Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HiJackThis Log: Please Help Diagnose


  • This topic is locked This topic is locked
12 replies to this topic

#1 bl4kwidow

bl4kwidow

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:10 PM

Posted 23 September 2012 - 05:30 PM

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:11:49 PM, on 9/23/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Webroot\WRSA.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
C:\Users\Nick\Downloads\Tor Browser\App\vidalia.exe
C:\Users\Nick\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Users\Nick\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
F:\Steam\Steam.exe
C:\Users\Nick\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
C:\Program Files (x86)\ASUS\ASUS ROG Connect Plus\GPU TweakIt Server\GPUTweakit.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB 2\Sound Blaster Panel\VolPanlu.exe
C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
C:\Program Files (x86)\HTC\HTC Sync\Application Launcher\Application Launcher.exe
C:\Program Files (x86)\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files (x86)\Common Files\Teleca Shared\logger.exe
C:\Users\Nick\Downloads\Tor Browser\App\vidalia.exe
C:\Program Files (x86)\Common Files\Teleca Shared\Generic.exe
C:\Program Files (x86)\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
C:\Program Files (x86)\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
C:\Program Files (x86)\HTC\HTC Sync\Mobile Phone Monitor\DbgOut.exe
C:\Program Files (x86)\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
C:\Program Files (x86)\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
C:\Users\Nick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: YTD Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\6.2\ytdToolbarIE.dll
F2 - REG:system.ini: UserInit=c:\windows\syswow64\userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: AP Suggestor - {D0984FD4-FA9A-46ee-9072-70B0735FF852} - C:\Program Files (x86)\AP Suggestor\APSuggestor.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O2 - BHO: YTD Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\6.2\ytdToolbarIE.dll
O3 - Toolbar: YTD Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\6.2\ytdToolbarIE.dll
O4 - HKLM\..\Run: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB 2\THXAudioCP\THXAudio.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [ASUS AiChargerPlus Execute] C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
O4 - HKLM\..\Run: [GPU TweakIt Server Execute] "C:\Program Files (x86)\ASUS\ASUS ROG Connect Plus\GPU TweakIt Server\GPUTweakit.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB 2\Sound Blaster Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [VMM Mode Selection] C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
O4 - HKLM\..\Run: [Mobile Connectivity Suite] "C:\Program Files (x86)\HTC\HTC Sync\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [WRSVC] "C:\Program Files (x86)\Webroot\WRSA.exe" -ul
O4 - HKLM\..\Run: [Adobe gamma load] C:\ProgramData\adob\color.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Google Update] "C:\Users\Nick\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Vidalia] "C:\Users\Nick\Downloads\Tor Browser\App\vidalia.exe"
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Nick\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Users\Nick\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun
O4 - HKCU\..\Run: [Steam] "F:\Steam\steam.exe" -silent
O4 - Startup: Dropbox.lnk = Nick\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
O8 - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: AP Suggestor - {02E2473F-766B-4ce2-8FD0-C4E8071EF1C4} - C:\Program Files (x86)\AP Suggestor\APSuggestor.dll
O9 - Extra 'Tools' menuitem: AP Suggestor options - {02E2473F-766B-4ce2-8FD0-C4E8071EF1C4} - C:\Program Files (x86)\AP Suggestor\APSuggestor.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\LUCIDL~1\VIRTU\x86\APPINI~1.DLL C:\PROGRA~1\LUCIDL~1\VIRTU\x86\APPINI~1.DLL, C:\Windows\SysWOW64\nvinit.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASUS Com Service (asComSvc) - Unknown owner - C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe
O23 - Service: ASUS HM Com Service (asHmComSvc) - Unknown owner - C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe
O23 - Service: ASUS System Control Service (AsSysCtrlService) - Unknown owner - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Program Files\ASUS\ROG GameFirst\spd.exe
O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Seagate Drive Settings Service (FreeAgentGoFlex Service) - Seagate Technology LLC - C:\Program Files (x86)\Seagate\DriveSettings\Sync\SeagateDriveSettingsService.exe
O23 - Service: Futuremark SystemInfo Service - Futuremark Corporation - C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe
O23 - Service: Hi-Rez Studios Authenticate and Update Service (HiPatchService) - Hi-Rez Studios - F:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
O23 - Service: Intel® PROSet Monitoring Service - Unknown owner - C:\Windows\system32\IProsetMonitor.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee ScanAndRepair Svc - McAfee, Inc. - C:\Program Files (x86)\McAfeeScanAndRepair\McAfeeScanRepairSvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: WRSVC - Webroot - C:\Program Files (x86)\Webroot\WRSA.exe

--
End of file - 15597 bytes

BC AdBot (Login to Remove)

 


#2 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:10 PM

Posted 24 September 2012 - 08:04 PM

Hello and welcome. Please follow these guidelines while we work on your PC:
  • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.” Absence of symptoms does not mean your machine is clean!
  • Please do not run any scans or install/uninstall any applications without being directed to do so.
  • Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.
Posted Image Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in:
    netsvcs
  • Click the Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and paste them into your next post.
Posted Image Download aswMBR.exe to your desktop.
  • Double click the aswMBR.exe to run it
  • You will be asked if you want to use Avast! Free anti virus for scanning - select No
  • Click the "Scan" button to start scan
  • On completion of the scan click save log, save it to your desktop and post in your next reply.
Please include the following in your next post:
  • OTL.txt and Extras.txt logs
  • aswMBR log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#3 bl4kwidow

bl4kwidow
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:10 PM

Posted 25 September 2012 - 05:45 PM

OTL logfile created on: 9/25/2012 5:52:28 AM - Run 1
OTL by OldTimer - Version 3.2.68.0 Folder = C:\Users\Nick\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.98 Gb Total Physical Memory | 6.14 Gb Available Physical Memory | 77.05% Memory free
15.95 Gb Paging File | 13.26 Gb Available in Paging File | 83.16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111.69 Gb Total Space | 45.27 Gb Free Space | 40.54% Space Free | Partition Type: NTFS
Drive D: | 4.02 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 2.08 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 2794.39 Gb Total Space | 2405.94 Gb Free Space | 86.10% Space Free | Partition Type: NTFS

Computer Name: NICK-PC | User Name: Nick | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/25 05:50:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Nick\Downloads\OTL.exe
PRC - [2012/09/23 15:41:55 | 000,722,528 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
PRC - [2012/09/23 15:41:54 | 000,947,808 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2012/09/22 16:22:04 | 000,529,744 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2012/09/22 16:20:34 | 001,353,080 | ---- | M] (Valve Corporation) -- F:\Steam\Steam.exe
PRC - [2012/09/16 22:37:04 | 000,166,968 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSS.exe
PRC - [2012/09/14 05:35:58 | 003,039,352 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
PRC - [2012/09/10 19:04:14 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012/08/29 10:54:15 | 000,712,040 | ---- | M] (Webroot) -- C:\Program Files (x86)\Webroot\WRSA.exe
PRC - [2012/08/20 04:53:34 | 000,184,304 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
PRC - [2012/08/20 04:52:44 | 000,323,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe
PRC - [2012/08/20 04:52:42 | 005,751,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
PRC - [2012/08/19 11:47:31 | 001,193,176 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012/07/24 19:08:10 | 026,909,544 | ---- | M] (Dropbox, Inc.) -- C:\Users\Nick\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/05/15 03:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/04/26 05:33:16 | 002,743,104 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
PRC - [2011/06/13 01:36:54 | 000,922,240 | R--- | M] () -- C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe
PRC - [2011/06/06 13:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/05/24 21:54:46 | 001,426,048 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
PRC - [2011/05/03 10:50:24 | 001,384,064 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS ROG Connect Plus\GPU TweakIt Server\GPUTweakit.exe
PRC - [2011/04/26 12:20:48 | 001,101,440 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
PRC - [2011/04/18 18:46:48 | 001,216,640 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
PRC - [2011/04/13 16:15:22 | 001,116,800 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe
PRC - [2011/03/24 08:11:18 | 000,107,800 | ---- | M] (Octoshape ApS) -- C:\Users\Nick\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
PRC - [2011/02/14 06:55:16 | 000,043,520 | R--- | M] () -- C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
PRC - [2011/02/10 12:00:58 | 000,091,432 | ---- | M] (Seagate Technology LLC) -- C:\Program Files (x86)\Seagate\DriveSettings\Sync\SeagateDriveSettingsService.exe
PRC - [2010/12/01 19:15:14 | 000,915,584 | ---- | M] () -- C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe
PRC - [2010/11/26 22:50:04 | 002,931,328 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
PRC - [2010/11/23 16:43:30 | 000,105,088 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS ROG Connect Plus\RC TweakIt Server\AsBCLK.exe
PRC - [2010/11/08 16:09:00 | 000,465,536 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
PRC - [2010/10/21 02:52:26 | 000,586,880 | R--- | M] () -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
PRC - [2010/09/24 22:29:32 | 001,115,776 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
PRC - [2010/02/18 19:27:40 | 000,241,789 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB 2\Sound Blaster Panel\VolPanlu.exe
PRC - [2010/01/26 18:02:52 | 000,389,120 | R--- | M] (Teleca) -- C:\Program Files (x86)\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
PRC - [2009/12/11 14:50:34 | 000,557,056 | R--- | M] (Teleca AB) -- C:\Program Files (x86)\Common Files\Teleca Shared\Generic.exe
PRC - [2009/11/19 16:19:48 | 000,598,016 | R--- | M] (Teleca Sweden AB) -- C:\Program Files (x86)\HTC\HTC Sync\Application Launcher\Application Launcher.exe
PRC - [2009/09/29 12:28:26 | 001,011,712 | R--- | M] (Teleca Sweden AB) -- C:\Program Files (x86)\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
PRC - [2009/09/29 12:03:26 | 000,253,952 | R--- | M] (TODO: <Company name>) -- C:\Program Files (x86)\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
PRC - [2009/09/29 12:03:02 | 000,462,848 | R--- | M] (Teleca AB) -- C:\Program Files (x86)\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
PRC - [2009/08/28 20:45:56 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2009/07/13 18:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 18:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 18:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/06/03 09:25:16 | 000,106,496 | R--- | M] (Popwire AB) -- C:\Program Files (x86)\Common Files\Teleca Shared\logger.exe
PRC - [2009/04/14 12:14:26 | 000,139,264 | ---- | M] (Teleca Sweden AB) -- C:\Program Files (x86)\Common Files\Teleca Shared\CapabilityManager.exe


========== Modules (No Company Name) ==========

MOD - [2012/09/23 15:41:55 | 000,564,832 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller\12.2.6\avgdttbx.dll
MOD - [2012/09/23 15:41:55 | 000,132,704 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\SiteSafety.dll
MOD - [2012/09/23 15:41:54 | 000,947,808 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2012/09/22 16:22:04 | 020,317,008 | ---- | M] () -- F:\Steam\bin\libcef.dll
MOD - [2012/09/22 16:22:04 | 001,099,616 | ---- | M] () -- F:\Steam\bin\avcodec-53.dll
MOD - [2012/09/22 16:22:04 | 000,902,480 | ---- | M] () -- F:\Steam\bin\chromehtml.dll
MOD - [2012/09/22 16:22:04 | 000,190,816 | ---- | M] () -- F:\Steam\bin\avformat-53.dll
MOD - [2012/09/22 16:22:04 | 000,123,232 | ---- | M] () -- F:\Steam\bin\avutil-51.dll
MOD - [2012/09/16 22:37:04 | 000,166,968 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSS.exe
MOD - [2012/08/19 11:47:31 | 001,193,176 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
MOD - [2012/08/17 00:16:56 | 000,121,856 | ---- | M] () -- C:\Program Files (x86)\FFsplit\FFSplit Overlay Filter.ax
MOD - [2012/06/04 09:23:18 | 000,122,880 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSSHooks.dll
MOD - [2012/06/04 08:03:40 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTMUI.dll
MOD - [2012/06/04 08:02:42 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTUI.dll
MOD - [2012/06/04 08:02:34 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTFC.dll
MOD - [2011/05/20 10:12:18 | 000,881,152 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor\Sensor.dll
MOD - [2011/05/16 18:35:56 | 000,965,632 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\BarGadget\BarGadget.dll
MOD - [2011/05/03 10:50:24 | 001,384,064 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS ROG Connect Plus\GPU TweakIt Server\GPUTweakit.exe
MOD - [2011/04/30 08:04:54 | 000,013,312 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTTSH.dll
MOD - [2011/04/07 18:33:18 | 001,607,168 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor Graph\SensorGraph.dll
MOD - [2011/03/11 20:53:12 | 001,257,472 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\MyLogo\MyLogo.dll
MOD - [2011/03/09 15:55:24 | 001,036,800 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\ASUS Update\Update.dll
MOD - [2011/03/04 17:33:44 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\HookKey32.dll
MOD - [2011/02/24 11:19:36 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\AssistFunc.dll
MOD - [2011/02/14 06:55:16 | 000,043,520 | R--- | M] () -- C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
MOD - [2011/01/07 17:39:36 | 001,246,208 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Settings\Settings.dll
MOD - [2011/01/06 11:38:48 | 001,027,072 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Probe_II\ProbeII.dll
MOD - [2010/11/23 16:43:30 | 000,105,088 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS ROG Connect Plus\RC TweakIt Server\AsBCLK.exe
MOD - [2010/08/22 19:17:40 | 000,662,016 | ---- | M] () -- C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMLib.dll
MOD - [2010/08/09 22:23:26 | 000,175,616 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS ROG Connect Plus\GPU TweakIt Server\AsusService.dll
MOD - [2010/08/06 19:13:48 | 000,886,272 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\TabGadget\TabGadget.dll
MOD - [2010/08/06 19:11:20 | 000,850,944 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Splitter\Splitter.dll
MOD - [2010/06/24 22:50:08 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS ROG Connect Plus\RC TweakIt Server\IccLibDll.dll
MOD - [2010/06/21 16:21:22 | 000,208,896 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\ImageHelper.dll
MOD - [2010/06/21 16:21:22 | 000,208,896 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\ImageHelper.dll
MOD - [2010/06/08 14:22:00 | 000,181,760 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL
MOD - [2010/02/10 17:26:28 | 000,237,361 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync\Mobile Phone Monitor\fsync.dll
MOD - [2010/02/10 17:26:28 | 000,237,361 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync\ClientInitiatedStarter\fsync.dll
MOD - [2009/12/29 17:50:00 | 000,073,728 | ---- | M] () -- C:\Windows\SysWOW64\CmdRtr.DLL
MOD - [2009/09/29 12:24:24 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\HTC\HTC Sync\Mobile Phone Monitor\tcpsock_object.dll
MOD - [2009/08/12 22:15:52 | 000,253,952 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS ROG Connect Plus\GPU TweakIt Server\pngio.dll
MOD - [2009/08/12 21:15:52 | 000,253,952 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\pngio.dll
MOD - [2009/05/21 11:14:14 | 000,253,952 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\pngio.dll
MOD - [2007/01/11 17:33:20 | 000,106,496 | R--- | M] () -- C:\Program Files (x86)\Common Files\Teleca Shared\boost_log-vc80-mt-1_33.dll


========== Services (SafeList) ==========

SRV:64bit: - [2011/09/27 12:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2011/08/05 13:53:12 | 000,467,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV:64bit: - [2011/08/05 13:53:12 | 000,306,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV:64bit: - [2011/08/05 13:53:06 | 008,277,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV:64bit: - [2011/06/29 11:51:26 | 000,171,688 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel®
SRV:64bit: - [2010/11/22 15:56:12 | 000,487,096 | R--- | M] (cFos Software GmbH) [Auto | Running] -- C:\Program Files\ASUS\ROG GameFirst\spd.exe -- (cFosSpeedS)
SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/09/23 15:41:55 | 000,722,528 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe -- (vToolbarUpdater12.2.6)
SRV - [2012/09/22 16:22:04 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/09/21 10:21:11 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/10 19:04:14 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/08/30 10:23:26 | 000,008,704 | ---- | M] (Hi-Rez Studios) [Auto | Running] -- F:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService)
SRV - [2012/08/29 10:54:15 | 000,712,040 | ---- | M] (Webroot) [Auto | Running] -- C:\Program Files (x86)\Webroot\WRSA.exe -- (WRSVC)
SRV - [2012/08/20 04:53:34 | 000,184,304 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012/08/20 04:52:42 | 005,751,928 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/05/15 03:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/01/12 01:07:32 | 000,695,640 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfeeScanAndRepair\McAfeeScanRepairSvc.exe -- (McAfee ScanAndRepair Svc)
SRV - [2011/12/31 13:38:44 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2011/12/31 13:38:21 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2011/12/31 13:38:06 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/12/09 15:39:52 | 000,135,584 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2011/06/13 01:36:54 | 000,922,240 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe -- (asComSvc)
SRV - [2011/06/06 13:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/02/10 12:00:58 | 000,091,432 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files (x86)\Seagate\DriveSettings\Sync\SeagateDriveSettingsService.exe -- (FreeAgentGoFlex Service)
SRV - [2010/12/01 19:15:14 | 000,915,584 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe -- (asHmComSvc)
SRV - [2010/10/21 02:52:26 | 000,586,880 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/08/28 20:45:56 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/09/23 15:41:55 | 000,031,080 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2012/09/17 18:58:54 | 000,056,672 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/09/14 05:34:34 | 000,105,312 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2012/09/12 11:47:20 | 000,199,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/09/12 11:47:02 | 000,175,968 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/09/01 16:06:51 | 000,032,024 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\voxaldriverx64.sys -- (voxaldriver)
DRV:64bit: - [2012/08/29 10:54:16 | 000,110,096 | ---- | M] (Webroot) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\WRkrn.sys -- (WRkrn)
DRV:64bit: - [2012/08/13 16:40:52 | 000,150,880 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2012/08/10 04:52:16 | 000,040,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2012/08/09 13:56:42 | 000,230,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2012/06/29 10:59:46 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/06/24 22:24:48 | 000,052,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2012/04/18 10:08:03 | 000,188,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/12 09:28:48 | 000,057,976 | R--- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SBREDrv.sys -- (SBRE)
DRV:64bit: - [2011/10/21 18:30:04 | 012,310,112 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/09/27 12:51:48 | 000,066,336 | ---- | M] (Lucidlogix Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VirtuWDDM.sys -- (VirtuWDDM)
DRV:64bit: - [2011/09/01 23:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011/09/01 23:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011/07/20 10:37:56 | 000,342,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
DRV:64bit: - [2011/06/28 04:12:42 | 000,032,936 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iqvw64e.sys -- (NAL)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/02 18:17:20 | 000,013,088 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV:64bit: - [2011/02/24 11:30:50 | 000,389,608 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011/02/24 11:30:50 | 000,126,952 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2011/01/19 18:47:18 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2010/11/22 15:56:14 | 001,437,368 | ---- | M] (cFos Software GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfosspeed.sys -- (cFosSpeed)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 04:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/08 15:57:58 | 000,014,464 | ---- | M] (ASUSTek Computer Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AiChargerPlus.sys -- (AiChargerPlus)
DRV:64bit: - [2010/10/19 17:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/08/18 02:28:32 | 000,026,136 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ICCWDT.sys -- (ICCWDT)
DRV:64bit: - [2010/07/01 15:21:50 | 000,038,992 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc)
DRV:64bit: - [2009/10/26 16:54:22 | 000,032,768 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009/07/31 04:40:32 | 000,025,600 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WRfiltv.sys -- (WRfiltv)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2012/09/16 22:36:56 | 000,013,368 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\MSI Afterburner\RTCore64.sys -- (RTCore64)
DRV - [2011/10/25 21:20:20 | 000,028,320 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\FinalWire\AIDA64 Extreme Edition\kerneld.x64 -- (AIDA64Driver)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1F B8 76 63 96 63 CD 01 [binary data]
IE - HKCU\..\URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\6.2\ytdToolbarIE.dll (Spigot, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{8FBE3A5D-7E51-4355-B77C-D6F0D9B95C08}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={EC04F84C-CDBA-408A-85B4-44D8439DF398}&mid=5ca9a994be1347d0b585854de0ef3d84-62278feba5121d19dbbf6504254262c42d3ac807&lang=en&ds=AVG&pr=fr&d=2012-09-23 15:41:55&v=12.2.5.34&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=937811"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://search.babylon.com/?affID=112560&tt=2912_7&babsrc=HP_ss&mntrId=949a2bb40000000000005404a60bd477"
FF - prefs.js..extensions.enabledAddons: rdacnzfnmq@rdacnzfnmq.org:1.0
FF - prefs.js..extensions.enabledAddons: gencrawler@some.com:2.6
FF - prefs.js..extensions.enabledAddons: crossriderapp2258@crossrider.com:0.83.60
FF - prefs.js..extensions.enabledAddons: plugin@videofiledownload.com:1.5
FF - prefs.js..extensions.enabledAddons: wtxpcom@mybrowserbar.com:6.2
FF - prefs.js..extensions.enabledAddons: ytd@mybrowserbar.com:6.2
FF - prefs.js..extensions.enabledAddons: {87934c42-161d-45bc-8cef-ef18abe2a30c}:2.1
FF - prefs.js..extensions.enabledAddons: 500ec0b06303a@500ec0b063074.info:1.0
FF - prefs.js..extensions.enabledAddons: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.22
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p="
FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_278.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll ()
FF - HKLM\Software\MozillaPlugins\@TrendMicro.com/FFExtension: C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Users\Nick\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1103234-0-npoctoshape.dll (Octoshape ApS)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Nick\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Nick\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\virtualKeyboard@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\linkfilter@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\12.2.5.34\ [2012/09/23 15:41:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/04/23 17:15:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/07/17 17:30:54 | 000,000,000 | ---D | M]

[2012/06/01 15:40:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nick\AppData\Roaming\Mozilla\Extensions
[2012/09/23 11:22:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\qpxxailp.default\extensions
[2012/08/19 22:03:52 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\qpxxailp.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012/08/19 22:00:42 | 000,000,000 | ---D | M] (wxDfast) -- C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\qpxxailp.default\extensions\500ec0b06303a@500ec0b063074.info
[2012/07/16 22:42:29 | 000,000,000 | ---D | M] ("I Want This") -- C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\qpxxailp.default\extensions\crossriderapp2258@crossrider.com
[2012/07/18 10:27:03 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\qpxxailp.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
[2012/07/15 22:29:59 | 000,000,000 | ---D | M] (VideoFileDownload - Download YouTube Videos) -- C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\qpxxailp.default\extensions\plugin@videofiledownload.com
[2012/08/19 22:05:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\qpxxailp.default\extensions\staged
[2012/05/15 19:17:46 | 000,004,733 | ---- | M] () (No name found) -- C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\qpxxailp.default\extensions\rdacnzfnmq@rdacnzfnmq.org.xpi
[2012/01/31 12:49:40 | 000,030,793 | ---- | M] () (No name found) -- C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\qpxxailp.default\extensions\{7F23E3F4-F72E-4f4f-8761-854C8942708F}.xpi
[2012/02/08 21:19:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
File not found (No name found) -- C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\WTXPCOM
[2012/08/04 08:38:49 | 000,000,000 | ---D | M] (YTD Toolbar) -- C:\PROGRAM FILES (X86)\YTD TOOLBAR\FF
[2012/06/01 15:40:27 | 000,000,000 | ---D | M] (General Crawler) -- C:\USERS\NICK\APPDATA\ROAMING\MOZILLA\EXTENSIONS\{EC8030F7-C20A-464F-9B0E-13A3A9E97384}\GENCRAWLER@SOME.COM
File not found (No name found) -- C:\USERS\NICK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QPXXAILP.DEFAULT\EXTENSIONS\{87934C42-161D-45BC-8CEF-EF18ABE2A30C}
[2012/04/23 17:15:25 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/09/23 15:41:53 | 000,003,750 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/07/16 22:42:19 | 000,002,349 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012/03/13 21:41:21 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/03/13 21:41:21 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://search.babylon.com/?affID=112560&tt=2912_7&babsrc=HP_ss&mntrId=949a2bb40000000000005404a60bd477
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://search.babylon.com/?affID=112560&tt=2912_7&babsrc=HP_ss&mntrId=949a2bb40000000000005404a60bd477
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Nick\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Nick\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Nick\AppData\Local\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Nick\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Nick\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No SOPA = C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\gagmjmoimnkgoijihaaeodbefhcapjcj\1.11_0\
CHR - Extension: Poke All for Chrome = C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmghnjflbmdhmjnclnjpbikjbhppfmdj\3.0.0_0\
CHR - Extension: Facebook Auto-Poke = C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoanjipkheolehmllfagnocpkobbagim\1.2.1_0\
CHR - Extension: AP Suggestor = C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibnmbpihhamedhophbnjjpidokcknoid\1.2.5_0\
CHR - Extension: Anti-poke poke V-Arahaya on Facebook = C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcnilijhkkiaalknleibkgllbohdojgl\1.0.1_0\
CHR - Extension: AVG Secure Search = C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.2.5.34_0\
CHR - Extension: Gmail = C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

Hosts file not found
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (AP Suggestor) - {D0984FD4-FA9A-46ee-9072-70B0735FF852} - C:\Program Files (x86)\AP Suggestor\APSuggestor.dll (APSolo LTD UK)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (YTD Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\6.2\ytdToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (YTD Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\6.2\ytdToolbarIE.dll (Spigot, Inc.)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [ROG GameFirst] C:\Program Files\ASUS\ROG GameFirst\cfosspeed.exe (cFos Software GmbH)
O4:64bit: - HKLM..\Run: [RunDLLEntry] C:\Windows\SysNative\AmbRunE.DLL (Creative Technology Ltd.)
O4:64bit: - HKLM..\Run: [THXCfg64] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.)
O4:64bit: - HKLM..\Run: [VIRTU] C:\Program Files\Lucidlogix Technologies\VIRTU\VirtuControlPanel.Exe ()
O4:64bit: - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe gamma load] C:\ProgramData\adob\color.exe ()
O4 - HKLM..\Run: [ASUS AiChargerPlus Execute] C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [GPU TweakIt Server Execute] C:\Program Files (x86)\ASUS\ASUS ROG Connect Plus\GPU TweakIt Server\GPUTweakit.exe ()
O4 - HKLM..\Run: [Mobile Connectivity Suite] C:\Program Files (x86)\HTC\HTC Sync\Application Launcher\Application Launcher.exe (Teleca Sweden AB)
O4 - HKLM..\Run: [ROC_ROC_NT] C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe ()
O4 - HKLM..\Run: [THX Audio Control Panel] C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB 2\THXAudioCP\THXAudio.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VMM Mode Selection] C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe ()
O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB 2\Sound Blaster Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKLM..\Run: [WRSVC] C:\Program Files (x86)\Webroot\WRSA.exe (Webroot)
O4 - HKCU..\Run: [DAEMON Tools Pro Agent] C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Octoshape Streaming Services] C:\Users\Nick\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Nick\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
O4 - HKCU..\Run: [Steam] F:\Steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [Vidalia] C:\Users\Nick\Downloads\Tor Browser\App\vidalia.exe ()
O4 - Startup: C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Nick\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O8:64bit: - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html File not found
O8 - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html File not found
O9 - Extra Button: AP Suggestor - {02E2473F-766B-4ce2-8FD0-C4E8071EF1C4} - C:\Program Files (x86)\AP Suggestor\APSuggestor.dll (APSolo LTD UK)
O9 - Extra 'Tools' menuitem : AP Suggestor options - {02E2473F-766B-4ce2-8FD0-C4E8071EF1C4} - C:\Program Files (x86)\AP Suggestor\APSuggestor.dll (APSolo LTD UK)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AF9CA4BC-BCE6-41D8-8BFA-6F798F947066}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll ()
O20:64bit: - AppInit_DLLs: (C:\PROGRA~1\LUCIDL~1\VIRTU\APPINI~1.DLL) - C:\Program Files\Lucidlogix Technologies\VIRTU\appinit_dll.dll (Lucidlogix Inc.)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\LUCIDL~1\VIRTU\x86\APPINI~1.DLL C:\PROGRA~1\LUCIDL~1\VIRTU\x86\APPINI~1.DLL) - C:\Program Files\Lucidlogix Technologies\VIRTU\x86\appinit_dll.dll (Lucidlogix Inc.)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\windows\syswow64\userinit.exe) - c:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/04/13 07:46:33 | 000,000,035 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2011/10/20 11:36:38 | 000,000,041 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O32 - Unable to obtain root file information for disk F:\
O33 - MountPoints2\{2d1b39b5-ab73-11e1-9ef2-5404a60bd477}\Shell - "" = AutoRun
O33 - MountPoints2\{2d1b39b5-ab73-11e1-9ef2-5404a60bd477}\Shell\AutoRun\command - "" = F:\TL-Bootstrap.exe
O33 - MountPoints2\{5f87b0ce-bf41-11e1-9f47-5404a60bd477}\Shell - "" = AutoRun
O33 - MountPoints2\{5f87b0ce-bf41-11e1-9f47-5404a60bd477}\Shell\AutoRun\command - "" = E:\setup.exe -- [2012/08/09 09:51:53 | 734,003,200 | R--- | M] (Payday The Heist )
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2013\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/24 16:35:19 | 003,673,600 | ---- | C] (Dxtory Software) -- C:\Windows\SysNative\DxtoryCodec64.dll
[2012/09/24 16:35:19 | 003,166,720 | ---- | C] (Dxtory Software) -- C:\Windows\SysWow64\DxtoryCodec.dll
[2012/09/24 16:35:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dxtory2.0
[2012/09/24 16:35:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dxtory Software
[2012/09/24 03:00:15 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/09/23 18:13:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SplitMediaLabs
[2012/09/23 15:42:10 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Roaming\AVG2013
[2012/09/23 15:42:01 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\AVG Secure Search
[2012/09/23 15:41:59 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Roaming\TuneUp Software
[2012/09/23 15:41:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/09/23 15:41:58 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2012/09/23 15:41:55 | 000,031,080 | ---- | C] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2012/09/23 15:41:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
[2012/09/23 15:41:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search
[2012/09/23 15:41:28 | 000,000,000 | -H-D | C] -- C:\$AVG
[2012/09/23 15:41:28 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013
[2012/09/23 15:39:23 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\MFAData
[2012/09/23 15:39:23 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\Avg2013
[2012/09/23 15:35:05 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\FFsplit
[2012/09/23 15:09:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2012/09/23 15:09:59 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012/09/23 14:49:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FFsplit
[2012/09/23 14:49:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FFsplit
[2012/09/23 14:02:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
[2012/09/23 13:40:44 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\SplitMediaLabs
[2012/09/23 13:40:23 | 000,000,000 | ---D | C] -- C:\ProgramData\SplitMediaLabs
[2012/09/23 13:39:49 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Roaming\SplitMediaLabs
[2012/09/22 17:56:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios
[2012/09/21 18:22:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
[2012/09/19 21:57:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dynamix
[2012/09/19 21:56:51 | 000,000,000 | ---D | C] -- C:\Dynamix
[2012/09/19 18:00:20 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\Trend Micro
[2012/09/19 17:14:52 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Roaming\LolClient
[2012/09/18 22:43:07 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll
[2012/09/18 22:43:07 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll
[2012/09/18 22:43:07 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll
[2012/09/18 22:41:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
[2012/09/18 22:08:25 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\PMB Files
[2012/09/18 22:08:21 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2012/09/18 22:08:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks
[2012/09/18 15:41:42 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner
[2012/09/18 15:41:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSI Afterburner
[2012/09/17 20:20:36 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\Noël Danjou
[2012/09/17 20:20:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Noël Danjou
[2012/09/17 20:20:32 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AMCap
[2012/09/17 20:03:20 | 000,000,000 | ---D | C] -- C:\Users\Nick\Documents\Gregion
[2012/09/17 19:59:08 | 000,344,576 | ---- | C] (Gregion) -- C:\Windows\SysWow64\grgvvid.dll
[2012/09/17 18:58:54 | 000,056,672 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\SysNative\drivers\avgidsha.sys
[2012/09/16 22:30:00 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wisdom-soft AutoScreenRecorder 3 Free
[2012/09/16 22:30:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wisdom-soft AutoScreenRecorder 3 Free
[2012/09/16 22:29:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wisdom-soft AutoScreenRecorder 3.1 Free
[2012/09/16 18:43:22 | 000,000,000 | ---D | C] -- C:\Users\Nick\Documents\SMRecorder
[2012/09/16 18:43:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AP Suggestor
[2012/09/16 18:43:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SMRecorder
[2012/09/16 18:32:20 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\Dxtory Software
[2012/09/16 13:05:49 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\ezvid,_inc
[2012/09/16 13:00:56 | 000,000,000 | ---D | C] -- C:\Users\Nick\Documents\ezvid
[2012/09/16 12:21:25 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\Xenocode
[2012/09/16 12:21:25 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\gctmp
[2012/09/15 15:38:25 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AP Tuner 3.06
[2012/09/15 15:38:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AP Tuner 3.06
[2012/09/15 15:38:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AP Tuner
[2012/09/14 05:34:34 | 000,105,312 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys
[2012/09/13 05:34:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Trend Micro
[2012/09/13 03:00:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/09/13 03:00:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012/09/12 11:47:20 | 000,199,520 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys
[2012/09/12 11:47:02 | 000,175,968 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys
[2012/09/12 06:39:38 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Roaming\Publish Providers
[2012/09/12 06:38:01 | 000,000,000 | ---D | C] -- C:\Users\Nick\Documents\Movie Studio Platinum 12.0 Projects
[2012/09/12 06:37:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
[2012/09/12 06:37:51 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\Sony
[2012/09/12 06:37:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony
[2012/09/12 06:37:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony
[2012/09/12 06:37:16 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Roaming\Sony
[2012/09/12 03:31:19 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2012/09/12 03:31:19 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2012/09/12 03:31:19 | 000,288,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2012/09/12 03:31:19 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys
[2012/09/11 22:58:07 | 093,680,960 | ---- | C] (Trend Micro Inc.) -- C:\Users\Public\Desktop\Trend_Micro.exe
[2012/09/08 20:22:51 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
[2012/09/08 20:09:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2012/09/04 16:32:53 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
[2012/09/04 16:32:53 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012/09/03 17:56:27 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\svchost.exe
[2012/09/02 22:18:59 | 000,000,000 | ---D | C] -- C:\ProgramData\adob
[2012/09/02 12:31:25 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\PAYDAY
[2012/09/02 12:29:25 | 000,000,000 | ---D | C] -- C:\ProgramData\RELOADED
[2012/09/01 16:13:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blaze Audio
[2012/09/01 16:13:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Blaze Audio
[2012/09/01 16:07:55 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Roaming\NCH Software
[2012/09/01 16:07:04 | 000,000,000 | ---D | C] -- C:\ProgramData\NCH Software
[2012/09/01 16:06:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
[2012/09/01 16:06:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audio Related Programs
[2012/09/01 16:06:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NCH Software
[2012/09/01 16:01:37 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Roaming\Screaming Bee
[2012/09/01 16:01:33 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Screaming Bee
[2012/09/01 16:01:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Screaming Bee
[2012/09/01 16:01:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Screaming Bee
[2012/08/30 13:25:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/08/30 13:25:08 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/08/30 12:18:06 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\Octoshape
[2012/08/30 12:18:05 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Octoshape Streaming Services
[2012/08/30 12:18:05 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Roaming\Octoshape
[2012/08/28 11:41:09 | 006,151,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2012/08/28 11:41:09 | 003,149,632 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2012/08/28 11:41:09 | 000,118,080 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2012/08/28 11:41:09 | 000,063,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll
[2012/08/28 11:41:00 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2012/08/28 11:40:45 | 001,451,840 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdagenco6420103.dll
[2012/08/28 11:40:45 | 000,188,736 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys
[2012/08/28 11:40:45 | 000,031,040 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Nick\Documents\*.tmp files -> C:\Users\Nick\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/09/25 05:38:35 | 000,013,632 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/25 05:38:35 | 000,013,632 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/25 05:37:24 | 000,779,306 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/09/25 05:37:24 | 000,660,296 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/09/25 05:37:24 | 000,121,224 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/09/25 05:34:39 | 000,000,380 | -H-- | M] () -- C:\Windows\tasks\WxDFastUpdaterLogonTask.job
[2012/09/25 05:34:39 | 000,000,334 | ---- | M] () -- C:\Windows\tasks\SpeedUpMyPC.job
[2012/09/25 05:31:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/25 05:31:26 | 2127,355,903 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/24 21:25:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2244709069-3900731247-1807390801-1000UA.job
[2012/09/24 21:21:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/09/24 19:46:00 | 000,000,360 | -H-- | M] () -- C:\Windows\tasks\WxDFastUpdaterRefreshTask.job
[2012/09/24 18:25:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2244709069-3900731247-1807390801-1000Core.job
[2012/09/24 16:35:19 | 000,001,186 | ---- | M] () -- C:\Users\Nick\Desktop\Dxtory.lnk
[2012/09/24 15:20:26 | 000,000,129 | ---- | M] () -- C:\Windows\SysNative\MRT.INI
[2012/09/23 16:41:19 | 000,001,090 | ---- | M] () -- C:\Users\Nick\Desktop\MSI Afterburner.lnk
[2012/09/23 15:41:59 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2012/09/23 15:41:55 | 000,031,080 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2012/09/23 15:09:59 | 000,002,971 | ---- | M] () -- C:\Users\Nick\Desktop\HiJackThis.lnk
[2012/09/23 14:51:58 | 000,000,798 | ---- | M] () -- C:\Users\Nick\Desktop\FFsplit.lnk
[2012/09/23 14:47:07 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/23 14:37:18 | 000,773,030 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/09/23 14:30:18 | 000,234,544 | ---- | M] () -- C:\Windows\RegBootClean64.exe
[2012/09/22 16:26:56 | 000,283,032 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012/09/22 16:26:56 | 000,283,032 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/09/22 16:26:02 | 000,298,016 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012/09/22 16:25:00 | 000,000,201 | ---- | M] () -- C:\Users\Nick\Desktop\Tribes Ascend.url
[2012/09/21 18:22:49 | 000,018,960 | ---- | M] (Logitech, Inc.) -- C:\Windows\SysNative\drivers\LNonPnP.sys
[2012/09/21 10:21:11 | 000,696,240 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/09/21 10:21:11 | 000,073,136 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/09/18 22:43:08 | 000,000,649 | ---- | M] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2012/09/17 19:59:08 | 000,344,576 | ---- | M] (Gregion) -- C:\Windows\SysWow64\grgvvid.dll
[2012/09/17 19:59:08 | 000,077,824 | ---- | M] () -- C:\Windows\SysWow64\xvid.ax
[2012/09/17 19:59:07 | 000,815,104 | ---- | M] () -- C:\Windows\SysWow64\xvidcore.dll
[2012/09/17 19:59:07 | 000,180,224 | ---- | M] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012/09/17 18:58:54 | 000,056,672 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\SysNative\drivers\avgidsha.sys
[2012/09/17 16:57:09 | 000,001,461 | ---- | M] () -- C:\Windows\SysNative\drivers\camcodec.inf
[2012/09/17 16:00:08 | 000,000,173 | ---- | M] () -- C:\Users\Nick\AppData\Local\msmathematics.qat.Nick
[2012/09/16 18:43:03 | 000,001,087 | ---- | M] () -- C:\Users\Nick\Application Data\Microsoft\Internet Explorer\Quick Launch\SMRecorder.lnk
[2012/09/16 13:01:06 | 000,003,584 | ---- | M] () -- C:\Users\Nick\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/09/14 05:34:34 | 000,105,312 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys
[2012/09/13 05:34:11 | 000,000,036 | ---- | M] () -- C:\Users\Nick\AppData\Local\housecall.guid.cache
[2012/09/12 11:47:20 | 000,199,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys
[2012/09/12 11:47:02 | 000,175,968 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys
[2012/09/11 22:58:58 | 093,680,960 | ---- | M] (Trend Micro Inc.) -- C:\Users\Public\Desktop\Trend_Micro.exe
[2012/09/10 19:04:14 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/09/10 16:41:47 | 003,130,440 | ---- | M] () -- C:\Windows\SysWow64\pbsvc_blr.exe
[2012/09/10 16:05:26 | 000,000,202 | ---- | M] () -- C:\Users\Nick\Desktop\Blacklight Retribution.url
[2012/09/09 23:23:34 | 000,001,296 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2012/09/09 20:14:50 | 381,319,631 | ---- | M] () -- C:\Users\Nick\Documents\Mumble-2012-09-09-19-12-15-mumble.tribespugs.com-Mixdown.wav
[2012/09/08 22:38:37 | 000,000,942 | ---- | M] () -- C:\Users\Nick\Desktop\Counter-Strike Global Offensive.lnk
[2012/09/08 20:49:22 | 000,000,200 | ---- | M] () -- C:\Users\Nick\Desktop\Killing Floor.url
[2012/09/08 20:22:51 | 000,000,199 | ---- | M] () -- C:\Users\Nick\Desktop\Counter-Strike Source.url
[2012/09/08 20:09:38 | 000,000,542 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/09/04 16:32:53 | 000,002,256 | ---- | M] () -- C:\Users\Nick\Desktop\SpyHunter.lnk
[2012/09/01 23:20:55 | 000,002,447 | ---- | M] () -- C:\Users\Nick\Desktop\Google Chrome.lnk
[2012/09/01 16:13:50 | 000,000,064 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\VoiceSFX.ini
[2012/09/01 16:13:13 | 000,000,066 | ---- | M] () -- C:\Windows\SysWow64\MASHTWTY.SYS
[2012/09/01 16:06:51 | 000,032,024 | ---- | M] () -- C:\Windows\SysNative\drivers\voxaldriverx64.sys
[2012/08/30 13:29:19 | 000,001,464 | ---- | M] () -- C:\Windows\wininit.ini
[2012/08/30 13:28:35 | 000,795,848 | ---- | M] () -- C:\Users\Nick\Documents\cc_20120830_132829.reg
[2012/08/30 13:25:08 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/08/29 17:03:34 | 000,149,688 | ---- | M] (Webroot) -- C:\Windows\SysWow64\WRusr.dll
[2012/08/29 17:03:34 | 000,102,832 | ---- | M] (Webroot) -- C:\Windows\SysNative\WRusr.dll
[2012/08/29 10:54:16 | 000,110,096 | ---- | M] (Webroot) -- C:\Windows\SysNative\drivers\WRkrn.sys
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Nick\Documents\*.tmp files -> C:\Users\Nick\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/09/24 16:35:19 | 000,001,186 | ---- | C] () -- C:\Users\Nick\Desktop\Dxtory.lnk
[2012/09/23 16:41:19 | 000,001,090 | ---- | C] () -- C:\Users\Nick\Desktop\MSI Afterburner.lnk
[2012/09/23 15:41:59 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2012/09/23 15:09:59 | 000,002,971 | ---- | C] () -- C:\Users\Nick\Desktop\HiJackThis.lnk
[2012/09/23 14:51:58 | 000,000,798 | ---- | C] () -- C:\Users\Nick\Desktop\FFsplit.lnk
[2012/09/22 16:25:00 | 000,000,201 | ---- | C] () -- C:\Users\Nick\Desktop\Tribes Ascend.url
[2012/09/18 22:43:08 | 000,000,649 | ---- | C] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2012/09/17 19:59:08 | 000,077,824 | ---- | C] () -- C:\Windows\SysWow64\xvid.ax
[2012/09/17 19:59:07 | 000,815,104 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012/09/17 19:59:07 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012/09/16 18:43:03 | 000,001,087 | ---- | C] () -- C:\Users\Nick\Application Data\Microsoft\Internet Explorer\Quick Launch\SMRecorder.lnk
[2012/09/16 13:01:06 | 000,003,584 | ---- | C] () -- C:\Users\Nick\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/09/13 05:36:09 | 000,234,544 | ---- | C] () -- C:\Windows\RegBootClean64.exe
[2012/09/13 05:34:11 | 000,000,036 | ---- | C] () -- C:\Users\Nick\AppData\Local\housecall.guid.cache
[2012/09/10 19:00:30 | 003,130,440 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_blr.exe
[2012/09/10 16:05:26 | 000,000,202 | ---- | C] () -- C:\Users\Nick\Desktop\Blacklight Retribution.url
[2012/09/09 19:12:15 | 381,319,631 | ---- | C] () -- C:\Users\Nick\Documents\Mumble-2012-09-09-19-12-15-mumble.tribespugs.com-Mixdown.wav
[2012/09/08 22:38:39 | 000,000,942 | ---- | C] () -- C:\Users\Nick\Desktop\Counter-Strike Global Offensive.lnk
[2012/09/08 20:49:22 | 000,000,200 | ---- | C] () -- C:\Users\Nick\Desktop\Killing Floor.url
[2012/09/08 20:22:51 | 000,000,199 | ---- | C] () -- C:\Users\Nick\Desktop\Counter-Strike Source.url
[2012/09/08 20:09:38 | 000,000,542 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2012/09/04 16:32:53 | 000,002,256 | ---- | C] () -- C:\Users\Nick\Desktop\SpyHunter.lnk
[2012/09/01 16:13:50 | 000,000,064 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\VoiceSFX.ini
[2012/09/01 16:13:13 | 000,000,066 | ---- | C] () -- C:\Windows\SysWow64\MASHTWTY.SYS
[2012/09/01 16:06:51 | 000,032,024 | ---- | C] () -- C:\Windows\SysNative\drivers\voxaldriverx64.sys
[2012/09/01 16:06:51 | 000,001,789 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Voxal Voice Changer.lnk
[2012/08/30 13:28:31 | 000,795,848 | ---- | C] () -- C:\Users\Nick\Documents\cc_20120830_132829.reg
[2012/08/30 13:25:08 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/08/28 22:32:39 | 000,773,030 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/08/28 11:41:09 | 002,621,723 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin
[2012/07/18 14:08:27 | 000,001,464 | ---- | C] () -- C:\Windows\wininit.ini
[2012/07/05 22:06:38 | 000,005,081 | ---- | C] () -- C:\ProgramData\nutolazp.qqa
[2012/05/27 12:20:45 | 000,283,032 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/05/27 12:20:45 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/05/15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012/05/13 15:43:07 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2012/05/05 21:38:33 | 000,000,286 | ---- | C] () -- C:\Windows\reimage.ini
[2012/04/25 19:01:26 | 000,000,173 | ---- | C] () -- C:\Users\Nick\AppData\Local\msmathematics.qat.Nick
[2012/01/11 22:59:08 | 000,007,605 | ---- | C] () -- C:\Users\Nick\AppData\Local\Resmon.ResmonCfg
[2012/01/02 15:38:20 | 005,204,320 | ---- | C] () -- C:\Windows\PE_File.dll
[2011/12/31 23:12:24 | 005,138,784 | ---- | C] () -- C:\Windows\PE_Rom.dll
[2011/12/31 15:46:09 | 000,014,464 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsUpIO.sys
[2011/12/31 13:38:55 | 000,007,594 | ---- | C] () -- C:\Windows\SysWow64\xFiMB2CfgUninstall32.ini
[2011/12/31 13:38:55 | 000,005,135 | ---- | C] () -- C:\Windows\SysWow64\cfgfx.ini
[2011/12/31 13:38:55 | 000,002,775 | ---- | C] () -- C:\Windows\FF08_Render_Spk.ini
[2011/12/31 13:38:54 | 000,002,411 | ---- | C] () -- C:\Windows\FF08_Render_Hp.ini
[2011/12/31 13:38:54 | 000,002,267 | ---- | C] () -- C:\Windows\FF08_Capture.ini
[2011/12/31 13:38:54 | 000,001,542 | ---- | C] () -- C:\Windows\FF08_Render.ini
[2011/12/31 13:38:53 | 000,001,200 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini
[2011/12/31 13:38:53 | 000,001,099 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini
[2011/12/31 13:38:53 | 000,001,099 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini
[2011/12/31 13:38:51 | 000,181,760 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2011/12/31 13:38:51 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2011/12/31 13:37:17 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2011/12/31 13:37:11 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2011/12/31 13:36:21 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011/12/31 13:36:16 | 000,043,654 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2011/10/21 18:27:54 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/10/21 18:27:54 | 000,217,536 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/10/21 18:27:54 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011/10/21 18:22:54 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011/10/21 18:03:04 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/09/19 06:03:40 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\rtvcvfw32.dll
[2011/09/19 00:07:46 | 000,015,360 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll
[2011/09/19 00:07:32 | 000,058,368 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll

========== ZeroAccess Check ==========

[2011/11/16 23:41:18 | 000,002,048 | -HS- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{1bf9acbb-c0b7-c2a3-e57f-e9414753b16c}\@
[2011/11/16 23:41:18 | 000,000,000 | -HSD | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{1bf9acbb-c0b7-c2a3-e57f-e9414753b16c}\L
[2011/11/16 23:41:18 | 000,000,000 | -HSD | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{1bf9acbb-c0b7-c2a3-e57f-e9414753b16c}\U
[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 22:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 21:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

Attached Files


Edited by RPMcMurphy, 25 September 2012 - 08:56 PM.
Added log


#4 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:10 PM

Posted 25 September 2012 - 09:09 PM

Please do this next:

Posted Image Download TDSSKiller.zip and extract TDSSKiller.exe to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
  • If Malicious objects are found then ensure Cure is selected. Important - If there is no option to "Cure" it is critical that you select "Skip"
  • Then click Continue > Reboot now
  • Once complete, a log will be produced in c:\. It will be named for example, TDSSKiller.2.7.1.0_19.01.2012_17.24.26_log.txt
  • Post that log, please.
Posted Image Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • If you have trouble, stop and post back. Do not try to repeatedly run comboFix!
  • When finished, it will produce a report for you.
.
Note: If after running ComboFix you receive a message stating, "Illegal Operation Attempted on a registry key that has been marked for deletion" rebooting your computer will resolve the problem.

Please include the following in your next post:
  • TDSSKiller log
  • ComboFix log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#5 bl4kwidow

bl4kwidow
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:10 PM

Posted 30 September 2012 - 01:45 PM

Here are the logs...

ComboFix 12-09-30.01 - Nick 09/30/2012 10:57:30.2.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8166.6352 [GMT -7:00]
Running from: c:\users\Nick\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\AP Suggestor\APSUggestor.dll
c:\programdata\adob
c:\programdata\adob\1.bat
c:\programdata\adob\123.reg
c:\programdata\adob\color.exe
c:\programdata\adob\copy.exe
c:\programdata\adob\stop.bat
c:\programdata\ntuser.dat
c:\users\Nick\AppData\Roaming\Microsoft\Windows\Recent\Tribes Ascend.url
c:\users\Nick\Documents\~WRL3822.tmp
c:\windows\svchost.exe
c:\windows\SysWow64\local.txt
c:\windows\SysWow64\tmpAD7E.tmp
c:\windows\SysWow64\tmpAE0B.tmp
c:\windows\TEMP\WRusr.dll-79427300-0.tmp
c:\windows\TEMP\WRusr.dll-79427300-1.tmp
F:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-08-28 to 2012-09-30 )))))))))))))))))))))))))))))))
.
.
2012-09-27 22:59 . 2012-09-28 13:37 -------- d-----w- C:\TDSSKiller_Quarantine
2012-09-27 03:10 . 2012-09-27 03:10 -------- d-----w- c:\program files (x86)\AutoHotkey
2012-09-25 21:44 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-09-24 23:35 . 2012-09-24 23:35 -------- d-----w- c:\program files (x86)\Dxtory Software
2012-09-24 23:35 . 2011-05-24 06:29 3673600 ----a-w- c:\windows\system32\DxtoryCodec64.dll
2012-09-24 23:35 . 2011-05-24 06:23 3166720 ----a-w- c:\windows\SysWow64\DxtoryCodec.dll
2012-09-24 01:13 . 2012-09-24 03:09 -------- d-----w- c:\program files (x86)\SplitMediaLabs
2012-09-23 22:42 . 2012-09-23 22:42 -------- d-----w- c:\users\Nick\AppData\Roaming\AVG2013
2012-09-23 22:42 . 2012-09-23 22:42 -------- d-----w- c:\users\Nick\AppData\Local\AVG Secure Search
2012-09-23 22:41 . 2012-09-23 22:41 -------- d-----w- c:\users\Nick\AppData\Roaming\TuneUp Software
2012-09-23 22:41 . 2012-09-23 22:41 -------- d-----w- c:\programdata\AVG Secure Search
2012-09-23 22:41 . 2012-09-23 22:41 31080 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2012-09-23 22:41 . 2012-09-23 22:41 -------- d-----w- c:\program files (x86)\AVG Secure Search
2012-09-23 22:41 . 2012-09-23 22:41 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2012-09-23 22:41 . 2012-09-24 22:02 -------- d-----w- c:\programdata\AVG2013
2012-09-23 22:41 . 2012-09-23 22:41 -------- d-----w- C:\$AVG
2012-09-23 22:39 . 2012-09-24 02:35 -------- d-----w- c:\users\Nick\AppData\Local\Avg2013
2012-09-23 22:39 . 2012-09-23 22:39 -------- d-----w- c:\users\Nick\AppData\Local\MFAData
2012-09-23 22:35 . 2012-09-23 22:35 -------- d-----w- c:\users\Nick\AppData\Local\FFsplit
2012-09-23 22:09 . 2012-09-23 22:09 388096 ----a-r- c:\users\Nick\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-09-23 22:09 . 2012-09-23 22:09 -------- d-----w- c:\program files (x86)\Trend Micro
2012-09-23 21:49 . 2012-09-27 04:24 -------- d-----w- c:\program files (x86)\FFsplit
2012-09-23 20:40 . 2012-09-23 20:40 -------- d-----w- c:\users\Nick\AppData\Local\SplitMediaLabs
2012-09-23 20:40 . 2012-09-23 20:40 -------- d-----w- c:\programdata\SplitMediaLabs
2012-09-23 20:39 . 2012-09-23 20:39 -------- d-----w- c:\users\Nick\AppData\Roaming\SplitMediaLabs
2012-09-22 01:22 . 2012-09-22 01:22 53248 ----a-r- c:\users\Nick\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-09-20 04:56 . 2012-09-20 04:56 -------- d-----w- C:\Dynamix
2012-09-20 01:00 . 2012-09-23 21:49 -------- d-----w- c:\users\Nick\AppData\Local\Trend Micro
2012-09-20 00:14 . 2012-09-20 00:14 -------- d-----w- c:\users\Nick\AppData\Roaming\LolClient
2012-09-19 05:43 . 2008-07-12 15:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll
2012-09-19 05:43 . 2008-07-12 15:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll
2012-09-19 05:43 . 2008-07-12 15:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll
2012-09-19 05:08 . 2012-09-23 21:49 -------- d-----w- c:\users\Nick\AppData\Local\PMB Files
2012-09-19 05:08 . 2012-09-20 00:15 -------- d-----w- c:\programdata\PMB Files
2012-09-19 05:08 . 2012-09-19 05:08 -------- d-----w- c:\program files (x86)\Pando Networks
2012-09-18 22:41 . 2012-09-23 23:41 -------- d-----w- c:\program files (x86)\MSI Afterburner
2012-09-18 03:20 . 2012-09-18 03:20 -------- d-----w- c:\users\Nick\AppData\Local\Noël Danjou
2012-09-18 03:20 . 2012-09-18 03:20 -------- d-----w- c:\program files (x86)\Noël Danjou
2012-09-18 02:59 . 2012-09-18 02:59 77824 ----a-w- c:\windows\SysWow64\xvid.ax
2012-09-18 02:59 . 2012-09-18 02:59 344576 ----a-w- c:\windows\SysWow64\grgvvid.dll
2012-09-18 02:59 . 2012-09-18 02:59 815104 ----a-w- c:\windows\SysWow64\xvidcore.dll
2012-09-18 02:59 . 2012-09-18 02:59 180224 ----a-w- c:\windows\SysWow64\xvidvfw.dll
2012-09-18 01:58 . 2012-09-18 01:58 56672 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2012-09-17 05:29 . 2012-09-17 05:30 -------- d-----w- c:\program files (x86)\Wisdom-soft AutoScreenRecorder 3.1 Free
2012-09-17 01:43 . 2012-09-30 18:02 -------- d-----w- c:\program files (x86)\AP Suggestor
2012-09-17 01:43 . 2012-09-17 01:43 -------- d-----w- c:\program files (x86)\SMRecorder
2012-09-17 01:32 . 2012-09-27 04:06 -------- d-----w- c:\users\Nick\AppData\Local\Dxtory Software
2012-09-16 20:05 . 2012-09-16 20:05 -------- d-----w- c:\users\Nick\AppData\Local\ezvid,_inc
2012-09-16 19:21 . 2012-09-16 20:12 -------- d-----w- c:\users\Nick\AppData\Local\gctmp
2012-09-16 19:21 . 2012-09-16 19:21 -------- d-----w- c:\users\Nick\AppData\Local\Xenocode
2012-09-15 22:38 . 2012-09-15 22:38 -------- d-----w- c:\program files (x86)\AP Tuner
2012-09-14 12:34 . 2012-09-14 12:34 105312 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2012-09-13 12:36 . 2012-09-23 21:30 234544 ----a-w- c:\windows\RegBootClean64.exe
2012-09-13 12:34 . 2012-09-23 21:49 -------- d-----w- c:\programdata\Trend Micro
2012-09-13 10:00 . 2012-09-13 10:00 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-09-12 18:47 . 2012-09-12 18:47 199520 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2012-09-12 18:47 . 2012-09-12 18:47 175968 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2012-09-12 13:39 . 2012-09-12 13:39 -------- d-----w- c:\users\Nick\AppData\Roaming\Publish Providers
2012-09-12 13:37 . 2012-09-12 13:38 -------- d-----w- c:\users\Nick\AppData\Local\Sony
2012-09-12 13:37 . 2012-09-12 13:37 -------- d-----w- c:\programdata\Sony
2012-09-12 13:37 . 2012-09-12 13:37 -------- d-----w- c:\program files (x86)\Sony
2012-09-12 13:37 . 2012-09-12 13:39 -------- d-----w- c:\users\Nick\AppData\Roaming\Sony
2012-09-12 10:31 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-12 10:31 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-12 10:31 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-12 10:31 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-12 10:31 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-12 10:31 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-09-12 10:31 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-11 02:00 . 2012-09-10 23:41 3130440 ----a-w- c:\windows\SysWow64\pbsvc_blr.exe
2012-09-10 14:52 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-09-10 14:52 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-09-10 14:52 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-09-04 23:32 . 2012-09-04 23:32 110080 ----a-r- c:\users\Nick\AppData\Roaming\Microsoft\Installer\{8C5C34C7-BC6B-4831-8B2C-6535FE63E502}\IconF7A21AF7.exe
2012-09-04 23:32 . 2012-09-04 23:32 110080 ----a-r- c:\users\Nick\AppData\Roaming\Microsoft\Installer\{8C5C34C7-BC6B-4831-8B2C-6535FE63E502}\IconD7F16134.exe
2012-09-04 23:32 . 2012-09-04 23:32 110080 ----a-r- c:\users\Nick\AppData\Roaming\Microsoft\Installer\{8C5C34C7-BC6B-4831-8B2C-6535FE63E502}\Icon1226A4C5.exe
2012-09-04 23:32 . 2012-09-04 23:32 -------- d-----w- c:\program files\Enigma Software Group
2012-09-02 19:31 . 2012-09-02 21:59 -------- d-----w- c:\users\Nick\AppData\Local\PAYDAY
2012-09-02 19:29 . 2012-09-02 19:29 -------- d-----w- c:\programdata\RELOADED
2012-09-01 23:13 . 2012-09-01 23:13 66 ----a-w- c:\windows\SysWow64\MASHTWTY.SYS
2012-09-01 23:13 . 2012-09-01 23:13 -------- d-----w- c:\program files (x86)\Blaze Audio
2012-09-01 23:07 . 2012-09-01 23:07 -------- d-----w- c:\users\Nick\AppData\Roaming\NCH Software
2012-09-01 23:07 . 2012-09-01 23:07 -------- d-----w- c:\programdata\NCH Software
2012-09-01 23:06 . 2012-09-01 23:06 -------- d-----w- c:\program files (x86)\NCH Software
2012-09-01 23:06 . 2012-09-01 23:06 32024 ----a-w- c:\windows\system32\drivers\voxaldriverx64.sys
2012-09-01 23:01 . 2012-09-01 23:01 -------- d-----w- c:\users\Nick\AppData\Roaming\Screaming Bee
2012-09-01 23:01 . 2012-09-01 23:01 -------- d-----w- c:\programdata\Screaming Bee
2012-09-01 23:01 . 2012-09-01 23:01 -------- d-----w- c:\program files (x86)\Screaming Bee
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-24 22:19 . 2012-01-11 03:49 64462936 ----a-w- c:\windows\system32\MRT.exe
2012-09-22 23:26 . 2012-05-27 19:22 283032 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-09-22 23:26 . 2012-05-27 19:20 283032 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-09-22 23:26 . 2012-05-27 19:20 298016 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-09-22 01:22 . 2011-12-31 20:52 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-09-21 17:21 . 2012-05-08 13:20 696240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-21 17:21 . 2011-12-31 20:49 73136 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-11 02:04 . 2012-05-27 19:20 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-09-08 00:04 . 2012-05-06 04:59 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-13 23:40 . 2012-08-13 23:40 150880 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2012-08-10 11:52 . 2012-08-10 11:52 40288 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
2012-08-09 20:56 . 2012-08-09 20:56 230240 ----a-w- c:\windows\system32\drivers\avgloga.sys
2012-07-18 18:15 . 2012-08-15 18:23 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-06 05:06 . 2012-07-13 18:44 772544 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-07-06 05:06 . 2011-12-31 21:07 687544 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-07-04 22:16 . 2012-08-15 18:23 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-07-04 22:13 . 2012-08-15 18:23 59392 ----a-w- c:\windows\system32\browcli.dll
2012-07-04 22:13 . 2012-08-15 18:23 136704 ----a-w- c:\windows\system32\browser.dll
2012-07-04 21:14 . 2012-08-15 18:23 41984 ----a-w- c:\windows\SysWow64\browcli.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-09-23 22:41 1734240 ----a-w- c:\program files (x86)\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{F3FEE66E-E034-436a-86E4-9690573BEE8A}]
2012-07-27 02:52 1213832 ----a-w- c:\program files (x86)\YTD Toolbar\IE\6.2\ytdToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{F3FEE66E-E034-436a-86E4-9690573BEE8A}"= "c:\program files (x86)\YTD Toolbar\IE\6.2\ytdToolbarIE.dll" [2012-07-27 1213832]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll" [2012-09-23 1734240]
.
[HKEY_CLASSES_ROOT\clsid\{f3fee66e-e034-436a-86e4-9690573bee8a}]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Nick\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Nick\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Nick\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"Vidalia"="c:\users\Nick\Downloads\Tor Browser\App\vidalia.exe" [2012-03-16 5781554]
"Spotify Web Helper"="c:\users\Nick\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-08-19 1193176]
"DAEMON Tools Pro Agent"="c:\program files (x86)\DAEMON Tools Pro\DTAgent.exe" [2012-04-26 3111744]
"Octoshape Streaming Services"="c:\users\Nick\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2011-03-24 107800]
"Steam"="f:\steam\steam.exe" [2012-09-22 1353080]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"THX Audio Control Panel"="c:\program files (x86)\Creative\Sound Blaster X-Fi MB 2\THXAudioCP\THXAudio.exe" [2010-06-12 1349632]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"ASUS AiChargerPlus Execute"="c:\program files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe" [2010-11-08 465536]
"GPU TweakIt Server Execute"="c:\program files (x86)\ASUS\ASUS ROG Connect Plus\GPU TweakIt Server\GPUTweakit.exe" [2011-05-03 1384064]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"VolPanel"="c:\program files (x86)\Creative\Sound Blaster X-Fi MB 2\Sound Blaster Panel\VolPanlu.exe" [2010-02-19 241789]
"VMM Mode Selection"="c:\program files\HTC\ModeSelection\VMMModeSelection.exe" [2011-02-14 43520]
"Mobile Connectivity Suite"="c:\program files (x86)\HTC\HTC Sync\Application Launcher\Application Launcher.exe" [2009-11-19 598016]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-09-14 3039352]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-09-23 947808]
"ROC_ROC_NT"="c:\program files (x86)\AVG Secure Search\ROC_ROC_NT.exe" [2012-09-23 856160]
.
c:\users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Nick\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-7-24 26909544]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~1\LUCIDL~1\VIRTU\x86\appinit_dll.dll c:\progra~1\LUCIDL~1\VIRTU\x86\appinit_dll.dll c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer9"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2013\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-21 250288]
R3 AIDA64Driver;FinalWire AIDA64 Kernel Driver;c:\program files (x86)\FinalWire\AIDA64 Extreme Edition\kerneld.x64 [2011-10-26 28320]
R3 cpuz134;cpuz134;c:\users\Nick\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-12-31 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-12-31 79360]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [2011-03-03 13088]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-12-09 135584]
R3 GPU-Z;GPU-Z;c:\users\Nick\AppData\Local\Temp\GPU-Z.sys [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-10-26 32768]
R3 McAfee ScanAndRepair Svc;McAfee ScanAndRepair Svc;c:\program files (x86)\McAfeeScanAndRepair\McAfeeScanRepairSvc.exe [2012-01-12 695640]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys [2012-09-17 13368]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-01 1255736]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]
R3 WRfiltv;WRfiltv;c:\windows\system32\drivers\WRfiltv.sys [2009-07-31 25600]
S0 AiChargerPlus;ASUS Charger Plus Driver;c:\windows\system32\DRIVERS\AiChargerPlus.sys [2010-11-08 14464]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-09-18 56672]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-08-09 230240]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-08-10 40288]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-08-13 150880]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-09-12 175968]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2012-09-14 105312]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-09-12 199520]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-09-23 31080]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-06-29 283200]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2012-01-12 57976]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe [2011-06-13 922240]
S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [2010-12-02 915584]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2010-10-21 586880]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2012-08-20 5751928]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-08-20 184304]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2011-01-20 21992]
S2 FreeAgentGoFlex Service;Seagate Drive Settings Service;c:\program files (x86)\Seagate\DriveSettings\Sync\SeagateDriveSettingsService.exe [2011-02-10 91432]
S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;f:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-08-30 8704]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2011-06-29 171688]
S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]
S2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [2012-09-23 722528]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-02-24 126952]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-02-24 389608]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2012-06-25 52320]
S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [2011-07-20 342704]
S3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);c:\windows\system32\DRIVERS\ICCWDT.sys [2010-08-18 26136]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-04-18 188736]
S3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys [2010-07-01 38992]
S3 VirtuWDDM;VirtuWDDM;c:\windows\system32\DRIVERS\VirtuWDDM.sys [2011-09-27 66336]
S3 voxaldriver;Voxal Filter Driver 2.00.00;c:\windows\system32\DRIVERS\voxaldriverx64.sys [2012-09-01 32024]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-08 17:21]
.
2012-09-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2244709069-3900731247-1807390801-1000Core.job
- c:\users\Nick\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-15 05:00]
.
2012-09-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2244709069-3900731247-1807390801-1000UA.job
- c:\users\Nick\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-15 05:00]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Nick\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Nick\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Nick\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Nick\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"THXCfg64"="c:\windows\system32\THXCfg64.dll" [2009-10-15 17920]
"RunDLLEntry"="c:\windows\system32\AmbRunE.dll" [2009-02-26 17920]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-22 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-22 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-22 416024]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-11 1873256]
"VIRTU"="c:\program files\Lucidlogix Technologies\VIRTU\VirtuControlPanel.Exe" [2011-09-27 2593056]
"ROG GameFirst"="c:\program files\ASUS\ROG GameFirst\cFosSpeed.exe" [2010-11-22 1305272]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\progra~1\LUCIDL~1\VIRTU\appinit_dll.dll c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Download with &Media Finder - c:\program files (x86)\Media Finder\hook.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {{02E2473F-766B-4ce2-8FD0-C4E8071EF1C4} - {D0984FD4-FA9A-46ee-9072-70B0735FF852} - c:\program files (x86)\AP Suggestor\APSuggestor.dll
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll
FF - ProfilePath - c:\users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\qpxxailp.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?affID=112560&tt=2912_7&babsrc=HP_ss&mntrId=949a2bb40000000000005404a60bd477
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=112560&tt=2912_7
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 949a2bb40000000000005404a60bd477
FF - user.js: extensions.BabylonToolbar_i.hardId - 949a2bb40000000000005404a60bd477
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15538
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1722:42
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);
FF - user.js: extensions.autoDisableScopes - 14//Playbryte-fa-outbrowse
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{D0984FD4-FA9A-46ee-9072-70B0735FF852} - c:\program files (x86)\AP Suggestor\APSuggestor.dll
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKLM-Run-Adobe gamma load - c:\programdata\adob\color.exe
SafeBoot-46219696.sys
SafeBoot-92496968.sys
AddRemove-Payday The Heist © OVERKILL Software Setup Wizard 1.0.0 - c:\program files (x86)\Payday The Heist\Uninstall.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_blr.exe
AddRemove-Garrys Mod Update #1 - 0:\program files (x86)\Garrys Mod Final [DiGiTALZONE] 2010 Edition\Uninstall.exe
AddRemove-{D241D9B3-1A51-4E53-85CC-9AC754819015} - c:\users\Nick\AppData\Local\{0DE50C9D-4543-4E98-AD03-1BFD049ABE78}\gregion_03_10.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AIDA64Driver]
"ImagePath"="\??\c:\program files (x86)\FinalWire\AIDA64 Extreme Edition\kerneld.x64"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{11111111-1111-1111-1111-110011221158}"=hex:51,66,7a,6c,4c,1d,38,12,7f,12,02,
15,23,5f,7f,54,6e,07,52,40,14,7c,55,4c
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}"=hex:51,66,7a,6c,4c,1d,38,12,81,2d,20,
35,ad,85,e1,00,d0,fd,90,4e,9f,38,f2,ae
"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,
38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:87,d9,e9,84,19,47,cd,01
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\ASUS\AI Suite II\AsRoutineController.exe
c:\program files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe
c:\program files (x86)\MSI Afterburner\Bundle\OSDServer\RTSS.exe
.
**************************************************************************
.
Completion time: 2012-09-30 11:04:19 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-30 18:04
.
Pre-Run: 23,747,960,832 bytes free
Post-Run: 23,265,497,088 bytes free
.
- - End Of File - - 426D5BBC1C97DFEF91045B2E34CFC7FD

Attached Files


Edited by RPMcMurphy, 01 October 2012 - 06:48 PM.
Added cf log


#6 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:10 PM

Posted 01 October 2012 - 06:53 PM

Please do this next:

Posted Image You have this program installed, Malwarebytes' Anti-Malware (MBAM). Please update it and run a scan.

Open MBAM
  • Click the Update tab
  • Click Check for Updates
  • If an update is found, it will download and install the latest version.
  • The program will close to update and reopen.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Uncheck any entries from C:\System Volume Information, C:\_OTL\MovedFiles or C:\Qoobox
  • Make sure that everything else is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Please include the following in your next post:
  • MBAM log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#7 bl4kwidow

bl4kwidow
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:10 PM

Posted 05 October 2012 - 12:35 PM

MBAM log

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.10.01.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Nick :: NICK-PC [administrator]

10/1/2012 5:02:29 PM
mbam-log-2012-10-01 (17-02-29).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 683961
Time elapsed: 21 minute(s), 7 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)

#8 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:10 PM

Posted 05 October 2012 - 11:52 PM

How is your computer running now? Please do this next:

Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.
  • Go to Start > Control Panel > Programs > Uninstall a program, and remove all older versions of Java.
  • Click (highlight) any item with Java Runtime Environment (JRE or J2SE or Java™ 6) in the name and select "uninstall".
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Go to this page to download the latest version. Press the download button under JRE and follow the prompts. Accept the agreement and choose the Windows x86 offline option.
  • Run the installer you just downloaded
Posted Image Go to this LINK to run an online scannner from ESET.
  • Note: For browsers other than Internet Explorer, you will need to download and install esetsmartinstaller_enu.exe. Click on it and save the file to a convenient location. Double click on it to install and a new window will open.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • If you are using Internet Explorer, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic.
Please include the following in your next post:
  • How is the computer running now?
  • ESET log

Edited by RPMcMurphy, 05 October 2012 - 11:53 PM.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#9 bl4kwidow

bl4kwidow
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:10 PM

Posted 09 October 2012 - 12:07 AM

My computer is getting random redirects to sites like click.livesearchnow.com, but other than that, it's running fine.

ESET log:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=3f7643f4220252488d85505020781b0e
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-10-09 04:25:31
# local_time=2012-10-08 09:25:31 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1024 16777215 100 0 1228446 1228446 0 0
# compatibility_mode=5893 16776574 100 94 15054153 101298378 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=477632
# found=27
# cleaned=27
# scan_time=1803
C:\Program Files (x86)\YTD Toolbar\IE\6.2\ytdToolbarIE.dll a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\ProgramData\Microsoft\Windows\DRM\504E.tmp.dat a variant of Win32/Kryptik.AHVU trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\ProgramData\Microsoft\Windows\DRM\6795.tmp a variant of Win32/Kryptik.AHVU trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\ProgramData\Microsoft\Windows\DRM\C746.tmp.dat a variant of Win32/Kryptik.AGNZ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric1.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric2.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\ProgramData\WxDFastUpdater\runtime.dll Win32/GenUpdater application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\27.09.2012_15.57.11\mbr0000\tdlfs0000\tsk0000.dta Win64/Olmarik.AK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\27.09.2012_15.57.11\mbr0000\tdlfs0000\tsk0001.dta Win32/Olmarik.AYH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\27.09.2012_15.57.11\mbr0000\tdlfs0000\tsk0002.dta Win64/Olmarik.AL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\27.09.2012_15.57.11\mbr0000\tdlfs0000\tsk0003.dta a variant of Win32/Rootkit.Kryptik.MY trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\27.09.2012_15.57.11\mbr0000\tdlfs0000\tsk0004.dta Win64/Olmarik.AK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\27.09.2012_15.57.11\mbr0000\tdlfs0000\tsk0008.dta Win32/Olmarik.AFK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\27.09.2012_15.57.11\mbr0000\tdlfs0000\tsk0009.dta Win64/Olmarik.AK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\28.09.2012_06.36.46\mbr0000\tdlfs0000\tsk0000.dta Win64/Olmarik.AK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\28.09.2012_06.36.46\mbr0000\tdlfs0000\tsk0001.dta Win32/Olmarik.AYH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\28.09.2012_06.36.46\mbr0000\tdlfs0000\tsk0002.dta Win64/Olmarik.AL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\28.09.2012_06.36.46\mbr0000\tdlfs0000\tsk0003.dta a variant of Win32/Rootkit.Kryptik.MY trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\28.09.2012_06.36.46\mbr0000\tdlfs0000\tsk0004.dta Win64/Olmarik.AK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\28.09.2012_06.36.46\mbr0000\tdlfs0000\tsk0008.dta Win32/Olmarik.AFK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\28.09.2012_06.36.46\mbr0000\tdlfs0000\tsk0009.dta Win64/Olmarik.AK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Default\aaipakmhjdccmnpdbbpphcjokfeendne\background.html Win32/BHO.OEI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\282C7LZC\kitten-spazzing-on-bed[1].htm HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C

#10 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:10 PM

Posted 09 October 2012 - 02:00 PM

Please do this next:

Posted Image Delete your existing copy of OTL and download a new one from this LINK saving it to your desktop.

Posted Image Run OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :OTL
    FF - prefs.js..extensions.enabledAddons: rdacnzfnmq@rdacnzfnmq.org:1.0
    FF - prefs.js..extensions.enabledAddons: 500ec0b06303a@500ec0b063074.info:1.0
    [2012/08/19 22:05:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\qpxxailp.default\extensions\staged
    [2012/05/15 19:17:46 | 000,004,733 | ---- | M] () (No name found) -- C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\qpxxailp.default\extensions\rdacnzfnmq@rdacnzfnmq.org.xpi
    [2012/01/31 12:49:40 | 000,030,793 | ---- | M] () (No name found) -- C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\qpxxailp.default\extensions\{7F23E3F4-F72E-4f4f-8761-854C8942708F}.xpi
    :Commands
    [EmptyTemp]
    [ResetHosts]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, it will reboot when it is done and produce a log
Please include the following in your next post:
  • OTL Fix log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#11 bl4kwidow

bl4kwidow
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:10 PM

Posted 17 October 2012 - 03:29 PM

All processes killed
========== OTL ==========
Prefs.js: rdacnzfnmq@rdacnzfnmq.org:1.0 removed from extensions.enabledAddons
Prefs.js: 500ec0b06303a@500ec0b063074.info:1.0 removed from extensions.enabledAddons
C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\qpxxailp.default\extensions\staged\crossriderapp2258@crossrider.com\skin folder moved successfully.
C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\qpxxailp.default\extensions\staged\crossriderapp2258@crossrider.com\locale\en-US folder moved successfully.
C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\qpxxailp.default\extensions\staged\crossriderapp2258@crossrider.com\locale folder moved successfully.
C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\qpxxailp.default\extensions\staged\crossriderapp2258@crossrider.com\defaults\preferences folder moved successfully.
C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\qpxxailp.default\extensions\staged\crossriderapp2258@crossrider.com\defaults folder moved successfully.
C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\qpxxailp.default\extensions\staged\crossriderapp2258@crossrider.com\chrome\content folder moved successfully.
C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\qpxxailp.default\extensions\staged\crossriderapp2258@crossrider.com\chrome folder moved successfully.
C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\qpxxailp.default\extensions\staged\crossriderapp2258@crossrider.com folder moved successfully.
C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\qpxxailp.default\extensions\staged folder moved successfully.
C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\qpxxailp.default\extensions\rdacnzfnmq@rdacnzfnmq.org.xpi moved successfully.
C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\qpxxailp.default\extensions\{7F23E3F4-F72E-4f4f-8761-854C8942708F}.xpi moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56475 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Nick
->Temp folder emptied: 12719041 bytes
->Temporary Internet Files folder emptied: 23218198 bytes
->Java cache emptied: 643583 bytes
->FireFox cache emptied: 60115539 bytes
->Google Chrome cache emptied: 79679889 bytes
->Flash cache emptied: 2043 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56475 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 200704 bytes
%systemroot%\System32 .tmp files removed: 1619120 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 580340 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50467 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes
RecycleBin emptied: 7048986 bytes

Total Files Cleaned = 177.00 mb

HOSTS file reset successfully

OTL by OldTimer - Version 3.2.69.0 log created on 10152012_154811

Files\Folders moved on Reboot...
C:\Users\Nick\AppData\Local\Temp\OICE_07C1B5D8-10DC-4AB6-9D31-D0F5D114DD9F.0\68AE242E.docx moved successfully.
File\Folder C:\Users\Nick\AppData\Local\Temp\OICE_07C1B5D8-10DC-4AB6-9D31-D0F5D114DD9F.0\76E9A2.gif not found!
C:\Users\Nick\AppData\Local\Temp\OICE_07C1B5D8-10DC-4AB6-9D31-D0F5D114DD9F.0\~WRS{8251C26E-1540-4768-8ED8-B393156880F0}.tmp moved successfully.
C:\Users\Nick\AppData\Local\Temp\OICE_07C1B5D8-10DC-4AB6-9D31-D0F5D114DD9F.0\~WRS{E888C19C-9537-4C97-95A4-4B08549D9764}.tmp moved successfully.
C:\Users\Nick\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Nick\AppData\Local\Temp\~DF29CCDDE4EA4AB44C.TMP not found!
File\Folder C:\Users\Nick\AppData\Local\Temp\~DF7E75C13EF241C9AC.TMP not found!
C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\X4BP3N6Z\books[2].htm moved successfully.
C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\K78KYE35\quia.course.ui.books.take[1].htm moved successfully.
C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SuggestedSites.dat moved successfully.
C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{899B9CEF-1609-4C1C-9755-7483011304E9}.tmp moved successfully.
C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{0D4A4070-61FF-455E-BD75-8C3AE0BFB1E4}.tmp moved successfully.
C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{27E1CDFD-0BD1-4FEF-8BDB-44416CD0AE23}.tmp moved successfully.
C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{2C0F8F32-4314-4674-BA30-B39DF3B9B483}.tmp moved successfully.
C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{44500DC1-6D95-45F3-81E3-14995B067FB6}.tmp moved successfully.
C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{A2AE8707-AD47-4F6D-AA78-8DCDC8EE42F6}.tmp moved successfully.
C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{F2FFDF09-9CA5-498D-A022-FECB2BB826E6}.tmp moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

#12 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:10 PM

Posted 17 October 2012 - 08:27 PM

Did that clear up the redirects?

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#13 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:10 PM

Posted 24 October 2012 - 07:01 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users