Malware has taken over SVChost

Inactive
By Tulii
Aug 25, 2012
  1. Eariler today my windows firewall and antivirus software had been disabled from an unknown malware. My antivirus log said it was trojan.sirefef.hh and generic.trojan 7656944. Each time the antivirus software deleted them, a popup from the software would report that they had re appeared again two seconds later. Now the antivirus isn't working at all. Gmer did not produce a log.

    Malwarebytes Anti-Malware (Trial) 1.62.0.1300
    www.malwarebytes.org
    Database version: v2012.08.25.01
    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Tuli :: TULI-PC [limited]
    Protection: Enabled
    25/08/2012 12:01:38 AM
    mbam-log-2012-08-25 (00-01-38).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 217001
    Time elapsed: 1 minute(s), 30 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 0
    (No malicious items detected)
    (end)
  2. Tulii

    Tulii Newcomer, in training Topic Starter Posts: 18

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
    Run by Tuli at 0:10:46 on 2012-08-25
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.8136.5652 [GMT -4:00]
    .
    AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\windows\system32\wininit.exe
    C:\windows\system32\lsm.exe
    C:\windows\system32\svchost.exe -k DcomLaunch
    C:\windows\system32\nvvsvc.exe
    C:\windows\system32\svchost.exe -k RPCSS
    C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\windows\system32\svchost.exe -k netsvcs
    C:\windows\system32\svchost.exe -k LocalService
    C:\windows\system32\svchost.exe -k NetworkService
    C:\windows\system32\WLANExt.exe
    C:\windows\system32\conhost.exe
    C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
    C:\windows\system32\nvvsvc.exe
    C:\windows\System32\spoolsv.exe
    C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\windows\system32\taskhost.exe
    C:\windows\system32\Dwm.exe
    C:\windows\Explorer.EXE
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe
    C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
    C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
    C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
    C:\Program Files (x86)\Skype\Phone\Skype.exe
    C:\Program Files (x86)\Samsung\Kies\Kies.exe
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
    C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
    C:\Program Files (x86)\CyberLink\Shared Files\brs.exe
    C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
    C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    C:\windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
    C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSM32.EXE
    C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
    C:\Program Files (x86)\AVG Secure Search\vprot.exe
    C:\windows\system32\wbem\unsecapp.exe
    C:\windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
    C:\windows\system32\wbem\unsecapp.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\windows\system32\SearchIndexer.exe
    C:\windows\system32\svchost.exe -k bthsvcs
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\windows\SysWOW64\RunDll32.exe
    C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe
    C:\Program Files\Lenovo\Bluetooth Software\Bluetooth Headset Helper.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
    C:\windows\system32\SearchProtocolHost.exe
    C:\windows\system32\SearchFilterHost.exe
    C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.exe
    C:\windows\system32\DllHost.exe
    C:\windows\system32\DllHost.exe
    C:\windows\SysWOW64\cmd.exe
    C:\windows\system32\conhost.exe
    C:\windows\SysWOW64\cscript.exe
    C:\windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
    uStart Page = hxxp://google.ca/
    mStart Page = hxxp://lenovo.msn.com
    uWindows: Load=C:\Users\Tuli\AppData\Roaming\R6rd6c\UBHN4H~1.LNK
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\12.2.0.5\AVG Secure Search_toolbar.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\12.2.0.5\AVG Secure Search_toolbar.dll
    uRun: [LenovoR.I.C.Tray] C:\Program Files (x86)\Lenovo\RobustIntelligentCompanion\LenovoR.I.C.Tray.exe
    uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
    uRun: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
    uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    uRun: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
    uRun: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
    uRun: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
    uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
    mRun: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
    mRun: [RemoteControl10] "C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe"
    mRun: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
    mRun: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
    mRun: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s
    mRun: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
    mRun: [UpdatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
    mRun: [F-Secure Manager] "C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSM32.EXE" /splash
    mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
    mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
    mRun: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
    mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    StartupFolder: C:\Users\Tuli\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\Lenovo\Bluetooth Software\BTTray.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: Send image to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
    DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://aolsvc.aol.com/onlinegames/free-trial-peggle-deluxe/popcaploader_v10.cab
    DPF: {EA6246B4-F380-443F-8727-9AEA3371146C} - hxxp://games.bigfishgames.com/en_wedding-dash/online/WeddingDash.1.0.0.47.cab
    TCP: DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{1074EA02-97FD-4EB8-89A6-E00C1CF35095} : DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{1074EA02-97FD-4EB8-89A6-E00C1CF35095}\33239353578626 : DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{1074EA02-97FD-4EB8-89A6-E00C1CF35095}\B4052594E6475627E65647 : DhcpNameServer = 4.2.2.2 64.71.255.198
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.0\ViProtocol.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    AppInit_DLLs: C:\windows\SysWOW64\nvinit.dll
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
    BHO-X64: AVG Do Not Track - No File
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.0.5\AVG Secure Search_toolbar.dll
    BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.0.5\AVG Secure Search_toolbar.dll
    mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
    mRun-x64: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
    mRun-x64: [RemoteControl10] "C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe"
    mRun-x64: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
    mRun-x64: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
    mRun-x64: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s
    mRun-x64: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
    mRun-x64: [UpdatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
    mRun-x64: [F-Secure Manager] "C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSM32.EXE" /splash
    mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
    mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
    mRun-x64: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
    mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
    AppInit_DLLs-X64: C:\windows\SysWOW64\nvinit.dll

    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Tuli\AppData\Roaming\Mozilla\Firefox\Profiles\mqthu6j0.default\
    FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.0\npsitesafety.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\Tuli\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
    FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: network.cookie.cookieBehavior - 0
    FF - user.js: privacy.clearOnShutdown.cookies - false
    FF - user.js: security.warn_viewing_mixed - false
    FF - user.js: security.warn_viewing_mixed.show_once - false
    FF - user.js: security.warn_submit_insecure - false
    FF - user.js: security.warn_submit_insecure.show_once - false
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSHA;AVGIDSHA;C:\windows\system32\DRIVERS\avgidsha.sys --> C:\windows\system32\DRIVERS\avgidsha.sys [?]
    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\system32\DRIVERS\avgrkx64.sys --> C:\windows\system32\DRIVERS\avgrkx64.sys [?]
    R0 HybridDisk;HybridDisk;C:\windows\system32\DRIVERS\HybridDiskX64.sys --> C:\windows\system32\DRIVERS\HybridDiskX64.sys [?]
    R0 LHDmgr;LHDmgr;C:\windows\system32\DRIVERS\LhdX64.sys --> C:\windows\system32\DRIVERS\LhdX64.sys [?]
    R0 nvpciflt;nvpciflt;C:\windows\system32\DRIVERS\nvpciflt.sys --> C:\windows\system32\DRIVERS\nvpciflt.sys [?]
    R1 Avgldx64;AVG AVI Loader Driver;C:\windows\system32\DRIVERS\avgldx64.sys --> C:\windows\system32\DRIVERS\avgldx64.sys [?]
    R1 avgtp;avgtp;\??\C:\windows\system32\drivers\avgtpx64.sys --> C:\windows\system32\drivers\avgtpx64.sys [?]
    R1 F-Secure HIPS;F-Secure HIPS Driver;C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\HIPS\drivers\fshs.sys [2012-8-24 62032]
    R1 fsvista;F-Secure Vista Support Driver;C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys [2012-8-24 15016]
    R1 hybridcfile;hybridcfile;C:\windows\system32\DRIVERS\HybridCFileX64.sys --> C:\windows\system32\DRIVERS\HybridCFileX64.sys [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
    R1 winioex;winioex;C:\windows\system32\drivers\winioex.sys --> C:\windows\system32\drivers\winioex.sys [?]
    R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
    R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-10-31 13336]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-8-25 655944]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-31 2009704]
    R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-10-31 2656280]
    R2 vToolbarUpdater12.2.0;vToolbarUpdater12.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exe [2012-8-24 927840]
    R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\windows\system32\DRIVERS\AcpiVpc.sys --> C:\windows\system32\DRIVERS\AcpiVpc.sys [?]
    R3 BTWAMPFL;BTWAMPFL;C:\windows\system32\DRIVERS\btwampfl.sys --> C:\windows\system32\DRIVERS\btwampfl.sys [?]
    R3 BTWDPAN;Bluetooth Personal Area Network;C:\windows\system32\DRIVERS\btwdpan.sys --> C:\windows\system32\DRIVERS\btwdpan.sys [?]
    R3 btwl2cap;Bluetooth L2CAP Service;C:\windows\system32\DRIVERS\btwl2cap.sys --> C:\windows\system32\DRIVERS\btwl2cap.sys [?]
    R3 clwvd;CyberLink WebCam Virtual Driver;C:\windows\system32\DRIVERS\clwvd.sys --> C:\windows\system32\DRIVERS\clwvd.sys [?]
    R3 DelayMan;ACPI DelayMan Filter Service;C:\windows\system32\DRIVERS\delayman.sys --> C:\windows\system32\DRIVERS\delayman.sys [?]
    R3 IntcDAud;Intel(R) Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]
    R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\windows\system32\DRIVERS\k57nd60a.sys --> C:\windows\system32\DRIVERS\k57nd60a.sys [?]
    R3 MBAMProtector;MBAMProtector;\??\C:\windows\system32\drivers\mbam.sys --> C:\windows\system32\drivers\mbam.sys [?]
    R3 MEIx64;Intel(R) Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
    R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\windows\system32\DRIVERS\NETwNs64.sys --> C:\windows\system32\DRIVERS\NETwNs64.sys [?]
    R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\windows\system32\DRIVERS\nusb3hub.sys --> C:\windows\system32\DRIVERS\nusb3hub.sys [?]
    R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\windows\system32\DRIVERS\nusb3xhc.sys --> C:\windows\system32\DRIVERS\nusb3xhc.sys [?]
    R3 Sftfs;Sftfs;C:\windows\system32\DRIVERS\Sftfslh.sys --> C:\windows\system32\DRIVERS\Sftfslh.sys [?]
    R3 Sftplay;Sftplay;C:\windows\system32\DRIVERS\Sftplaylh.sys --> C:\windows\system32\DRIVERS\Sftplaylh.sys [?]
    R3 Sftredir;Sftredir;C:\windows\system32\DRIVERS\Sftredirlh.sys --> C:\windows\system32\DRIVERS\Sftredirlh.sys [?]
    R3 Sftvol;Sftvol;C:\windows\system32\DRIVERS\Sftvollh.sys --> C:\windows\system32\DRIVERS\Sftvollh.sys [?]
    R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
    R3 SPUVCbv;SPUVCb Driver Service;C:\windows\system32\Drivers\usbvideo.sys --> C:\windows\system32\Drivers\usbvideo.sys [?]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]
    R3 wdkmd;Intel WiDi KMD;C:\windows\system32\DRIVERS\WDKMD.sys --> C:\windows\system32\DRIVERS\WDKMD.sys [?]
    S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-7-4 5160568]
    S2 CLKMSVC10_3A60B698;CyberLink Product - 2011/10/31 22:01:06;C:\Program Files (x86)\Lenovo\PowerDVD10\NavFilter\kmsvc.exe [2011-4-20 241648]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-31 136176]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-3 160944]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-17 250056]
    S3 AVGIDSFilter;AVGIDSFilter;C:\windows\system32\DRIVERS\avgidsfiltera.sys --> C:\windows\system32\DRIVERS\avgidsfiltera.sys [?]
    S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\windows\system32\DRIVERS\ssudbus.sys --> C:\windows\system32\DRIVERS\ssudbus.sys [?]
    S3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys [2012-8-24 199888]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-31 136176]
    S3 JMCR;JMCR;C:\windows\system32\DRIVERS\jmcr.sys --> C:\windows\system32\DRIVERS\jmcr.sys [?]
    S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-7 113120]
    S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-5-2 340240]
    S3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
    S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\windows\system32\DRIVERS\ssudmdm.sys --> C:\windows\system32\DRIVERS\ssudmdm.sys [?]
    S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
    S3 wsvd;wsvd;C:\windows\system32\DRIVERS\wsvd.sys --> C:\windows\system32\DRIVERS\wsvd.sys [?]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2012-08-25 04:00:58 24904 ----a-w- C:\windows\System32\drivers\mbam.sys
    2012-08-25 04:00:58 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-08-25 03:40:50 -------- d-----w- C:\ComboFix
    2012-08-25 02:41:31 -------- d-----w- C:\Users\Tuli\AppData\Roaming\AVG2012
    2012-08-25 02:40:59 -------- d-----w- C:\Users\Tuli\AppData\Local\AVG Secure Search
    2012-08-25 02:40:59 -------- d-----w- C:\ProgramData\AVG Secure Search
    2012-08-25 02:40:55 31080 ----a-w- C:\windows\System32\drivers\avgtpx64.sys
    2012-08-25 02:40:55 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search
    2012-08-25 02:40:54 -------- d-----w- C:\Program Files (x86)\AVG Secure Search
    2012-08-25 02:40:42 -------- d-----w- C:\windows\SysWow64\drivers\AVG
    2012-08-25 02:40:37 -------- d--h--w- C:\$AVG
    2012-08-25 02:40:37 -------- d-----w- C:\windows\System32\drivers\AVG
    2012-08-25 02:40:37 -------- d-----w- C:\ProgramData\AVG2012
    2012-08-25 02:40:30 -------- d-----w- C:\Program Files (x86)\AVG
    2012-08-25 02:38:50 -------- d--h--w- C:\ProgramData\Common Files
    2012-08-25 02:38:50 -------- d-----w- C:\ProgramData\MFAData
    2012-08-25 02:14:20 -------- d-----w- C:\ProgramData\Kaspersky Lab
    2012-08-25 01:29:12 42672 ----a-w- C:\windows\SysWow64\drivers\fsbts.sys
    2012-08-25 01:23:00 -------- d-----w- C:\Program Files (x86)\F-Secure
    2012-08-25 01:10:14 -------- d-----w- C:\ProgramData\CPA_VA
    2012-08-25 00:17:48 1700352 ----a-w- C:\windows\SysWow64\gdiplus.dll
    2012-08-24 23:11:35 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-08-24 21:18:31 -------- d-----w- C:\Users\Tuli\AppData\Roaming\Malwarebytes
    2012-08-24 21:18:20 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-08-21 17:05:29 9309624 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{84E38F0E-F8B6-420C-8745-371DFFB1E246}\mpengine.dll
    2012-08-19 03:18:08 -------- d-----w- C:\Users\Tuli\AppData\Local\Macromedia
    2012-08-17 02:47:31 552960 ----a-w- C:\windows\System32\drivers\bthport.sys
    2012-08-15 17:23:05 503808 ----a-w- C:\windows\System32\srcore.dll
    2012-08-15 17:23:05 43008 ----a-w- C:\windows\SysWow64\srclient.dll
    2012-08-15 17:23:01 751104 ----a-w- C:\windows\System32\win32spl.dll
    2012-08-15 17:23:01 67072 ----a-w- C:\windows\splwow64.exe
    2012-08-15 17:23:01 559104 ----a-w- C:\windows\System32\spoolsv.exe
    2012-08-15 17:23:01 492032 ----a-w- C:\windows\SysWow64\win32spl.dll
    2012-08-15 17:22:59 59392 ----a-w- C:\windows\System32\browcli.dll
    2012-08-15 17:22:59 41984 ----a-w- C:\windows\SysWow64\browcli.dll
    2012-08-15 17:22:59 136704 ----a-w- C:\windows\System32\browser.dll
    2012-08-15 17:22:58 3148800 ----a-w- C:\windows\System32\win32k.sys
    2012-08-15 17:22:56 956928 ----a-w- C:\windows\System32\localspl.dll
    2012-08-13 19:52:16 -------- d-----w- C:\Temp
    2012-08-13 19:50:46 -------- d-----w- C:\Users\Tuli\AppData\Local\Samsung
    2012-08-13 19:50:45 -------- d-----w- C:\Users\Tuli\AppData\Roaming\Samsung
    2012-08-13 19:44:55 4659712 ----a-w- C:\windows\SysWow64\Redemption.dll
    2012-08-13 19:44:07 821824 ----a-w- C:\windows\SysWow64\dgderapi.dll
    2012-08-13 19:44:07 -------- d-----w- C:\Program Files (x86)\MarkAny
    2012-08-13 19:43:30 -------- d-----w- C:\ProgramData\Samsung
    2012-08-13 19:43:30 -------- d-----w- C:\Program Files (x86)\Samsung
    2012-08-13 19:38:53 -------- d-----w- C:\Users\Tuli\AppData\Local\Downloaded Installations
    2012-08-03 23:15:33 -------- d-----w- C:\Users\Tuli\AppData\Local\Unity
    2012-08-03 23:15:19 -------- d-----w- C:\Users\Tuli\AppData\Local\Deployment
    2012-08-03 23:15:19 -------- d-----w- C:\Users\Tuli\AppData\Local\Apps
    2012-07-30 17:32:08 203104 ----a-w- C:\windows\System32\drivers\ssudmdm.sys
    2012-07-30 17:32:08 102240 ----a-w- C:\windows\System32\drivers\ssudbus.sys
    .
    ==================== Find3M ====================
    .
    2012-08-18 18:23:11 70344 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-08-18 18:23:11 426184 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
    2012-08-15 17:12:02 56016 ----a-w- C:\windows\System32\drivers\fsbts.sys
    2012-06-29 03:56:34 2312704 ----a-w- C:\windows\System32\jscript9.dll
    2012-06-29 03:49:11 1392128 ----a-w- C:\windows\System32\wininet.dll
    2012-06-29 03:48:07 1494528 ----a-w- C:\windows\System32\inetcpl.cpl
    2012-06-29 03:43:49 173056 ----a-w- C:\windows\System32\ieUnatt.exe
    2012-06-29 03:39:48 2382848 ----a-w- C:\windows\System32\mshtml.tlb
    2012-06-29 00:16:58 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll
    2012-06-29 00:09:01 1129472 ----a-w- C:\windows\SysWow64\wininet.dll
    2012-06-29 00:08:59 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl
    2012-06-29 00:04:43 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe
    2012-06-29 00:00:45 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
    2012-06-07 00:59:42 1070152 ----a-w- C:\windows\SysWow64\MSCOMCTL.OCX
    2012-06-06 06:06:16 2004480 ----a-w- C:\windows\System32\msxml6.dll
    2012-06-06 06:06:16 1881600 ----a-w- C:\windows\System32\msxml3.dll
    2012-06-06 06:02:54 1133568 ----a-w- C:\windows\System32\cdosys.dll
    2012-06-06 05:05:52 1390080 ----a-w- C:\windows\SysWow64\msxml6.dll
    2012-06-06 05:05:52 1236992 ----a-w- C:\windows\SysWow64\msxml3.dll
    2012-06-06 05:03:06 805376 ----a-w- C:\windows\SysWow64\cdosys.dll
    2012-06-02 22:15:31 2622464 ----a-w- C:\windows\System32\wucltux.dll
    2012-06-02 22:15:08 99840 ----a-w- C:\windows\System32\wudriver.dll
    2012-06-02 19:19:42 186752 ----a-w- C:\windows\System32\wuwebv.dll
    2012-06-02 19:15:12 36864 ----a-w- C:\windows\System32\wuapp.exe
    2012-06-02 05:50:10 458704 ----a-w- C:\windows\System32\drivers\cng.sys
    2012-06-02 05:48:16 95600 ----a-w- C:\windows\System32\drivers\ksecdd.sys
    2012-06-02 05:48:16 151920 ----a-w- C:\windows\System32\drivers\ksecpkg.sys
    2012-06-02 05:45:31 340992 ----a-w- C:\windows\System32\schannel.dll
    2012-06-02 05:44:21 307200 ----a-w- C:\windows\System32\ncrypt.dll
    2012-06-02 04:40:42 22016 ----a-w- C:\windows\SysWow64\secur32.dll
    2012-06-02 04:40:39 225280 ----a-w- C:\windows\SysWow64\schannel.dll
    2012-06-02 04:39:10 219136 ----a-w- C:\windows\SysWow64\ncrypt.dll
    2012-06-02 04:34:09 96768 ----a-w- C:\windows\SysWow64\sspicli.dll
    2012-05-31 16:25:12 279656 ------w- C:\windows\System32\MpSigStub.exe
    .
    ============= FINISH: 0:11:16.80 ===============
  3. Tulii

    Tulii Newcomer, in training Topic Starter Posts: 18

    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 08/01/2012 12:57:43 AM
    System Uptime: 24/08/2012 11:04:50 PM (1 hours ago)
    .
    Motherboard: LENOVO | | Base Board Product Name
    Processor: Intel(R) Core(TM) i7-2670QM CPU @ 2.20GHz | CPU1 | 1496/1333mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 714 GiB total, 608.061 GiB free.
    D: is FIXED (NTFS) - 29 GiB total, 26.696 GiB free.
    E: is CDROM (UDF)
    F: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID:
    Description: Bluetooth Peripheral Device
    Device ID: BTHENUM\{00001112-0000-1000-8000-00805F9B34FB}_VID&0001000F_PID&0000\8&9E60AED&0&64A769F15546_C00000000
    Manufacturer:
    Name: Bluetooth Peripheral Device
    PNP Device ID: BTHENUM\{00001112-0000-1000-8000-00805F9B34FB}_VID&0001000F_PID&0000\8&9E60AED&0&64A769F15546_C00000000
    Service:
    .
    Class GUID:
    Description: Bluetooth Peripheral Device
    Device ID: BTHENUM\{0000111F-0000-1000-8000-00805F9B34FB}_VID&0001000F_PID&0000\8&9E60AED&0&64A769F15546_C00000000
    Manufacturer:
    Name: Bluetooth Peripheral Device
    PNP Device ID: BTHENUM\{0000111F-0000-1000-8000-00805F9B34FB}_VID&0001000F_PID&0000\8&9E60AED&0&64A769F15546_C00000000
    Service:
    .
    Class GUID:
    Description: Bluetooth Peripheral Device
    Device ID: BTHENUM\{00001105-0000-1000-8000-00805F9B34FB}_VID&0001000F_PID&0000\8&9E60AED&0&64A769F15546_C00000000
    Manufacturer:
    Name: Bluetooth Peripheral Device
    PNP Device ID: BTHENUM\{00001105-0000-1000-8000-00805F9B34FB}_VID&0001000F_PID&0000\8&9E60AED&0&64A769F15546_C00000000
    Service:
    .
    Class GUID:
    Description: Bluetooth Peripheral Device
    Device ID: BTHENUM\{0000110A-0000-1000-8000-00805F9B34FB}_VID&0001000F_PID&0000\8&9E60AED&0&64A769F15546_C00000000
    Manufacturer:
    Name: Bluetooth Peripheral Device
    PNP Device ID: BTHENUM\{0000110A-0000-1000-8000-00805F9B34FB}_VID&0001000F_PID&0000\8&9E60AED&0&64A769F15546_C00000000
    Service:
    .
    Class GUID:
    Description: Bluetooth Peripheral Device
    Device ID: BTHENUM\{0000110C-0000-1000-8000-00805F9B34FB}_VID&0001000F_PID&0000\8&9E60AED&0&64A769F15546_C00000000
    Manufacturer:
    Name: Bluetooth Peripheral Device
    PNP Device ID: BTHENUM\{0000110C-0000-1000-8000-00805F9B34FB}_VID&0001000F_PID&0000\8&9E60AED&0&64A769F15546_C00000000
    Service:
    .
    ==== System Restore Points ===================
    .
    RP84: 07/08/2012 3:58:06 AM - Windows Update
    RP85: 10/08/2012 1:42:44 PM - Windows Update
    RP86: 13/08/2012 3:43:12 PM - Installed Samsung Kies
    RP87: 14/08/2012 11:29:41 AM - Windows Update
    RP88: 16/08/2012 10:46:18 PM - Windows Update
    RP89: 21/08/2012 1:05:09 PM - Windows Update
    RP90: 24/08/2012 9:46:19 PM - Removed F-Secure Launch pad
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader 9.5.0
    µTorrent
    Audiosurf Demo
    Bastion
    Braid
    Costume Quest
    D3DX10
    Energy Management
    Google Chrome
    Google Toolbar for Internet Explorer
    Google Update Helper
    Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)
    Intel PROSet Wireless
    Intel(R) Control Center
    Intel(R) Management Engine Components
    Intel(R) Processor Graphics
    Intel(R) Rapid Storage Technology
    Intel(R) Wireless Display
    Java Auto Updater
    Java(TM) 6 Update 29
    JMicron Flash Media Controller Driver
    Junk Mail filter update
    Lenovo EasyCamera
    Lenovo Games Console
    Lenovo OneKey Recovery
    Lenovo PowerDVD 10
    Lenovo YouCam
    LIMBO
    M4a/Flac/Ogg/Ape/Mpc Tag Support Plugin for Media Player v 1.1
    Malwarebytes Anti-Malware version 1.62.0.1300
    Mesh Runtime
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Games for Windows Marketplace
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office 2010
    Microsoft Office Click-to-Run 2010
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Home and Student 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Starter 2010 - English
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft WSE 3.0 Runtime
    Microsoft XNA Framework Redistributable 3.1
    Minilyrics
    Mozilla Firefox 14.0.1 (x86 en-US)
    Mozilla Maintenance Service
    MSVCRT
    MSVCRT_amd64
    NVIDIA 3D Vision Controller Driver
    Onekey Theater
    Power2Go
    Psychonauts
    Realtek High Definition Audio Driver
    Recettear: An Item Shop's Tale
    Renesas Electronics USB 3.0 Host Controller Driver
    Roll
    RollerCoaster Tycoon 3: Platinum!
    Samsung Kies
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
    Skype™ 5.10
    Spiral Knights
    Steam
    Super Meat Boy
    Superbrothers: Sword & Sworcery EP
    The Sims™ 3
    The Sims™ 3 Pets
    Unity Web Player
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    UserGuide
    VeriFace
    Visual Studio 2008 x64 Redistributables
    Viva Piñata
    Viva Pinata
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    .
    ==== Event Viewer Messages From Past Week ========
    .
    25/08/2012 12:10:11 AM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
    25/08/2012 12:10:11 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
    24/08/2012 9:59:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
    24/08/2012 9:58:47 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
    24/08/2012 9:58:47 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
    24/08/2012 9:57:10 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f4 (0x0000000000000003, 0xfffffa8009a49630, 0xfffffa8009a49910, 0xfffff800027e2510). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 082412-14804-01.
    24/08/2012 9:57:09 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache hybridcfile spldr Wanarpv6 winioex
    24/08/2012 9:50:56 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    24/08/2012 9:50:49 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    24/08/2012 9:50:49 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    24/08/2012 9:50:41 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache hybridcfile NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf winioex
    24/08/2012 9:50:41 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    24/08/2012 9:50:41 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    24/08/2012 9:50:41 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    24/08/2012 9:50:41 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    24/08/2012 9:50:41 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    24/08/2012 9:50:41 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    24/08/2012 9:50:41 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    24/08/2012 9:50:41 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    24/08/2012 9:50:41 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    24/08/2012 9:37:35 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD cmdGuard DfsC discache hybridcfile NetBIOS NetBT nsiproxy Psched rdbss SASDIFSV SASKUTIL spldr tdx vwififlt Wanarpv6 WfpLwf winioex
    24/08/2012 9:08:28 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: bfe. This service might not be installed.
    24/08/2012 9:08:28 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: bfe. This service might not be installed.
    24/08/2012 8:57:16 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD cmdGuard DfsC discache FSES FSFW hybridcfile NetBIOS NetBT nsiproxy Psched rdbss SASDIFSV SASKUTIL spldr tdx vwififlt Wanarpv6 WfpLwf winioex
    24/08/2012 8:33:53 PM, Error: F-Secure Gatekeeper [1] -
    24/08/2012 8:18:11 PM, Error: Service Control Manager [7030] - The COMODO Internet Security Helper Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    24/08/2012 8:02:18 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache FSES FSFW hybridcfile NetBIOS NetBT nsiproxy Psched rdbss SASDIFSV SASKUTIL spldr tdx vwififlt Wanarpv6 WfpLwf winioex
    24/08/2012 5:12:03 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
    24/08/2012 5:12:03 PM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    24/08/2012 11:34:03 PM, Error: Service Control Manager [7003] - The AVGIDSAgent service depends the following service: AVGIDSDriver. This service might not be installed.
    24/08/2012 11:05:29 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
    24/08/2012 10:49:02 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
    24/08/2012 10:49:02 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
    24/08/2012 10:42:31 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    24/08/2012 10:42:26 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\windows\System32\IWMSSvc.dll Error Code: 21
    24/08/2012 10:42:14 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    24/08/2012 10:42:14 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    24/08/2012 10:42:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    24/08/2012 10:42:08 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    24/08/2012 10:42:07 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx64 Avgmfx64 discache hybridcfile spldr Wanarpv6 winioex
    24/08/2012 10:42:06 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    24/08/2012 10:42:06 PM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.
    23/08/2012 10:40:36 PM, Error: Service Control Manager [7034] - The Google Update Service (gupdate) service terminated unexpectedly. It has done this 1 time(s).
    .
    ==== End Of File ===========================
  4. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hello, and welcome to TechSpot.


    [​IMG] Please see here for the board rules and other FAQ.

    Please feel free to introduce yourself, after you follow the steps below to get started.

    Information
    • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
    • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
    • If you have already asked for help somewhere, please post the link to the topic you were helped.
    • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
    • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

    Download AdwCleaner by Xplode onto your Desktop.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Search.
    • A logfile will automatically open after the scan has finished.
    • Please post the content of that logfile in your reply.

    ComboFix

    Please download ComboFix[​IMG] by sUBs
    From BleepingComputer.com

    Please save the file to your Desktop, but rename it first to svchost.exe

    Important information about ComboFix

    Before the download:
    • Please copy and paste these instructions to Notepad and save to your Desktop, or print them - for easier access.
    • It is important to rename ComboFix before the download.
    • Please do not rename ComboFix to other names, but only the one indicated.
    After the download:
    • Close any open browsers.
    • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
    • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
    Running ComboFix:
    • Double click on svchost.exe & follow the prompts.
    • It will attempt to install the Recovery Console:
    • When ComboFix finishes, it will produce a report for you.
    • Please post the "C:\Combo-Fix.txt" in your next reply.
    Troubleshooting ComboFix

    Safe Mode:

    If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

    (To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
    logo appears. A list of options will appear, select "Safe Mode.")

    Re-downloading:

    If this doesn't work either, try the same method (above method), but try to download it again, except name
    ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

    Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

    NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
  5. Tulii

    Tulii Newcomer, in training Topic Starter Posts: 18

    I downloaded Combo fix as svchost.exe and iexplore.exe and I tried starting it in safe mode but the program would close after 10 seconds each time I booted it up.

    # AdwCleaner v1.801 - Logfile created 08/25/2012 at 12:01:55
    # Updated 14/08/2012 by Xplode
    # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
    # User : Tuli - TULI-PC
    # Boot Mode : Normal
    # Running from : C:\Users\Tuli\Downloads\adwcleaner.exe
    # Option [Search]

    ***** [Services] *****

    ***** [Files / Folders] *****
    Folder Found : C:\Users\Tuli\AppData\Local\APN
    Folder Found : C:\Users\Tuli\AppData\Local\AVG Secure Search
    Folder Found : C:\Users\Tuli\AppData\Local\Temp\avg@toolbar
    Folder Found : C:\Users\Tuli\AppData\LocalLow\AVG Secure Search
    Folder Found : C:\ProgramData\AVG Secure Search
    Folder Found : C:\Program Files (x86)\AVG Secure Search
    Folder Found : C:\Program Files (x86)\Common Files\AVG Secure Search
    Folder Found : C:\ProgramData\Partner
    File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
    ***** [Registry] *****
    Key Found : HKCU\Software\AVG Secure Search
    Key Found : HKCU\Software\IGearSettings
    Key Found : HKLM\SOFTWARE\AVG Secure Search
    Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
    Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
    Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
    Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
    Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
    Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
    Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
    Key Found : HKLM\SOFTWARE\Classes\S
    Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
    Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
    Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
    Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
    Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
    Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
    [x64] Key Found : HKCU\Software\AVG Secure Search
    [x64] Key Found : HKCU\Software\IGearSettings
    [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
    [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
    [x64] Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
    [x64] Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
    [x64] Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
    [x64] Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
    [x64] Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
    [x64] Key Found : HKLM\SOFTWARE\Classes\S
    [x64] Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
    [x64] Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
    [x64] Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
    [x64] Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
    ***** [Registre - GUID] *****
    Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
    [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
    [x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
    [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    [x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
    [x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    [x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
    [x64] Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
    [x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
    [x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
    ***** [Internet Browsers] *****
    -\\ Internet Explorer v9.0.8112.16421
    [OK] Registry is clean.
    -\\ Mozilla Firefox v14.0.1 (en-US)
    Profile name : default
    File : C:\Users\Tuli\AppData\Roaming\Mozilla\Firefox\Profiles\mqthu6j0.default\prefs.js
    Found : user_pref("browser.search.defaultenginename", "AVG Secure Search");
    Found : user_pref("browser.search.selectedEngine", "AVG Secure Search");
    -\\ Google Chrome v21.0.1180.83
    File : C:\Users\Tuli\AppData\Local\Google\Chrome\User Data\Default\Preferences
    [OK] File is clean.
    *************************
    AdwCleaner[R1].txt - [6938 octets] - [25/08/2012 11:43:14]
    AdwCleaner[R2].txt - [6921 octets] - [25/08/2012 12:01:55]
    ########## EOF - C:\AdwCleaner[R2].txt - [7049 octets] ##########
  6. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Just waiting on ComboFix.
  7. Tulii

    Tulii Newcomer, in training Topic Starter Posts: 18

    I can't get combo fix to run even though I tried running it on safe mode and normal mode as iexplore.exe/explore.exe/svchost.exe/winlogon.exe. The first screen will appear and once the blue bar loads completely the program will shut down.
  8. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Please download Hitman Pro by Surfright from here and save it to your desktop.
    • Double click HitmanPro36.exe to run the scanner
    • Click Next
    • Accept the license conditions and click Next
    • Choose to do only a single scan. Do not enter any e-mail address and click Next
    • Hitman Pro will now scan your computer
    • After the scan, choose to ignore all threats - I want to have a look first, before deciding what to do
    • Click Next
    • You will now find an option to export the results of the scan to an XML file (log.xml). Please do so. Close Hitman Pro.
    • Please copy and paste the contents of log.xml into your next reply (You can open XML files with notepad)
  9. Tulii

    Tulii Newcomer, in training Topic Starter Posts: 18

    <Log computer="TULI-PC" scan="Normal" version="3.6.1.164" date="2012-08-26T16:17:15" timeSpentInSecs="820" filesProcessed="31884"><Item type="Malware" malwareName="Trojan" score="119.0" status="None"><Scanners><Scanner id="Ikarus" name="Trojan.Win64!IK" /></Scanners><File path="C:\$RECYCLE.BIN\S-1-5-18\$a440038a72d0c5a868d81ac008a060c5\n" hash="A191BC630ECE2131F2E721CFF927BA9089707E2AA9E6F2BED3EAD3E32AAFA7E0" /></Item><Item type="Malware" malwareName="Trojan" score="119.0" status="None"><Scanners><Scanner id="Ikarus" name="Trojan.Win64!IK" /></Scanners><File path="C:\$RECYCLE.BIN\S-1-5-21-2134750544-506257239-1212937926-1002\$a440038a72d0c5a868d81ac008a060c5\n" hash="A191BC630ECE2131F2E721CFF927BA9089707E2AA9E6F2BED3EAD3E32AAFA7E0" /></Item><Item type="Repair" score="0.0" status="None"><File path="C:\Users\Tuli\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.saymedia.com" /></Item><Item type="Repair" score="0.0" status="None"><File path="C:\Users\Tuli\AppData\Local\Google\Chrome\User Data\Default\Cookies:adserver.adtechus.com" /></Item><Item type="Repair" score="0.0" status="None"><File path="C:\Users\Tuli\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com" /></Item><Item type="Repair" score="0.0" status="None"><File path="C:\Users\Tuli\AppData\Local\Google\Chrome\User Data\Default\Cookies:bs.serving-sys.com" /></Item><Item type="Repair" score="0.0" status="None"><File path="C:\Users\Tuli\AppData\Local\Google\Chrome\User Data\Default\Cookies:casalemedia.com" /></Item><Item type="Repair" score="0.0" status="None"><File path="C:\Users\Tuli\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net" /></Item><Item type="Repair" score="0.0" status="None"><File path="C:\Users\Tuli\AppData\Local\Google\Chrome\User Data\Default\Cookies:h.atdmt.com" /></Item><Item type="Repair" score="0.0" status="None"><File path="C:\Users\Tuli\AppData\Local\Google\Chrome\User Data\Default\Cookies:invitemedia.com" /></Item><Item type="Repair" score="0.0" status="None"><File path="C:\Users\Tuli\AppData\Local\Google\Chrome\User Data\Default\Cookies:media6degrees.com" /></Item><Item type="Repair" score="0.0" status="None"><File path="C:\Users\Tuli\AppData\Local\Google\Chrome\User Data\Default\Cookies:revsci.net" /></Item><Item type="Repair" score="0.0" status="None"><File path="C:\Users\Tuli\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com" /></Item><Item type="Repair" score="0.0" status="None"><File path="C:\Users\Tuli\AppData\Local\Google\Chrome\User Data\Default\Cookies:stats.adotube.com" /></Item><Item type="Repair" score="0.0" status="None"><File path="C:\Users\Tuli\AppData\Local\Google\Chrome\User Data\Default\Cookies:tribalfusion.com" /></Item><Item type="Repair" score="0.0" status="None"><File path="C:\Users\Tuli\AppData\Roaming\Microsoft\Windows\Cookies\0UVE27P0.txt" /></Item><Item type="Repair" score="0.0" status="None"><File path="C:\Users\Tuli\AppData\Roaming\Microsoft\Windows\Cookies\1S9RSP2E.txt" /></Item><Item type="Repair" score="0.0" status="None"><File path="C:\Users\Tuli\AppData\Roaming\Microsoft\Windows\Cookies\2FZ6H5Y4.txt" /></Item><Item type="Repair" score="0.0" status="None"><File path="C:\Users\Tuli\AppData\Roaming\Microsoft\Windows\Cookies\3BMFUAAP.txt" /></Item><Item type="Repair" score="0.0" status="None"><File path="C:\Users\Tuli\AppData\Roaming\Microsoft\Windows\Cookies\3JEA0C1E.txt" /></Item><Item type="Repair" score="0.0" status="None"><File path="C:\Users\Tuli\AppData\Roaming\Microsoft\Windows\Cookies\3W47X7VS.txt" /></Item><Item type="Repair" score="0.0" status="None"><File path="C:\Users\Tuli\AppData\Roaming\Microsoft\Windows\Cookies\3WNQOD2G.txt" /></Item><Item type="Repair" score="0.0" status="None"><File path="C:\Users\Tuli\AppData\Roaming\Microsoft\Windows\Cookies\6ITAFIFQ.txt" /></Item><Item type="Repair" score="0.0" status="None"><File path="C:\Users\Tuli\AppData\Roaming\Microsoft\Windows\Cookies\6NB8189V.txt" /></Item><Item type="Repair" score="0.0" status="None"><File path="C:\Users\Tuli\AppData\Roaming\Microsoft\Windows\Cookies\7ABWURJB.txt" /></Item><Item type="Repair" score="0.0" status="None"><File path="C:\Users\Tuli\AppData\Roaming\Microsoft\Windows\Cookies\7EF25U1P.txt" /></Item><Item type="Repair" score="0.0" status="None"><File path="C:\Users\Tuli\AppData\Roaming\Microsoft\Windows\Cookies\7U432UGZ.txt" /></Item><Item type="Repair" score="0.0" status="None"><File path="C:\Users\Tuli\AppData\Roaming\Microsoft\Windows\Cookies\A0K9XI58.txt" /></Item><Item type="Repair" score="0.0" status="None"><File path="C:\Users\Tuli\AppData\Roaming\Microsoft\Windows\Cookies\CH0H9E4L.txt" /></Item><Item type="Repair" score="0.0" status="None"><File path="C:\Users\Tuli\AppData\Roaming\Microsoft\Windows\Cookies\FK83562C.txt" /></Item><Item type="Repair" score="0.0" status="None"><File path="C:\Users\Tuli\AppData\Roaming\Microsoft\Windows\Cookies\HRZAJH0M.txt" /></Item><Item type="Repair" score="0.0" status="None"><File path="C:\Users\Tuli\AppData\Roaming\Microsoft\Windows\Cookies\J4U15DXM.txt" /></Item><Item type="Repair" score="0.0" status="None"><File path="C:\Users\Tuli\AppData\Roaming\Microsoft\Windows\Cookies\KQ7WQ0XJ.txt" /></Item><Item type="Repair" score="0.0" status="None"><File path="C:\Users\Tuli\AppData\Roaming\Microsoft\Windows\Cookies\MK2XP1BB.txt" /></Item><Item type="Repair" score="0.0" status="None"><File path="C:\Users\Tuli\AppData\Roaming\Microsoft\Windows\Cookies\O23BF2P5.txt" /></Item><Item type="Repair" score="0.0" status="None"><File path="C:\Users\Tuli\AppData\Roaming\Microsoft\Windows\Cookies\O89NOUEL.txt" /></Item><Item type="Repair" score="0.0" status="None"><File path="C:\Users\Tuli\AppData\Roaming\Microsoft\Windows\Cookies\OAQJ6QNG.txt" /></Item><Item type="Repair" score="0.0" status="None"><File path="C:\Users\Tuli\AppData\Roaming\Microsoft\Windows\Cookies\Q61UXKGA.txt" /></Item><Item type="Repair" score="0.0" status="None"><File path="C:\Users\Tuli\AppData\Roaming\Microsoft\Windows\Cookies\QD12HTJB.txt" /></Item><Item type="Repair" score="0.0" status="None"><File path="C:\Users\Tuli\AppData\Roaming\Microsoft\Windows\Cookies\ROGKYPX2.txt" /></Item><Item type="Repair" score="0.0" status="None"><File path="C:\Users\Tuli\AppData\Roaming\Microsoft\Windows\Cookies\S37G4N4C.txt" /></Item><Item type="Repair" score="0.0" status="None"><File path="C:\Users\Tuli\AppData\Roaming\Microsoft\Windows\Cookies\U5YBPN0Y.txt" /></Item><Item type="Repair" score="0.0" status="None"><File path="C:\Users\Tuli\AppData\Roaming\Microsoft\Windows\Cookies\W97GC15T.txt" /></Item><Item type="Repair" score="0.0" status="None"><File path="C:\Users\Tuli\AppData\Roaming\Microsoft\Windows\Cookies\WQN2JOCS.txt" /></Item><Item type="Repair" score="0.0" status="None"><File path="C:\Users\Tuli\AppData\Roaming\Microsoft\Windows\Cookies\XG5TM1B9.txt" /></Item><Item type="Repair" score="0.0" status="None"><File path="C:\Users\Tuli\AppData\Roaming\Microsoft\Windows\Cookies\Z8H1DMR1.txt" /></Item><Item type="Repair" score="0.0" status="None"><File path="C:\Users\Tuli\AppData\Roaming\Microsoft\Windows\Cookies\ZH66UCLW.txt" /></Item><Item type="Repair" score="0.0" status="None"><File path="C:\Users\Tuli\AppData\Roaming\Mozilla\Firefox\Profiles\mqthu6j0.default\cookies.sqlite:ads.eurogamer.net" /></Item><Item type="Repair" score="0.0" status="None"><File path="C:\Users\Tuli\AppData\Roaming\Mozilla\Firefox\Profiles\mqthu6j0.default\cookies.sqlite:apmebf.com" /></Item><Item type="Repair" score="0.0" status="None"><File path="C:\Users\Tuli\AppData\Roaming\Mozilla\Firefox\Profiles\mqthu6j0.default\cookies.sqlite:atdmt.com" /></Item><Item type="Repair" score="0.0" status="None"><File path="C:\Users\Tuli\AppData\Roaming\Mozilla\Firefox\Profiles\mqthu6j0.default\cookies.sqlite:clicksor.com" /></Item><Item type="Repair" score="0.0" status="None"><File path="C:\Users\Tuli\AppData\Roaming\Mozilla\Firefox\Profiles\mqthu6j0.default\cookies.sqlite:dmtracker.com" /></Item><Item type="Repair" score="0.0" status="None"><File path="C:\Users\Tuli\AppData\Roaming\Mozilla\Firefox\Profiles\mqthu6j0.default\cookies.sqlite:doubleclick.net" /></Item><Item type="Repair" score="0.0" status="None"><File path="C:\Users\Tuli\AppData\Roaming\Mozilla\Firefox\Profiles\mqthu6j0.default\cookies.sqlite:eaeacom.112.2o7.net" /></Item><Item type="Repair" score="0.0" status="None"><File path="C:\Users\Tuli\AppData\Roaming\Mozilla\Firefox\Profiles\mqthu6j0.default\cookies.sqlite:in.getclicky.com" /></Item><Item type="Repair" score="0.0" status="None"><File path="C:\Users\Tuli\AppData\Roaming\Mozilla\Firefox\Profiles\mqthu6j0.default\cookies.sqlite:media6degrees.com" /></Item><Item type="Repair" score="0.0" status="None"><File path="C:\Users\Tuli\AppData\Roaming\Mozilla\Firefox\Profiles\mqthu6j0.default\cookies.sqlite:mediaplex.com" /></Item><Item type="Repair" score="0.0" status="None"><File path="C:\Users\Tuli\AppData\Roaming\Mozilla\Firefox\Profiles\mqthu6j0.default\cookies.sqlite:myroitracking.com" /></Item><Item type="Repair" score="0.0" status="None"><File path="C:\Users\Tuli\AppData\Roaming\Mozilla\Firefox\Profiles\mqthu6j0.default\cookies.sqlite:nintendo.112.2o7.net" /></Item><Item type="Repair" score="0.0" status="None"><File path="C:\Users\Tuli\AppData\Roaming\Mozilla\Firefox\Profiles\mqthu6j0.default\cookies.sqlite:phones4ultd.112.2o7.net" /></Item><Item type="Repair" score="0.0" status="None"><File path="C:\Users\Tuli\AppData\Roaming\Mozilla\Firefox\Profiles\mqthu6j0.default\cookies.sqlite:revsci.net" /></Item><Item type="Repair" score="0.0" status="None"><File path="C:\Users\Tuli\AppData\Roaming\Mozilla\Firefox\Profiles\mqthu6j0.default\cookies.sqlite:statcounter.com" /></Item><Item type="Repair" score="0.0" status="None"><File path="C:\Users\Tuli\AppData\Roaming\Mozilla\Firefox\Profiles\mqthu6j0.default\cookies.sqlite:statse.webtrendslive.com" /></Item><Item type="Repair" score="0.0" status="None"><File path="C:\Users\Tuli\AppData\Roaming\Mozilla\Firefox\Profiles\mqthu6j0.default\cookies.sqlite:tribalfusion.com" /></Item><Item type="Repair" score="0.0" status="None"><File path="C:\Users\Tuli\AppData\Roaming\Mozilla\Firefox\Profiles\mqthu6j0.default\cookies.sqlite:uk.sitestat.com" /></Item></Log>
  10. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    A bunch of cookies. Haha. Anyway, let's do another scan here (should be about it):

    ESET Online Scan

    Please run a free online scan with the ESET Online Scanner
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
    • Click Start or wait for the scanner to load.
    • Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
    • Click Scan (This scan can take several hours, so please be patient)
    • Once the scan is completed, there are a couple of things to keep in mind:
    • 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
    • 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
    • Open the logfile from wherever you saved it
    • Copy and paste the contents in your next reply.
  11. Tulii

    Tulii Newcomer, in training Topic Starter Posts: 18

    The ESET online scanner finished, but it found no threats.
  12. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Please download OTL to your Desktop. (If you already have it downloaded, then just follow the instructions below).
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under the Custom Scan box paste this in

      msconfig
      safebootminimal
      activex
      drivers32
      netsvcs
      CreateRestorePoint
      %AppData%\Roaming\Mozilla\Firefox\Profiles\*.default\extensions\ /s /md5
      %AppData%\Local\
      %systemroot%\system32\sysprep
      *.xpi /md5
      %systemroot%\Downloaded Program Files\
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
      hklm\software\clients\startmenuinternet|command /rs
      hklm\software\clients\startmenuinternet|command /64 /rs
      %systemroot%\system32\drivers\*.sys /lockedfiles
      %systemroot%\system32\drivers\*.sys /90
      %systemroot%\System32\config\*.sav
      %SYSTEMDRIVE%\*.exe /md5
      "%WinDir%\$NtUninstallKB*$." /30
      %systemdrive%\Program Files\Common Files\ComObjects\*.* /s
      %systemroot%\*. /mp /s
      %systemroot%\*. /rp /s
      %systemroot%\system32\*.dll /lockedfiles
      %systemroot%\Tasks\*.job /lockedfiles
      %systemroot%\Installer\ /s
      %systemroot%\system32\Cache\ /s
      %systemroot%\system32\config\systemprofile\Application Data /s
      %PROGRAMFILES%\*.
      %appdata%\*.*
      /md5start
      volsnap.sys
      services.exe
      userinit.exe
      afd.sys
      tcpip.sys
      netbt.sys
      ipsec.sys
      dnsrslvr.dll
      ipnathlp.dll
      netman.dll
      WMIsvc.dll
      srsvc.dll
      sr.sys
      wscsvc.dll
      wuauserv.dll
      qmgr.dll
      es.dll
      cryptsvc.dll
      svchost.exe
      rpcss.dll
      tdx.sys
      wininit.exe
      winlogon.exe
      atapi.sys
      explorer.exe
      /md5stop
    • Click the Run Scanbutton. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
      • Please copy (Edit->Select All, Edit->Copy) and paste (Edit->Paste) the contents of these files, one at a time
    Note: in the event that OTL fails to run, please use alternate download links to try again:

    http://oldtimer.geekstogo.com/OTL.com
    http://oldtimer.geekstogo.com/OTL.scr
  13. Tulii

    Tulii Newcomer, in training Topic Starter Posts: 18

    OTL logfile created on: 8/28/2012 11:20:47 AM - Run 1
    OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Tuli\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

    7.95 Gb Total Physical Memory | 5.99 Gb Available Physical Memory | 75.36% Memory free
    15.89 Gb Paging File | 13.48 Gb Available in Paging File | 84.87% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 714.01 Gb Total Space | 607.23 Gb Free Space | 85.04% Space Free | Partition Type: NTFS
    Drive D: | 29.30 Gb Total Space | 26.70 Gb Free Space | 91.13% Space Free | Partition Type: NTFS
    Drive E: | 5.30 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

    Computer Name: TULI-PC | User Name: Tuli | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/08/28 11:18:28 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Tuli\Desktop\OTL.exe
    PRC - [2012/08/24 22:40:55 | 000,927,840 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exe
    PRC - [2012/08/24 22:40:54 | 001,162,848 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
    PRC - [2012/08/07 14:25:12 | 000,021,432 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
    PRC - [2012/08/07 14:25:02 | 003,524,536 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
    PRC - [2012/08/07 14:25:02 | 000,960,440 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe
    PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
    PRC - [2012/03/15 12:00:44 | 000,311,976 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSM32.EXE
    PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
    PRC - [2011/10/31 18:03:22 | 000,329,056 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
    PRC - [2011/10/31 18:03:03 | 000,100,256 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
    PRC - [2011/10/31 18:01:35 | 002,569,568 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\RobustIntelligentCompanion\LenovoR.I.C.Tray.exe
    PRC - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    PRC - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    PRC - [2011/05/12 12:03:10 | 000,148,768 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\Lenovo\Bluetooth Software\Bluetooth Headset Helper.exe
    PRC - [2011/05/10 00:00:20 | 002,009,704 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    PRC - [2011/03/20 23:47:22 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared Files\brs.exe
    PRC - [2011/01/28 19:29:36 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
    PRC - [2011/01/12 14:00:42 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    PRC - [2011/01/12 14:00:38 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    PRC - [2010/12/20 22:30:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    PRC - [2010/12/20 22:30:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    PRC - [2010/11/16 21:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    PRC - [2010/02/02 20:08:56 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/08/24 22:40:55 | 000,132,704 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.0\SiteSafety.dll
    MOD - [2012/08/24 22:40:54 | 001,162,848 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
    MOD - [2012/08/24 21:08:30 | 000,115,137 | ---- | M] () -- C:\Users\Tuli\AppData\Local\Temp\d6ebea43-a7f6-428d-ab33-ddb1ea1983ec\CliSecureRT.dll
    MOD - [2012/08/18 02:40:44 | 001,218,560 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Management\0189f9fb0ff0476b570aeadfc036ddd6\System.Management.ni.dll
    MOD - [2012/08/18 02:39:25 | 000,221,696 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\0e56badd6e20e2dc81c45cdff2326f6b\System.ServiceProcess.ni.dll
    MOD - [2012/08/18 02:39:15 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\1a7c90bf70e6fef2970dd02ca5def39a\System.Runtime.Remoting.ni.dll
    MOD - [2012/08/18 02:38:48 | 001,782,272 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\f91c92735c4a913143a0914c8cb531f2\System.Xaml.ni.dll
    MOD - [2012/08/13 15:42:30 | 018,019,840 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\063174e87d258ef1db040cbfbdd4cd31\PresentationFramework.ni.dll
    MOD - [2012/08/13 15:42:18 | 011,522,048 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\984f8802a334d2ae862b66bf71332c10\PresentationCore.ni.dll
    MOD - [2012/08/13 15:42:16 | 013,198,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\d55bed00e3d36b0db5bd3994c77fe850\System.Windows.Forms.ni.dll
    MOD - [2012/08/13 15:42:12 | 007,069,184 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\500ffaf6258746eaf0bfc333ab534a51\System.Core.ni.dll
    MOD - [2012/08/13 15:42:09 | 005,617,664 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\b54a85f8f8f5ac297357c80b95834a90\System.Xml.ni.dll
    MOD - [2012/08/13 15:42:08 | 003,881,984 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\697786bb51408d41d980263d90a56d03\WindowsBase.ni.dll
    MOD - [2012/08/13 15:42:08 | 000,595,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\fd52e266873de847aea40b1d0715e0bb\PresentationFramework.Aero.ni.dll
    MOD - [2012/08/13 15:42:07 | 001,666,048 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\9abdaeea6a61127606bbc324d9177579\System.Drawing.ni.dll
    MOD - [2012/08/13 15:42:07 | 000,982,528 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\d131eefaea0ca120aaf11568d8e44cad\System.Configuration.ni.dll
    MOD - [2012/08/13 15:42:05 | 009,092,096 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System\360d70391adff56f1d029b1a538d2431\System.ni.dll
    MOD - [2012/08/13 15:41:59 | 014,415,360 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\97d737762adec957a2d7c80fafb4703a\mscorlib.ni.dll
    MOD - [2012/08/07 14:25:12 | 000,021,432 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
    MOD - [2012/06/14 15:43:50 | 000,475,648 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\b1acb6d21dd13ae76f360354dc8f8de3\IAStorUtil.ni.dll
    MOD - [2012/06/14 13:05:42 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
    MOD - [2012/06/14 13:05:37 | 001,591,808 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
    MOD - [2012/05/15 14:25:56 | 000,014,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\e2ed613308593613ac154671c7549c26\IAStorCommon.ni.dll
    MOD - [2012/05/13 14:41:18 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
    MOD - [2012/05/13 14:40:37 | 003,347,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
    MOD - [2012/05/13 14:40:32 | 005,452,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
    MOD - [2012/05/13 14:40:29 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
    MOD - [2012/05/13 14:40:27 | 007,967,232 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
    MOD - [2012/05/13 14:40:22 | 011,492,864 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
    MOD - [2011/10/31 18:03:22 | 000,013,664 | ---- | M] () -- C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll
    MOD - [2011/10/31 18:03:03 | 000,100,256 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
    MOD - [2011/10/31 18:01:35 | 001,771,872 | ---- | M] () -- C:\Program Files (x86)\Lenovo\RobustIntelligentCompanion\ColorBlindnessDLL.dll
    MOD - [2011/10/31 18:01:35 | 000,337,248 | ---- | M] () -- C:\Program Files (x86)\Lenovo\RobustIntelligentCompanion\RICPlayerInterface.dll
    MOD - [2011/10/31 18:01:35 | 000,275,808 | ---- | M] () -- C:\Program Files (x86)\Lenovo\RobustIntelligentCompanion\guisys.dll
    MOD - [2011/10/31 18:01:35 | 000,167,936 | ---- | M] () -- C:\Program Files (x86)\Lenovo\RobustIntelligentCompanion\lua5.1.dll
    MOD - [2011/10/31 18:01:35 | 000,087,392 | ---- | M] () -- C:\Program Files (x86)\Lenovo\RobustIntelligentCompanion\LenovoRIC.interface.dll
    MOD - [2011/10/31 18:01:35 | 000,083,296 | ---- | M] () -- C:\Windows\SysWOW64\GetASData.dll
    MOD - [2011/10/31 18:01:35 | 000,071,008 | ---- | M] () -- C:\Program Files (x86)\Lenovo\RobustIntelligentCompanion\LangHlpr.dll
    MOD - [2011/10/31 18:01:35 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Lenovo\RobustIntelligentCompanion\ShowGuiMessageBox.dll
    MOD - [2011/10/31 18:01:35 | 000,012,128 | ---- | M] () -- C:\Program Files (x86)\Lenovo\RobustIntelligentCompanion\LidMsg.dll
    MOD - [2011/10/31 18:01:34 | 001,635,168 | ---- | M] () -- C:\Program Files (x86)\Lenovo\RobustIntelligentCompanion\RapIdentify.dll
    MOD - [2011/10/31 18:01:34 | 000,016,736 | ---- | M] () -- C:\Program Files (x86)\Lenovo\RobustIntelligentCompanion\assistant.dll
    MOD - [2011/10/31 18:01:34 | 000,015,200 | ---- | M] () -- C:\Program Files (x86)\Lenovo\RobustIntelligentCompanion\SimpRes.dll
    MOD - [2011/10/31 18:01:34 | 000,013,152 | ---- | M] () -- C:\Program Files (x86)\Lenovo\RobustIntelligentCompanion\BusyTimer.dll
    MOD - [2011/02/16 13:53:14 | 000,133,024 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll32.dll
    MOD - [2011/02/16 13:51:10 | 000,161,696 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect32.dll


    ========== Services (SafeList) ==========

    SRV:64bit: - [2011/05/12 12:01:46 | 000,970,016 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe -- (btwdins)
    SRV:64bit: - [2011/05/02 10:27:50 | 001,517,328 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
    SRV:64bit: - [2011/05/02 10:13:54 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
    SRV:64bit: - [2011/05/02 10:10:26 | 000,844,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
    SRV:64bit: - [2010/09/22 14:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2012/08/24 22:40:55 | 000,927,840 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exe -- (vToolbarUpdater12.2.0)
    SRV - [2012/08/24 17:11:53 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2012/08/18 14:23:12 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/08/07 14:09:55 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/07/04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
    SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2012/07/03 13:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012/03/15 12:00:44 | 000,213,672 | ---- | M] (F-Secure Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSMA32.EXE -- (FSMA)
    SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
    SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
    SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
    SRV - [2011/05/10 00:00:20 | 002,009,704 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
    SRV - [2011/04/20 05:57:02 | 000,241,648 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\Lenovo\PowerDVD10\NavFilter\kmsvc.exe -- (CLKMSVC10_3A60B698)
    SRV - [2011/01/12 14:00:42 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
    SRV - [2010/12/20 22:30:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
    SRV - [2010/12/20 22:30:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
    SRV - [2010/03/18 09:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/08/24 22:40:55 | 000,031,080 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
    DRV:64bit: - [2012/07/30 13:32:08 | 000,203,104 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
    DRV:64bit: - [2012/07/30 13:32:08 | 000,102,240 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
    DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2012/04/19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
    DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012/02/22 05:25:32 | 000,289,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
    DRV:64bit: - [2012/01/31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
    DRV:64bit: - [2011/12/23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter)
    DRV:64bit: - [2011/10/31 18:08:05 | 000,039,008 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LhdX64.sys -- (LHDmgr)
    DRV:64bit: - [2011/10/31 18:08:03 | 000,029,792 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC)
    DRV:64bit: - [2011/10/31 18:01:35 | 000,020,064 | ---- | M] (Ensurebit Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\delayman.sys -- (DelayMan)
    DRV:64bit: - [2011/10/31 18:01:35 | 000,015,456 | ---- | M] (Ensurebit Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\winioex.sys -- (winioex)
    DRV:64bit: - [2011/10/31 09:16:57 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/10/31 09:16:57 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
    DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
    DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
    DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
    DRV:64bit: - [2011/05/12 20:01:36 | 000,089,640 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwdpan.sys -- (BTWDPAN)
    DRV:64bit: - [2011/05/12 20:01:34 | 000,437,288 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL)
    DRV:64bit: - [2011/05/12 20:01:24 | 000,164,392 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
    DRV:64bit: - [2011/05/12 20:01:24 | 000,150,568 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
    DRV:64bit: - [2011/05/12 20:01:24 | 000,039,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
    DRV:64bit: - [2011/05/12 20:01:24 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
    DRV:64bit: - [2011/05/10 00:00:18 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
    DRV:64bit: - [2011/05/09 16:42:14 | 000,425,000 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
    DRV:64bit: - [2011/05/01 10:33:06 | 008,593,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
    DRV:64bit: - [2011/03/25 21:17:50 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2011/03/21 01:42:52 | 001,413,168 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
    DRV:64bit: - [2011/01/28 19:29:58 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
    DRV:64bit: - [2011/01/12 13:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2010/12/12 23:31:00 | 000,174,168 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
    DRV:64bit: - [2010/12/01 01:02:22 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)
    DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/20 23:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
    DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV:64bit: - [2010/11/18 22:34:26 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
    DRV:64bit: - [2010/11/18 22:34:26 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
    DRV:64bit: - [2010/10/19 20:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
    DRV:64bit: - [2010/10/15 04:28:18 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
    DRV:64bit: - [2010/03/02 14:50:54 | 000,038,496 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HybridDiskX64.sys -- (HybridDisk)
    DRV:64bit: - [2010/03/02 14:50:38 | 000,013,920 | ---- | M] (Lenovo.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\HybridCFileX64.sys -- (hybridcfile)
    DRV:64bit: - [2009/07/21 10:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
    DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/10 16:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV - [2012/08/24 21:32:52 | 000,199,888 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper)
    DRV - [2012/08/24 21:32:25 | 000,062,032 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\HIPS\drivers\fshs.sys -- (F-Secure HIPS)
    DRV - [2012/03/15 12:00:28 | 000,015,016 | ---- | M] () [Kernel | System | Running] -- C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys -- (fsvista)
    DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
    IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
    IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.ca/
    IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
    IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...coding}&sourceid=ie7&rlz=1I7LENN_enCA465CA466
    IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid=...5954ccdc37f&lang=en&ds=AVG&pr=fr&d=2012-08-24 22:40:56&v=12.2.0.5&sap=dsp&q={searchTerms}
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
    FF - prefs.js..browser.search.selectedEngine: "Google"


    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
    FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.0\\npsitesafety.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Tuli\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/08/24 22:40:39 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\12.2.0.5\ [2012/08/24 22:40:59 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/07 14:09:55 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/07 14:09:55 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

    [2012/01/10 16:51:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tuli\AppData\Roaming\Mozilla\Extensions
    [2012/08/26 16:07:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tuli\AppData\Roaming\Mozilla\Firefox\Profiles\mqthu6j0.default\extensions
    [2012/03/03 13:58:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2012/08/07 14:09:55 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2012/08/24 22:40:54 | 000,003,749 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
    [2012/03/03 13:58:28 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012/03/03 13:58:28 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========
     
  14. Tulii

    Tulii Newcomer, in training Topic Starter Posts: 18

    O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
    O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.0.5\AVG Secure Search_toolbar.dll ()
    O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.0.5\AVG Secure Search_toolbar.dll ()
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
    O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
    O4:64bit: - HKLM..\Run: [OnekeyStudio] C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe (Lenovo)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\CyberLink\Shared Files\brs.exe (cyberlink)
    O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSM32.EXE (F-Secure Corporation)
    O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
    O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
    O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [ROC_roc_ssl_v12] C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe ()
    O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Lenovo)
    O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
    O4 - HKLM..\Run: [YouCam Mirage] C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (CyberLink)
    O4 - HKLM..\Run: [YouCam Tray] C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe (CyberLink Corp.)
    O4 - HKCU..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent File not found
    O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup File not found
    O4 - HKCU..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
    O4 - HKCU..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
    O4 - HKCU..\Run: [LenovoR.I.C.Tray] C:\Program Files (x86)\Lenovo\RobustIntelligentCompanion\LenovoR.I.C.Tray.exe (Lenovo)
    O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
    O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_271_Plugin.exe (Adobe Systems Incorporated)
  15. Tulii

    Tulii Newcomer, in training Topic Starter Posts: 18

    F3:64bit: - HKCU WinNT: Load - (C:\Users\Tuli\AppData\Roaming\R6rd6c\UBHN4H~1.LNK) - File not found
    F3 - HKCU WinNT: Load - (C:\Users\Tuli\AppData\Roaming\R6rd6c\UBHN4H~1.LNK) - File not found
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
    O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
    O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
    O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
  16. Tulii

    Tulii Newcomer, in training Topic Starter Posts: 18

    O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
    O9:64bit: - Extra Button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
    O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
    O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Plugin Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://aolsvc.aol.com/onlinegames/free-trial-peggle-deluxe/popcaploader_v10.cab (PopCapLoader Object)
    O16 - DPF: {EA6246B4-F380-443F-8727-9AEA3371146C} http://games.bigfishgames.com/en_wedding-dash/online/WeddingDash.1.0.0.47.cab (CPlayFirstWeddingDashControl Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1074EA02-97FD-4EB8-89A6-E00C1CF35095}: DhcpNameServer = 192.168.0.1
    O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.0\ViProtocol.dll ()
    O20:64bit: - AppInit_DLLs: (C:\windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
    O20 - AppInit_DLLs: (C:\windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2011/09/16 03:07:13 | 000,054,544 | R--- | M] (Electronic Arts) - E:\Autorun.exe -- [ UDF ]
    O32 - AutoRun File - [2011/09/16 00:58:13 | 000,000,049 | R--- | M] () - E:\Autorun.inf -- [ UDF ]
    O33 - MountPoints2\{1ff11151-0407-11e1-b866-806e6f6e6963}\Shell - "" = AutoRun
    O33 - MountPoints2\{1ff11151-0407-11e1-b866-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2011/09/16 03:07:13 | 000,054,544 | R--- | M] (Electronic Arts)
    O34 - HKLM BootExecute: (autocheck autochk *)
    O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    SafeBootMin:64bit: 13067291.sys - Driver
    SafeBootMin:64bit: 64825519.sys - Driver
    SafeBootMin:64bit: Base - Driver Group
    SafeBootMin:64bit: Boot Bus Extender - Driver Group
    SafeBootMin:64bit: Boot file system - Driver Group
    SafeBootMin:64bit: File system - Driver Group
    SafeBootMin:64bit: Filter - Driver Group
    SafeBootMin:64bit: HelpSvc - Service
    SafeBootMin:64bit: hitmanpro36 - Reg Error: Value error.
    SafeBootMin:64bit: hitmanpro36.sys - Reg Error: Value error.
    SafeBootMin:64bit: MCODS - Reg Error: Value error.
    SafeBootMin:64bit: PCI Configuration - Driver Group
    SafeBootMin:64bit: PEVSystemStart - Service
    SafeBootMin:64bit: PNP Filter - Driver Group
    SafeBootMin:64bit: Primary disk - Driver Group
    SafeBootMin:64bit: procexp90.Sys - Driver
    SafeBootMin:64bit: sacsvr - Service
    SafeBootMin:64bit: SCSI Class - Driver Group
    SafeBootMin:64bit: System Bus Extender - Driver Group
    SafeBootMin:64bit: vmms - Service
    SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
    SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
    SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
    SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
    SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
    SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
    SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
    SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
    SafeBootMin: 13067291.sys - Driver
    SafeBootMin: 64825519.sys - Driver
    SafeBootMin: Base - Driver Group
    SafeBootMin: Boot Bus Extender - Driver Group
    SafeBootMin: Boot file system - Driver Group
    SafeBootMin: File system - Driver Group
    SafeBootMin: Filter - Driver Group
    SafeBootMin: HelpSvc - Service
    SafeBootMin: hitmanpro36 - Reg Error: Value error.
    SafeBootMin: hitmanpro36.sys - Reg Error: Value error.
    SafeBootMin: MCODS - Reg Error: Value error.
    SafeBootMin: PCI Configuration - Driver Group
    SafeBootMin: PEVSystemStart - Service
    SafeBootMin: PNP Filter - Driver Group
    SafeBootMin: Primary disk - Driver Group
    SafeBootMin: procexp90.Sys - Driver
    SafeBootMin: sacsvr - Service
    SafeBootMin: SCSI Class - Driver Group
    SafeBootMin: System Bus Extender - Driver Group
    SafeBootMin: vmms - Service
    SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
    SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
    SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
    SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
    SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
    SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
    SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
    SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
  17. Tulii

    Tulii Newcomer, in training Topic Starter Posts: 18

    ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
    ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /I:/UserInstall %SystemRoot%\system32\themeui.dll
    ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
    ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
    ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
    ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
    ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
    ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
    ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
    ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
    ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
    ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
    ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /I:U shell32.dll
    ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
    ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
    ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
    ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
    ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
    ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
    ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
    ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
    ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
    ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
    ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
    ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
    ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
    ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /I:/UserInstall %SystemRoot%\system32\themeui.dll
    ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
    ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
    ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
    ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
    ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
    ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
    ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
    ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
    ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
    ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
    ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /I:U shell32.dll
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
    ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
    ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
    ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
    ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
    ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
    ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
    ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
    ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
    ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.clmp3enc - C:\Program Files (x86)\Lenovo\Power2Go\CLMP3Enc.ACM (CyberLink Corp.)
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\windows\SysWow64\iccvid.dll (Radius Inc.)
    Drivers32: vidc.VP60 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
    Drivers32: vidc.VP61 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)

    NetSvcs:64bit: BITS - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/08/28 11:18:27 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Users\Tuli\Desktop\OTL.exe
    [2012/08/27 13:46:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
    [2012/08/26 16:06:59 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
    [2012/08/26 16:05:43 | 008,864,168 | ---- | C] (SurfRight B.V.) -- C:\Users\Tuli\Desktop\HitmanPro36_x64.exe
    [2012/08/25 13:56:11 | 004,738,846 | R--- | C] (Swearware) -- C:\Users\Tuli\Desktop\explore.exe
    [2012/08/25 13:53:48 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
    [2012/08/25 13:53:38 | 004,738,846 | R--- | C] (Swearware) -- C:\Users\Tuli\Desktop\winlogon.exe
    [2012/08/25 13:50:06 | 000,000,000 | ---D | C] -- C:\ComboFix
    [2012/08/25 11:59:41 | 004,738,846 | R--- | C] (Swearware) -- C:\Users\Tuli\Desktop\ComboFix.exe
    [2012/08/25 00:00:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/08/25 00:00:58 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
    [2012/08/25 00:00:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012/08/24 22:59:26 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/08/24 22:59:24 | 000,000,000 | ---D | C] -- C:\windows\erdnt
    [2012/08/24 22:41:31 | 000,000,000 | ---D | C] -- C:\Users\Tuli\AppData\Roaming\AVG2012
    [2012/08/24 22:40:59 | 000,000,000 | ---D | C] -- C:\Users\Tuli\AppData\Local\AVG Secure Search
    [2012/08/24 22:40:59 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
    [2012/08/24 22:40:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
    [2012/08/24 22:40:55 | 000,031,080 | ---- | C] (AVG Technologies) -- C:\windows\SysNative\drivers\avgtpx64.sys
    [2012/08/24 22:40:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
    [2012/08/24 22:40:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search
    [2012/08/24 22:40:42 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\drivers\AVG
    [2012/08/24 22:40:37 | 000,000,000 | -H-D | C] -- C:\$AVG
    [2012/08/24 22:40:37 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
    [2012/08/24 22:40:37 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\AVG
    [2012/08/24 22:40:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
    [2012/08/24 22:38:50 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
    [2012/08/24 22:38:50 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
    [2012/08/24 22:14:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
    [2012/08/24 21:57:08 | 000,000,000 | ---D | C] -- C:\windows\Minidump
    [2012/08/24 21:23:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\F-Secure
    [2012/08/24 21:10:14 | 000,000,000 | ---D | C] -- C:\ProgramData\CPA_VA
    [2012/08/24 20:56:10 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\COMODO
    [2012/08/24 20:17:48 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\gdiplus.dll
    [2012/08/24 19:11:35 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
    [2012/08/24 17:18:31 | 000,000,000 | ---D | C] -- C:\Users\Tuli\AppData\Roaming\Malwarebytes
    [2012/08/24 17:18:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/08/18 23:18:08 | 000,000,000 | ---D | C] -- C:\Users\Tuli\AppData\Local\Macromedia
    [2012/08/16 22:46:54 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
    [2012/08/16 22:46:54 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
    [2012/08/16 22:46:54 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
    [2012/08/16 22:46:53 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
    [2012/08/16 22:46:53 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
    [2012/08/16 22:46:53 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
    [2012/08/16 22:46:53 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
    [2012/08/16 22:46:53 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
    [2012/08/16 22:46:53 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
    [2012/08/16 22:46:52 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
    [2012/08/16 22:46:52 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
    [2012/08/16 22:46:52 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
    [2012/08/16 22:46:51 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
    [2012/08/15 13:23:05 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\srcore.dll
    [2012/08/15 13:23:01 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\win32spl.dll
    [2012/08/15 13:23:01 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\win32spl.dll
    [2012/08/15 13:23:01 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\windows\splwow64.exe
    [2012/08/15 13:22:59 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\netapi32.dll
    [2012/08/15 13:22:59 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\browcli.dll
    [2012/08/15 13:22:59 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\browcli.dll
    [2012/08/15 13:22:56 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\localspl.dll
    [2012/08/13 15:52:16 | 000,000,000 | ---D | C] -- C:\Temp
    [2012/08/13 15:50:46 | 000,000,000 | ---D | C] -- C:\Users\Tuli\AppData\Local\Samsung
    [2012/08/13 15:50:45 | 000,000,000 | ---D | C] -- C:\Users\Tuli\AppData\Roaming\Samsung
    [2012/08/13 15:50:41 | 000,000,000 | ---D | C] -- C:\Users\Tuli\Documents\samsung
    [2012/08/13 15:45:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
    [2012/08/13 15:44:55 | 004,659,712 | ---- | C] (Dmitry Streblechenko) -- C:\windows\SysWow64\Redemption.dll
    [2012/08/13 15:44:07 | 000,821,824 | ---- | C] (Devguru Co., Ltd.) -- C:\windows\SysWow64\dgderapi.dll
    [2012/08/13 15:44:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MarkAny
    [2012/08/13 15:43:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
    [2012/08/13 15:43:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Samsung
    [2012/08/13 15:40:11 | 000,000,000 | -HSD | C] -- C:\Config.Msi
    [2012/08/13 15:38:53 | 000,000,000 | ---D | C] -- C:\Users\Tuli\AppData\Local\Downloaded Installations
    [2012/08/03 19:15:33 | 000,000,000 | ---D | C] -- C:\Users\Tuli\AppData\Local\Unity
    [2012/08/03 19:15:19 | 000,000,000 | ---D | C] -- C:\Users\Tuli\AppData\Local\Deployment
    [2012/08/03 19:15:19 | 000,000,000 | ---D | C] -- C:\Users\Tuli\AppData\Local\Apps
    [2012/07/30 14:16:20 | 000,330,240 | ---- | C] ((주)마크애니) -- C:\windows\MASetupCaller.dll
    [2012/07/30 14:16:20 | 000,090,112 | ---- | C] ((주)마크애니) -- C:\windows\MAMCityDownload.ocx
    [2012/07/30 14:16:18 | 000,569,344 | ---- | C] ((c) MusicCity) -- C:\windows\SysWow64\muzdecode.ax
    [2012/07/30 14:16:18 | 000,491,520 | ---- | C] (Musiccity Co.Ltd.) -- C:\windows\SysWow64\muzapp.dll
    [2012/07/30 14:16:18 | 000,352,256 | ---- | C] (Sample Corporation) -- C:\windows\SysWow64\MSLUR71.dll
    [2012/07/30 14:16:18 | 000,258,048 | ---- | C] ((c) PeeringPortal) -- C:\windows\SysWow64\muzoggsp.ax
    [2012/07/30 14:16:18 | 000,245,760 | ---- | C] (Teruten Inc.) -- C:\windows\SysWow64\MSCLib.dll
    [2012/07/30 14:16:18 | 000,200,704 | ---- | C] ( (c) MusicCity) -- C:\windows\SysWow64\muzwmts.dll
    [2012/07/30 14:16:18 | 000,172,032 | ---- | C] (Musiccity Co.Ltd.) -- C:\windows\SysWow64\muzapp.exe
    [2012/07/30 14:16:18 | 000,155,648 | ---- | C] (Teruten Inc.) -- C:\windows\SysWow64\MSFLib.dll
    [2012/07/30 14:16:18 | 000,135,168 | ---- | C] (Musiccity Co.Ltd.) -- C:\windows\SysWow64\muzaf1.dll
    [2012/07/30 14:16:18 | 000,131,072 | ---- | C] ((c) MusicCity) -- C:\windows\SysWow64\muzmpgsp.ax
    [2012/07/30 14:16:18 | 000,122,880 | ---- | C] ((c) MUSICCITY) -- C:\windows\SysWow64\muzeffect.ax
    [2012/07/30 14:16:18 | 000,118,784 | ---- | C] ((주)마크애니) -- C:\windows\SysWow64\MaDRM.dll
    [2012/07/30 14:16:18 | 000,110,592 | ---- | C] ((c) MusicCity) -- C:\windows\SysWow64\muzmp4sp.ax
    [2012/07/30 14:16:18 | 000,057,344 | ---- | C] (Marktek) -- C:\windows\SysWow64\MK_Lyric.dll
    [2012/07/30 14:16:18 | 000,057,344 | ---- | C] (Marktek Inc.) -- C:\windows\SysWow64\MTXSYNCICON.dll
    [2012/07/30 14:16:18 | 000,049,152 | ---- | C] ((주) 마크애니) -- C:\windows\SysWow64\MaJGUILib.dll
    [2012/07/30 14:16:18 | 000,045,320 | ---- | C] (MARKANY) -- C:\windows\SysWow64\MAMACExtract.dll
    [2012/07/30 14:16:18 | 000,045,056 | ---- | C] ((주) 마크애니) -- C:\windows\SysWow64\MaXMLProto.dll
    [2012/07/30 14:16:18 | 000,045,056 | ---- | C] ((주) 마크애니) -- C:\windows\SysWow64\MACXMLProto.dll
    [2012/07/30 14:16:18 | 000,040,960 | ---- | C] (Telechips Inc.,) -- C:\windows\SysWow64\MTTELECHIP.dll
    [2012/07/30 14:16:18 | 000,024,576 | ---- | C] ((주)마크애니) -- C:\windows\SysWow64\MASetupCleaner.exe
    [2012/07/30 13:32:08 | 000,203,104 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\windows\SysNative\drivers\ssudmdm.sys
    [2012/07/30 13:32:08 | 000,102,240 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\windows\SysNative\drivers\ssudbus.sys
    [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/08/28 11:18:28 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Tuli\Desktop\OTL.exe
    [2012/08/28 11:17:48 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/08/28 11:17:46 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
    [2012/08/28 11:17:45 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
    [2012/08/27 22:44:41 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/08/26 16:31:46 | 000,020,414 | ---- | M] () -- C:\Users\Tuli\Desktop\log.xml
    [2012/08/26 16:24:04 | 000,021,280 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/08/26 16:24:04 | 000,021,280 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/08/26 16:23:02 | 000,783,460 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
    [2012/08/26 16:23:02 | 000,667,848 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
    [2012/08/26 16:23:02 | 000,126,892 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
    [2012/08/26 16:16:49 | 2103,332,863 | -HS- | M] () -- C:\hiberfil.sys
    [2012/08/26 16:09:23 | 104,947,996 | ---- | M] () -- C:\windows\SysNative\drivers\AVG\incavi.avm
    [2012/08/26 16:06:04 | 008,864,168 | ---- | M] (SurfRight B.V.) -- C:\Users\Tuli\Desktop\HitmanPro36_x64.exe
    [2012/08/25 13:56:11 | 004,738,846 | R--- | M] (Swearware) -- C:\Users\Tuli\Desktop\explore.exe
    [2012/08/25 13:53:38 | 004,738,846 | R--- | M] (Swearware) -- C:\Users\Tuli\Desktop\winlogon.exe
    [2012/08/25 11:50:40 | 004,738,846 | R--- | M] (Swearware) -- C:\Users\Tuli\Desktop\ComboFix.exe
    [2012/08/25 00:00:59 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/08/24 22:41:01 | 000,000,216 | ---- | M] () -- C:\windows\tasks\SidebarExecute.job
    [2012/08/24 22:40:59 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
    [2012/08/24 22:40:55 | 000,031,080 | ---- | M] (AVG Technologies) -- C:\windows\SysNative\drivers\avgtpx64.sys
    [2012/08/24 22:40:42 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\drivers\AVG\incavi.avm
    [2012/08/24 22:40:42 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\drivers\AVG\iavichjw.avm
    [2012/08/24 21:57:07 | 378,492,943 | ---- | M] () -- C:\windows\MEMORY.DMP
    [2012/08/24 21:54:44 | 000,001,085 | ---- | M] () -- C:\Users\Tuli\Documents\Documents - Shortcut (2).lnk
    [2012/08/24 21:50:05 | 000,864,416 | ---- | M] () -- C:\windows\SysNative\drivers\sfi.dat
    [2012/08/24 21:29:12 | 000,042,672 | ---- | M] () -- C:\windows\SysWow64\drivers\fsbts.sys
    [2012/08/24 21:29:03 | 000,019,466 | ---- | M] () -- C:\windows\prodsett_copy.ini
    [2012/08/24 20:17:48 | 001,700,352 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\gdiplus.dll
    [2012/08/18 14:23:11 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
    [2012/08/18 14:23:11 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
    [2012/08/18 14:04:38 | 000,318,320 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
    [2012/08/15 13:12:02 | 000,056,016 | ---- | M] () -- C:\windows\SysNative\drivers\fsbts.sys
    [2012/08/13 15:45:13 | 000,001,977 | ---- | M] () -- C:\Users\Tuli\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk
    [2012/08/13 15:43:02 | 000,776,804 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
    [2012/07/30 14:16:48 | 004,659,712 | ---- | M] (Dmitry Streblechenko) -- C:\windows\SysWow64\Redemption.dll
    [2012/07/30 14:16:20 | 000,330,240 | ---- | M] ((주)마크애니) -- C:\windows\MASetupCaller.dll
    [2012/07/30 14:16:20 | 000,090,112 | ---- | M] ((주)마크애니) -- C:\windows\MAMCityDownload.ocx
    [2012/07/30 14:16:20 | 000,030,568 | ---- | M] () -- C:\windows\MusiccityDownload.exe
    [2012/07/30 14:16:18 | 000,974,848 | ---- | M] () -- C:\windows\SysWow64\cis-2.4.dll
    [2012/07/30 14:16:18 | 000,569,344 | ---- | M] ((c) MusicCity) -- C:\windows\SysWow64\muzdecode.ax
    [2012/07/30 14:16:18 | 000,491,520 | ---- | M] (Musiccity Co.Ltd.) -- C:\windows\SysWow64\muzapp.dll
    [2012/07/30 14:16:18 | 000,352,256 | ---- | M] (Sample Corporation) -- C:\windows\SysWow64\MSLUR71.dll
    [2012/07/30 14:16:18 | 000,258,048 | ---- | M] ((c) PeeringPortal) -- C:\windows\SysWow64\muzoggsp.ax
    [2012/07/30 14:16:18 | 000,245,760 | ---- | M] (Teruten Inc.) -- C:\windows\SysWow64\MSCLib.dll
    [2012/07/30 14:16:18 | 000,200,704 | ---- | M] ( (c) MusicCity) -- C:\windows\SysWow64\muzwmts.dll
    [2012/07/30 14:16:18 | 000,172,032 | ---- | M] (Musiccity Co.Ltd.) -- C:\windows\SysWow64\muzapp.exe
    [2012/07/30 14:16:18 | 000,155,648 | ---- | M] (Teruten Inc.) -- C:\windows\SysWow64\MSFLib.dll
    [2012/07/30 14:16:18 | 000,143,360 | ---- | M] () -- C:\windows\SysWow64\3DAudio.ax
    [2012/07/30 14:16:18 | 000,135,168 | ---- | M] (Musiccity Co.Ltd.) -- C:\windows\SysWow64\muzaf1.dll
    [2012/07/30 14:16:18 | 000,131,072 | ---- | M] ((c) MusicCity) -- C:\windows\SysWow64\muzmpgsp.ax
    [2012/07/30 14:16:18 | 000,122,880 | ---- | M] ((c) MUSICCITY) -- C:\windows\SysWow64\muzeffect.ax
    [2012/07/30 14:16:18 | 000,118,784 | ---- | M] ((주)마크애니) -- C:\windows\SysWow64\MaDRM.dll
    [2012/07/30 14:16:18 | 000,110,592 | ---- | M] ((c) MusicCity) -- C:\windows\SysWow64\muzmp4sp.ax
    [2012/07/30 14:16:18 | 000,081,920 | ---- | M] () -- C:\windows\SysWow64\issacapi_bs-2.3.dll
    [2012/07/30 14:16:18 | 000,065,536 | ---- | M] () -- C:\windows\SysWow64\issacapi_pe-2.3.dll
    [2012/07/30 14:16:18 | 000,057,344 | ---- | M] (Marktek) -- C:\windows\SysWow64\MK_Lyric.dll
    [2012/07/30 14:16:18 | 000,057,344 | ---- | M] (Marktek Inc.) -- C:\windows\SysWow64\MTXSYNCICON.dll
    [2012/07/30 14:16:18 | 000,057,344 | ---- | M] () -- C:\windows\SysWow64\issacapi_se-2.3.dll
    [2012/07/30 14:16:18 | 000,049,152 | ---- | M] ((주) 마크애니) -- C:\windows\SysWow64\MaJGUILib.dll
    [2012/07/30 14:16:18 | 000,045,320 | ---- | M] (MARKANY) -- C:\windows\SysWow64\MAMACExtract.dll
    [2012/07/30 14:16:18 | 000,045,056 | ---- | M] ((주) 마크애니) -- C:\windows\SysWow64\MaXMLProto.dll
    [2012/07/30 14:16:18 | 000,045,056 | ---- | M] ((주) 마크애니) -- C:\windows\SysWow64\MACXMLProto.dll
    [2012/07/30 14:16:18 | 000,040,960 | ---- | M] (Telechips Inc.,) -- C:\windows\SysWow64\MTTELECHIP.dll
    [2012/07/30 14:16:18 | 000,024,576 | ---- | M] ((주)마크애니) -- C:\windows\SysWow64\MASetupCleaner.exe
    [2012/07/30 14:16:16 | 000,821,824 | ---- | M] (Devguru Co., Ltd.) -- C:\windows\SysWow64\dgderapi.dll
    [2012/07/30 13:32:08 | 000,203,104 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\windows\SysNative\drivers\ssudmdm.sys
    [2012/07/30 13:32:08 | 000,102,240 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\windows\SysNative\drivers\ssudbus.sys
    [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/08/26 16:31:46 | 000,020,414 | ---- | C] () -- C:\Users\Tuli\Desktop\log.xml
    [2012/08/26 16:09:23 | 104,947,996 | ---- | C] () -- C:\windows\SysNative\drivers\AVG\incavi.avm
    [2012/08/25 00:00:59 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/08/24 22:41:01 | 000,000,216 | ---- | C] () -- C:\windows\tasks\SidebarExecute.job
    [2012/08/24 22:40:59 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk
    [2012/08/24 22:40:42 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\drivers\AVG\incavi.avm
    [2012/08/24 22:40:42 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\drivers\AVG\iavichjw.avm
    [2012/08/24 21:57:07 | 378,492,943 | ---- | C] () -- C:\windows\MEMORY.DMP
    [2012/08/24 21:54:44 | 000,001,085 | ---- | C] () -- C:\Users\Tuli\Documents\Documents - Shortcut (2).lnk
    [2012/08/24 21:29:12 | 000,042,672 | ---- | C] () -- C:\windows\SysWow64\drivers\fsbts.sys
    [2012/08/24 21:29:03 | 000,019,466 | ---- | C] () -- C:\windows\prodsett_copy.ini
    [2012/08/24 20:18:11 | 000,864,416 | ---- | C] () -- C:\windows\SysNative\drivers\sfi.dat
    [2012/08/18 14:05:27 | 000,000,830 | ---- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job
    [2012/08/13 15:45:13 | 000,001,977 | ---- | C] () -- C:\Users\Tuli\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk
    [2012/07/30 14:16:20 | 000,030,568 | ---- | C] () -- C:\windows\MusiccityDownload.exe
    [2012/07/30 14:16:18 | 000,974,848 | ---- | C] () -- C:\windows\SysWow64\cis-2.4.dll
    [2012/07/30 14:16:18 | 000,143,360 | ---- | C] () -- C:\windows\SysWow64\3DAudio.ax
    [2012/07/30 14:16:18 | 000,081,920 | ---- | C] () -- C:\windows\SysWow64\issacapi_bs-2.3.dll
    [2012/07/30 14:16:18 | 000,065,536 | ---- | C] () -- C:\windows\SysWow64\issacapi_pe-2.3.dll
    [2012/07/30 14:16:18 | 000,057,344 | ---- | C] () -- C:\windows\SysWow64\issacapi_se-2.3.dll
    [2012/05/18 16:53:05 | 000,004,472 | ---- | C] () -- C:\Users\Tuli\worksheet.pdf
    [2012/04/14 16:17:37 | 000,000,292 | ---- | C] () -- C:\windows\PowerReg.dat
    [2012/04/14 16:17:33 | 000,045,568 | ---- | C] () -- C:\windows\UniFish3.exe
    [2012/03/05 17:49:29 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
    [2012/01/21 21:05:34 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
    [2012/01/14 18:16:57 | 000,004,608 | ---- | C] () -- C:\Users\Tuli\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/10/31 18:17:13 | 000,000,512 | ---- | C] () -- C:\windows\previous.bin
    [2011/10/31 18:17:13 | 000,000,512 | ---- | C] () -- C:\windows\current.bin
    [2011/10/31 18:03:25 | 002,086,240 | ---- | C] () -- C:\windows\SysWow64\LenovoVeriface.Interface.dll
    [2011/10/31 18:03:25 | 001,500,512 | ---- | C] () -- C:\windows\SysWow64\Apblend.dll
    [2011/10/31 18:03:25 | 001,171,456 | ---- | C] () -- C:\windows\SysWow64\PicNotify.dll
    [2011/10/31 18:03:25 | 000,472,416 | ---- | C] () -- C:\windows\SysWow64\Lenovo.VerifaceStub.dll
    [2011/10/31 18:03:21 | 001,044,480 | ---- | C] () -- C:\windows\SysWow64\3DImageRenderer.dll
    [2011/10/31 18:01:35 | 001,771,872 | ---- | C] () -- C:\windows\SysWow64\ColorBlindnessDLL.dll
    [2011/10/31 18:01:35 | 000,087,392 | ---- | C] () -- C:\windows\SysWow64\LenovoRIC.interface.dll
    [2011/10/31 18:01:35 | 000,083,296 | ---- | C] () -- C:\windows\SysWow64\GetASData.dll
    [2011/10/31 18:01:35 | 000,080,480 | ---- | C] () -- C:\windows\SysWow64\WinIoEx.dll
    [2011/10/31 18:01:35 | 000,058,720 | ---- | C] () -- C:\windows\SysWow64\LenovoRIC.stub.dll
    [2011/10/31 17:53:50 | 000,089,328 | ---- | C] () -- C:\windows\un_dext.exe
    [2011/10/31 17:53:50 | 000,087,928 | ---- | C] () -- C:\windows\SPRemove_x64.exe
    [2011/10/31 17:53:50 | 000,003,566 | ---- | C] () -- C:\windows\Dext_09.ini
    [2011/10/31 17:53:50 | 000,002,998 | ---- | C] () -- C:\windows\Dext_04.ini
    [2011/10/31 17:53:50 | 000,002,790 | ---- | C] () -- C:\windows\Dext_2052.ini
    [2011/10/31 17:53:50 | 000,002,507 | ---- | C] () -- C:\windows\Remove.ini
    [2011/10/31 17:51:48 | 000,066,856 | ---- | C] () -- C:\windows\SysWow64\SynTPEnhPS.dll
    [2011/10/31 17:50:23 | 000,776,804 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
    [2011/10/31 17:28:14 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
    [2011/10/31 17:28:14 | 000,216,876 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin
    [2011/10/31 17:28:13 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin
    [2011/09/28 18:44:14 | 000,179,271 | ---- | C] () -- C:\windows\SysWow64\xlive.dll.cat

    ========== Custom Scans ==========
  18. Tulii

    Tulii Newcomer, in training Topic Starter Posts: 18

    < %AppData%\Roaming\Mozilla\Firefox\Profiles\*.default\extensions\ /s /md5 >

    < %AppData%\Local\ >

    < %systemroot%\system32\sysprep >

    < *.xpi /md5 >

    < %systemroot%\Downloaded Program Files\ >

    < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile >

    < hklm\software\clients\startmenuinternet|command /rs >
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/08/07 14:09:55 | 000,865,776 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/08/07 14:09:55 | 000,865,776 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/08/07 14:09:55 | 000,865,776 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2012/08/07 14:09:55 | 000,913,888 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2012/08/07 14:09:55 | 000,913,888 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2012/08/07 14:09:55 | 000,913,888 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --show-icons [2012/08/17 18:28:57 | 001,229,848 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --hide-icons [2012/08/17 18:28:57 | 001,229,848 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/08/17 18:28:57 | 001,229,848 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [2012/08/17 18:28:57 | 001,229,848 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/10/31 09:13:45 | 000,074,240 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/10/31 09:13:45 | 000,074,240 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/10/31 09:13:45 | 000,074,240 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2012/06/28 21:00:47 | 000,748,664 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2012/06/28 21:00:47 | 000,748,664 | ---- | M] (Microsoft Corporation)

    < hklm\software\clients\startmenuinternet|command /64 /rs >
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2012/08/07 14:09:55 | 000,865,776 | ---- | M] (Mozilla Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2012/08/07 14:09:55 | 000,865,776 | ---- | M] (Mozilla Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2012/08/07 14:09:55 | 000,865,776 | ---- | M] (Mozilla Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE [2012/08/07 14:09:55 | 000,913,888 | ---- | M] (Mozilla Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES [2012/08/07 14:09:55 | 000,913,888 | ---- | M] (Mozilla Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE [2012/08/07 14:09:55 | 000,913,888 | ---- | M] (Mozilla Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2012/08/17 18:28:57 | 001,229,848 | ---- | M] (Google Inc.)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2012/08/17 18:28:57 | 001,229,848 | ---- | M] (Google Inc.)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2012/08/17 18:28:57 | 001,229,848 | ---- | M] (Google Inc.)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2012/08/17 18:28:57 | 001,229,848 | ---- | M] (Google Inc.)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2011/10/31 09:13:45 | 000,089,088 | ---- | M] (Microsoft Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2011/10/31 09:13:45 | 000,089,088 | ---- | M] (Microsoft Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2011/10/31 09:13:45 | 000,089,088 | ---- | M] (Microsoft Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2012/06/28 21:00:47 | 000,748,664 | ---- | M] (Microsoft Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2012/06/28 21:00:47 | 000,748,664 | ---- | M] (Microsoft Corporation)

    < %systemroot%\system32\drivers\*.sys /lockedfiles >

    < %systemroot%\system32\drivers\*.sys /90 >
    [2012/08/24 21:29:12 | 000,042,672 | ---- | M] () -- C:\windows\system32\drivers\fsbts.sys

    < %systemroot%\System32\config\*.sav >

    < %SYSTEMDRIVE%\*.exe /md5 >

    < "%WinDir%\$NtUninstallKB*$." /30 >

    < %systemdrive%\Program Files\Common Files\ComObjects\*.* /s >

    < %systemroot%\*. /mp /s >

    < %systemroot%\*. /rp /s >

    < %systemroot%\system32\*.dll /lockedfiles >

    < %systemroot%\Tasks\*.job /lockedfiles >

    < %systemroot%\Installer\ /s >

    < %systemroot%\system32\Cache\ /s >

    < %systemroot%\system32\config\systemprofile\Application Data /s >

    < %PROGRAMFILES%\*. >
    [2012/01/27 01:14:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Adobe
    [2012/08/24 22:40:30 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\AVG
    [2012/08/24 22:40:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\AVG Secure Search
    [2011/10/31 17:53:49 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\BisonCam
    [2011/10/31 17:38:35 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Cisco
    [2012/08/24 22:40:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files
    [2011/10/31 17:57:05 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\CyberLink
    [2012/01/13 18:16:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Electronic Arts
    [2012/08/27 13:46:07 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ESET
    [2012/08/24 21:47:05 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\F-Secure
    [2011/10/31 17:57:33 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Google
    [2012/04/14 16:16:50 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Hasbro Interactive
    [2012/08/13 15:44:06 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\InstallShield Installation Information
    [2011/10/31 17:28:29 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Intel
    [2011/10/31 17:54:34 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Intel Corporation
    [2012/08/18 14:03:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Internet Explorer
    [2012/01/14 18:53:28 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Java
    [2011/10/31 17:38:23 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\JMicron
    [2011/10/31 18:08:06 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Lenovo
    [2012/01/21 21:44:46 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Lenovo Games
    [2012/08/25 00:01:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012/08/13 15:44:07 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MarkAny
    [2012/01/08 02:01:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\McAfee
    [2012/02/18 15:07:56 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Application Virtualization Client
    [2012/01/10 21:52:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Games
    [2012/01/10 23:45:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
    [2012/01/14 11:06:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Office
    [2012/05/13 14:39:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Silverlight
    [2011/10/31 18:05:28 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
    [2012/01/15 11:34:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Works
    [2012/01/13 00:10:44 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft WSE
    [2012/06/28 21:07:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft XNA
    [2012/01/14 11:06:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft.NET
    [2012/05/05 22:26:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Minilyrics
    [2012/08/07 14:09:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox
    [2012/08/07 14:09:56 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Maintenance Service
    [2009/07/14 01:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSBuild
    [2011/10/31 17:31:05 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\NVIDIA Corporation
    [2012/03/08 19:42:49 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\QuickTime
    [2011/10/31 17:36:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Realtek
    [2009/07/14 01:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Reference Assemblies
    [2011/10/31 17:47:01 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Renesas Electronics
    [2012/08/13 15:45:44 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Samsung
    [2012/07/31 17:30:16 | 000,000,000 | R--D | M] -- C:\Program Files (x86)\Skype
    [2012/08/26 16:16:56 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Steam
    [2012/02/02 19:18:35 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Tag Support Plugin for Media Player
    [2011/10/31 17:36:35 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Temp
    [2009/07/14 00:57:06 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Uninstall Information
    [2012/01/19 17:43:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\uTorrent
    [2010/11/21 03:06:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Defender
    [2011/10/31 18:05:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Live
    [2010/11/21 03:06:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Mail
    [2010/11/21 03:06:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Media Player
    [2009/07/14 01:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows NT
    [2010/11/21 03:06:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Photo Viewer
    [2010/11/20 23:31:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Portable Devices
    [2010/11/21 03:06:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Sidebar

    < %appdata%\*.* >

    < MD5 for: AFD.SYS >
    [2011/12/27 23:59:24 | 000,498,688 | ---- | M] (Microsoft Corporation) MD5=1C7857B62DE5994A75B054A9FD4C3825 -- C:\windows\SysNative\drivers\afd.sys
    [2011/12/27 23:59:24 | 000,498,688 | ---- | M] (Microsoft Corporation) MD5=1C7857B62DE5994A75B054A9FD4C3825 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17752_none_35e10b89752ee0f5\afd.sys
    [2011/12/28 00:01:36 | 000,498,176 | ---- | M] (Microsoft Corporation) MD5=36A14FD1A23F57046361733B792CA8DB -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21887_none_364f3a028e605345\afd.sys
    [2010/11/20 23:24:08 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=D31DC7A16DEA4A9BAF179F3D6FBDB38C -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_360e4801750ca991\afd.sys
    [2011/10/31 09:15:18 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=D5B031C308A409A0A576BFF4CF083D30 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_3618198975057170\afd.sys
    [2011/10/31 09:15:18 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=F4AD06143EAC303F55D0E86C40802976 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_3695e61e8e2c13d4\afd.sys

    < MD5 for: ATAPI.SYS >
    [2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\drivers\atapi.sys
    [2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
    [2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

    < MD5 for: CRYPTSVC.DLL >
    [2012/04/24 00:36:42 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=06E771AA596B8761107AB57E99F128D7 -- C:\Windows\SysWOW64\cryptsvc.dll
    [2012/04/24 00:36:42 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=06E771AA596B8761107AB57E99F128D7 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17827_none_77ff39f3f916c65f\cryptsvc.dll
    [2010/11/20 23:24:16 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=15597883FBE9B056F276ADA3AD87D9AF -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_d4259ed3b16ed82a\cryptsvc.dll
    [2012/04/24 00:28:22 | 000,142,336 | ---- | M] (Microsoft Corporation) MD5=21993009E0CCB9B4FA195F14D3408626 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.21979_none_7854c7b7125b248c\cryptsvc.dll
    [2012/04/24 01:37:37 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=4F5414602E2544A4554D95517948B705 -- C:\windows\SysNative\cryptsvc.dll
    [2012/04/24 01:37:37 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=4F5414602E2544A4554D95517948B705 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17827_none_d41dd577b1743795\cryptsvc.dll
    [2010/11/20 23:24:32 | 000,136,192 | ---- | M] (Microsoft Corporation) MD5=A585BEBF7D054BD9618EDA0922D5484A -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_7807034ff91166f4\cryptsvc.dll
    [2012/04/24 01:22:32 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=B7337E9C9E5936355BB700AA33E0936E -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.21979_none_d473633acab895c2\cryptsvc.dll

    < MD5 for: DNSRSLVR.DLL >
    [2011/10/31 09:15:50 | 000,183,296 | ---- | M] (Microsoft Corporation) MD5=16835866AAA693C7D7FCEBA8FFF706E4 -- C:\windows\SysNative\dnsrslvr.dll
    [2011/10/31 09:15:50 | 000,183,296 | ---- | M] (Microsoft Corporation) MD5=16835866AAA693C7D7FCEBA8FFF706E4 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17570_none_3fc3a19c992d2ff6\dnsrslvr.dll
    [2011/10/31 09:15:50 | 000,183,296 | ---- | M] (Microsoft Corporation) MD5=B2205BAEAE4C178ABEB1B149751FC2B9 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.21673_none_40503f45b2481bc5\dnsrslvr.dll
    [2010/11/20 23:24:15 | 000,183,296 | ---- | M] (Microsoft Corporation) MD5=CD55F5355D8F55D44C9F4ED875705BD6 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17514_none_4008824c98f8edac\dnsrslvr.dll

    < MD5 for: ES.DLL >
    [2012/08/17 18:27:53 | 000,008,728 | ---- | M] () MD5=328868A14EB90E6A8EA9F3FC59FC49BB -- C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\Locales\es.dll
    [2009/07/13 21:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) MD5=4166F82BE4D24938977DD1746BE9B8A0 -- C:\windows\SysNative\es.dll
    [2009/07/13 21:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) MD5=4166F82BE4D24938977DD1746BE9B8A0 -- C:\Windows\winsxs\amd64_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.1.7600.16385_none_68e290c46b6ea6d0\es.dll
    [2012/08/14 00:29:58 | 000,008,728 | ---- | M] () MD5=7AD37261A349BE597C2E4C58B093B63D -- C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.79\Locales\es.dll
    [2009/07/13 21:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) MD5=F6916EFC29D9953D5D0DF06882AE8E16 -- C:\Windows\SysWOW64\es.dll
    [2009/07/13 21:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) MD5=F6916EFC29D9953D5D0DF06882AE8E16 -- C:\Windows\winsxs\wow64_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.1.7600.16385_none_73373b169fcf68cb\es.dll

    < MD5 for: EXPLORER.EXE >
    [2011/10/31 09:16:00 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
    [2011/10/31 09:16:00 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
    [2011/10/31 09:16:00 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
    [2011/10/31 09:16:00 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
    [2010/11/20 23:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
    [2011/10/31 09:16:00 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
    [2011/10/31 09:16:00 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
    [2010/11/20 23:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

    < MD5 for: IPNATHLP.DLL >
    [2009/07/13 21:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) MD5=B95F6501A2F8B2E78C697FEC401970CE -- C:\windows\SysNative\ipnathlp.dll
    [2009/07/13 21:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) MD5=B95F6501A2F8B2E78C697FEC401970CE -- C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\ipnathlp.dll

    < MD5 for: NETBT.SYS >
    [2010/11/20 23:23:51 | 000,261,632 | ---- | M] (Microsoft Corporation) MD5=09594D1089C523423B32A4229263F068 -- C:\windows\SysNative\drivers\netbt.sys
    [2010/11/20 23:23:51 | 000,261,632 | ---- | M] (Microsoft Corporation) MD5=09594D1089C523423B32A4229263F068 -- C:\Windows\winsxs\amd64_microsoft-windows-netbt_31bf3856ad364e35_6.1.7601.17514_none_be8acdd10de3b1a6\netbt.sys

    < MD5 for: NETMAN.DLL >
    [2009/07/13 21:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) MD5=847D3AE376C0817161A14A82C8922A9E -- C:\windows\SysNative\netman.dll
    [2009/07/13 21:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) MD5=847D3AE376C0817161A14A82C8922A9E -- C:\Windows\winsxs\amd64_microsoft-windows-netman_31bf3856ad364e35_6.1.7600.16385_none_6bb20d3d6b80d9da\netman.dll

    < MD5 for: QMGR.DLL >
    [2010/11/20 23:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\windows\SysNative\qmgr.dll
    [2010/11/20 23:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7601.17514_none_81b6ca5c101195cd\qmgr.dll

    < MD5 for: RPCSS.DLL >
    [2010/11/20 23:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=5C627D1B1138676C0A7AB2C2C190D123 -- C:\windows\SysNative\rpcss.dll
    [2010/11/20 23:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=5C627D1B1138676C0A7AB2C2C190D123 -- C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll

    < MD5 for: SERVICES.EXE >
    [2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\windows\SysNative\services.exe
    [2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

    < MD5 for: SVCHOST.EXE >
    [2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
    [2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
    [2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
    [2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\windows\SysNative\svchost.exe
    [2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

    < MD5 for: TCPIP.SYS >
    [2011/09/29 13:41:37 | 001,912,176 | ---- | M] (Microsoft Corporation) MD5=3810F06A4D74A7D62641EE73D6B3C660 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21828_none_11c6e9949627e69c\tcpip.sys
    [2010/11/20 23:24:08 | 001,924,480 | ---- | M] (Microsoft Corporation) MD5=509383E505C973ED7534A06B3D19688D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_114417c17d05cb37\tcpip.sys
    [2012/03/30 06:26:36 | 001,901,424 | ---- | M] (Microsoft Corporation) MD5=885B202006EE17AE99B9FBCEC9AF88C9 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21954_none_11a27a8e9643d23a\tcpip.sys
    [2011/10/31 09:15:18 | 001,923,968 | ---- | M] (Microsoft Corporation) MD5=92CE29D95AC9DD2D0EE9061D551BA250 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_114de9497cfe9316\tcpip.sys
    [2012/03/30 07:35:47 | 001,918,320 | ---- | M] (Microsoft Corporation) MD5=ACB82BDA8F46C84F465C1AFA517DC4B9 -- C:\windows\SysNative\drivers\tcpip.sys
    [2012/03/30 07:35:47 | 001,918,320 | ---- | M] (Microsoft Corporation) MD5=ACB82BDA8F46C84F465C1AFA517DC4B9 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17802_none_114ceccb7cff740d\tcpip.sys
    [2011/10/31 09:15:18 | 001,927,552 | ---- | M] (Microsoft Corporation) MD5=B77977AEB2FF159D01DB08A309989C5F -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_11cbb5de9625357a\tcpip.sys
    [2011/10/31 09:16:05 | 001,927,552 | ---- | M] (Microsoft Corporation) MD5=CB6A53EF141CC3DA32DA54F7E75D301B -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21687_none_118505f696597a9d\tcpip.sys
    [2011/10/31 09:16:05 | 001,924,480 | ---- | M] (Microsoft Corporation) MD5=DC08410DB2D0CC542DACAC7A90E6CB7A -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17582_none_10f667b97d405c20\tcpip.sys
    [2011/09/29 12:29:28 | 001,923,952 | ---- | M] (Microsoft Corporation) MD5=FC62769E7BFF2896035AEED399108162 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17697_none_10f09b257d43f3eb\tcpip.sys

    < MD5 for: TDX.SYS >
    [2010/11/20 23:24:32 | 000,119,296 | ---- | M] (Microsoft Corporation) MD5=DDAD5A7AB24D8B65F8D724F5C20FD806 -- C:\windows\SysNative\drivers\tdx.sys
    [2010/11/20 23:24:32 | 000,119,296 | ---- | M] (Microsoft Corporation) MD5=DDAD5A7AB24D8B65F8D724F5C20FD806 -- C:\Windows\winsxs\amd64_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.17514_none_4863cdbaf2b532f8\tdx.sys

    < MD5 for: USERINIT.EXE >
    [2010/11/20 23:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
    [2010/11/20 23:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
    [2010/11/20 23:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\windows\SysNative\userinit.exe
    [2010/11/20 23:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

    < MD5 for: VOLSNAP.SYS >
    [2010/11/20 23:23:47 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\windows\SysNative\drivers\volsnap.sys
    [2010/11/20 23:23:47 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\windows\SysNative\DriverStore\FileRepository\volume.inf_amd64_neutral_df8bea40ac96ca21\volsnap.sys
    [2010/11/20 23:23:47 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7601.17514_none_73dcbcf012b4850e\volsnap.sys

    < MD5 for: WININIT.EXE >
    [2009/07/13 21:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\windows\SysNative\wininit.exe
    [2009/07/13 21:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
    [2009/07/13 21:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
    [2009/07/13 21:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

    < MD5 for: WINLOGON.EXE >
    [2010/11/20 23:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\windows\SysNative\winlogon.exe
    [2010/11/20 23:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
    [2012/08/25 13:53:38 | 004,738,846 | R--- | M] (Swearware) MD5=1C4F6F2245C4C38B3FA8614D55E5534C -- C:\Users\Tuli\Desktop\winlogon.exe
    [2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

    < MD5 for: WMISVC.DLL >
    [2009/07/13 21:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) MD5=19B07E7E8915D701225DA41CB3877306 -- C:\windows\SysNative\wbem\WMIsvc.dll
    [2009/07/13 21:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) MD5=19B07E7E8915D701225DA41CB3877306 -- C:\Windows\winsxs\amd64_microsoft-windows-wmi-core-svc_31bf3856ad364e35_6.1.7601.17514_none_fed8c13f0d90a8cf\WMIsvc.dll

    < MD5 for: WSCSVC.DLL >
    [2009/07/13 21:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) MD5=E8B1FE6669397D1772D8196DF0E57A9E -- C:\windows\SysNative\wscsvc.dll
    [2009/07/13 21:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) MD5=E8B1FE6669397D1772D8196DF0E57A9E -- C:\Windows\winsxs\amd64_microsoft-windows-securitycenter-core_31bf3856ad364e35_6.1.7601.17514_none_78666321c8b86082\wscsvc.dll

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:997E6AF4

    < End of report >
  19. Tulii

    Tulii Newcomer, in training Topic Starter Posts: 18

    Sorry, something didn't like that chrome section info. Now for the extras.

    OTL Extras logfile created on: 8/28/2012 11:20:47 AM - Run 1
    OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Tuli\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

    7.95 Gb Total Physical Memory | 5.99 Gb Available Physical Memory | 75.36% Memory free
    15.89 Gb Paging File | 13.48 Gb Available in Paging File | 84.87% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 714.01 Gb Total Space | 607.23 Gb Free Space | 85.04% Space Free | Partition Type: NTFS
    Drive D: | 29.30 Gb Total Space | 26.70 Gb Free Space | 91.13% Space Free | Partition Type: NTFS
    Drive E: | 5.30 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

    Computer Name: TULI-PC | User Name: Tuli | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
    .url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
    http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
    http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    ========== Authorized Applications List ==========


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
    "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    "{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel(R) Wireless Display
    "{3C41721F-AF0F-4086-AA1C-4C7F29076228}" = Intel(R) PROSet/Wireless WiFi Software
    "{3C8159DD-1890-4625-A5B2-E3D8D78D4486}" = AVG 2012
    "{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
    "{57DD35E9-D9BB-4089-BB05-EF933C586CB3}" = Broadcom InConcert Maestro
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{A108BD40-0A8C-4385-8874-74C4B6086CC3}" = AVG 2012
    "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 268.44
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 268.44
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 266.34
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.0.21
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
    "{C6C9D5F7-630C-4125-8C4E-94AF77C1896E}" = Lenovo Bluetooth with Enhanced Data Rate Software
    "{C91DCB72-F5BB-410D-A91A-314F5D1B4284}" = Broadcom NetLink Controller
    "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
    "{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
    "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
    "{F3C66EC8-2F33-452D-9CFF-E8C886B3ECC4}" = SRS Control Panel
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "AVG" = AVG 2012
    "EA12B1FB53CE4E387C31A85236C41EF559B5E392" = Windows Driver Package - Lenovo (ACPIVPC) System (12/02/2010 6.1.0.1)
    "Lenovo R.I.C. (Robust Intelligent Companion)" = Lenovo R.I.C. (Robust Intelligent Companion)
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "ProInst" = Intel PROSet Wireless
    "Recuva" = Recuva
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "WinRAR archiver" = WinRAR 4.10 (64-bit)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
    "{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 29
    "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{343EFA17-5BC5-44DA-924F-539ECBEFF68C}" = Viva Pinata
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
    "{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
    "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
    "{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.0
    "{ADE16A9D-FBDC-4ECC-B6BD-9C31E51D0333}" = Lenovo EasyCamera
    "{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
    "{C12631C6-804D-4B32-B0DD-8A496462F106}" = The Sims™ 3 Pets
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D4B060B9-AD4A-4152-9D99-28B93C615AFE}" = Onekey Theater
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = Lenovo PowerDVD 10
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
    "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
    "{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = UserGuide
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F84906ED-BB54-4889-B131-FED9C9056FC8}" = Intel(R) Wireless Display
    "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
    "{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Google Chrome" = Google Chrome
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam
    "InstallShield_{343EFA17-5BC5-44DA-924F-539ECBEFF68C}" = Viva Piñata
    "InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
    "InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
    "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
    "InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
    "InstallShield_{D4B060B9-AD4A-4152-9D99-28B93C615AFE}" = Onekey Theater
    "InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = Lenovo PowerDVD 10
    "InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = UserGuide
    "Lenovo Games Console" = Lenovo Games Console
    "M4a/Flac/Ogg/Ape/Mpc Tag Support Plugin for Media Player_is1" = M4a/Flac/Ogg/Ape/Mpc Tag Support Plugin for Media Player v 1.1
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
    "MiniLyrics" = Minilyrics
    "Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
    "Office14.Click2Run" = Microsoft Office Click-to-Run 2010
    "ProInst" = Intel PROSet Wireless
    "RollerCoaster Tycoon Setup" = Roll
    "Steam App 107100" = Bastion
    "Steam App 115100" = Costume Quest
    "Steam App 12910" = Audiosurf Demo
    "Steam App 204060" = Superbrothers: Sword & Sworcery EP
    "Steam App 26800" = Braid
    "Steam App 2700" = RollerCoaster Tycoon 3: Platinum!
    "Steam App 3830" = Psychonauts
    "Steam App 40800" = Super Meat Boy
    "Steam App 48000" = LIMBO
    "Steam App 70400" = Recettear: An Item Shop's Tale
    "Steam App 99900" = Spiral Knights
    "uTorrent" = µTorrent
    "VeriFace" = VeriFace
    "WinLiveSuite" = Windows Live Essentials

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "UnityWebPlayer" = Unity Web Player

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 8/24/2012 7:55:46 PM | Computer Name = Tuli-PC | Source = FSecure-FSecure-F-Secure Anti-Virus | ID = 103
    Description =

    Error - 8/24/2012 7:55:55 PM | Computer Name = Tuli-PC | Source = FSecure-FSecure-F-Secure Anti-Virus | ID = 103
    Description =

    Error - 8/24/2012 7:55:55 PM | Computer Name = Tuli-PC | Source = FSecure-FSecure-F-Secure Anti-Virus | ID = 103
    Description =

    Error - 8/24/2012 7:56:00 PM | Computer Name = Tuli-PC | Source = FSecure-FSecure-F-Secure Anti-Virus | ID = 103
    Description =

    Error - 8/24/2012 7:56:03 PM | Computer Name = Tuli-PC | Source = FSecure-FSecure-F-Secure Anti-Virus | ID = 103
    Description =

    Error - 8/24/2012 7:56:06 PM | Computer Name = Tuli-PC | Source = FSecure-FSecure-F-Secure Anti-Virus | ID = 103
    Description =

    Error - 8/24/2012 7:56:10 PM | Computer Name = Tuli-PC | Source = FSecure-FSecure-F-Secure Anti-Virus | ID = 103
    Description =

    Error - 8/24/2012 7:56:35 PM | Computer Name = Tuli-PC | Source = FSecure-FSecure-F-Secure Anti-Virus | ID = 103
    Description =

    Error - 8/24/2012 7:56:35 PM | Computer Name = Tuli-PC | Source = FSecure-FSecure-F-Secure Anti-Virus | ID = 103
    Description =

    Error - 8/24/2012 7:56:41 PM | Computer Name = Tuli-PC | Source = FSecure-FSecure-F-Secure Anti-Virus | ID = 103
    Description =

    [ System Events ]
    Error - 8/24/2012 5:23:00 PM | Computer Name = Tuli-PC | Source = Service Control Manager | ID = 7003
    Description = The IPsec Policy Agent service depends the following service: bfe.
    This service might not be installed.

    Error - 8/24/2012 5:23:12 PM | Computer Name = Tuli-PC | Source = Service Control Manager | ID = 7023
    Description = The Function Discovery Resource Publication service terminated with
    the following error: %%-2147024891

    Error - 8/24/2012 5:23:12 PM | Computer Name = Tuli-PC | Source = Service Control Manager | ID = 7001
    Description = The HomeGroup Provider service depends on the Function Discovery Resource
    Publication service which failed to start because of the following error: %%-2147024891

    Error - 8/24/2012 5:25:03 PM | Computer Name = Tuli-PC | Source = Service Control Manager | ID = 7023
    Description = The Function Discovery Resource Publication service terminated with
    the following error: %%-2147024891

    Error - 8/24/2012 7:12:15 PM | Computer Name = Tuli-PC | Source = Service Control Manager | ID = 7023
    Description = The Computer Browser service terminated with the following error:
    %%1060

    Error - 8/24/2012 7:12:16 PM | Computer Name = Tuli-PC | Source = Service Control Manager | ID = 7003
    Description = The IKE and AuthIP IPsec Keying Modules service depends the following
    service: bfe. This service might not be installed.

    Error - 8/24/2012 7:12:16 PM | Computer Name = Tuli-PC | Source = Service Control Manager | ID = 7003
    Description = The IPsec Policy Agent service depends the following service: bfe.
    This service might not be installed.

    Error - 8/24/2012 7:12:28 PM | Computer Name = Tuli-PC | Source = Service Control Manager | ID = 7001
    Description = The HomeGroup Provider service depends on the Function Discovery Resource
    Publication service which failed to start because of the following error: %%-2147024891

    Error - 8/24/2012 7:12:28 PM | Computer Name = Tuli-PC | Source = Service Control Manager | ID = 7023
    Description = The Function Discovery Resource Publication service terminated with
    the following error: %%-2147024891

    Error - 8/24/2012 7:14:19 PM | Computer Name = Tuli-PC | Source = Service Control Manager | ID = 7023
    Description = The Function Discovery Resource Publication service terminated with
    the following error: %%-2147024891


    < End of report >
  20. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Please run OTL
    • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

      :OTL
      O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
      O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
      O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
      O33 - MountPoints2\{1ff11151-0407-11e1-b866-806e6f6e6963}\Shell - "" = AutoRun
      SafeBootMin:64bit: hitmanpro36 - Reg Error: Value error.
      SafeBootMin:64bit: hitmanpro36.sys - Reg Error: Value error.
      SafeBootMin:64bit: MCODS - Reg Error: Value error.
      SafeBootMin: hitmanpro36 - Reg Error: Value error.
      SafeBootMin: hitmanpro36.sys - Reg Error: Value error.
      SafeBootMin: MCODS - Reg Error: Value error.

      :commands
      [emptytemp]
      [reboot]

    • Then click the Run Fix button at the top.
    • Note: The fix for OTL automatically hides your Desktop and Start menu so the fix can be completed. Do not be alerted, this is normal.
    • Please do not exit the program. It might take a while to fix, but allow it to run. If it asks to reboot the computer, allow it to reboot. If the program freezes, and the computer fails to reboot - let me know.
      Lastly, post the contents of the log. (Located at C:\_OTL\Moved Files)
  21. Tulii

    Tulii Newcomer, in training Topic Starter Posts: 18

    All processes killed
    Error: Unable to interpret <O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)> in the current context!
    Error: Unable to interpret < O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)> in the current context!
    Error: Unable to interpret < O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)> in the current context!
    Error: Unable to interpret < O33 - MountPoints2\{1ff11151-0407-11e1-b866-806e6f6e6963}\Shell - "" = AutoRun> in the current context!
    Error: Unable to interpret < SafeBootMin:64bit: hitmanpro36 - Reg Error: Value error.> in the current context!
    Error: Unable to interpret < SafeBootMin:64bit: hitmanpro36.sys - Reg Error: Value error.> in the current context!
    Error: Unable to interpret < SafeBootMin:64bit: MCODS - Reg Error: Value error.> in the current context!
    Error: Unable to interpret < SafeBootMin: hitmanpro36 - Reg Error: Value error.> in the current context!
    Error: Unable to interpret < SafeBootMin: hitmanpro36.sys - Reg Error: Value error.> in the current context!
    Error: Unable to interpret < SafeBootMin: MCODS - Reg Error: Value error.> in the current context!
    Error: Unable to interpret < > in the current context!
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 56475 bytes
  22. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Please run OTL
    • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

      :OTL
      O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
      O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
      O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
      O33 - MountPoints2\{1ff11151-0407-11e1-b866-806e6f6e6963}\Shell - "" = AutoRun


      :commands
      [emptytemp]
      [reboot]

    • Then click the Run Fix button at the top.
    • Note: The fix for OTL automatically hides your Desktop and Start menu so the fix can be completed. Do not be alerted, this is normal.
    • Please do not exit the program. It might take a while to fix, but allow it to run. If it asks to reboot the computer, allow it to reboot. If the program freezes, and the computer fails to reboot - let me know.
      Lastly, post the contents of the log. (Located at C:\_OTL\Moved Files)
  23. Tulii

    Tulii Newcomer, in training Topic Starter Posts: 18

    All processes killed
    ========== OTL ==========
    Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1ff11151-0407-11e1-b866-806e6f6e6963}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1ff11151-0407-11e1-b866-806e6f6e6963}\ not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public

    User: Tuli
    ->Temp folder emptied: 821453 bytes
    ->Temporary Internet Files folder emptied: 3460237 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 49028465 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 492 bytes

    User: UpdatusUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 6405 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 64061464 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 112.00 mb


    OTL by OldTimer - Version 3.2.59.1 log created on 08302012_110004

    Files\Folders moved on Reboot...
    C:\Users\Tuli\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    File\Folder C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WTMTZBIR\adoapn_AppNexusDemoActionTag_1[1].htm not found!
    C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WTMTZBIR\ads[5].htm moved successfully.
    File\Folder C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WTMTZBIR\banner[5].htm not found!
    File\Folder C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WTMTZBIR\banner[6].htm not found!
    File\Folder C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WTMTZBIR\banner[7].htm not found!
    C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WTMTZBIR\business[1].htm moved successfully.
    File\Folder C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WTMTZBIR\fastbutton[7].htm not found!
    C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WTMTZBIR\gv2_emercial_back2[1].gif moved successfully.
    File\Folder C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WTMTZBIR\ifCADB1859.htm not found!
    File\Folder C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WTMTZBIR\ifCALA07RL.htm not found!
    C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WTMTZBIR\pinit[1].htm moved successfully.
    C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WTMTZBIR\pixel[7].htm moved successfully.
    C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WTMTZBIR\tiki-freecell[1].htm moved successfully.
    File\Folder C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WTMTZBIR\_i[2].htm not found!
    C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WTMTZBIR\_i[3].htm moved successfully.
    C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LW12D46T\ads[2].htm moved successfully.
    C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LW12D46T\bettercontentsite_com[1].htm moved successfully.
    File\Folder C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LW12D46T\caribbean-sail-part-5-old-providence-island[1].htm not found!
    File\Folder C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LW12D46T\click[2].htm not found!
    File\Folder C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LW12D46T\like[11].htm not found!
    C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LW12D46T\tweet_button.1346314371[1].htm moved successfully.
    C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KO1A6HK0\ads[2].htm moved successfully.
    C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KO1A6HK0\ads[3].htm moved successfully.
    File\Folder C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KO1A6HK0\click[1].htm not found!
    File\Folder C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KO1A6HK0\fastbutton[7].htm not found!
    C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KO1A6HK0\ff2[2].htm moved successfully.
    C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KO1A6HK0\handshake[1].htm moved successfully.
    File\Folder C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KO1A6HK0\ifCA34BL3Y.htm not found!
    File\Folder C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KO1A6HK0\pixel[3].htm not found!
    C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KO1A6HK0\si[1].htm moved successfully.
    C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KO1A6HK0\Thompson%20Toronto%20Rooftop%20Margarita%20Recipe[2].htm moved successfully.
    C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KO1A6HK0\xd_arbiter[1].htm moved successfully.
    File\Folder C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KO1A6HK0\_i[1].htm not found!
    File\Folder C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C9HUSBKQ\adServer[1].htm not found!
    C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C9HUSBKQ\bestquickfind_com[2].htm moved successfully.
    File\Folder C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C9HUSBKQ\like[9].htm not found!
    C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C9HUSBKQ\xd_arbiter[2].htm moved successfully.
    File\Folder C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C9HUSBKQ\Yael-Cohen[1].htm not found!

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...
  24. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    ESET Online Scan

    Please run a free online scan with the ESET Online Scanner
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
    • Click Start or wait for the scanner to load.
    • Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
    • Click Scan (This scan can take several hours, so please be patient)
    • Once the scan is completed, there are a couple of things to keep in mind:
    • 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
    • 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
    • Open the logfile from wherever you saved it
    • Copy and paste the contents in your next reply.
  25. Tulii

    Tulii Newcomer, in training Topic Starter Posts: 18

    The scanner didn't find anything. My computer is still infected though, the svchost.exe still is trying to send information to malicious websites.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.