2ed7ff3e1ada4092632393781518b3a7) C:\Windows\system32\drivers\grmnusb.sys
02:33:49.0817 6980 grmnusb - ok
02:33:50.0000 6980 gupdate1c9eb6a673f660e (626a24ed1228580b9518c01930936df9) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
02:33:50.0008 6980 gupdate1c9eb6a673f660e - ok
02:33:50.0011 6980 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
02:33:50.0011 6980 gupdatem - ok
02:33:50.0105 6980 gusvc (408ddd80eede47175f6844817b90213e) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
02:33:50.0115 6980 gusvc - ok
02:33:50.0178 6980 HdAudAddService (68e732382b32417ff61fd663259b4b09) C:\Windows\system32\drivers\HdAudio.sys
02:33:50.0239 6980 HdAudAddService - ok
02:33:50.0373 6980 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
02:33:50.0432 6980 HDAudBus - ok
02:33:50.0523 6980 HFGService (2a0706b440039ba5ac5193cba87a4be8) C:\Windows\System32\HFGService.dll
02:33:50.0533 6980 HFGService - ok
02:33:50.0588 6980 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
02:33:50.0589 6980 HidBth - ok
02:33:50.0620 6980 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
02:33:50.0629 6980 HidIr - ok
02:33:50.0654 6980 hidserv (59361d38a297755d46a540e450202b2a) C:\Windows\System32\hidserv.dll
02:33:50.0655 6980 hidserv - ok
02:33:50.0673 6980 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
02:33:50.0674 6980 HidUsb - ok
02:33:50.0723 6980 HiPatchService (5a457c3d00c1c701230a12aa1580114d) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
02:33:50.0723 6980 HiPatchService - ok
02:33:50.0768 6980 hkmsvc (b12f367ea39c0795fd57e31242ce1a5a) C:\Windows\system32\kmsvc.dll
02:33:50.0774 6980 hkmsvc - ok
02:33:50.0822 6980 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
02:33:50.0825 6980 HpCISSs - ok
02:33:50.0905 6980 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
02:33:50.0930 6980 HTTP - ok
02:33:50.0949 6980 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
02:33:50.0950 6980 i2omp - ok
02:33:50.0980 6980 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
02:33:50.0982 6980 i8042prt - ok
02:33:51.0040 6980 iaStor (8d58627fef3f8767665d9f4dc91cbd97) C:\Windows\system32\drivers\iastor.sys
02:33:51.0088 6980 iaStor - ok
02:33:51.0131 6980 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
02:33:51.0132 6980 iaStorV - ok
02:33:51.0276 6980 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
02:33:51.0278 6980 IDriverT - ok
02:33:51.0474 6980 idsvc (749f5f8cedca70f2a512945325fc489d) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
02:33:51.0513 6980 idsvc - ok
02:33:51.0546 6980 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
02:33:51.0547 6980 iirsp - ok
02:33:51.0620 6980 IKEEXT (0c9ea6e654e7b0471741e343a6c671af) C:\Windows\System32\ikeext.dll
02:33:51.0645 6980 IKEEXT - ok
02:33:51.0659 6980 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
02:33:51.0660 6980 intelide - ok
02:33:51.0718 6980 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
02:33:51.0724 6980 intelppm - ok
02:33:51.0753 6980 IPBusEnum (5624bc1bc5eeb49c0ab76a8114f05ea3) C:\Windows\system32\ipbusenum.dll
02:33:51.0761 6980 IPBusEnum - ok
02:33:51.0852 6980 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
02:33:51.0854 6980 IpFilterDriver - ok
02:33:51.0904 6980 iphlpsvc (bf0dbfa9792c5c14fa00f61c75116c1b) C:\Windows\System32\iphlpsvc.dll
02:33:51.0908 6980 iphlpsvc - ok
02:33:51.0910 6980 IpInIp - ok
02:33:51.0950 6980 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
02:33:51.0951 6980 IPMIDRV - ok
02:33:51.0982 6980 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
02:33:51.0990 6980 IPNAT - ok
02:33:52.0112 6980 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
02:33:52.0133 6980 iPod Service - ok
02:33:52.0158 6980 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
02:33:52.0165 6980 IRENUM - ok
02:33:52.0199 6980 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
02:33:52.0200 6980 isapnp - ok
02:33:52.0241 6980 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
02:33:52.0257 6980 iScsiPrt - ok
02:33:52.0279 6980 ISODisk - ok
02:33:52.0299 6980 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
02:33:52.0300 6980 iteatapi - ok
02:33:52.0351 6980 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
02:33:52.0352 6980 iteraid - ok
02:33:52.0374 6980 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
02:33:52.0375 6980 kbdclass - ok
02:33:52.0401 6980 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
02:33:52.0402 6980 kbdhid - ok
02:33:52.0421 6980 KeyIso (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
02:33:52.0422 6980 KeyIso - ok
02:33:52.0505 6980 KSecDD (88956ad9fa510848ad176777a6c6c1f5) C:\Windows\system32\Drivers\ksecdd.sys
02:33:52.0525 6980 KSecDD - ok
02:33:52.0634 6980 KSS (e47ffca0909871ac1bff0d446ff63ca9) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
02:33:52.0646 6980 KSS - ok
02:33:52.0725 6980 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
02:33:52.0726 6980 ksthunk - ok
02:33:52.0845 6980 KtmRm (1faf6926f3416d3da05c5b265491bdae) C:\Windows\system32\msdtckrm.dll
02:33:52.0889 6980 KtmRm - ok
02:33:53.0005 6980 L1E (4180e9d6e51516371afc369f7e8f6652) C:\Windows\system32\DRIVERS\L1E60x64.sys
02:33:53.0012 6980 L1E - ok
02:33:53.0079 6980 L8042Kbd (f33c5d79d3273530e1892a0922283a7b) C:\Windows\system32\DRIVERS\L8042Kbd.sys
02:33:53.0081 6980 L8042Kbd - ok
02:33:53.0138 6980 LanmanServer (50c7a3cb427e9bb5ed0708a669956ab5) C:\Windows\System32\srvsvc.dll
02:33:53.0151 6980 LanmanServer - ok
02:33:53.0198 6980 LanmanWorkstation (caf86fc1388be1e470f1a7b43e348adb) C:\Windows\System32\wkssvc.dll
02:33:53.0290 6980 LanmanWorkstation - ok
02:33:53.0469 6980 LBTServ (88e52495b47c67126b510af53fdb0bc7) C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
02:33:53.0506 6980 LBTServ - ok
02:33:54.0016 6980 LeapFrog Connect Device Service (b25c71018bdba3e1e0e64917f7af50a7) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
02:33:54.0125 6980 LeapFrog Connect Device Service - ok
02:33:54.0299 6980 LEqdUsb (becbd7cd46776b8739ee18061f45a581) C:\Windows\system32\DRIVERS\LEqdUsb.Sys
02:33:54.0303 6980 LEqdUsb - ok
02:33:54.0307 6980 LHidEqd (21d6bd7d62c270059eb8e2b1d4095880) C:\Windows\system32\DRIVERS\LHidEqd.Sys
02:33:54.0308 6980 LHidEqd - ok
02:33:54.0338 6980 LHidFilt (b6552d382ff070b4ed34cbd6737277c0) C:\Windows\system32\DRIVERS\LHidFilt.Sys
02:33:54.0340 6980 LHidFilt - ok
02:33:54.0506 6980 LightScribeService (faab52b7766409d702b99fe5553dc34f) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
02:33:54.0507 6980 LightScribeService - ok
02:33:54.0649 6980 lirsgt (156ab2e56dc3ca0b582e3362e07cded7) C:\Windows\system32\DRIVERS\lirsgt.sys
02:33:54.0668 6980 lirsgt - ok
02:33:54.0693 6980 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
02:33:54.0703 6980 lltdio - ok
02:33:54.0734 6980 lltdsvc (961ccbd0b1ccb5675d64976fae37d092) C:\Windows\System32\lltdsvc.dll
02:33:54.0762 6980 lltdsvc - ok
02:33:54.0777 6980 lmhosts (a47f8080cacc23c91fe823ad19aa5612) C:\Windows\System32\lmhsvc.dll
02:33:54.0779 6980 lmhosts - ok
02:33:54.0788 6980 LMouFilt (73c1f563ab73d459dffe682d66476558) C:\Windows\system32\DRIVERS\LMouFilt.Sys
02:33:54.0789 6980 LMouFilt - ok
02:33:54.0831 6980 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
02:33:54.0836 6980 LSI_FC - ok
02:33:54.0880 6980 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
02:33:54.0881 6980 LSI_SAS - ok
02:33:54.0917 6980 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
02:33:54.0922 6980 LSI_SCSI - ok
02:33:54.0951 6980 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
02:33:54.0953 6980 luafv - ok
02:33:54.0980 6980 LUsbFilt (9d9714e78eac9e5368208649489c920e) C:\Windows\system32\Drivers\LUsbFilt.Sys
02:33:54.0982 6980 LUsbFilt - ok
02:33:55.0054 6980 LVPr2M64 (ded333dbdbbcc3555a6e6244522e2f1a) C:\Windows\system32\DRIVERS\LVPr2M64.sys
02:33:55.0055 6980 LVPr2M64 - ok
02:33:55.0090 6980 LVPr2Mon (ded333dbdbbcc3555a6e6244522e2f1a) C:\Windows\system32\DRIVERS\LVPr2M64.sys
02:33:55.0091 6980 LVPr2Mon - ok
02:33:55.0230 6980 LVPrcS64 (a35679e56e78091e1042a2d7adbf2958) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
02:33:55.0233 6980 LVPrcS64 - ok
02:33:55.0865 6980 LVUVC64 (5747bc465abea2858c5d037252aed84e) C:\Windows\system32\DRIVERS\lvuvc64.sys
02:33:55.0988 6980 LVUVC64 - ok
02:33:56.0145 6980 McciCMService (67b6f4e0db57dd2020a2415294ba4ed8) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
02:33:56.0212 6980 McciCMService - ok
02:33:56.0354 6980 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
02:33:56.0367 6980 McComponentHostService - ok
02:33:56.0459 6980 Mcx2Svc (76a58df02bd4ea29f189b82d0bef17f8) C:\Windows\system32\Mcx2Svc.dll
02:33:56.0461 6980 Mcx2Svc - ok
02:33:56.0539 6980 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
02:33:56.0540 6980 megasas - ok
02:33:56.0588 6980 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
02:33:56.0601 6980 MegaSR - ok
02:33:56.0695 6980 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
02:33:56.0696 6980 Microsoft Office Groove Audit Service - ok
02:33:56.0773 6980 MMCSS (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
02:33:56.0774 6980 MMCSS - ok
02:33:56.0817 6980 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
02:33:56.0818 6980 Modem - ok
02:33:56.0850 6980 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
02:33:56.0860 6980 monitor - ok
02:33:56.0907 6980 motandroidusb (d69f1e9a944a5f46a494af901ed41118) C:\Windows\system32\Drivers\motoandroid.sys
02:33:56.0908 6980 motandroidusb - ok
02:33:56.0935 6980 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
02:33:56.0936 6980 mouclass - ok
02:33:56.0939 6980 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
02:33:56.0940 6980 mouhid - ok
02:33:56.0959 6980 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
02:33:56.0965 6980 MountMgr - ok
02:33:57.0042 6980 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
02:33:57.0046 6980 MozillaMaintenance - ok
02:33:57.0091 6980 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
02:33:57.0114 6980 mpio - ok
02:33:57.0135 6980 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
02:33:57.0144 6980 mpsdrv - ok
02:33:57.0213 6980 MpsSvc (897e3baf68ba406a61682ae39c83900c) C:\Windows\system32\mpssvc.dll
02:33:57.0220 6980 MpsSvc - ok
02:33:57.0242 6980 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
02:33:57.0243 6980 Mraid35x - ok
02:33:57.0356 6980 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS
02:33:57.0357 6980 MREMP50 - ok
02:33:57.0361 6980 MREMP50a64 - ok
02:33:57.0403 6980 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS
02:33:57.0426 6980 MRESP50 - ok
02:33:57.0429 6980 MRESP50a64 - ok
02:33:57.0528 6980 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
02:33:57.0530 6980 MRxDAV - ok
02:33:57.0608 6980 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
02:33:57.0611 6980 mrxsmb - ok
02:33:57.0718 6980 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
02:33:57.0778 6980 mrxsmb10 - ok
02:33:57.0796 6980 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
02:33:57.0806 6980 mrxsmb20 - ok
02:33:57.0824 6980 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
02:33:57.0825 6980 msahci - ok
02:33:57.0862 6980 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
02:33:57.0864 6980 msdsm - ok
02:33:57.0902 6980 MSDTC (7ec02ce772f068ed0beafa3da341a9bc) C:\Windows\System32\msdtc.exe
02:33:57.0904 6980 MSDTC - ok
02:33:57.0970 6980 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
02:33:57.0971 6980 Msfs - ok
02:33:57.0994 6980 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
02:33:57.0995 6980 msisadrv - ok
02:33:58.0059 6980 MSiSCSI (366b0c1f4478b519c181e37d43dcda32) C:\Windows\system32\iscsiexe.dll
02:33:58.0061 6980 MSiSCSI - ok
02:33:58.0064 6980 msiserver - ok
02:33:58.0096 6980 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
02:33:58.0097 6980 MSKSSRV - ok
02:33:58.0129 6980 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
02:33:58.0130 6980 MSPCLOCK - ok
02:33:58.0134 6980 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
02:33:58.0135 6980 MSPQM - ok
02:33:58.0168 6980 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
02:33:58.0172 6980 MsRPC - ok
02:33:58.0178 6980 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
02:33:58.0179 6980 mssmbios - ok
02:33:58.0224 6980 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
02:33:58.0225 6980 MSTEE - ok
02:33:58.0295 6980 MTsensor (6936198f2cc25b39cf5262436c80df46) C:\Windows\system32\DRIVERS\ASACPI.sys
02:33:58.0296 6980 MTsensor - ok
02:33:58.0341 6980 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
02:33:58.0343 6980 Mup - ok
02:33:58.0414 6980 napagent (a5b10c845e7538c60c0f5d87a57cb3f5) C:\Windows\system32\qagentRT.dll
02:33:58.0427 6980 napagent - ok
02:33:58.0491 6980 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
02:33:58.0504 6980 NativeWifiP - ok
02:33:58.0558 6980 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
02:33:58.0566 6980 NDIS - ok
02:33:58.0598 6980 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
02:33:58.0599 6980 NdisTapi - ok
02:33:58.0608 6980 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
02:33:58.0609 6980 Ndisuio - ok
02:33:58.0649 6980 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
02:33:58.0666 6980 NdisWan - ok
02:33:58.0688 6980 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
02:33:58.0698 6980 NDProxy - ok
02:33:58.0723 6980 Netaapl (6f4607e2333fe21e9e3ff8133a88b35b) C:\Windows\system32\DRIVERS\netaapl64.sys
02:33:58.0724 6980 Netaapl - ok
02:33:58.0729 6980 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
02:33:58.0730 6980 NetBIOS - ok
02:33:58.0773 6980 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
02:33:58.0783 6980 netbt - ok
02:33:58.0813 6980 Netlogon (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
02:33:58.0814 6980 Netlogon - ok
02:33:58.0928 6980 Netman (9b63b29defc0f3115a559d2597bf5d75) C:\Windows\System32\netman.dll
02:33:58.0991 6980 Netman - ok
02:33:59.0180 6980 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
02:33:59.0215 6980 NetMsmqActivator - ok
02:33:59.0217 6980 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
02:33:59.0218 6980 NetPipeActivator - ok
02:33:59.0288 6980 netprofm (7846d0136cc2b264926a73047ba7688a) C:\Windows\System32\netprofm.dll
02:33:59.0309 6980 netprofm - ok
02:33:59.0311 6980 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
02:33:59.0312 6980 NetTcpActivator - ok
02:33:59.0315 6980 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
02:33:59.0316 6980 NetTcpPortSharing - ok
02:33:59.0346 6980 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
02:33:59.0347 6980 nfrd960 - ok
02:33:59.0397 6980 NlaSvc (f145bf4c4668e7e312069f81ef847cfc) C:\Windows\System32\nlasvc.dll
02:33:59.0415 6980 NlaSvc - ok
02:33:59.0460 6980 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
02:33:59.0461 6980 Npfs - ok
02:33:59.0496 6980 nsi (acb62baa1c319b17752553df3026eeeb) C:\Windows\system32\nsisvc.dll
02:33:59.0498 6980 nsi - ok
02:33:59.0510 6980 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
02:33:59.0511 6980 nsiproxy - ok
02:33:59.0675 6980 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
02:33:59.0697 6980 Ntfs - ok
02:33:59.0800 6980 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
02:33:59.0801 6980 Null - ok
02:33:59.0859 6980 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
02:33:59.0864 6980 nvraid - ok
02:33:59.0879 6980 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
02:33:59.0880 6980 nvstor - ok
02:33:59.0909 6980 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
02:33:59.0924 6980 nv_agp - ok
02:33:59.0927 6980 NwlnkFlt - ok
02:33:59.0931 6980 NwlnkFwd - ok
02:34:00.0168 6980 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
02:34:00.0261 6980 odserv - ok
02:34:00.0337 6980 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
02:34:00.0339 6980 ohci1394 - ok
02:34:00.0444 6980 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
02:34:00.0484 6980 ose - ok
02:34:00.0590 6980 p2pimsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
02:34:00.0614 6980 p2pimsvc - ok
02:34:00.0620 6980 p2psvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
02:34:00.0624 6980 p2psvc - ok
02:34:00.0675 6980 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
02:34:00.0721 6980 Parport - ok
02:34:00.0790 6980 partmgr (b43751085e2abe389da466bc62a4b987) C:\Windows\system32\drivers\partmgr.sys
02:34:00.0792 6980 partmgr - ok
02:34:00.0816 6980 PcaSvc (9ab157b374192ff276c1628fbdba2b0e) C:\Windows\System32\pcasvc.dll
02:34:00.0824 6980 PcaSvc - ok
02:34:00.0909 6980 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
02:34:00.0957 6980 pci - ok
02:34:01.0006 6980 pciide (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\DRIVERS\pciide.sys
02:34:01.0007 6980 pciide - ok
02:34:01.0057 6980 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
02:34:01.0096 6980 pcmcia - ok
02:34:01.0156 6980 PdiPorts (fd1bb23371ee2e5e3076d7b0d8b33e91) C:\Windows\system32\DRIVERS\PdiPorts.sys
02:34:01.0158 6980 PdiPorts - ok
02:34:01.0274 6980 PdiService (a1f1260ad7aeaba9d53724e66aa274ba) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
02:34:01.0276 6980 PdiService - ok
02:34:01.0354 6980 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
02:34:01.0425 6980 PEAUTH - ok
02:34:01.0568 6980 PerfHost (0ed8727ea0172860f47258456c06caea) C:\Windows\SysWow64\perfhost.exe
02:34:01.0570 6980 PerfHost - ok
02:34:01.0700 6980 pla (e9e68c1a0f25cf4a7ac966eea74ee89e) C:\Windows\system32\pla.dll
02:34:01.0746 6980 pla - ok
02:34:01.0821 6980 PlugPlay (fe6b0f59215c9fd9f9d26539c58c8b82) C:\Windows\system32\umpnpmgr.dll
02:34:01.0831 6980 PlugPlay - ok
02:34:01.0833 6980 PnkBstrA - ok
02:34:01.0938 6980 PNRPAutoReg (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
02:34:01.0942 6980 PNRPAutoReg - ok
02:34:01.0949 6980 PNRPsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
02:34:01.0953 6980 PNRPsvc - ok
02:34:02.0079 6980 PolicyAgent (89a5560671c2d8b4a4b51f3e1aa069d8) C:\Windows\System32\ipsecsvc.dll
02:34:02.0114 6980 PolicyAgent - ok
02:34:02.0225 6980 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
02:34:02.0268 6980 PptpMiniport - ok
02:34:02.0327 6980 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
02:34:02.0329 6980 Processor - ok
02:34:02.0439 6980 ProfSvc (e058ce4fc2449d8bfa14739c83b7ff2a) C:\Windows\system32\profsvc.dll
02:34:02.0442 6980 ProfSvc - ok
02:34:02.0554 6980 ProtectedStorage (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
02:34:02.0555 6980 ProtectedStorage - ok
02:34:02.0697 6980 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
02:34:02.0698 6980 PSched - ok
02:34:02.0804 6980 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
02:34:02.0858 6980 ql2300 - ok
02:34:02.0892 6980 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
02:34:02.0902 6980 ql40xx - ok
02:34:02.0955 6980 QWAVE (90574842c3da781e279061a3eff91f07) C:\Windows\system32\qwave.dll
02:34:02.0989 6980 QWAVE - ok
02:34:03.0009 6980 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
02:34:03.0017 6980 QWAVEdrv - ok
02:34:03.0029 6980 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
02:34:03.0030 6980 RasAcd - ok
02:34:03.0080 6980 RasAuto (b2ae18f847d07f0044404ddf7cb04497) C:\Windows\System32\rasauto.dll
02:34:03.0082 6980 RasAuto - ok
02:34:03.0104 6980 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
02:34:03.0108 6980 Rasl2tp - ok
02:34:03.0123 6980 RasMan (3ad83e4046c43be510de681588acb8af) C:\Windows\System32\rasmans.dll
02:34:03.0127 6980 RasMan - ok
02:34:03.0170 6980 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
02:34:03.0213 6980 RasPppoe - ok
02:34:03.0222 6980 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
02:34:03.0227 6980 RasSstp - ok
02:34:03.0287 6980 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
02:34:03.0313 6980 rdbss - ok
02:34:03.0325 6980 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
02:34:03.0326 6980 RDPCDD - ok
02:34:03.0389 6980 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
02:34:03.0420 6980 rdpdr - ok
02:34:03.0423 6980 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
02:34:03.0424 6980 RDPENCDD - ok
02:34:03.0475 6980 RDPWD (ae4bd9e1c33d351d8e607fc81f15160c) C:\Windows\system32\drivers\RDPWD.sys
02:34:03.0496 6980 RDPWD - ok
02:34:03.0534 6980 RemoteAccess (c612b9557da73f70d41f8a6fbc8e5344) C:\Windows\System32\mprdim.dll
02:34:03.0537 6980 RemoteAccess - ok
02:34:03.0631 6980 RemoteRegistry (44b9d8ec2f3ef3a0efb00857af70d861) C:\Windows\system32\regsvc.dll
02:34:03.0669 6980 RemoteRegistry - ok
02:34:03.0712 6980 RFCOMM (cd71e053d7260e4102d99a28f9196070) C:\Windows\system32\DRIVERS\rfcomm.sys
02:34:03.0734 6980 RFCOMM - ok
02:34:03.0745 6980 RpcLocator (f46c457840d4b7a4daafee739ce04102) C:\Windows\system32\locator.exe
02:34:03.0746 6980 RpcLocator - ok
02:34:03.0818 6980 RpcSs (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
02:34:03.0822 6980 RpcSs - ok
02:34:03.0882 6980 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
02:34:03.0884 6980 rspndr - ok
02:34:03.0920 6980 SamSs (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
02:34:03.0920 6980 SamSs - ok
02:34:04.0123 6980 SASDIFSV (99df79c258b3342b6c8a5f802998de56) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
02:34:04.0124 6980 SASDIFSV - ok
02:34:04.0129 6980 SASKUTIL (2859c35c0651e8eb0d86d48e740388f2) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
02:34:04.0130 6980 SASKUTIL - ok
02:34:04.0188 6980 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
02:34:04.0204 6980 sbp2port - ok
02:34:04.0265 6980 SCardSvr (fd1cdcf108d5ef3366f00d18b70fb89b) C:\Windows\System32\SCardSvr.dll
02:34:04.0277 6980 SCardSvr - ok
02:34:04.0409 6980 Schedule (0f838c811ad295d2a4489b9993096c63) C:\Windows\system32\schedsvc.dll
02:34:04.0429 6980 Schedule - ok
02:34:04.0482 6980 SCPolicySvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
02:34:04.0483 6980 SCPolicySvc - ok
02:34:04.0542 6980 SDRSVC (4ff71b076a7760fe75ea5ae2d0ee0018) C:\Windows\System32\SDRSVC.dll
02:34:04.0552 6980 SDRSVC - ok
02:34:04.0581 6980 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
02:34:04.0582 6980 secdrv - ok
02:34:04.0595 6980 seclogon (5acdcbc67fcf894a1815b9f96d704490) C:\Windows\system32\seclogon.dll
02:34:04.0597 6980 seclogon - ok
02:34:04.0634 6980 SENS (90973a64b96cd647ff81c79443618eed) C:\Windows\system32\sens.dll
02:34:04.0636 6980 SENS - ok
02:34:04.0648 6980 Serenum (2449316316411d65bd2c761a6ffb2ce2) C:\Windows\system32\DRIVERS\serenum.sys
02:34:04.0649 6980 Serenum - ok
02:34:04.0694 6980 Serial (4b438170be2fc8e0bd35ee87a960f84f) C:\Windows\system32\DRIVERS\serial.sys
02:34:04.0696 6980 Serial - ok
02:34:04.0709 6980 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
02:34:04.0710 6980 sermouse - ok
02:34:04.0724 6980 SessionEnv (a8e4a4407a09f35dccc3771af590b0c4) C:\Windows\system32\sessenv.dll
02:34:04.0726 6980 SessionEnv - ok
02:34:04.0742 6980 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
02:34:04.0743 6980 sffdisk - ok
02:34:04.0770 6980 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
02:34:04.0771 6980 sffp_mmc - ok
02:34:04.0783 6980 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
02:34:04.0784 6980 sffp_sd - ok
02:34:04.0787 6980 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
02:34:04.0788 6980 sfloppy - ok
02:34:04.0852 6980 SharedAccess (4c5aee179da7e1ee9a9ccb9da289af34) C:\Windows\System32\ipnathlp.dll
02:34:04.0878 6980 SharedAccess - ok
02:34:04.0956 6980 ShellHWDetection (56793271ecdedd350c5add305603e963) C:\Windows\System32\shsvcs.dll
02:34:04.0997 6980 ShellHWDetection - ok
02:34:05.0054 6980 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
02:34:05.0055 6980 SiSRaid2 - ok
02:34:05.0107 6980 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
02:34:05.0111 6980 SiSRaid4 - ok
02:34:05.0347 6980 slsvc (a9a27a8e257b45a604fdad4f26fe7241) C:\Windows\system32\SLsvc.exe
02:34:05.0428 6980 slsvc - ok
02:34:05.0583 6980 SLUINotify (fd74b4b7c2088e390a30c85a896fc3af) C:\Windows\system32\SLUINotify.dll
02:34:05.0585 6980 SLUINotify - ok
02:34:05.0655 6980 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
02:34:05.0670 6980 Smb - ok
02:34:05.0700 6980 SNMPTRAP (f8f47f38909823b1af28d60b96340cff) C:\Windows\System32\snmptrap.exe
02:34:05.0701 6980 SNMPTRAP - ok
02:34:05.0737 6980 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
02:34:05.0738 6980 spldr - ok
02:34:05.0839 6980 Spooler (f66ff751e7efc816d266977939ef5dc3) C:\Windows\System32\spoolsv.exe
02:34:05.0866 6980 Spooler - ok
02:34:05.0964 6980 sptd (88e5162e58c8919cc873f5d8946197cf) C:\Windows\System32\Drivers\sptd.sys
02:34:06.0021 6980 sptd - ok
02:34:06.0175 6980 SpyHunter 4 Service (36b143c5c4ef1fb0a59b3a712dd2cda1) C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
02:34:06.0219 6980 SpyHunter 4 Service - ok
02:34:06.0398 6980 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
02:34:06.0454 6980 srv - ok
02:34:06.0483 6980 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
02:34:06.0485 6980 srv2 - ok
02:34:06.0532 6980 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
02:34:06.0563 6980 srvnet - ok
02:34:06.0605 6980 SSDPSRV (192c74646ec5725aef3f80d19ff75f6a) C:\Windows\System32\ssdpsrv.dll
02:34:06.0632 6980 SSDPSRV - ok
02:34:06.0686 6980 SstpSvc (2ee3fa0308e6185ba64a9a7f2e74332b) C:\Windows\system32\sstpsvc.dll
02:34:06.0700 6980 SstpSvc - ok
02:34:06.0802 6980 Steam Client Service - ok
02:34:06.0871 6980 stisvc (15825c1fbfb8779992cb65087f316af5) C:\Windows\System32\wiaservc.dll
02:34:06.0921 6980 stisvc - ok
02:34:06.0945 6980 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
02:34:06.0946 6980 swenum - ok
02:34:07.0026 6980 swprv (6de37f4de19d4efd9c48c43addbc949a) C:\Windows\System32\swprv.dll
02:34:07.0039 6980 swprv - ok
02:34:07.0056 6980 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
02:34:07.0057 6980 Symc8xx - ok
02:34:07.0074 6980 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
02:34:07.0075 6980 Sym_hi - ok
02:34:07.0104 6980 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
02:34:07.0113 6980 Sym_u3 - ok
02:34:07.0207 6980 SysMain (92d7a8b0f87b036f17d25885937897a6) C:\Windows\system32\sysmain.dll
02:34:07.0263 6980 SysMain - ok
02:34:07.0335 6980 TabletInputService (005ce42567f9113a3bccb3b20073b029) C:\Windows\System32\TabSvc.dll
02:34:07.0412 6980 TabletInputService - ok
02:34:07.0534 6980 TapiSrv (cc2562b4d55e0b6a4758c65407f63b79) C:\Windows\System32\tapisrv.dll
02:34:07.0538 6980 TapiSrv - ok
02:34:07.0565 6980 TBS (cdbe8d7c1e201b911cdc346d06617fb5) C:\Windows\System32\tbssvc.dll
02:34:07.0567 6980 TBS - ok
02:34:07.0768 6980 Tcpip (46d448e9117464e4d3bbf36d7e3fa48e) C:\Windows\system32\drivers\tcpip.sys
02:34:07.0784 6980 Tcpip - ok
02:34:08.0042 6980 Tcpip6 (46d448e9117464e4d3bbf36d7e3fa48e) C:\Windows\system32\DRIVERS\tcpip.sys
02:34:08.0049 6980 Tcpip6 - ok
02:34:08.0177 6980 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
02:34:08.0178 6980 tcpipreg - ok
02:34:08.0256 6980 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
02:34:08.0257 6980 TDPIPE - ok
02:34:08.0307 6980 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
02:34:08.0335 6980 TDTCP - ok
02:34:08.0394 6980 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
02:34:08.0401 6980 tdx - ok
02:34:08.0475 6980 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
02:34:08.0476 6980 TermDD - ok
02:34:08.0572 6980 TermService (5cdd30bc217082dac71a9878d9bfd566) C:\Windows\System32\termsrv.dll
02:34:08.0607 6980 TermService - ok
02:34:08.0689 6980 Themes (56793271ecdedd350c5add305603e963) C:\Windows\system32\shsvcs.dll
02:34:08.0691 6980 Themes - ok
02:34:08.0747 6980 THREADORDER (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
02:34:08.0748 6980 THREADORDER - ok
02:34:08.0794 6980 TrkWks (f4689f05af472a651a7b1b7b02d200e7) C:\Windows\System32\trkwks.dll
02:34:08.0798 6980 TrkWks - ok
02:34:08.0867 6980 TrustedInstaller (66328b08ef5a9305d8ede36b93930369) C:\Windows\servicing\TrustedInstaller.exe
02:34:08.0868 6980 TrustedInstaller - ok
02:34:08.0895 6980 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
02:34:08.0896 6980 tssecsrv - ok
02:34:08.0902 6980 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
02:34:08.0903 6980 tunmp - ok
02:34:08.0941 6980 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
02:34:08.0942 6980 tunnel - ok
02:34:09.0202 6980 TVersityMediaServer (444a3cfab91479868692075086dc340a) C:\Users\Notactjack\AppData\Local\TVersity\Media Server\MediaServer.exe
02:34:09.0223 6980 TVersityMediaServer - ok
02:34:09.0266 6980 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
02:34:09.0299 6980 uagp35 - ok
02:34:09.0354 6980 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
02:34:09.0362 6980 udfs - ok
02:34:09.0374 6980 UI0Detect (060507c4113391394478f6953a79eedc) C:\Windows\system32\UI0Detect.exe
02:34:09.0376 6980 UI0Detect - ok
02:34:09.0403 6980 ULCDRHlp - ok
02:34:09.0424 6980 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
02:34:09.0426 6980 uliagpkx - ok
02:34:09.0464 6980 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
02:34:09.0474 6980 uliahci - ok
02:34:09.0504 6980 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
02:34:09.0506 6980 UlSata - ok
02:34:09.0534 6980 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
02:34:09.0541 6980 ulsata2 - ok
02:34:09.0548 6980 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
02:34:09.0549 6980 umbus - ok
02:34:09.0603 6980 upnphost (7093799ff80e9deca0680d2e3535be60) C:\Windows\System32\upnphost.dll
02:34:09.0615 6980 upnphost - ok
02:34:09.0696 6980 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
02:34:09.0699 6980 USBAAPL64 - ok
02:34:09.0773 6980 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
02:34:09.0781 6980 usbccgp - ok
02:34:09.0810 6980 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
02:34:09.0813 6980 usbcir - ok
02:34:09.0859 6980 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
02:34:09.0860 6980 usbehci - ok
02:34:09.0928 6980 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
02:34:09.0938 6980 usbhub - ok
02:34:09.0947 6980 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
02:34:09.0948 6980 usbohci - ok
02:34:09.0961 6980 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
02:34:09.0962 6980 usbprint - ok
02:34:09.0994 6980 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
02:34:09.0995 6980 usbscan - ok
02:34:10.0019 6980 usbser (f7386007fb19e7685fc7b298560aa81f) C:\Windows\system32\DRIVERS\usbser.sys
02:34:10.0020 6980 usbser - ok
02:34:10.0050 6980 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
02:34:10.0052 6980 USBSTOR - ok
02:34:10.0074 6980 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
02:34:10.0075 6980 usbuhci - ok
02:34:10.0131 6980 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
02:34:10.0152 6980 usbvideo - ok
02:34:10.0195 6980 UxSms (d76e231e4850bb3f88a3d9a78df191e3) C:\Windows\System32\uxsms.dll
02:34:10.0197 6980 UxSms - ok
02:34:10.0208 6980 VClone (c5e70c4e64666db9d69c9f2fdae22428) C:\Windows\system32\DRIVERS\VClone.sys
02:34:10.0209 6980 VClone - ok
02:34:10.0272 6980 vds (294945381dfa7ce58cecf0a9896af327) C:\Windows\System32\vds.exe
02:34:10.0293 6980 vds - ok
02:34:10.0354 6980 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
02:34:10.0357 6980 vga - ok
02:34:10.0375 6980 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
02:34:10.0376 6980 VgaSave - ok
02:34:10.0408 6980 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
02:34:10.0410 6980 viaide - ok
02:34:10.0462 6980 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
02:34:10.0464 6980 volmgr - ok
02:34:10.0516 6980 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
02:34:10.0524 6980 volmgrx - ok
02:34:10.0581 6980 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
02:34:10.0599 6980 volsnap - ok
02:34:10.0638 6980 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
02:34:10.0662 6980 vsmraid - ok
02:34:10.0768 6980 VSS (b75232dad33bfd95bf6f0a3e6bff51e1) C:\Windows\system32\vssvc.exe
02:34:10.0790 6980 VSS - ok
02:34:10.0906 6980 vToolbarUpdater11.2.0 (8ed347bad8d1fb7c40b593bfb01786d2) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
02:34:10.0923 6980 vToolbarUpdater11.2.0 - ok
02:34:11.0014 6980 W32Time (f14a7de2ea41883e250892e1e5230a9a) C:\Windows\system32\w32time.dll
02:34:11.0019 6980 W32Time - ok
02:34:11.0034 6980 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
02:34:11.0035 6980 WacomPen - ok
02:34:11.0056 6980 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
02:34:11.0057 6980 Wanarp - ok
02:34:11.0060 6980 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
02:34:11.0061 6980 Wanarpv6 - ok
02:34:11.0111 6980 wcncsvc (b4e4c37d0aa6100090a53213ee2bf1c1) C:\Windows\System32\wcncsvc.dll
02:34:11.0151 6980 wcncsvc - ok
02:34:11.0170 6980 WcsPlugInService (ea4b369560e986f19d93f45a881484ac) C:\Windows\System32\WcsPlugInService.dll
02:34:11.0171 6980 WcsPlugInService - ok
02:34:11.0184 6980 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
02:34:11.0185 6980 Wd - ok
02:34:11.0256 6980 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
02:34:11.0312 6980 Wdf01000 - ok
02:34:11.0336 6980 WdiServiceHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
02:34:11.0344 6980 WdiServiceHost - ok
02:34:11.0346 6980 WdiSystemHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
02:34:11.0347 6980 WdiSystemHost - ok
02:34:11.0370 6980 WebClient (3e6d05381cf35f75ebb055544a8ed9ac) C:\Windows\System32\webclnt.dll
02:34:11.0382 6980 WebClient - ok
02:34:11.0433 6980 Wecsvc (8d40bc587993f876658bf9fb0f7d3462) C:\Windows\system32\wecsvc.dll
02:34:11.0470 6980 Wecsvc - ok
02:34:11.0490 6980 wercplsupport (9c980351d7e96288ea0c23ae232bd065) C:\Windows\System32\wercplsupport.dll
02:34:11.0493 6980 wercplsupport - ok
02:34:11.0516 6980 WerSvc (66b9ecebc46683f47edc06333c075fef) C:\Windows\System32\WerSvc.dll
02:34:11.0526 6980 WerSvc - ok
02:34:11.0572 6980 WinDefend - ok
02:34:11.0578 6980 WinHttpAutoProxySvc - ok
02:34:11.0765 6980 Winmgmt (d2e7296ed1bd26d8db2799770c077a02) C:\Windows\system32\wbem\WMIsvc.dll
02:34:11.0793 6980 Winmgmt - ok
02:34:12.0089 6980 WinRM (6cbb0c68f13b9c2ec1b16f5fa5e7c869) C:\Windows\system32\WsmSvc.dll
02:34:12.0200 6980 WinRM - ok
02:34:12.0425 6980 Wlansvc (ec339c8115e91baed835957e9a677f16) C:\Windows\System32\wlansvc.dll
02:34:12.0476 6980 Wlansvc - ok
02:34:12.0854 6980 wlidsvc (98f138897ef4246381d197cb81846d62) c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
02:34:12.0939 6980 wlidsvc - ok
02:34:13.0238 6980 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys
02:34:13.0239 6980 WmiAcpi - ok
02:34:13.0393 6980 wmiApSrv (21fa389e65a852698b6a1341f36ee02d) C:\Windows\system32\wbem\WmiApSrv.exe
02:34:13.0432 6980 wmiApSrv - ok
02:34:13.0488 6980 WMPNetworkSvc - ok
02:34:13.0605 6980 WPCSvc (cbc156c913f099e6680d1df9307db7a8) C:\Windows\System32\wpcsvc.dll
02:34:13.0654 6980 WPCSvc - ok
02:34:13.0701 6980 WPDBusEnum (490a18b4e4d53dc10879deaa8e8b70d9) C:\Windows\system32\wpdbusenum.dll
02:34:13.0703 6980 WPDBusEnum - ok
02:34:13.0787 6980 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
02:34:13.0788 6980 WpdUsb - ok
02:34:14.0242 6980 WPFFontCache_v0400 (991e2c2cf3bc204c2bb2ee1476149e4e) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
02:34:14.0336 6980 WPFFontCache_v0400 - ok
02:34:14.0407 6980 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
02:34:14.0431 6980 ws2ifsl - ok
02:34:14.0494 6980 wscsvc (9ea3e6d0ef7a5c2b9181961052a4b01a) C:\Windows\system32\wscsvc.dll
02:34:14.0496 6980 wscsvc - ok
02:34:14.0499 6980 WSearch - ok
02:34:14.0741 6980 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
02:34:14.0817 6980 wuauserv - ok
02:34:15.0128 6980 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
02:34:15.0130 6980 WUDFRd - ok
02:34:15.0240 6980 wudfsvc (6cbd51ff913c851d56ed9dc7f2a27dde) C:\Windows\System32\WUDFSvc.dll
02:34:15.0315 6980 wudfsvc - ok
02:34:15.0367 6980 xusb21 (9176c0822faa649e45121875be32f5d2) C:\Windows\system32\DRIVERS\xusb21.sys
02:34:15.0398 6980 xusb21 - ok
02:34:15.0476 6980 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
02:34:15.0938 6980 \Device\Harddisk0\DR0 - ok
02:34:15.0941 6980 Boot (0x1200) (309dd86b939928de550fd3e72a18fd71) \Device\Harddisk0\DR0\Partition0
02:34:15.0942 6980 \Device\Harddisk0\DR0\Partition0 - ok
02:34:15.0951 6980 Boot (0x1200) (1378b5cf4203cbd3ad14d9cc7e547841) \Device\Harddisk0\DR0\Partition1
02:34:15.0953 6980 \Device\Harddisk0\DR0\Partition1 - ok
02:34:15.0953 6980 ============================================================
02:34:15.0953 6980 Scan finished
02:34:15.0953 6980 ============================================================
02:34:15.0970 5980 Detected object count: 0
02:34:15.0970 5980 Actual detected object count: 0


***************************
ASWMBR report

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-24 02:35:44
-----------------------------
02:35:44.434 OS Version: Windows x64 6.0.6002 Service Pack 2
02:35:44.434 Number of processors: 4 586 0xF0B
02:35:44.435 ComputerName: FOXBOXVER2 UserName: Notactjack
02:35:45.912 Initialize success
02:36:24.529 AVAST engine defs: 12072302
02:36:35.373 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
02:36:35.375 Disk 0 Vendor: Intel___ 1.0. Size: 1220956MB BusType: 8
02:36:35.388 Disk 0 MBR read successfully
02:36:35.390 Disk 0 MBR scan
02:36:35.392 Disk 0 Windows VISTA default MBR code
02:36:35.400 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 625564 MB offset 2048
02:36:35.421 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 595388 MB offset 1281159168
02:36:35.479 Disk 0 scanning C:\Windows\system32\drivers
02:36:52.904 Service scanning
02:37:14.504 Modules scanning
02:37:14.508 Disk 0 trace - called modules:
02:37:14.534 ntoskrnl.exe CLASSPNP.SYS disk.sys iastorv.sys hal.dll
02:37:14.536 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80063135e0]
02:37:14.540 3 CLASSPNP.SYS[fffffa600124dc33] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004923050]
02:37:16.161 AVAST engine scan C:\Windows
02:37:21.034 AVAST engine scan C:\Windows\system32
02:40:57.196 AVAST engine scan C:\Windows\system32\drivers
02:41:15.188 AVAST engine scan C:\Users\Notactjack
03:48:57.802 AVAST engine scan C:\ProgramData
03:55:03.097 Scan finished successfully
06:19:15.385 Disk 0 MBR has been saved successfully to "C:\Users\Notactjack\Desktop\malware fix\MBR.dat"
06:19:15.390 The log file has been saved successfully to "C:\Users\Notactjack\Desktop\malware fix\aswMBR.txt"


*************

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:15 AM

Posted 24 July 2012 - 09:47 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 notactjack

notactjack
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:15 PM

Posted 24 July 2012 - 11:21 PM

OTL logfile created on: 7/24/2012 10:53:01 PM - Run 1
OTL by OldTimer - Version 3.2.54.1 Folder = C:\Users\Notactjack\Desktop\malware fix
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 1.45 Gb Available Physical Memory | 36.15% Memory free
12.60 Gb Paging File | 8.85 Gb Available in Paging File | 70.20% Paging File free
Paging file location(s): c:\pagefile.sys 4500 7000e:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 610.90 Gb Total Space | 267.32 Gb Free Space | 43.76% Space Free | Partition Type: NTFS
Drive D: | 7.60 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 581.43 Gb Total Space | 45.68 Gb Free Space | 7.86% Space Free | Partition Type: NTFS

Computer Name: FOXBOXVER2 | User Name: Notactjack | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Notactjack\Desktop\malware fix\OTL.exe (OldTimer Tools)
PRC - C:\Users\Notactjack\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe (Google)
PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe ()
PRC - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
PRC - C:\Program Files (x86)\Google\Update\1.3.21.115\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgfws.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe (Kaspersky Lab ZAO)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgcfgex.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\Wondershare\MobileGo\MobileGoService.exe (Wondershare)
PRC - C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
PRC - C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.)
PRC - E:\Program Files\Steam\Steam.exe (Valve Corporation)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
PRC - C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe ()
PRC - C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe (Logitech Inc.)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Acer Display\eDisplay Management\dthtml.exe (Portrait Displays, Inc)
PRC - C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe (Portrait Displays, Inc.)
PRC - C:\Program Files (x86)\ASUS\AASP\1.00.64\aaCenter.exe ()
PRC - C:\Program Files (x86)\Portrait Displays\Pivot Software\Floater.exe ()
PRC - C:\Program Files (x86)\Portrait Displays\Pivot Software\wpCtrl.exe ()
PRC - C:\Program Files (x86)\SimpleCenter\bin\win\sclauncher.exe (Universal Electronics Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\SiteSafety.dll ()
MOD - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
MOD - C:\Users\Notactjack\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppgooglenaclpluginchrome.dll ()
MOD - C:\Users\Notactjack\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll ()
MOD - C:\Users\Notactjack\AppData\Local\Google\Chrome\Application\20.0.1132.57\libglesv2.dll ()
MOD - C:\Users\Notactjack\AppData\Local\Google\Chrome\Application\20.0.1132.57\libegl.dll ()
MOD - C:\Users\Notactjack\AppData\Local\Google\Chrome\Application\20.0.1132.57\avutil-51.dll ()
MOD - C:\Users\Notactjack\AppData\Local\Google\Chrome\Application\20.0.1132.57\avformat-54.dll ()
MOD - C:\Users\Notactjack\AppData\Local\Google\Chrome\Application\20.0.1132.57\avcodec-54.dll ()
MOD - C:\Users\Notactjack\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll ()
MOD - E:\Program Files\Steam\bin\libcef.dll ()
MOD - E:\Program Files\Steam\bin\avcodec-53.dll ()
MOD - E:\Program Files\Steam\bin\chromehtml.dll ()
MOD - E:\Program Files\Steam\bin\avformat-53.dll ()
MOD - E:\Program Files\Steam\bin\avutil-51.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\4b5eaa70d2900b98ccf6fd9915f34d69\System.EnterpriseServices.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\b6d83a652c94b32fc8f99a6df0acd7f4\System.Transactions.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\bfdd10e0a0aacf46bac557ffc5d55ba5\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\qtscript4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\qtgui4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\qtnetwork4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\qtsql4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\qtdeclarative4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\qtcore4.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Wondershare\MobileGo\System.Data.SQLite.dll ()
MOD - C:\Program Files (x86)\LeapFrog\LeapFrog Connect\QtGui4.dll ()
MOD - C:\Program Files (x86)\LeapFrog\LeapFrog Connect\QtCore4.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
MOD - C:\Program Files (x86)\Common Files\LogiShrd\LvApi11\LvApi11.dll ()
MOD - C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe ()
MOD - C:\Program Files (x86)\Logitech\Logitech Vid\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Program Files (x86)\Logitech\Logitech Vid\plugins\imageformats\qico4.dll ()
MOD - C:\Program Files (x86)\Logitech\Logitech Vid\plugins\imageformats\qgif4.dll ()
MOD - C:\Program Files (x86)\Logitech\Logitech Vid\SDL.dll ()
MOD - C:\Program Files (x86)\Logitech\Logitech Vid\qtxml4.dll ()
MOD - C:\Program Files (x86)\Logitech\Logitech Vid\QtWebKit4.dll ()
MOD - C:\Program Files (x86)\Logitech\Logitech Vid\qtsql4.dll ()
MOD - C:\Program Files (x86)\Logitech\Logitech Vid\QtOpenGL4.dll ()
MOD - C:\Program Files (x86)\Logitech\Logitech Vid\QtNetwork4.dll ()
MOD - C:\Program Files (x86)\Logitech\Logitech Vid\QtGui4.dll ()
MOD - C:\Program Files (x86)\Logitech\Logitech Vid\QtCore4.dll ()
MOD - C:\Program Files (x86)\Logitech\Logitech Vid\phonon4.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\CC\gui.dll ()
MOD - C:\Program Files (x86)\Common Files\Portrait Displays\Shared\PresetsCOM.dll ()
MOD - C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\di2c.dll ()
MOD - C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\smsc.dll ()
MOD - C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\null.dll ()
MOD - C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\vista.dll ()
MOD - C:\Program Files (x86)\ASUS\AASP\1.00.64\aaCenter.exe ()
MOD - C:\Program Files (x86)\ASUS\AASP\1.00.64\cpuutil.dll ()
MOD - C:\Program Files (x86)\Portrait Displays\Pivot Software\Floater.exe ()
MOD - C:\Program Files (x86)\Portrait Displays\Pivot Software\wpCtrl.exe ()
MOD - C:\Program Files (x86)\Portrait Displays\Pivot Software\Winphook.dll ()
MOD - C:\Program Files (x86)\SimpleCenter\bin\win\sclauncher.dll ()
MOD - C:\Windows\SysWOW64\AsIO.dll ()
MOD - C:\Program Files (x86)\ASUS\AASP\1.00.64\PowerDll.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (SpyHunter 4 Service) -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe (Enigma Software Group USA, LLC.)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)
SRV:64bit: - (HFGService) -- C:\Windows\SysNative\HFGService.dll (CSR, plc)
SRV:64bit: - (LVPrcS64) -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV:64bit: - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (vToolbarUpdater11.2.0) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe ()
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgfws) -- C:\Program Files (x86)\AVG\AVG2012\avgfws.exe (AVG Technologies CZ, s.r.o.)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (KSS) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe (Kaspersky Lab ZAO)
SRV - (HiPatchService) -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe (Hi-Rez Studios)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (LeapFrog Connect Device Service) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (DAUpdaterSvc) -- e:\Program Files\Steam\steamapps\common\dragon age origins\bin_ship\daupdatersvc.service.exe (BioWare)
SRV - (TVersityMediaServer) -- C:\Users\Notactjack\AppData\Local\TVersity\Media Server\MediaServer.exe ()
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (DTSRVC) -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe ()
SRV - (PdiService) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe (Portrait Displays, Inc.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\DRIVERS\avgidsha.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\DRIVERS\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\DRIVERS\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdLH6.sys (Advanced Micro Devices)
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\DRIVERS\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\DRIVERS\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\DRIVERS\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSFilter) -- C:\Windows\SysNative\DRIVERS\avgidsfiltera.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\DRIVERS\avgidsdrivera.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\DRIVERS\netaapl64.sys (Apple Inc.)
DRV:64bit: - (Avgfwfd) -- C:\Windows\SysNative\DRIVERS\avgfwd6a.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys ()
DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (BthAudioHF) -- C:\Windows\SysNative\DRIVERS\BthAudioHF.sys (CSR, plc)
DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\DRIVERS\lvuvc64.sys (Logitech Inc.)
DRV:64bit: - (LVPr2Mon) -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys ()
DRV:64bit: - (LVPr2M64) -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys ()
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\DRIVERS\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\DRIVERS\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\DRIVERS\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\DRIVERS\lirsgt.sys ()
DRV:64bit: - (motandroidusb) -- C:\Windows\SysNative\Drivers\motoandroid.sys (Motorola)
DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\Drivers\LUsbFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidEqd) -- C:\Windows\SysNative\DRIVERS\LHidEqd.Sys (Logitech, Inc.)
DRV:64bit: - (LEqdUsb) -- C:\Windows\SysNative\DRIVERS\LEqdUsb.Sys (Logitech, Inc.)
DRV:64bit: - (L8042Kbd) -- C:\Windows\SysNative\DRIVERS\L8042Kbd.sys (Logitech, Inc.)
DRV:64bit: - (VClone) -- C:\Windows\SysNative\DRIVERS\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\Drivers\sptd.sys (Duplex Secure Ltd.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (grmnusb) -- C:\Windows\SysNative\drivers\grmnusb.sys (GARMIN Corp.)
DRV:64bit: - (BlackBox) -- C:\Windows\SysNative\blackbox.dll (Microsoft Corporation)
DRV:64bit: - (usbser) -- C:\Windows\SysNative\DRIVERS\usbser.sys (Microsoft Corporation)
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\Drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (L1E) -- C:\Windows\SysNative\DRIVERS\L1E60x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (PdiPorts) -- C:\Windows\SysNative\DRIVERS\PdiPorts.sys (Portrait Displays, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iastor.sys (Intel Corporation)
DRV:64bit: - (AmdLLD64) -- C:\Windows\SysNative\DRIVERS\AmdLLD64.sys (AMD, Inc.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\DRIVERS\ASACPI.sys ()
DRV - (BlackBox) -- C:\Windows\SysWow64\drivers\BlackBox.sys ()
DRV - (MREMP50) -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50) -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (ISODisk) -- C:\Windows\SysWow64\drivers\ISODisk.sys ()
DRV - (ULCDRHlp) -- C:\Windows\SysWOW64\drivers\ULCDRHlp.sys (Ulead Systems, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-74704441-3100272475-3625200479-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-74704441-3100272475-3625200479-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-74704441-3100272475-3625200479-1000\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-74704441-3100272475-3625200479-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-74704441-3100272475-3625200479-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-74704441-3100272475-3625200479-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://tbsearch.ask.com/redirect?client=ie&tb=PF&o=&src=crm&q={searchTerms}&locale=
IE - HKU\S-1-5-21-74704441-3100272475-3625200479-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={A5B21BF9-60E6-4D79-BC33-8B3E448E9A2B}&mid=c303807efc5347d08210d1529aeb0317-6720e87c82db44024ed211be6759c134006ade2b&lang=en&ds=AVG&pr=pr&d=2012-07-15 16:28:19&v=11.1.0.12&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-74704441-3100272475-3625200479-1000\..\SearchScopes\{A9EBA39F-8736-49DF-BD53-82B88083BCD2}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253
IE - HKU\S-1-5-21-74704441-3100272475-3625200479-1000\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-search.com/search/web?q={searchTerms}
IE - HKU\S-1-5-21-74704441-3100272475-3625200479-1000\..\SearchScopes\{C98F0BE9-B785-4F16-A8AA-24E02FE60ABA}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKU\S-1-5-21-74704441-3100272475-3625200479-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-74704441-3100272475-3625200479-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
IE - HKU\S-1-5-21-74704441-3100272475-3625200479-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50370

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaultthis.engineName: "uTorrentControl2 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"
FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.8.0191
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: howtovideosidebar@wonderhowto.com:1.1
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.2
FF - prefs.js..extensions.enabledItems: en-US@dictionaries.addons.mozilla.org:5.0.1
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:3.7.0.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..keyword.URL: "http://isearch.avg.com/search?cid=%7B63e9d24f-7387-4ac8-805d-9fe444cff948%7D&mid=c303807efc5347d08210d1529aeb0317-6720e87c82db44024ed211be6759c134006ade2b&ds=AVG&v=11.1.0.12&lang=en&pr=pr&d=2012-07-15%2016%3A28%3A19&sap=ku&q="
FF - prefs.js..network.proxy.type: 0


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Notactjack\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Notactjack\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Notactjack\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Notactjack\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Notactjack\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Notactjack\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Notactjack\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files (x86)\Google\Google Gears\Firefox\ [2010/03/08 23:52:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/07/15 16:26:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.12\ [2012/07/15 16:28:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/22 21:17:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/06/20 22:08:09 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Users\Notactjack\AppData\Roaming\Move Networks [2009/11/07 18:13:20 | 000,000,000 | ---D | M]

[2008/12/08 12:45:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Notactjack\AppData\Roaming\Mozilla\Extensions
[2012/07/24 10:56:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Notactjack\AppData\Roaming\Mozilla\Firefox\Profiles\8jpul60o.default\extensions
[2010/10/07 18:54:10 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Notactjack\AppData\Roaming\Mozilla\Firefox\Profiles\8jpul60o.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/10/04 02:18:02 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\Notactjack\AppData\Roaming\Mozilla\Firefox\Profiles\8jpul60o.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2012/04/15 02:50:11 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\Notactjack\AppData\Roaming\Mozilla\Firefox\Profiles\8jpul60o.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2012/06/08 13:13:27 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\Notactjack\AppData\Roaming\Mozilla\Firefox\Profiles\8jpul60o.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
[2012/07/24 10:56:15 | 000,000,000 | ---D | M] (Zynga Community Toolbar) -- C:\Users\Notactjack\AppData\Roaming\Mozilla\Firefox\Profiles\8jpul60o.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2009/01/03 22:36:22 | 000,000,000 | ---D | M] ("UDToolbar") -- C:\Users\Notactjack\AppData\Roaming\Mozilla\Firefox\Profiles\8jpul60o.default\extensions\{7BC5A936-2E6F-4d8a-BAB5-77C555E0AD71}
[2012/06/06 14:57:55 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Notactjack\AppData\Roaming\Mozilla\Firefox\Profiles\8jpul60o.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/10/04 02:18:01 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Users\Notactjack\AppData\Roaming\Mozilla\Firefox\Profiles\8jpul60o.default\extensions\DTToolbar@toolbarnet.com
[2012/06/06 14:57:54 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Users\Notactjack\AppData\Roaming\Mozilla\Firefox\Profiles\8jpul60o.default\extensions\en-US@dictionaries.addons.mozilla.org
[2012/03/12 12:52:09 | 000,000,000 | ---D | M] (Geolocater) -- C:\Users\Notactjack\AppData\Roaming\Mozilla\Firefox\Profiles\8jpul60o.default\extensions\geolocater@3liz.com
[2011/10/04 02:18:02 | 000,000,000 | ---D | M] (How-To Video Sidebar) -- C:\Users\Notactjack\AppData\Roaming\Mozilla\Firefox\Profiles\8jpul60o.default\extensions\howtovideosidebar@wonderhowto.com
[2012/07/24 10:56:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Notactjack\AppData\Roaming\Mozilla\Firefox\Profiles\8jpul60o.default\extensions\staged
[2012/04/29 22:23:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Notactjack\AppData\Roaming\Mozilla\Firefox\Profiles\8jpul60o.default\jetpack\FantapperExtension@brandaffinity.net
[2012/04/29 22:28:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Notactjack\AppData\Roaming\Mozilla\Firefox\Profiles\8jpul60o.default\jetpack\FantapperExtension@brandaffinity.net\simple-storage
[2009/07/10 18:26:08 | 000,002,257 | ---- | M] () -- C:\Users\Notactjack\AppData\Roaming\Mozilla\Firefox\Profiles\8jpul60o.default\searchplugins\askcom.xml
[2012/04/25 02:40:54 | 000,000,935 | ---- | M] () -- C:\Users\Notactjack\AppData\Roaming\Mozilla\Firefox\Profiles\8jpul60o.default\searchplugins\conduit.xml
[2009/05/21 21:02:23 | 000,002,399 | ---- | M] () -- C:\Users\Notactjack\AppData\Roaming\Mozilla\Firefox\Profiles\8jpul60o.default\searchplugins\daemon-search.xml
[2012/06/20 22:08:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/03/22 11:21:05 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2012/06/20 22:08:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/07/15 16:26:30 | 000,000,000 | ---D | M] (AVG Do Not Track) -- C:\PROGRAM FILES (X86)\AVG\AVG2012\FIREFOX\DONOTTRACK
[2012/07/15 16:28:22 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\11.1.0.12
[2009/11/07 18:13:20 | 000,000,000 | ---D | M] (Move Media Player) -- C:\USERS\NOTACTJACK\APPDATA\ROAMING\MOVE NETWORKS
[2011/11/17 06:08:41 | 000,042,336 | ---- | M] () (No name found) -- C:\USERS\NOTACTJACK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8JPUL60O.DEFAULT\EXTENSIONS\{E968FC70-8F95-4AB9-9E79-304DE2A71EE1}.XPI
[2012/06/08 16:20:44 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2008/06/18 01:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2009/09/15 11:36:09 | 000,024,576 | ---- | M] (My Search) -- C:\Program Files (x86)\mozilla firefox\plugins\NPMySrch.dll
[2011/12/09 12:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012/07/15 16:28:17 | 000,003,748 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/07/05 10:55:25 | 000,002,313 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012/02/27 07:57:08 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/27 07:57:08 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage:
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Notactjack\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Notactjack\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Notactjack\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Notactjack\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: My Search Plugin Stub (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPMySrch.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Notactjack\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Notactjack\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Notactjack\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Notactjack\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Users\Notactjack\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Angry Birds = C:\Users\Notactjack\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: Adobe Flash Player = C:\Users\Notactjack\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmbcojfgcpdpfjincpkbgkicelebkgc\12.126.1_0\
CHR - Extension: Dead Frontier = C:\Users\Notactjack\AppData\Local\Google\Chrome\User Data\Default\Extensions\dglbaehakkaojfihjkgkpknbjldhhmmn\1.1_0\
CHR - Extension: Realm of the Mad God = C:\Users\Notactjack\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhjfmaldpppkmjjgkmadddbanpabfflp\1.0.0.3_0\
CHR - Extension: Realm of the Mad God = C:\Users\Notactjack\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhjfmaldpppkmjjgkmadddbanpabfflp\1.0.0.3_0\~
CHR - Extension: Kroll = C:\Users\Notactjack\AppData\Local\Google\Chrome\User Data\Default\Extensions\efjdaaaepgacfpadimoljoefkmnnkpkm\6_0\
CHR - Extension: Facebook Disconnect = C:\Users\Notactjack\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpepffjfmamnambagiibghpglaidiec\1.3.0_0\
CHR - Extension: G+ Game Companion = C:\Users\Notactjack\AppData\Local\Google\Chrome\User Data\Default\Extensions\hblmfcjnddgfoaclffhjglaibncpcnbn\2.1.1_0\
CHR - Extension: G+ Game Companion = C:\Users\Notactjack\AppData\Local\Google\Chrome\User Data\Default\Extensions\hblmfcjnddgfoaclffhjglaibncpcnbn\2.1.1_0\~
CHR - Extension: Marvel Comics = C:\Users\Notactjack\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjhfaknohpjconjoefidanhihokmkice\1.0.0.0_0\
CHR - Extension: Google +1 Button = C:\Users\Notactjack\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgoepmocgafhnchmokaimcmlojpnlkhp\1.1.2.424_0\
CHR - Extension: Cargo Bridge = C:\Users\Notactjack\AppData\Local\Google\Chrome\User Data\Default\Extensions\keembkgclppcbilkekfgpobhldjjhpmn\1.5.7_0\
CHR - Extension: InvisibleHand = C:\Users\Notactjack\AppData\Local\Google\Chrome\User Data\Default\Extensions\lghjfnfolmcikomdjmoiemllfnlmmoko\3.7.11_0\
CHR - Extension: Dragons of Atlantis = C:\Users\Notactjack\AppData\Local\Google\Chrome\User Data\Default\Extensions\manlnjcghdempjdpndlcmaaobbighhcf\1.5_0\
CHR - Extension: Google Mail Checker = C:\Users\Notactjack\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\3.2_0\
CHR - Extension: AVG Do Not Track = C:\Users\Notactjack\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\
CHR - Extension: Better History = C:\Users\Notactjack\AppData\Local\Google\Chrome\User Data\Default\Extensions\obciceimmggglbmelaidpjlmodcebijb\1.6.0_0\
CHR - Extension: uTorrentControl2 = C:\Users\Notactjack\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\2.3.15.10_0\
CHR - Extension: Bullet Physics NaCl Test = C:\Users\Notactjack\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgehkhceingafmkkmbeoempaablkkeal\1.0_0\
CHR - Extension: Gmail = C:\Users\Notactjack\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/07/22 21:36:41 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O3 - HKU\S-1-5-21-74704441-3100272475-3625200479-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-74704441-3100272475-3625200479-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKU\S-1-5-21-74704441-3100272475-3625200479-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKU\S-1-5-21-74704441-3100272475-3625200479-1000\..\Toolbar\WebBrowser: (uTorrentControl2 Toolbar) - {687578B9-7132-4A7A-80E4-30EE31099E03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Ai Nap] C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe ()
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Cpu Level Up help] C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [DT ACR] C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe ()
O4 - HKLM..\Run: [HF_G_Jul] C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [Monitor] C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [PivotSoftware] C:\Program Files (x86)\Portrait Displays\Pivot Software\wpctrl.exe ()
O4 - HKLM..\Run: [QFan Help] C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe ()
O4 - HKLM..\Run: [sclauncher] C:\Program Files (x86)\SimpleCenter\bin\win\sclauncher.exe (Universal Electronics Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-21-74704441-3100272475-3625200479-1000..\Run: [KSS] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe (Kaspersky Lab ZAO)
O4 - HKU\S-1-5-21-74704441-3100272475-3625200479-1000..\Run: [Logitech Vid] C:\Program Files (x86)\Logitech\Logitech Vid\vid.exe (Logitech Inc.)
O4 - HKU\S-1-5-21-74704441-3100272475-3625200479-1000..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKU\S-1-5-21-74704441-3100272475-3625200479-1000..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe (Phoenix Labs)
O4 - HKU\S-1-5-21-74704441-3100272475-3625200479-1000..\Run: [Steam] e:\program files\steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-74704441-3100272475-3625200479-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-74704441-3100272475-3625200479-1000..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-74704441-3100272475-3625200479-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-74704441-3100272475-3625200479-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-74704441-3100272475-3625200479-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-74704441-3100272475-3625200479-1000\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2FF57131-1AF0-42E8-9DFA-58031E2E9461}: DhcpNameServer = 172.16.68.215 172.16.68.215 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{532EA2C7-C218-4B44-9290-D7CA4982968E}: DhcpNameServer = 69.78.96.14 66.174.92.14
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C5050877-D2AA-4668-86CB-AAF05A0C7ED2}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll ()
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Notactjack\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Notactjack\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/02/02 16:42:35 | 000,000,058 | -H-- | M] () - D:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/24 10:52:56 | 000,000,000 | ---D | C] -- C:\Users\Notactjack\AppData\Local\Macromedia
[2012/07/22 21:03:16 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/07/22 21:03:16 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/07/22 21:03:16 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/07/22 21:03:09 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/22 21:02:55 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/07/22 20:21:21 | 000,000,000 | ---D | C] -- C:\Users\Notactjack\Desktop\malware fix
[2012/07/17 09:28:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/07/16 03:01:32 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/07/16 03:01:31 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/07/16 03:01:31 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/07/16 03:01:31 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/07/16 03:01:30 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/07/16 03:01:30 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/07/16 03:01:30 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/07/16 03:01:30 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/07/16 03:01:30 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/07/16 03:01:29 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/07/16 03:01:29 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/07/16 03:01:29 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/07/16 03:01:29 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/07/15 20:24:43 | 000,254,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012/07/15 16:28:51 | 000,000,000 | ---D | C] -- C:\Users\Notactjack\AppData\Roaming\AVG2012
[2012/07/15 16:28:40 | 000,000,000 | ---D | C] -- C:\Users\Notactjack\AppData\Local\AVG Secure Search
[2012/07/15 16:28:19 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2012/07/15 16:28:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
[2012/07/15 16:28:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search
[2012/07/15 16:27:17 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\AVG
[2012/07/15 16:26:18 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2012/07/15 16:26:18 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\AVG
[2012/07/15 16:26:18 | 000,000,000 | ---D | C] -- C:\$AVG
[2012/07/15 16:25:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2012/07/15 15:58:56 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Notactjack\Desktop\dds.scr
[2012/07/10 00:32:04 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/07/10 00:32:04 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/07/08 13:32:37 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/07/08 02:34:53 | 000,000,000 | ---D | C] -- C:\Users\Notactjack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan
[2012/07/08 02:34:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012/07/08 02:34:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2012/07/07 13:25:38 | 000,000,000 | ---D | C] -- C:\Users\Notactjack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
[2012/07/07 13:25:36 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2012/07/07 13:25:36 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012/07/05 10:55:09 | 000,000,000 | ---D | C] -- C:\Users\Notactjack\AppData\Local\Giant Savings
[2012/07/05 10:55:08 | 000,000,000 | ---D | C] -- C:\Users\Notactjack\AppData\Roaming\Go PDF Reader
[2012/07/05 10:55:07 | 000,000,000 | ---D | C] -- C:\Users\Notactjack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Go PDF Reader
[2012/07/05 10:55:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Giant Savings
[2012/07/05 10:55:06 | 000,000,000 | ---D | C] -- C:\Users\Notactjack\AppData\Roaming\Babylon
[2012/07/05 10:55:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012/07/05 10:55:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Go PDF Reader
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/24 22:47:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/24 22:47:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/24 22:38:00 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-74704441-3100272475-3625200479-1000UA.job
[2012/07/24 22:26:59 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/24 21:43:29 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/24 21:43:29 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/24 18:06:12 | 102,099,525 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/07/24 10:51:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012/07/24 10:05:32 | 000,103,115 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/07/24 04:38:01 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-74704441-3100272475-3625200479-1000Core.job
[2012/07/22 21:42:25 | 000,812,616 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/22 21:42:25 | 000,679,040 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/22 21:42:25 | 000,134,810 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/22 21:36:41 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/07/22 21:35:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/22 21:34:59 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2012/07/22 21:33:39 | 000,001,445 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/07/18 08:09:50 | 000,017,701 | ---- | M] () -- C:\Users\Notactjack\Desktop\download.htm
[2012/07/17 09:28:48 | 000,000,872 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/07/16 03:22:35 | 002,325,008 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/15 16:29:05 | 000,027,520 | ---- | M] () -- C:\Users\Notactjack\AppData\Local\dt.dat
[2012/07/15 16:27:17 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2012/07/15 16:27:17 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavifw.avm
[2012/07/15 16:27:17 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2012/07/15 16:06:48 | 000,035,712 | ---- | M] () -- C:\Windows\SysWow64\drivers\BlackBox.sys
[2012/07/15 15:59:07 | 000,139,264 | ---- | M] () -- C:\Users\Notactjack\Desktop\RKUnhookerLE.EXE
[2012/07/15 15:58:54 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Notactjack\Desktop\dds.scr
[2012/07/15 15:58:41 | 000,000,020 | ---- | M] () -- C:\Users\Notactjack\defogger_reenable
[2012/07/15 15:58:13 | 000,050,477 | ---- | M] () -- C:\Users\Notactjack\Desktop\Defogger.exe
[2012/07/12 12:34:13 | 000,002,029 | ---- | M] () -- C:\Users\Notactjack\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/07/12 02:27:14 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/07/12 02:27:14 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/07/08 13:34:43 | 000,017,408 | ---- | M] () -- C:\Users\Notactjack\AppData\Local\WebpageIcons.db
[2012/07/08 02:42:00 | 000,002,475 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2012/07/08 02:34:32 | 000,000,984 | ---- | M] () -- C:\Users\Notactjack\Desktop\Kaspersky Security Scan.lnk
[2012/07/07 13:25:38 | 000,002,099 | ---- | M] () -- C:\Users\Notactjack\Desktop\SpyHunter.lnk
[2012/07/05 10:55:31 | 000,000,237 | ---- | M] () -- C:\user.js
[2012/07/03 22:26:39 | 000,000,814 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.umbrella
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/24 18:06:12 | 102,099,525 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/07/24 10:05:32 | 000,103,115 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/07/22 21:03:16 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/07/22 21:03:16 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/07/22 21:03:16 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/07/22 21:03:16 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/07/22 21:03:16 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/07/18 08:09:57 | 000,017,701 | ---- | C] () -- C:\Users\Notactjack\Desktop\download.htm
[2012/07/15 16:29:05 | 000,027,520 | ---- | C] () -- C:\Users\Notactjack\AppData\Local\dt.dat
[2012/07/15 16:28:23 | 000,000,872 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/07/15 16:27:17 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2012/07/15 16:27:17 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavifw.avm
[2012/07/15 16:27:17 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2012/07/15 16:05:20 | 000,035,712 | ---- | C] () -- C:\Windows\SysWow64\drivers\BlackBox.sys
[2012/07/15 15:59:08 | 000,139,264 | ---- | C] () -- C:\Users\Notactjack\Desktop\RKUnhookerLE.EXE
[2012/07/15 15:58:41 | 000,000,020 | ---- | C] () -- C:\Users\Notactjack\defogger_reenable
[2012/07/15 15:58:24 | 000,050,477 | ---- | C] () -- C:\Users\Notactjack\Desktop\Defogger.exe
[2012/07/08 13:34:42 | 000,017,408 | ---- | C] () -- C:\Users\Notactjack\AppData\Local\WebpageIcons.db
[2012/07/08 13:32:37 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/08 02:34:53 | 000,000,984 | ---- | C] () -- C:\Users\Notactjack\Desktop\Kaspersky Security Scan.lnk
[2012/07/07 13:25:38 | 000,002,099 | ---- | C] () -- C:\Users\Notactjack\Desktop\SpyHunter.lnk
[2012/07/05 10:55:29 | 000,000,237 | ---- | C] () -- C:\user.js
[2012/03/20 21:53:50 | 000,000,858 | ---- | C] () -- C:\Users\Notactjack\.recently-used.xbel
[2011/11/17 05:29:23 | 000,001,445 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2011/09/28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/09/12 18:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/03/20 14:48:50 | 000,000,864 | ---- | C] () -- C:\Users\Notactjack\mlvUser.properties
[2011/03/20 14:48:46 | 000,000,122 | ---- | C] () -- C:\Users\Notactjack\.mlvreg
[2010/10/07 20:00:43 | 000,000,600 | ---- | C] () -- C:\Users\Notactjack\AppData\Local\PUTTY.RND
[2010/08/15 09:59:19 | 000,002,032 | ---- | C] () -- C:\Users\Notactjack\AppData\Local\d3d9caps.dat
[2010/04/26 22:05:17 | 000,054,369 | ---- | C] () -- C:\Users\Notactjack\Untitled (4).wma
[2010/04/23 07:04:43 | 000,003,426 | ---- | C] () -- C:\Users\Notactjack\30572bL_small.jpg
[2009/12/26 20:58:57 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/06/23 04:58:20 | 000,105,826 | ---- | C] () -- C:\Users\Notactjack\Zombiecon2008-700.jpg
[2009/04/12 14:21:11 | 000,018,756 | ---- | C] () -- C:\Users\Notactjack\BlackMagedestroyworld.jpg
[2009/04/12 14:19:49 | 000,008,323 | ---- | C] () -- C:\Users\Notactjack\blackmage.gif
[2009/03/15 20:24:33 | 000,003,912 | ---- | C] () -- C:\Users\Notactjack\Alex.jpg
[2009/03/12 22:56:32 | 000,104,285 | ---- | C] () -- C:\Users\Notactjack\lumberjack-commandos.jpg
[2009/03/07 01:39:17 | 000,029,392 | ---- | C] () -- C:\Users\Notactjack\CopyofNOB004.jpg
[2009/02/13 15:46:51 | 000,010,092 | ---- | C] () -- C:\Users\Notactjack\AppData\Roaming\UserTile.png
[2009/02/06 11:14:48 | 000,074,175 | ---- | C] () -- C:\Users\Notactjack\cl2copyvr4.jpg
[2009/02/06 11:14:35 | 000,145,392 | ---- | C] () -- C:\Users\Notactjack\cl1copyxs8.jpg
[2009/01/20 22:08:03 | 000,024,455 | ---- | C] () -- C:\Users\Notactjack\frank.jpg
[2009/01/18 20:21:03 | 000,094,042 | ---- | C] () -- C:\Users\Notactjack\MCXAnewsflag.PNG
[2008/12/30 18:02:58 | 002,997,489 | ---- | C] () -- C:\Users\Notactjack\EndoGeniX - decade.mp3
[2008/12/30 18:02:46 | 002,769,916 | ---- | C] () -- C:\Users\Notactjack\EndoGeniX - Lost forever.mp3
[2008/12/30 18:02:40 | 003,215,348 | ---- | C] () -- C:\Users\Notactjack\EndoGeniX - save.mp3
[2008/12/30 18:02:32 | 002,335,456 | ---- | C] () -- C:\Users\Notactjack\EndoGeniX - Rain wsolo xtra angst.mp3
[2008/12/30 18:02:25 | 002,539,197 | ---- | C] () -- C:\Users\Notactjack\EndoGeniX - wicked.mp3
[2008/12/30 18:01:35 | 002,062,100 | ---- | C] () -- C:\Users\Notactjack\EndoGeniX - chaos song.mp3
[2008/12/30 14:21:10 | 000,002,538 | ---- | C] () -- C:\Users\Notactjack\dancingbm.gif
[2008/12/08 23:25:11 | 000,000,098 | ---- | C] () -- C:\Users\Notactjack\AppData\Local\fusioncache.dat
[2008/12/06 11:32:34 | 000,162,816 | ---- | C] () -- C:\Users\Notactjack\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/06 00:55:59 | 000,000,732 | ---- | C] () -- C:\Users\Notactjack\AppData\Local\d3d9caps64.dat

< End of report >

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:15 AM

Posted 26 July 2012 - 12:21 PM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O3 - HKU\S-1-5-21-74704441-3100272475-3625200479-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
    IE - HKLM\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
    IE - HKU\S-1-5-21-74704441-3100272475-3625200479-1000\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
    IE - HKU\S-1-5-21-74704441-3100272475-3625200479-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://tbsearch.ask.com/redirect?client=ie&tb=PF&o=&src=crm&q={searchTerms}&locale=
    IE - HKU\S-1-5-21-74704441-3100272475-3625200479-1000\..\SearchScopes\{A9EBA39F-8736-49DF-BD53-82B88083BCD2}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253
    IE - HKU\S-1-5-21-74704441-3100272475-3625200479-1000\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-search.com/search/web?q={searchTerms}
    IE - HKU\S-1-5-21-74704441-3100272475-3625200479-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50370
    FF - prefs.js..browser.search.defaultthis.engineName: "uTorrentControl2 Customized Web Search"
    FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=3&q={searchTerms}"
    FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
    FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.8.0191
    [2012/06/08 13:13:27 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\Notactjack\AppData\Roaming\Mozilla\Firefox\Profiles\8jpul60o.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
    [2012/07/24 10:56:15 | 000,000,000 | ---D | M] (Zynga Community Toolbar) -- C:\Users\Notactjack\AppData\Roaming\Mozilla\Firefox\Profiles\8jpul60o.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
    [2009/01/03 22:36:22 | 000,000,000 | ---D | M] ("UDToolbar") -- C:\Users\Notactjack\AppData\Roaming\Mozilla\Firefox\Profiles\8jpul60o.default\extensions\{7BC5A936-2E6F-4d8a-BAB5-77C555E0AD71}
    [2009/07/10 18:26:08 | 000,002,257 | ---- | M] () -- C:\Users\Notactjack\AppData\Roaming\Mozilla\Firefox\Profiles\8jpul60o.default\searchplugins\askcom.xml
    [2012/04/25 02:40:54 | 000,000,935 | ---- | M] () -- C:\Users\Notactjack\AppData\Roaming\Mozilla\Firefox\Profiles\8jpul60o.default\searchplugins\conduit.xml
    [2009/05/21 21:02:23 | 000,002,399 | ---- | M] () -- C:\Users\Notactjack\AppData\Roaming\Mozilla\Firefox\Profiles\8jpul60o.default\searchplugins\daemon-search.xml
    [2012/07/05 10:55:25 | 000,002,313 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
    O2 - BHO: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
    O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
    O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
    O3 - HKLM\..\Toolbar: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
    O3:64bit: - HKU\S-1-5-21-74704441-3100272475-3625200479-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
    O3 - HKU\S-1-5-21-74704441-3100272475-3625200479-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
    O3 - HKU\S-1-5-21-74704441-3100272475-3625200479-1000\..\Toolbar\WebBrowser: (uTorrentControl2 Toolbar) - {687578B9-7132-4A7A-80E4-30EE31099E03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
    [2012/07/05 10:55:06 | 000,000,000 | ---D | C] -- C:\Users\Notactjack\AppData\Roaming\Babylon
    [2012/07/05 10:55:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 notactjack

notactjack
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:15 PM

Posted 27 July 2012 - 08:39 PM

FYI Still have the redirects and pop ups. It really wants me to download a mplayer and lots of redirects to ilivid


========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_USERS\S-1-5-21-74704441-3100272475-3625200479-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\grooveLocalGWS\ deleted successfully.
File Protocol\Handler\grooveLocalGWS - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
File Protocol\Handler\livecall - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
File Protocol\Handler\msnim - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
File Protocol\Handler\skype4com - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol\ deleted successfully.
File Protocol\Handler\viprotocol - No CLSID value found not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{687578b9-7132-4a7a-80e4-30ee31099e03} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{687578b9-7132-4a7a-80e4-30ee31099e03}\ deleted successfully.
C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-74704441-3100272475-3625200479-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{687578b9-7132-4a7a-80e4-30ee31099e03} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{687578b9-7132-4a7a-80e4-30ee31099e03}\ not found.
File C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll not found.
Registry key HKEY_USERS\S-1-5-21-74704441-3100272475-3625200479-1000\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found.
Registry key HKEY_USERS\S-1-5-21-74704441-3100272475-3625200479-1000\Software\Microsoft\Internet Explorer\SearchScopes\{A9EBA39F-8736-49DF-BD53-82B88083BCD2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A9EBA39F-8736-49DF-BD53-82B88083BCD2}\ not found.
Registry key HKEY_USERS\S-1-5-21-74704441-3100272475-3625200479-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}\ not found.
HKU\S-1-5-21-74704441-3100272475-3625200479-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Prefs.js: "uTorrentControl2 Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "Search the web (Babylon)" removed from browser.search.order.1
Prefs.js: DTToolbar@toolbarnet.com:1.1.8.0191 removed from extensions.enabledItems
C:\Users\Notactjack\AppData\Roaming\Mozilla\Firefox\Profiles\8jpul60o.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\searchplugin folder moved successfully.
C:\Users\Notactjack\AppData\Roaming\Mozilla\Firefox\Profiles\8jpul60o.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\Plugins folder moved successfully.
C:\Users\Notactjack\AppData\Roaming\Mozilla\Firefox\Profiles\8jpul60o.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\modules folder moved successfully.
C:\Users\Notactjack\AppData\Roaming\Mozilla\Firefox\Profiles\8jpul60o.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\META-INF folder moved successfully.
C:\Users\Notactjack\AppData\Roaming\Mozilla\Firefox\Profiles\8jpul60o.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\defaults folder moved successfully.
C:\Users\Notactjack\AppData\Roaming\Mozilla\Firefox\Profiles\8jpul60o.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\components folder moved successfully.
C:\Users\Notactjack\AppData\Roaming\Mozilla\Firefox\Profiles\8jpul60o.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\chrome folder moved successfully.
C:\Users\Notactjack\AppData\Roaming\Mozilla\Firefox\Profiles\8jpul60o.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03} folder moved successfully.
C:\Users\Notactjack\AppData\Roaming\Mozilla\Firefox\Profiles\8jpul60o.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\searchplugin folder moved successfully.
C:\Users\Notactjack\AppData\Roaming\Mozilla\Firefox\Profiles\8jpul60o.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\Plugins folder moved successfully.
C:\Users\Notactjack\AppData\Roaming\Mozilla\Firefox\Profiles\8jpul60o.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\modules folder moved successfully.
C:\Users\Notactjack\AppData\Roaming\Mozilla\Firefox\Profiles\8jpul60o.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\META-INF folder moved successfully.
C:\Users\Notactjack\AppData\Roaming\Mozilla\Firefox\Profiles\8jpul60o.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\defaults folder moved successfully.
C:\Users\Notactjack\AppData\Roaming\Mozilla\Firefox\Profiles\8jpul60o.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components folder moved successfully.
C:\Users\Notactjack\AppData\Roaming\Mozilla\Firefox\Profiles\8jpul60o.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\chrome folder moved successfully.
C:\Users\Notactjack\AppData\Roaming\Mozilla\Firefox\Profiles\8jpul60o.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822} folder moved successfully.
C:\Users\Notactjack\AppData\Roaming\Mozilla\Firefox\Profiles\8jpul60o.default\extensions\{7BC5A936-2E6F-4d8a-BAB5-77C555E0AD71}\defaults\preferences folder moved successfully.
C:\Users\Notactjack\AppData\Roaming\Mozilla\Firefox\Profiles\8jpul60o.default\extensions\{7BC5A936-2E6F-4d8a-BAB5-77C555E0AD71}\defaults folder moved successfully.
C:\Users\Notactjack\AppData\Roaming\Mozilla\Firefox\Profiles\8jpul60o.default\extensions\{7BC5A936-2E6F-4d8a-BAB5-77C555E0AD71}\chrome folder moved successfully.
C:\Users\Notactjack\AppData\Roaming\Mozilla\Firefox\Profiles\8jpul60o.default\extensions\{7BC5A936-2E6F-4d8a-BAB5-77C555E0AD71} folder moved successfully.
C:\Users\Notactjack\AppData\Roaming\Mozilla\Firefox\Profiles\8jpul60o.default\searchplugins\askcom.xml moved successfully.
C:\Users\Notactjack\AppData\Roaming\Mozilla\Firefox\Profiles\8jpul60o.default\searchplugins\conduit.xml moved successfully.
C:\Users\Notactjack\AppData\Roaming\Mozilla\Firefox\Profiles\8jpul60o.default\searchplugins\daemon-search.xml moved successfully.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{687578b9-7132-4a7a-80e4-30ee31099e03}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{687578b9-7132-4a7a-80e4-30ee31099e03}\ not found.
File C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ deleted successfully.
C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ deleted successfully.
C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{687578b9-7132-4a7a-80e4-30ee31099e03} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{687578b9-7132-4a7a-80e4-30ee31099e03}\ not found.
File C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll not found.
64bit-Registry value HKEY_USERS\S-1-5-21-74704441-3100272475-3625200479-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
File C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll not found.
Registry value HKEY_USERS\S-1-5-21-74704441-3100272475-3625200479-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
File C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll not found.
Registry value HKEY_USERS\S-1-5-21-74704441-3100272475-3625200479-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{687578B9-7132-4A7A-80E4-30EE31099E03} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{687578B9-7132-4A7A-80E4-30EE31099E03}\ not found.
File C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll not found.
C:\Users\Notactjack\AppData\Roaming\Babylon folder moved successfully.
C:\ProgramData\Babylon folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Notactjack\Desktop\malware fix\cmd.bat deleted successfully.
C:\Users\Notactjack\Desktop\malware fix\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: AppData

User: Default

User: Default User

User: Notactjack
->Java cache emptied: 7711777 bytes

User: Public

Total Java Files Cleaned = 7.00 mb


[EMPTYFLASH]

User: All Users

User: AppData

User: Default
->Flash cache emptied: 41661 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Notactjack
->Flash cache emptied: 2589537 bytes

User: Public

Total Flash Files Cleaned = 3.00 mb


OTL by OldTimer - Version 3.2.54.1 log created on 07272012_203652

Edited by notactjack, 27 July 2012 - 08:46 PM.


#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:15 AM

Posted 27 July 2012 - 10:09 PM

I would like you to run a new scan with OTL and I would like to know which browser this is happening in



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 notactjack

notactjack
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:15 PM

Posted 28 July 2012 - 11:10 PM

It happens in all browsers. (IE, firefox, and Chrome) I use Chrome the most. Also after reading some other posts I think I have another symptom. Phantom commercials playing in the current web page. If I close the tab/window the audio goes away.


OTL logfile created on: 7/28/2012 10:49:48 PM - Run 2
OTL by OldTimer - Version 3.2.54.1 Folder = C:\Users\Notactjack\Desktop\malware fix
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 1.64 Gb Available Physical Memory | 40.96% Memory free
12.60 Gb Paging File | 8.97 Gb Available in Paging File | 71.21% Paging File free
Paging file location(s): c:\pagefile.sys 4500 7000e:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 610.90 Gb Total Space | 265.77 Gb Free Space | 43.50% Space Free | Partition Type: NTFS
Drive D: | 7.60 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 581.43 Gb Total Space | 45.67 Gb Free Space | 7.86% Space Free | Partition Type: NTFS

Computer Name: FOXBOXVER2 | User Name: Notactjack | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Notactjack\Desktop\malware fix\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe ()
PRC - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
PRC - C:\Program Files (x86)\Google\Update\1.3.21.115\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgfws.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe (Kaspersky Lab ZAO)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\Wondershare\MobileGo\MobileGoService.exe (Wondershare)
PRC - C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
PRC - C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.)
PRC - E:\Program Files\Steam\Steam.exe (Valve Corporation)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Users\Notactjack\AppData\Local\TVersity\Media Server\MediaServer.exe ()
PRC - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
PRC - C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe ()
PRC - C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe (Logitech Inc.)
PRC - C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe ()
PRC - C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe (Logitech Inc.)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Acer Display\eDisplay Management\dthtml.exe (Portrait Displays, Inc)
PRC - C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe ()
PRC - C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe (Portrait Displays, Inc.)
PRC - C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe ()
PRC - C:\Program Files (x86)\ASUS\AASP\1.00.64\aaCenter.exe ()
PRC - C:\Program Files (x86)\Portrait Displays\Pivot Software\Floater.exe ()
PRC - C:\Program Files (x86)\Portrait Displays\Pivot Software\wpCtrl.exe ()
PRC - C:\Program Files (x86)\SimpleCenter\bin\win\sclauncher.exe (Universal Electronics Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\SiteSafety.dll ()
MOD - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
MOD - C:\Users\Notactjack\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppgooglenaclpluginchrome.dll ()
MOD - C:\Users\Notactjack\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll ()
MOD - C:\Users\Notactjack\AppData\Local\Google\Chrome\Application\20.0.1132.57\libglesv2.dll ()
MOD - C:\Users\Notactjack\AppData\Local\Google\Chrome\Application\20.0.1132.57\libegl.dll ()
MOD - C:\Users\Notactjack\AppData\Local\Google\Chrome\Application\20.0.1132.57\avutil-51.dll ()
MOD - C:\Users\Notactjack\AppData\Local\Google\Chrome\Application\20.0.1132.57\avformat-54.dll ()
MOD - C:\Users\Notactjack\AppData\Local\Google\Chrome\Application\20.0.1132.57\avcodec-54.dll ()
MOD - C:\Users\Notactjack\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll ()
MOD - E:\Program Files\Steam\bin\libcef.dll ()
MOD - E:\Program Files\Steam\bin\avcodec-53.dll ()
MOD - E:\Program Files\Steam\bin\chromehtml.dll ()
MOD - E:\Program Files\Steam\bin\avformat-53.dll ()
MOD - E:\Program Files\Steam\bin\avutil-51.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\4b5eaa70d2900b98ccf6fd9915f34d69\System.EnterpriseServices.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\b6d83a652c94b32fc8f99a6df0acd7f4\System.Transactions.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\bfdd10e0a0aacf46bac557ffc5d55ba5\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\qtscript4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\qtgui4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\qtnetwork4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\qtsql4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\qtdeclarative4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\qtcore4.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Wondershare\MobileGo\System.Data.SQLite.dll ()
MOD - C:\Program Files (x86)\LeapFrog\LeapFrog Connect\QtGui4.dll ()
MOD - C:\Program Files (x86)\LeapFrog\LeapFrog Connect\QtCore4.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
MOD - C:\Program Files (x86)\Common Files\LogiShrd\LvApi11\LvApi11.dll ()
MOD - C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe ()
MOD - C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe ()
MOD - C:\Program Files (x86)\Logitech\Logitech Vid\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Program Files (x86)\Logitech\Logitech Vid\plugins\imageformats\qico4.dll ()
MOD - C:\Program Files (x86)\Logitech\Logitech Vid\plugins\imageformats\qgif4.dll ()
MOD - C:\Program Files (x86)\Logitech\Logitech Vid\SDL.dll ()
MOD - C:\Program Files (x86)\Logitech\Logitech Vid\qtxml4.dll ()
MOD - C:\Program Files (x86)\Logitech\Logitech Vid\QtWebKit4.dll ()
MOD - C:\Program Files (x86)\Logitech\Logitech Vid\qtsql4.dll ()
MOD - C:\Program Files (x86)\Logitech\Logitech Vid\QtOpenGL4.dll ()
MOD - C:\Program Files (x86)\Logitech\Logitech Vid\QtNetwork4.dll ()
MOD - C:\Program Files (x86)\Logitech\Logitech Vid\QtGui4.dll ()
MOD - C:\Program Files (x86)\Logitech\Logitech Vid\QtCore4.dll ()
MOD - C:\Program Files (x86)\Logitech\Logitech Vid\phonon4.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\CC\gui.dll ()
MOD - C:\Program Files (x86)\Common Files\Portrait Displays\Shared\PresetsCOM.dll ()
MOD - C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\di2c.dll ()
MOD - C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\smsc.dll ()
MOD - C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\null.dll ()
MOD - C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\vista.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe ()
MOD - C:\Program Files (x86)\ASUS\AASP\1.00.64\aaCenter.exe ()
MOD - C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.dll ()
MOD - C:\Program Files (x86)\ASUS\AASP\1.00.64\cpuutil.dll ()
MOD - C:\Program Files (x86)\Portrait Displays\Pivot Software\Floater.exe ()
MOD - C:\Program Files (x86)\Portrait Displays\Pivot Software\wpCtrl.exe ()
MOD - C:\Program Files (x86)\Portrait Displays\Pivot Software\Winphook.dll ()
MOD - C:\Program Files (x86)\SimpleCenter\bin\win\sclauncher.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite\AiNap\vvc.dll ()
MOD - C:\Windows\SysWOW64\AsIO.dll ()
MOD - C:\Program Files (x86)\ASUS\AASP\1.00.64\PowerDll.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (SpyHunter 4 Service) -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe (Enigma Software Group USA, LLC.)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)
SRV:64bit: - (HFGService) -- C:\Windows\SysNative\HFGService.dll (CSR, plc)
SRV:64bit: - (LVPrcS64) -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV:64bit: - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (vToolbarUpdater11.2.0) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe ()
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgfws) -- C:\Program Files (x86)\AVG\AVG2012\avgfws.exe (AVG Technologies CZ, s.r.o.)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (KSS) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe (Kaspersky Lab ZAO)
SRV - (HiPatchService) -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe (Hi-Rez Studios)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (LeapFrog Connect Device Service) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (DAUpdaterSvc) -- e:\Program Files\Steam\steamapps\common\dragon age origins\bin_ship\daupdatersvc.service.exe (BioWare)
SRV - (TVersityMediaServer) -- C:\Users\Notactjack\AppData\Local\TVersity\Media Server\MediaServer.exe ()
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (DTSRVC) -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe ()
SRV - (PdiService) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe (Portrait Displays, Inc.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\DRIVERS\avgidsha.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\DRIVERS\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\DRIVERS\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdLH6.sys (Advanced Micro Devices)
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\DRIVERS\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\DRIVERS\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\DRIVERS\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSFilter) -- C:\Windows\SysNative\DRIVERS\avgidsfiltera.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\DRIVERS\avgidsdrivera.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\DRIVERS\netaapl64.sys (Apple Inc.)
DRV:64bit: - (Avgfwfd) -- C:\Windows\SysNative\DRIVERS\avgfwd6a.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys ()
DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (BthAudioHF) -- C:\Windows\SysNative\DRIVERS\BthAudioHF.sys (CSR, plc)
DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\DRIVERS\lvuvc64.sys (Logitech Inc.)
DRV:64bit: - (LVPr2Mon) -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys ()
DRV:64bit: - (LVPr2M64) -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys ()
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\DRIVERS\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\DRIVERS\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\DRIVERS\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\DRIVERS\lirsgt.sys ()
DRV:64bit: - (motandroidusb) -- C:\Windows\SysNative\Drivers\motoandroid.sys (Motorola)
DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\Drivers\LUsbFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidEqd) -- C:\Windows\SysNative\DRIVERS\LHidEqd.Sys (Logitech, Inc.)
DRV:64bit: - (LEqdUsb) -- C:\Windows\SysNative\DRIVERS\LEqdUsb.Sys (Logitech, Inc.)
DRV:64bit: - (L8042Kbd) -- C:\Windows\SysNative\DRIVERS\L8042Kbd.sys (Logitech, Inc.)
DRV:64bit: - (VClone) -- C:\Windows\SysNative\DRIVERS\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\Drivers\sptd.sys (Duplex Secure Ltd.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (grmnusb) -- C:\Windows\SysNative\drivers\grmnusb.sys (GARMIN Corp.)
DRV:64bit: - (BlackBox) -- C:\Windows\SysNative\blackbox.dll (Microsoft Corporation)
DRV:64bit: - (usbser) -- C:\Windows\SysNative\DRIVERS\usbser.sys (Microsoft Corporation)
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\Drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (L1E) -- C:\Windows\SysNative\DRIVERS\L1E60x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (PdiPorts) -- C:\Windows\SysNative\DRIVERS\PdiPorts.sys (Portrait Displays, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iastor.sys (Intel Corporation)
DRV:64bit: - (AmdLLD64) -- C:\Windows\SysNative\DRIVERS\AmdLLD64.sys (AMD, Inc.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\DRIVERS\ASACPI.sys ()
DRV - (BlackBox) -- C:\Windows\SysWow64\drivers\BlackBox.sys ()
DRV - (MREMP50) -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50) -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (ISODisk) -- C:\Windows\SysWow64\drivers\ISODisk.sys ()
DRV - (ULCDRHlp) -- C:\Windows\SysWOW64\drivers\ULCDRHlp.sys (Ulead Systems, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={A5B21BF9-60E6-4D79-BC33-8B3E448E9A2B}&mid=c303807efc5347d08210d1529aeb0317-6720e87c82db44024ed211be6759c134006ade2b&lang=en&ds=AVG&pr=pr&d=2012-07-15 16:28:19&v=11.1.0.12&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{C98F0BE9-B785-4F16-A8AA-24E02FE60ABA}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: howtovideosidebar@wonderhowto.com:1.1
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.2
FF - prefs.js..extensions.enabledItems: en-US@dictionaries.addons.mozilla.org:5.0.1
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:3.7.0.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..keyword.URL: "http://isearch.avg.com/search?cid=%7B63e9d24f-7387-4ac8-805d-9fe444cff948%7D&mid=c303807efc5347d08210d1529aeb0317-6720e87c82db44024ed211be6759c134006ade2b&ds=AVG&v=11.1.0.12&lang=en&pr=pr&d=2012-07-15%2016%3A28%3A19&sap=ku&q="
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Notactjack\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Notactjack\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Notactjack\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Notactjack\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Notactjack\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Notactjack\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Notactjack\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files (x86)\Google\Google Gears\Firefox\ [2010/03/08 23:52:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/07/15 16:26:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.12\ [2012/07/15 16:28:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/22 21:17:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/06/20 22:08:09 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Users\Notactjack\AppData\Roaming\Move Networks [2009/11/07 18:13:20 | 000,000,000 | ---D | M]

[2008/12/08 12:45:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Notactjack\AppData\Roaming\Mozilla\Extensions
[2012/07/27 20:37:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Notactjack\AppData\Roaming\Mozilla\Firefox\Profiles\8jpul60o.default\extensions
[2010/10/07 18:54:10 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Notactjack\AppData\Roaming\Mozilla\Firefox\Profiles\8jpul60o.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/10/04 02:18:02 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\Notactjack\AppData\Roaming\Mozilla\Firefox\Profiles\8jpul60o.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2012/04/15 02:50:11 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\Notactjack\AppData\Roaming\Mozilla\Firefox\Profiles\8jpul60o.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2012/06/06 14:57:55 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Notactjack\AppData\Roaming\Mozilla\Firefox\Profiles\8jpul60o.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/10/04 02:18:01 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Users\Notactjack\AppData\Roaming\Mozilla\Firefox\Profiles\8jpul60o.default\extensions\DTToolbar@toolbarnet.com
[2012/06/06 14:57:54 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Users\Notactjack\AppData\Roaming\Mozilla\Firefox\Profiles\8jpul60o.default\extensions\en-US@dictionaries.addons.mozilla.org
[2012/03/12 12:52:09 | 000,000,000 | ---D | M] (Geolocater) -- C:\Users\Notactjack\AppData\Roaming\Mozilla\Firefox\Profiles\8jpul60o.default\extensions\geolocater@3liz.com
[2011/10/04 02:18:02 | 000,000,000 | ---D | M] (How-To Video Sidebar) -- C:\Users\Notactjack\AppData\Roaming\Mozilla\Firefox\Profiles\8jpul60o.default\extensions\howtovideosidebar@wonderhowto.com
[2012/07/24 10:56:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Notactjack\AppData\Roaming\Mozilla\Firefox\Profiles\8jpul60o.default\extensions\staged
[2012/04/29 22:23:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Notactjack\AppData\Roaming\Mozilla\Firefox\Profiles\8jpul60o.default\jetpack\FantapperExtension@brandaffinity.net
[2012/04/29 22:28:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Notactjack\AppData\Roaming\Mozilla\Firefox\Profiles\8jpul60o.default\jetpack\FantapperExtension@brandaffinity.net\simple-storage
[2012/06/20 22:08:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/03/22 11:21:05 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2012/06/20 22:08:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/07/15 16:26:30 | 000,000,000 | ---D | M] (AVG Do Not Track) -- C:\PROGRAM FILES (X86)\AVG\AVG2012\FIREFOX\DONOTTRACK
[2012/07/15 16:28:22 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\11.1.0.12
[2009/11/07 18:13:20 | 000,000,000 | ---D | M] (Move Media Player) -- C:\USERS\NOTACTJACK\APPDATA\ROAMING\MOVE NETWORKS
File not found (No name found) -- C:\USERS\NOTACTJACK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8JPUL60O.DEFAULT\EXTENSIONS\{687578B9-7132-4A7A-80E4-30EE31099E03}
[2011/11/17 06:08:41 | 000,042,336 | ---- | M] () (No name found) -- C:\USERS\NOTACTJACK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8JPUL60O.DEFAULT\EXTENSIONS\{E968FC70-8F95-4AB9-9E79-304DE2A71EE1}.XPI
[2012/06/08 16:20:44 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2008/06/18 01:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2009/09/15 11:36:09 | 000,024,576 | ---- | M] (My Search) -- C:\Program Files (x86)\mozilla firefox\plugins\NPMySrch.dll
[2011/12/09 12:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012/07/15 16:28:17 | 000,003,748 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/02/27 07:57:08 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/27 07:57:08 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage:
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Notactjack\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Notactjack\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Notactjack\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Notactjack\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: My Search Plugin Stub (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPMySrch.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Notactjack\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Notactjack\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Notactjack\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Notactjack\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Users\Notactjack\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Angry Birds = C:\Users\Notactjack\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: Adobe Flash Player = C:\Users\Notactjack\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmbcojfgcpdpfjincpkbgkicelebkgc\12.126.1_0\
CHR - Extension: Dead Frontier = C:\Users\Notactjack\AppData\Local\Google\Chrome\User Data\Default\Extensions\dglbaehakkaojfihjkgkpknbjldhhmmn\1.1_0\
CHR - Extension: Realm of the Mad God = C:\Users\Notactjack\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhjfmaldpppkmjjgkmadddbanpabfflp\1.0.0.3_0\
CHR - Extension: Realm of the Mad God = C:\Users\Notactjack\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhjfmaldpppkmjjgkmadddbanpabfflp\1.0.0.3_0\~
CHR - Extension: Kroll = C:\Users\Notactjack\AppData\Local\Google\Chrome\User Data\Default\Extensions\efjdaaaepgacfpadimoljoefkmnnkpkm\6_0\
CHR - Extension: Facebook Disconnect = C:\Users\Notactjack\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpepffjfmamnambagiibghpglaidiec\1.3.0_0\
CHR - Extension: G+ Game Companion = C:\Users\Notactjack\AppData\Local\Google\Chrome\User Data\Default\Extensions\hblmfcjnddgfoaclffhjglaibncpcnbn\2.1.1_0\
CHR - Extension: G+ Game Companion = C:\Users\Notactjack\AppData\Local\Google\Chrome\User Data\Default\Extensions\hblmfcjnddgfoaclffhjglaibncpcnbn\2.1.1_0\~
CHR - Extension: Marvel Comics = C:\Users\Notactjack\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjhfaknohpjconjoefidanhihokmkice\1.0.0.0_0\
CHR - Extension: Google +1 Button = C:\Users\Notactjack\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgoepmocgafhnchmokaimcmlojpnlkhp\1.1.2.424_0\
CHR - Extension: Cargo Bridge = C:\Users\Notactjack\AppData\Local\Google\Chrome\User Data\Default\Extensions\keembkgclppcbilkekfgpobhldjjhpmn\1.5.7_0\
CHR - Extension: InvisibleHand = C:\Users\Notactjack\AppData\Local\Google\Chrome\User Data\Default\Extensions\lghjfnfolmcikomdjmoiemllfnlmmoko\3.7.11_0\
CHR - Extension: Dragons of Atlantis = C:\Users\Notactjack\AppData\Local\Google\Chrome\User Data\Default\Extensions\manlnjcghdempjdpndlcmaaobbighhcf\1.5_0\
CHR - Extension: Google Mail Checker = C:\Users\Notactjack\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\3.2_0\
CHR - Extension: AVG Do Not Track = C:\Users\Notactjack\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\
CHR - Extension: Better History = C:\Users\Notactjack\AppData\Local\Google\Chrome\User Data\Default\Extensions\obciceimmggglbmelaidpjlmodcebijb\1.6.0_0\
CHR - Extension: uTorrentControl2 = C:\Users\Notactjack\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\2.3.15.10_0\
CHR - Extension: Bullet Physics NaCl Test = C:\Users\Notactjack\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgehkhceingafmkkmbeoempaablkkeal\1.0_0\
CHR - Extension: Gmail = C:\Users\Notactjack\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/07/22 21:36:41 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Ai Nap] C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe ()
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Cpu Level Up help] C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [DT ACR] C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe ()
O4 - HKLM..\Run: [HF_G_Jul] C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [Monitor] C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [PivotSoftware] C:\Program Files (x86)\Portrait Displays\Pivot Software\wpctrl.exe ()
O4 - HKLM..\Run: [QFan Help] C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe ()
O4 - HKLM..\Run: [sclauncher] C:\Program Files (x86)\SimpleCenter\bin\win\sclauncher.exe (Universal Electronics Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [KSS] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe (Kaspersky Lab ZAO)
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files (x86)\Logitech\Logitech Vid\vid.exe (Logitech Inc.)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKCU..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe (Phoenix Labs)
O4 - HKCU..\Run: [Steam] e:\program files\steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2FF57131-1AF0-42E8-9DFA-58031E2E9461}: DhcpNameServer = 172.16.68.215 172.16.68.215 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{532EA2C7-C218-4B44-9290-D7CA4982968E}: DhcpNameServer = 69.78.96.14 66.174.92.14
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C5050877-D2AA-4668-86CB-AAF05A0C7ED2}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Notactjack\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Notactjack\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/02/02 16:42:35 | 000,000,058 | -H-- | M] () - D:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/27 20:36:52 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/07/24 23:57:26 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/07/24 10:52:56 | 000,000,000 | ---D | C] -- C:\Users\Notactjack\AppData\Local\Macromedia
[2012/07/22 21:03:16 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/07/22 21:03:16 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/07/22 21:03:16 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/07/22 21:03:09 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/22 21:02:55 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/07/22 20:21:21 | 000,000,000 | ---D | C] -- C:\Users\Notactjack\Desktop\malware fix
[2012/07/17 09:28:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/07/16 03:01:32 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/07/16 03:01:31 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/07/16 03:01:31 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/07/16 03:01:31 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/07/16 03:01:30 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/07/16 03:01:30 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/07/16 03:01:30 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/07/16 03:01:30 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/07/16 03:01:30 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/07/16 03:01:29 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/07/16 03:01:29 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/07/16 03:01:29 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/07/16 03:01:29 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/07/15 20:24:43 | 000,254,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012/07/15 16:28:51 | 000,000,000 | ---D | C] -- C:\Users\Notactjack\AppData\Roaming\AVG2012
[2012/07/15 16:28:40 | 000,000,000 | ---D | C] -- C:\Users\Notactjack\AppData\Local\AVG Secure Search
[2012/07/15 16:28:19 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2012/07/15 16:28:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
[2012/07/15 16:28:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search
[2012/07/15 16:27:17 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\AVG
[2012/07/15 16:26:18 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2012/07/15 16:26:18 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\AVG
[2012/07/15 16:26:18 | 000,000,000 | ---D | C] -- C:\$AVG
[2012/07/15 16:25:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2012/07/15 15:58:56 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Notactjack\Desktop\dds.scr
[2012/07/10 00:32:04 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/07/10 00:32:04 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/07/08 13:32:37 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/07/08 02:34:53 | 000,000,000 | ---D | C] -- C:\Users\Notactjack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan
[2012/07/08 02:34:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012/07/08 02:34:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2012/07/07 13:25:38 | 000,000,000 | ---D | C] -- C:\Users\Notactjack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
[2012/07/07 13:25:36 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2012/07/07 13:25:36 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012/07/05 10:55:09 | 000,000,000 | ---D | C] -- C:\Users\Notactjack\AppData\Local\Giant Savings
[2012/07/05 10:55:08 | 000,000,000 | ---D | C] -- C:\Users\Notactjack\AppData\Roaming\Go PDF Reader
[2012/07/05 10:55:07 | 000,000,000 | ---D | C] -- C:\Users\Notactjack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Go PDF Reader
[2012/07/05 10:55:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Giant Savings
[2012/07/05 10:55:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Go PDF Reader
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/28 22:47:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/28 22:47:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/28 22:38:00 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-74704441-3100272475-3625200479-1000UA.job
[2012/07/28 22:26:59 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/28 22:20:27 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/28 22:20:27 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/28 18:06:20 | 102,391,247 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/07/28 10:51:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012/07/28 06:05:50 | 000,136,845 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/07/28 04:38:00 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-74704441-3100272475-3625200479-1000Core.job
[2012/07/27 21:10:52 | 000,033,804 | ---- | M] () -- C:\Users\Notactjack\Desktop\weird thing.jpg
[2012/07/27 20:27:46 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/07/27 20:27:46 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/07/27 20:26:24 | 000,812,616 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/27 20:26:24 | 000,679,040 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/27 20:26:24 | 000,134,810 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/27 20:20:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/27 20:20:11 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2012/07/24 23:55:46 | 000,001,445 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/07/22 21:36:41 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/07/18 08:09:50 | 000,017,701 | ---- | M] () -- C:\Users\Notactjack\Desktop\download.htm
[2012/07/17 09:28:48 | 000,000,872 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/07/16 03:22:35 | 002,325,008 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/15 16:29:05 | 000,027,520 | ---- | M] () -- C:\Users\Notactjack\AppData\Local\dt.dat
[2012/07/15 16:27:17 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2012/07/15 16:27:17 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavifw.avm
[2012/07/15 16:27:17 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2012/07/15 16:06:48 | 000,035,712 | ---- | M] () -- C:\Windows\SysWow64\drivers\BlackBox.sys
[2012/07/15 15:59:07 | 000,139,264 | ---- | M] () -- C:\Users\Notactjack\Desktop\RKUnhookerLE.EXE
[2012/07/15 15:58:54 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Notactjack\Desktop\dds.scr
[2012/07/15 15:58:41 | 000,000,020 | ---- | M] () -- C:\Users\Notactjack\defogger_reenable
[2012/07/15 15:58:13 | 000,050,477 | ---- | M] () -- C:\Users\Notactjack\Desktop\Defogger.exe
[2012/07/12 12:34:13 | 000,002,029 | ---- | M] () -- C:\Users\Notactjack\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/07/08 13:34:43 | 000,017,408 | ---- | M] () -- C:\Users\Notactjack\AppData\Local\WebpageIcons.db
[2012/07/08 02:42:00 | 000,002,475 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2012/07/08 02:34:32 | 000,000,984 | ---- | M] () -- C:\Users\Notactjack\Desktop\Kaspersky Security Scan.lnk
[2012/07/07 13:25:38 | 000,002,099 | ---- | M] () -- C:\Users\Notactjack\Desktop\SpyHunter.lnk
[2012/07/05 10:55:31 | 000,000,237 | ---- | M] () -- C:\user.js
[2012/07/03 22:26:39 | 000,000,814 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.umbrella
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/28 18:06:20 | 102,391,247 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/07/28 06:05:50 | 000,136,845 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/07/27 21:11:08 | 000,033,804 | ---- | C] () -- C:\Users\Notactjack\Desktop\weird thing.jpg
[2012/07/22 21:03:16 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/07/22 21:03:16 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/07/22 21:03:16 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/07/22 21:03:16 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/07/22 21:03:16 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/07/18 08:09:57 | 000,017,701 | ---- | C] () -- C:\Users\Notactjack\Desktop\download.htm
[2012/07/15 16:29:05 | 000,027,520 | ---- | C] () -- C:\Users\Notactjack\AppData\Local\dt.dat
[2012/07/15 16:28:23 | 000,000,872 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/07/15 16:27:17 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2012/07/15 16:27:17 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavifw.avm
[2012/07/15 16:27:17 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2012/07/15 16:05:20 | 000,035,712 | ---- | C] () -- C:\Windows\SysWow64\drivers\BlackBox.sys
[2012/07/15 15:59:08 | 000,139,264 | ---- | C] () -- C:\Users\Notactjack\Desktop\RKUnhookerLE.EXE
[2012/07/15 15:58:41 | 000,000,020 | ---- | C] () -- C:\Users\Notactjack\defogger_reenable
[2012/07/15 15:58:24 | 000,050,477 | ---- | C] () -- C:\Users\Notactjack\Desktop\Defogger.exe
[2012/07/08 13:34:42 | 000,017,408 | ---- | C] () -- C:\Users\Notactjack\AppData\Local\WebpageIcons.db
[2012/07/08 13:32:37 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/08 02:34:53 | 000,000,984 | ---- | C] () -- C:\Users\Notactjack\Desktop\Kaspersky Security Scan.lnk
[2012/07/07 13:25:38 | 000,002,099 | ---- | C] () -- C:\Users\Notactjack\Desktop\SpyHunter.lnk
[2012/07/05 10:55:29 | 000,000,237 | ---- | C] () -- C:\user.js
[2012/03/20 21:53:50 | 000,000,858 | ---- | C] () -- C:\Users\Notactjack\.recently-used.xbel
[2011/11/17 05:29:23 | 000,001,445 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2011/09/28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/09/12 18:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/03/20 14:48:50 | 000,000,864 | ---- | C] () -- C:\Users\Notactjack\mlvUser.properties
[2011/03/20 14:48:46 | 000,000,122 | ---- | C] () -- C:\Users\Notactjack\.mlvreg
[2010/10/07 20:00:43 | 000,000,600 | ---- | C] () -- C:\Users\Notactjack\AppData\Local\PUTTY.RND
[2010/08/15 09:59:19 | 000,002,032 | ---- | C] () -- C:\Users\Notactjack\AppData\Local\d3d9caps.dat
[2010/04/26 22:05:17 | 000,054,369 | ---- | C] () -- C:\Users\Notactjack\Untitled (4).wma
[2010/04/23 07:04:43 | 000,003,426 | ---- | C] () -- C:\Users\Notactjack\30572bL_small.jpg
[2009/12/26 20:58:57 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/06/23 04:58:20 | 000,105,826 | ---- | C] () -- C:\Users\Notactjack\Zombiecon2008-700.jpg
[2009/04/12 14:21:11 | 000,018,756 | ---- | C] () -- C:\Users\Notactjack\BlackMagedestroyworld.jpg
[2009/04/12 14:19:49 | 000,008,323 | ---- | C] () -- C:\Users\Notactjack\blackmage.gif
[2009/03/15 20:24:33 | 000,003,912 | ---- | C] () -- C:\Users\Notactjack\Alex.jpg
[2009/03/12 22:56:32 | 000,104,285 | ---- | C] () -- C:\Users\Notactjack\lumberjack-commandos.jpg
[2009/03/07 01:39:17 | 000,029,392 | ---- | C] () -- C:\Users\Notactjack\CopyofNOB004.jpg
[2009/02/13 15:46:51 | 000,010,092 | ---- | C] () -- C:\Users\Notactjack\AppData\Roaming\UserTile.png
[2009/02/06 11:14:48 | 000,074,175 | ---- | C] () -- C:\Users\Notactjack\cl2copyvr4.jpg
[2009/02/06 11:14:35 | 000,145,392 | ---- | C] () -- C:\Users\Notactjack\cl1copyxs8.jpg
[2009/01/20 22:08:03 | 000,024,455 | ---- | C] () -- C:\Users\Notactjack\frank.jpg
[2009/01/18 20:21:03 | 000,094,042 | ---- | C] () -- C:\Users\Notactjack\MCXAnewsflag.PNG
[2008/12/30 18:02:58 | 002,997,489 | ---- | C] () -- C:\Users\Notactjack\EndoGeniX - decade.mp3
[2008/12/30 18:02:46 | 002,769,916 | ---- | C] () -- C:\Users\Notactjack\EndoGeniX - Lost forever.mp3
[2008/12/30 18:02:40 | 003,215,348 | ---- | C] () -- C:\Users\Notactjack\EndoGeniX - save.mp3
[2008/12/30 18:02:32 | 002,335,456 | ---- | C] () -- C:\Users\Notactjack\EndoGeniX - Rain wsolo xtra angst.mp3
[2008/12/30 18:02:25 | 002,539,197 | ---- | C] () -- C:\Users\Notactjack\EndoGeniX - wicked.mp3
[2008/12/30 18:01:35 | 002,062,100 | ---- | C] () -- C:\Users\Notactjack\EndoGeniX - chaos song.mp3
[2008/12/30 14:21:10 | 000,002,538 | ---- | C] () -- C:\Users\Notactjack\dancingbm.gif
[2008/12/08 23:25:11 | 000,000,098 | ---- | C] () -- C:\Users\Notactjack\AppData\Local\fusioncache.dat
[2008/12/06 11:32:34 | 000,162,816 | ---- | C] () -- C:\Users\Notactjack\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/06 00:55:59 | 000,000,732 | ---- | C] () -- C:\Users\Notactjack\AppData\Local\d3d9caps64.dat

< End of report >

Edited by notactjack, 29 July 2012 - 12:37 PM.


#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:15 AM

Posted 29 July 2012 - 12:57 PM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 notactjack

notactjack
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:15 PM

Posted 30 July 2012 - 03:06 AM

========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}\ deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Notactjack\Desktop\malware fix\cmd.bat deleted successfully.
C:\Users\Notactjack\Desktop\malware fix\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: AppData

User: Default

User: Default User

User: Notactjack
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: AppData
No change still getting redirected when I click any link. Sometimes every 3rd or 4th link then sometimes it's every click.
User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Notactjack
->Flash cache emptied: 2827 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.54.1 log created on 07302012_030319

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:15 AM

Posted 30 July 2012 - 12:26 PM

How are things doing now?


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 notactjack

notactjack
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:15 PM

Posted 30 July 2012 - 01:39 PM

No change. Still hijacked.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users