Solved "Windows has encountered a critical error and will restart..."

[Broni]

Well, we'll have to remove it manually.

Reinstall AVG and post fresh OTL log.

 

[hi2001]

OTL logfile created on: 9/4/2013 2:06:11 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\MH\Downloads
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.71 Gb Available Physical Memory | 62.26% Memory free
5.49 Gb Paging File | 4.24 Gb Available in Paging File | 77.17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 223.48 Gb Total Space | 16.43 Gb Free Space | 7.35% Space Free | Partition Type: NTFS

Computer Name: M6 | User Name: MH | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/08/31 03:25:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\MH\Downloads\OTL.exe
PRC - [2013/08/27 07:56:14 | 003,534,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgidsagent.exe
PRC - [2013/08/26 17:31:10 | 004,851,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgui.exe
PRC - [2013/08/20 23:42:04 | 000,300,640 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgwdsvc.exe
PRC - [2013/08/20 23:03:42 | 000,728,624 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgrsx.exe
PRC - [2013/08/20 23:03:40 | 000,588,336 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgcsrvx.exe
PRC - [2013/07/30 16:41:32 | 000,346,696 | ---- | M] (Verizon) -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
PRC - [2012/09/17 16:52:12 | 002,863,168 | ---- | M] (Sophos Limited) -- C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
PRC - [2012/09/17 16:51:33 | 000,216,640 | ---- | M] (Sophos Limited) -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
PRC - [2012/09/17 16:47:16 | 000,818,240 | ---- | M] (Sophos Limited) -- C:\Program Files\Sophos\Remote Management System\RouterNT.exe
PRC - [2012/09/17 16:47:06 | 000,289,856 | ---- | M] (Sophos Limited) -- C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe
PRC - [2012/07/26 17:19:14 | 000,357,400 | ---- | M] (Sophos Limited) -- C:\Program Files\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
PRC - [2012/07/26 17:18:08 | 000,139,840 | ---- | M] (Sophos Limited) -- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
PRC - [2010/01/18 18:37:40 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/01/08 14:15:24 | 001,118,208 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Program Files\Realtek\RTL8187B Wireless LAN Utility\RtWLan.exe
PRC - [2010/01/08 14:15:24 | 001,118,208 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Program Files\Realtek\RTL8185 Wireless LAN Utility\RtWLan.exe
PRC - [2009/12/07 13:49:24 | 000,040,960 | ---- | M] (Realtek) -- C:\Program Files\Realtek\RTL8187B Wireless LAN Utility\RtlService.exe
PRC - [2009/12/07 13:49:24 | 000,040,960 | ---- | M] (Realtek) -- C:\Program Files\Realtek\RTL8185 Wireless LAN Utility\RtlService.exe
PRC - [2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/09/23 14:38:18 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2009/08/17 14:48:46 | 001,294,136 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
PRC - [2009/08/17 14:48:42 | 000,051,512 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
PRC - [2009/08/10 23:55:46 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
PRC - [2009/08/05 18:18:50 | 000,464,224 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
PRC - [2009/08/05 18:18:08 | 000,476,512 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
PRC - [2009/08/05 18:04:54 | 000,738,616 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
PRC - [2009/08/03 21:16:50 | 001,021,272 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
PRC - [2009/08/03 21:16:32 | 000,111,960 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
PRC - [2009/07/30 03:54:38 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009/07/30 03:54:10 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009/07/28 18:43:04 | 000,128,344 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2009/07/28 18:00:10 | 000,460,088 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
PRC - [2009/07/13 21:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/05/08 11:35:50 | 002,780,432 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009/05/08 11:34:08 | 000,559,888 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2009/04/30 17:01:10 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2009/03/10 22:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/29 04:00:13 | 000,212,992 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\cabd75d4716ede2fed948cbff94dcc38\System.ServiceProcess.ni.dll
MOD - [2011/10/29 03:59:51 | 012,431,360 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d76221993c2fdfb991b8c12ae50a30eb\System.Windows.Forms.ni.dll
MOD - [2011/10/29 03:58:07 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\018d2569cf208acbe8ad73908705f607\System.Runtime.Remoting.ni.dll
MOD - [2011/10/29 03:57:07 | 011,807,744 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\5a95ba97100404e2ab26b5a9ab9ef965\System.Web.ni.dll
MOD - [2011/10/29 03:56:29 | 001,586,688 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\0e245eb9c1067cabd5673fe832d28613\System.Drawing.ni.dll
MOD - [2011/10/29 03:56:11 | 005,452,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\275680f2b9db0501d53c50ea7d7a43f0\System.Xml.ni.dll
MOD - [2011/10/29 03:55:40 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e9ebeb7959f1c916ebf6fca8f7077d6c\System.Configuration.ni.dll
MOD - [2011/10/29 03:55:10 | 007,949,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\95b9866ab6e4437ef5dc5855ebab4e33\System.ni.dll
MOD - [2011/10/29 03:54:35 | 011,490,304 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll
MOD - [2010/01/25 00:58:31 | 008,007,680 | ---- | M] () -- C:\windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
MOD - [2009/11/05 07:25:06 | 001,736,704 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3497.38831__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2009/11/05 07:25:06 | 000,339,968 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3497.38814__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2009/11/05 07:25:06 | 000,204,800 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3497.38833__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2009/11/05 07:25:06 | 000,077,824 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3497.38880__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2009/11/05 07:25:06 | 000,065,536 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3497.38863__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2009/11/05 07:25:06 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3497.38828__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2009/11/05 07:25:06 | 000,036,864 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3497.38855__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2009/11/05 07:25:06 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3497.38823__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2009/11/05 07:25:05 | 000,491,520 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3497.38899__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2009/11/05 07:25:05 | 000,331,776 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3497.38868__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2009/11/05 07:25:05 | 000,094,208 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3497.38868__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2009/11/05 07:25:05 | 000,073,728 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3497.38822__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2009/11/05 07:25:05 | 000,061,440 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3497.38867__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2009/11/05 07:25:05 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3497.38899__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2009/11/05 07:25:04 | 000,782,336 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3497.38856__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2009/11/05 07:25:04 | 000,409,600 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3497.38875__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2009/11/05 07:25:04 | 000,118,784 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3497.38898__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll
MOD - [2009/11/05 07:25:04 | 000,081,920 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3497.38856__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2009/11/05 07:25:04 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3497.38898__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll
MOD - [2009/11/05 07:25:03 | 000,950,272 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Dashboard\2.0.3497.38923__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Dashboard.dll
MOD - [2009/11/05 07:25:03 | 000,573,440 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3497.38833__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2009/11/05 07:25:03 | 000,393,216 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3497.38855__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2009/11/05 07:25:03 | 000,315,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3497.38862__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll
MOD - [2009/11/05 07:25:03 | 000,307,200 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3497.38837__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll
MOD - [2009/11/05 07:25:03 | 000,270,336 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2009/11/05 07:25:03 | 000,196,608 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3497.38833__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2009/11/05 07:25:03 | 000,094,208 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3497.38861__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2009/11/05 07:25:03 | 000,061,440 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3497.38855__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2009/11/05 07:25:03 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3497.38837__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2009/11/05 07:25:03 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3497.38856__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2009/11/05 07:25:03 | 000,036,864 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3497.38860__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2009/11/05 07:25:03 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3497.38862__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2009/11/05 07:25:02 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3428.28304__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2009/11/05 07:25:02 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3428.28302__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2009/11/05 07:25:02 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3428.28311__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
MOD - [2009/11/05 07:25:02 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3428.28329__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll
MOD - [2009/11/05 07:25:02 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3428.28327__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2009/11/05 07:25:02 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3428.28311__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2009/11/05 07:25:02 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3428.28327__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2009/11/05 07:25:02 | 000,007,168 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2009/11/05 07:25:01 | 000,098,304 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3428.28305__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2009/11/05 07:25:01 | 000,094,208 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3428.28298__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2009/11/05 07:25:01 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2009/11/05 07:25:01 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3428.28296__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2009/11/05 07:25:01 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3428.28297__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2009/11/05 07:25:01 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3428.28354__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2009/11/05 07:25:01 | 000,024,576 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3428.28304__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2009/11/05 07:25:01 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3428.28308__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2009/11/05 07:25:01 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3428.28302__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2009/11/05 07:25:01 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3428.28310__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2009/11/05 07:25:01 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2009/11/05 07:25:01 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3428.28324__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2009/11/05 07:25:01 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2009/11/05 07:25:01 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3428.28303__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2009/11/05 07:25:01 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3428.28313__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2009/11/05 07:25:00 | 000,065,536 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3428.28316__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2009/11/05 07:25:00 | 000,053,248 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3428.28315__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2009/11/05 07:25:00 | 000,053,248 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3428.28314__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2009/11/05 07:25:00 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3428.28324__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2009/11/05 07:25:00 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3428.28309__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2009/11/05 07:25:00 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3428.28323__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll
MOD - [2009/11/05 07:25:00 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3428.28313__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2009/11/05 07:25:00 | 000,024,576 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3428.28314__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2009/11/05 07:25:00 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3428.28312__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2009/11/05 07:25:00 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3428.28312__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2009/11/05 07:24:59 | 000,053,248 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3428.28314__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2009/11/05 07:24:59 | 000,049,152 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3428.28314__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2009/11/05 07:24:59 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3497.38904__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2009/11/05 07:24:59 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3428.28315__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2009/11/05 07:24:59 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3428.28312__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2009/11/05 07:24:59 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3428.28311__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2009/11/05 07:24:59 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3428.28303__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll
MOD - [2009/11/05 07:24:59 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\APM.Foundation\2.0.3428.28310__90ba9c70f846762e\APM.Foundation.dll

MOD - [2009/11/05 07:24:59 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3428.28304__90ba9c70f846762e\AEM.Server.Shared.dll

 

[hi2001]

MOD - [2009/11/05 07:24:59 | 000,007,168 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3497.38810__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2009/11/05 07:24:58 | 000,405,504 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3497.38827__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2009/11/05 07:24:58 | 000,106,496 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3497.38894__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2009/11/05 07:24:58 | 000,065,536 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3497.38892__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2009/11/05 07:24:58 | 000,057,344 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3497.38813__90ba9c70f846762e\CLI.Component.SkinFactory.dll
MOD - [2009/11/05 07:24:58 | 000,057,344 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3497.38812__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2009/11/05 07:24:58 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3428.28311__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2009/11/05 07:24:58 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3428.28301__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2009/11/05 07:24:58 | 000,036,864 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3428.28303__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2009/11/05 07:24:58 | 000,024,576 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3428.28311__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2009/11/05 07:24:58 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3428.28310__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2009/11/05 07:24:58 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3428.28309__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2009/11/05 07:24:57 | 001,212,416 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3497.38819__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2009/11/05 07:24:57 | 000,061,440 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\APM.Server\2.0.3497.38811__90ba9c70f846762e\APM.Server.dll
MOD - [2009/11/05 07:24:57 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Server\2.0.3497.38810__90ba9c70f846762e\AEM.Server.dll
MOD - [2009/11/05 07:24:57 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3428.28308__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2009/11/05 07:24:57 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2009/11/05 07:24:57 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3428.28316__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2009/11/05 07:24:57 | 000,019,456 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3497.38893__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2009/08/03 21:17:24 | 000,079,192 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
MOD - [2009/07/25 14:07:12 | 000,058,704 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
MOD - [2009/07/16 19:27:48 | 000,052,536 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
MOD - [2009/07/16 19:27:44 | 007,263,544 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
MOD - [2009/06/22 18:38:40 | 000,015,160 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll
MOD - [2009/05/08 11:35:50 | 002,780,432 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
MOD - [2009/05/08 11:34:08 | 000,559,888 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
MOD - [2009/05/04 14:45:14 | 000,016,384 | R--- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
MOD - [2009/03/12 23:08:04 | 000,049,152 | ---- | M] () -- C:\Program Files\TOSHIBA\PCDiag\NotifyPCD.dll


========== Services (SafeList) ==========

SRV - [2013/08/27 07:56:14 | 003,534,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/08/20 23:42:04 | 000,300,640 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
SRV - [2013/07/30 16:41:32 | 000,346,696 | ---- | M] (Verizon) [Auto | Running] -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter)
SRV - [2012/09/17 16:52:12 | 002,863,168 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe -- (swi_service)
SRV - [2012/09/17 16:51:33 | 000,216,640 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService)
SRV - [2012/09/17 16:47:16 | 000,818,240 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files\Sophos\Remote Management System\RouterNT.exe -- (Sophos Message Router)
SRV - [2012/09/17 16:47:06 | 000,289,856 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe -- (Sophos Agent)
SRV - [2012/08/08 09:45:27 | 001,465,920 | ---- | M] (Sophos Limited) [Auto | Stopped] -- C:\ProgramData\Sophos\Web Intelligence\swi_update.exe -- (swi_update)
SRV - [2012/07/26 17:19:14 | 000,357,400 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe -- (Sophos Web Control Service)
SRV - [2012/07/26 17:18:08 | 000,139,840 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService)
SRV - [2009/12/07 13:49:24 | 000,040,960 | ---- | M] (Realtek) [Auto | Running] -- C:\Program Files\Realtek\RTL8187B Wireless LAN Utility\RtlService.exe -- (Realtek87B)
SRV - [2009/12/07 13:49:24 | 000,040,960 | ---- | M] (Realtek) [Auto | Running] -- C:\Program Files\Realtek\RTL8185 Wireless LAN Utility\RtlService.exe -- (Realtek8185)
SRV - [2009/09/23 14:38:18 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/08/17 14:48:42 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009/08/10 23:55:46 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe -- (cfWiMAXService)
SRV - [2009/08/05 18:18:50 | 000,464,224 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2009/08/03 21:16:32 | 000,111,960 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV - [2009/07/30 03:54:10 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/07/28 18:43:04 | 000,128,344 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/04/30 17:01:10 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009/03/10 22:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)


========== Driver Services (SafeList) ==========

DRV - [2013/08/22 23:37:18 | 000,176,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2013/08/22 22:56:56 | 000,209,208 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2013/08/22 22:56:16 | 000,223,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avglogx.sys -- (Avglogx)
DRV - [2013/08/22 22:56:16 | 000,146,232 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2013/08/20 22:54:04 | 000,102,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2013/08/20 02:36:02 | 000,146,648 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (mbamswissarmy)
DRV - [2013/08/20 02:35:44 | 000,031,560 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV - [2013/08/01 16:06:40 | 000,022,840 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2013/08/01 16:06:14 | 000,120,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgdiskx.sys -- (Avgdiskx)
DRV - [2013/08/01 16:05:58 | 000,026,936 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2012/07/26 17:19:52 | 000,033,696 | ---- | M] (Sophos Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sdcfilter.sys -- (sdcfilter)
DRV - [2012/07/26 17:19:41 | 000,123,680 | ---- | M] (Sophos Limited) [File_System | System | Running] -- C:\Windows\System32\drivers\savonaccess.sys -- (SAVOnAccess)
DRV - [2012/07/26 17:18:43 | 000,031,736 | ---- | M] (Sophos Plc) [Kernel | System | Running] -- C:\Windows\System32\drivers\skmscan.sys -- (SKMScan)
DRV - [2012/07/21 00:39:21 | 000,022,536 | ---- | M] (Sophos Plc) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\SophosBootDriver.sys -- (SophosBootDriver)
DRV - [2010/12/30 15:19:40 | 000,016,640 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys -- (Apowersoft_AudioDevice)
DRV - [2009/12/15 15:13:16 | 000,376,832 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8187B.sys -- (RTL8187B)
DRV - [2009/12/07 06:31:38 | 000,015,104 | ---- | M] ((c)NOWCOM) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\nowmemdf.sys -- (NOWMEMDF)
DRV - [2009/07/30 20:45:56 | 000,022,912 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2009/07/30 16:06:30 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/07/24 19:57:06 | 000,275,536 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2009/07/14 19:28:42 | 000,023,512 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2009/07/13 20:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009/07/13 19:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 19:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 18:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/07/07 12:53:06 | 000,007,680 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2009/05/05 04:30:28 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie)
DRV - [2009/04/30 17:00:12 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{2DDA7029-1B90-4BF1-AC49-AE6C2C7D990C}: "URL" = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7TSNA


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1582868316-1146028689-1569875838-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=U016&ocid=U016DHP&dt=041013
IE - HKU\S-1-5-21-1582868316-1146028689-1569875838-1002\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1582868316-1146028689-1569875838-1002\..\SearchScopes\{2DDA7029-1B90-4BF1-AC49-AE6C2C7D990C}: "URL" = http://www.bing.com/search?FORM=U016DF&PC=U016&dt=041013&q={searchTerms}&src=IE-SearchBox
IE - HKU\S-1-5-21-1582868316-1146028689-1569875838-1002\..\SearchScopes\{CB0A1D37-B2A4-4AA0-A643-102B4944BEC3}: "URL" = http://www.google.com/search?source...tEncoding}&oe={outputEncoding}&rlz=1I7TSNA_en
IE - HKU\S-1-5-21-1582868316-1146028689-1569875838-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@kcp.co.kr/plugin;version=1: C:\Program Files\KCP\Plugin\npKCPPlugin.dll (KCP CO.,LTD)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\MH\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\MH\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\zettamedia.co.kr/ZmLauncher: C:\Users\MH\AppData\Local\Zettamedia\PdClubBox\npZmLauncher.dll (Zettamedia Co.,Ltd.)


[2013/04/05 02:29:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/09/04 02:24:15 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\MH\AppData\Local\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\MH\AppData\Local\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\MH\AppData\Local\Google\Chrome\Application\28.0.1500.95\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Java(TM) Platform SE 7 U7 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\windows\system32\npDeployJava1.dll
CHR - plugin: KCP (Enabled) = C:\Program Files\KCP\Plugin\npKCPPlugin.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\MH\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Zettamedia Launcher (Enabled) = C:\Users\MH\AppData\Local\Zettamedia\PdClubBox\npZmLauncher.dll
CHR - plugin: TVU Web Player for FireFox (Enabled) = C:\windows\system32\TVUAx\npTVUAx.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\MH\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: TweetDeck = C:\Users\MH\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl\3.2.2_0\
CHR - Extension: Gmail = C:\Users\MH\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/08/28 03:20:10 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\Windows\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe (Toshiba)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Program Files\Sophos\AutoUpdate\ALMon.exe (Sophos Limited)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKU\S-1-5-21-1582868316-1146028689-1569875838-1002..\Run: [MyTOSHIBA] C:\Program Files\TOSHIBA\My Toshiba\MyToshiba.exe (TOSHIBA)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\windows\System32\cmd.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1582868316-1146028689-1569875838-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1582868316-1146028689-1569875838-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O16 - DPF: {0349EF81-B9C1-4B97-86F7-7B931D0E2532} http://sticube.clubbox.co.kr/sticubeupdate/cab/NowStarter2.cab (NowStarter2 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {F6E361B4-40F3-4C90-8A95-D95E0D8CBCD4} http://www.clubbox.co.kr/neo.fld/MultiUpload.cab (MultiUpload Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{88BD8012-3626-43CA-B0E5-D495FD05A524}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C4137034-3661-4912-B1B4-8961E1F0A2E8}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/09/04 01:55:36 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/09/04 01:53:46 | 000,000,000 | ---D | C] -- C:\Users\MH\AppData\Roaming\AVG2014
[2013/09/04 01:52:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013/09/04 01:52:15 | 000,000,000 | ---D | C] -- C:\Users\MH\AppData\Roaming\TuneUp Software
[2013/09/04 01:51:34 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2014
[2013/09/04 01:44:11 | 000,000,000 | ---D | C] -- C:\Users\MH\AppData\Local\MFAData
[2013/09/04 01:44:11 | 000,000,000 | ---D | C] -- C:\Users\MH\AppData\Local\Avg2014
[2013/09/03 04:22:03 | 000,000,000 | ---D | C] -- C:\Users\MH\AppData\Roaming\FlashgetSetup
[2013/09/03 04:22:03 | 000,000,000 | ---D | C] -- C:\Users\MH\AppData\Roaming\BITS
[2013/09/03 04:21:51 | 000,000,000 | ---D | C] -- C:\Program Files\FlashGet Network
[2013/08/31 04:01:29 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
[2013/08/31 03:27:21 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/08/28 03:20:14 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013/08/28 03:18:15 | 000,000,000 | ---D | C] -- C:\Users\MH\AppData\Local\temp
[2013/08/28 03:07:08 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2013/08/28 03:07:08 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2013/08/28 03:07:08 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2013/08/28 03:06:57 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/08/28 03:06:33 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2013/08/28 03:01:36 | 000,000,000 | ---D | C] -- C:\Users\MH\AppData\Local\{992B1B58-B2EB-4C63-95CC-ABE28665B4EA}
[2013/08/22 23:37:18 | 000,176,952 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\windows\System32\drivers\avgldx86.sys
[2013/08/22 22:56:56 | 000,209,208 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\windows\System32\drivers\avgidsdriverx.sys
[2013/08/22 22:56:16 | 000,223,032 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\windows\System32\drivers\avglogx.sys
[2013/08/22 22:56:16 | 000,146,232 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\windows\System32\drivers\avgidshx.sys
[2013/08/20 22:54:04 | 000,102,200 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\windows\System32\drivers\avgmfx86.sys
[2013/08/20 21:25:26 | 000,000,000 | ---D | C] -- C:\Users\MH\AppData\Local\{F4ED4186-811C-484B-B0BF-E0C6FCC77E33}
[2013/08/20 02:36:02 | 000,146,648 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2013/08/20 02:34:25 | 000,000,000 | ---D | C] -- C:\Users\MH\AppData\Local\{37000D07-3EB2-4C42-A5E7-9E9AE6F6DBA3}
[2013/08/20 00:49:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2013/08/16 20:07:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Verizon
[2013/08/16 18:23:26 | 000,000,000 | ---D | C] -- C:\Users\MH\AppData\Local\{011730D3-3492-4179-A620-D8567E7634CE}
[2013/08/16 17:46:25 | 000,000,000 | ---D | C] -- C:\Users\MH\AppData\Roaming\Malwarebytes
[2013/08/16 17:46:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/08/16 17:46:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/08/16 17:46:07 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2013/08/16 17:46:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/08/13 22:24:12 | 000,000,000 | ---D | C] -- C:\Users\MH\AppData\Local\{FD16079E-7F88-4CE6-839A-D4E180A9668C}
[2013/08/08 18:43:03 | 000,000,000 | ---D | C] -- C:\Users\MH\AppData\Local\{15B97F17-5AAD-4BC0-9DF8-02D2C8AEB907}
[2013/08/08 08:01:54 | 000,000,000 | ---D | C] -- C:\Users\MH\AppData\Local\Programs
[2013/08/08 06:43:44 | 000,000,000 | ---D | C] -- C:\Users\MH\.android
[2013/08/06 16:00:56 | 000,000,000 | ---D | C] -- C:\Users\MH\www.apowersoft.com
[1 C:\Users\MH\*.tmp files -> C:\Users\MH\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/09/04 02:08:43 | 000,015,568 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/09/04 02:08:43 | 000,015,568 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/09/04 01:58:30 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/09/04 01:58:25 | 2212,884,480 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/04 01:52:16 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2014.lnk
[2013/09/03 06:54:10 | 000,000,292 | ---- | M] () -- C:\windows\System32\secustat.dat
[2013/09/03 06:26:39 | 000,000,598 | ---- | M] () -- C:\windows\System32\secushr.dat
[2013/09/03 04:22:55 | 000,000,025 | ---- | M] () -- C:\windows\libem.INI
[2013/08/28 03:20:10 | 000,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts
[2013/08/24 02:06:02 | 000,064,979 | ---- | M] () -- C:\Users\MH\Desktop\mon_youtubevids.JPG
[2013/08/22 23:37:18 | 000,176,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\windows\System32\drivers\avgldx86.sys
[2013/08/22 22:56:56 | 000,209,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\windows\System32\drivers\avgidsdriverx.sys
[2013/08/22 22:56:16 | 000,223,032 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\windows\System32\drivers\avglogx.sys
[2013/08/22 22:56:16 | 000,146,232 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\windows\System32\drivers\avgidshx.sys
[2013/08/20 22:54:04 | 000,102,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\windows\System32\drivers\avgmfx86.sys
[2013/08/20 02:36:02 | 000,146,648 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2013/08/20 02:35:44 | 000,031,560 | ---- | M] () -- C:\windows\System32\drivers\mbamchameleon.sys
[2013/08/17 01:24:11 | 000,054,490 | ---- | M] () -- C:\Users\MH\Desktop\mon_zaza.JPG
[2013/08/15 03:13:37 | 000,083,009 | ---- | M] () -- C:\Users\MH\Desktop\jjheal1.JPG
[2013/08/14 15:38:47 | 000,072,801 | ---- | M] () -- C:\Users\MH\Desktop\jyjtroll - Copy.JPG
[2013/08/14 06:10:55 | 000,072,801 | ---- | M] () -- C:\Users\MH\Desktop\jyjtroll.JPG
[2013/08/14 01:58:38 | 000,052,095 | ---- | M] () -- C:\Users\MH\Desktop\201308141520194021795A_1.jpg
[2013/08/09 21:17:40 | 000,070,566 | ---- | M] () -- C:\Users\MH\Desktop\telzone_carlyzyun_6.JPG
[2013/08/09 21:17:18 | 000,174,292 | ---- | M] () -- C:\Users\MH\Desktop\telzone_carlyzyun_5.JPG
[2013/08/09 21:16:56 | 000,161,760 | ---- | M] () -- C:\Users\MH\Desktop\telzone_carlyzyun_4.JPG
[2013/08/09 21:16:31 | 000,180,202 | ---- | M] () -- C:\Users\MH\Desktop\telzone_carlyzyun_3.JPG
[2013/08/09 21:16:05 | 000,164,889 | ---- | M] () -- C:\Users\MH\Desktop\telzone_carlyzyunho_2.JPG
[2013/08/09 21:15:35 | 000,104,324 | ---- | M] () -- C:\Users\MH\Desktop\telzone_carlyzyunho_1.JPG
[2013/08/09 21:03:55 | 000,026,433 | ---- | M] () -- C:\Users\MH\Desktop\veri_seeker.JPG
[2013/08/08 02:24:26 | 000,072,976 | ---- | M] () -- C:\Users\MH\Desktop\32034_900.jpg
[2013/08/08 01:02:24 | 000,170,019 | ---- | M] () -- C:\Users\MH\Desktop\BRHvt_TCUAApx-5.jpg
[2013/08/05 23:26:20 | 000,158,396 | ---- | M] () -- C:\Users\MH\Desktop\024 - Copy.JPG
[1 C:\Users\MH\*.tmp files -> C:\Users\MH\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/09/04 01:52:16 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2014.lnk
[2013/09/03 06:54:11 | 000,000,292 | ---- | C] () -- C:\windows\System32\secustat.dat
[2013/09/03 06:15:00 | 000,000,598 | ---- | C] () -- C:\windows\System32\secushr.dat
[2013/09/03 04:22:55 | 000,000,025 | ---- | C] () -- C:\windows\libem.INI
[2013/08/31 00:47:05 | 000,232,891 | ---- | C] () -- C:\Users\MH\Desktop\24ypnyv.jpg
[2013/08/28 03:07:08 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2013/08/28 03:07:08 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2013/08/28 03:07:08 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2013/08/28 03:07:08 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2013/08/28 03:07:08 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2013/08/24 04:22:23 | 000,209,456 | ---- | C] () -- C:\Users\MH\Desktop\6845ok.jpg
[2013/08/24 03:14:06 | 000,065,635 | ---- | C] () -- C:\Users\MH\Desktop\1153576884_DSC00784%20copy.jpg
[2013/08/24 03:14:06 | 000,065,577 | ---- | C] () -- C:\Users\MH\Desktop\1153576884_DSC00756%20copy.jpg
[2013/08/24 03:14:06 | 000,063,439 | ---- | C] () -- C:\Users\MH\Desktop\1153576884_DSC00766%20copy.jpg
[2013/08/24 03:14:06 | 000,061,318 | ---- | C] () -- C:\Users\MH\Desktop\1153576884_DSC00780%20copy.jpg
[2013/08/23 04:00:08 | 000,064,979 | ---- | C] () -- C:\Users\MH\Desktop\mon_youtubevids.JPG
[2013/08/20 02:35:44 | 000,031,560 | ---- | C] () -- C:\windows\System32\drivers\mbamchameleon.sys
[2013/08/17 01:24:10 | 000,054,490 | ---- | C] () -- C:\Users\MH\Desktop\mon_zaza.JPG
[2013/08/16 01:31:28 | 000,344,744 | ---- | C] () -- C:\Users\MH\Desktop\64091537c2356418844b25a53876b7.jpg
[2013/08/16 01:31:03 | 000,253,958 | ---- | C] () -- C:\Users\MH\Desktop\64091537c142294611544b25a14079.jpg
[2013/08/16 01:27:33 | 000,048,997 | ---- | C] () -- C:\Users\MH\Desktop\n2o_1412_268719_1.jpg

[2013/08/08 02:24:25 | 000,072,976 | ---- | C] () -- C:\Users\MH\Desktop\32034_900.jpg
[2013/08/08 01:02:22 | 000,170,019 | ---- | C] () -- C:\Users\MH\Desktop\BRHvt_TCUAApx-5.jpg
[2013/08/05 23:26:20 | 000,158,396 | ---- | C] () -- C:\Users\MH\Desktop\024 - Copy.JPG
[2013/08/03 11:09:58 | 004,818,944 | ---- | C] () -- C:\ProgramData\IHAMC.msi
[2013/07/04 04:33:06 | 000,451,072 | ---- | C] () -- C:\windows\System32\ISSRemoveSP.exe
[2012/06/02 23:25:31 | 000,001,456 | ---- | C] () -- C:\Users\MH\AppData\Local\Adobe Save for Web 12.0 Prefs
[2012/03/19 01:15:59 | 000,000,532 | ---- | C] () -- C:\windows\hpomdl46.dat.temp
[2011/09/15 19:52:20 | 000,173,322 | ---- | C] () -- C:\windows\hpoins46.dat
[2011/09/15 19:52:20 | 000,000,532 | ---- | C] () -- C:\windows\hpomdl46.dat
[2011/08/08 18:20:31 | 000,000,132 | ---- | C] () -- C:\Users\MH\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010/06/25 18:34:28 | 000,000,000 | ---- | C] () -- C:\Users\MH\AppData\Roaming\wklnhst.dat
[2010/02/21 21:37:46 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/12/29 17:12:59 | 000,000,178 | ---- | C] () -- C:\Users\MH\AppData\Roaming\default.rss
[2009/12/29 17:12:59 | 000,000,000 | ---- | C] () -- C:\Users\MH\AppData\Roaming\downloads.m3u
[2009/12/25 17:18:07 | 000,029,184 | ---- | C] () -- C:\Users\MH\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2009/07/14 00:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010/07/27 10:03:24 | 012,867,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 21:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 21:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/08/26 17:13:18 | 000,000,000 | ---D | M] -- C:\Users\MH\AppData\Roaming\Apowersoft
[2011/08/14 20:51:19 | 000,000,000 | ---D | M] -- C:\Users\MH\AppData\Roaming\Audacity
[2011/07/25 04:08:22 | 000,000,000 | ---D | M] -- C:\Users\MH\AppData\Roaming\AVG10
[2013/09/04 01:53:46 | 000,000,000 | ---D | M] -- C:\Users\MH\AppData\Roaming\AVG2014
[2013/09/03 06:54:16 | 000,000,000 | ---D | M] -- C:\Users\MH\AppData\Roaming\BITS
[2011/11/14 13:24:53 | 000,000,000 | ---D | M] -- C:\Users\MH\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/10/21 02:54:45 | 000,000,000 | ---D | M] -- C:\Users\MH\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2010/07/13 19:15:57 | 000,000,000 | ---D | M] -- C:\Users\MH\AppData\Roaming\DataCast
[2012/11/17 08:28:50 | 000,000,000 | ---D | M] -- C:\Users\MH\AppData\Roaming\duowan
[2013/09/03 07:01:27 | 000,000,000 | ---D | M] -- C:\Users\MH\AppData\Roaming\FlashgetSetup
[2013/07/08 03:37:13 | 000,000,000 | ---D | M] -- C:\Users\MH\AppData\Roaming\foobar2000
[2012/12/31 03:33:33 | 000,000,000 | ---D | M] -- C:\Users\MH\AppData\Roaming\iSkysoft
[2010/02/21 21:31:02 | 000,000,000 | ---D | M] -- C:\Users\MH\AppData\Roaming\Leadertech
[2012/10/01 18:37:26 | 000,000,000 | ---D | M] -- C:\Users\MH\AppData\Roaming\Orbit
[2012/10/01 18:11:24 | 000,000,000 | ---D | M] -- C:\Users\MH\AppData\Roaming\ProgSense
[2011/07/01 04:15:28 | 000,000,000 | ---D | M] -- C:\Users\MH\AppData\Roaming\RayV
[2010/06/25 18:34:31 | 000,000,000 | ---D | M] -- C:\Users\MH\AppData\Roaming\Template
[2009/12/30 23:50:08 | 000,000,000 | ---D | M] -- C:\Users\MH\AppData\Roaming\TOSHIBA
[2013/09/04 01:52:15 | 000,000,000 | ---D | M] -- C:\Users\MH\AppData\Roaming\TuneUp Software
[2011/09/23 13:31:14 | 000,000,000 | ---D | M] -- C:\Users\MH\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2012/07/11 02:31:30 | 000,000,000 | ---D | M] -- C:\Users\MH\AppData\Roaming\UDown
[2011/07/07 15:30:02 | 000,000,000 | ---D | M] -- C:\Users\MH\AppData\Roaming\WinAVI
[2009/12/24 21:17:29 | 000,000,000 | ---D | M] -- C:\Users\MH\AppData\Roaming\WinBatch

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2011/08/20 05:34:29 | 000,000,000 | ---D | M](C:\Users\MH\Documents\????) -- C:\Users\MH\Documents\[FONT=SimSun]美图图库[/FONT]
[2011/08/20 05:34:27 | 000,000,000 | ---D | C](C:\Users\MH\Documents\????) -- C:\Users\MH\Documents\[FONT=SimSun]美图图库[/FONT]
[2011/08/20 05:31:33 | 000,001,028 | ---- | M] ()(C:\Users\MH\Application Data\Microsoft\Internet Explorer\Quick Launch\????.lnk) -- C:\Users\MH\Application Data\Microsoft\Internet Explorer\Quick Launch\[FONT=SimSun]美图秀秀[/FONT].lnk
[2011/08/20 05:31:33 | 000,001,028 | ---- | C] ()(C:\Users\MH\Application Data\Microsoft\Internet Explorer\Quick Launch\????.lnk) -- C:\Users\MH\Application Data\Microsoft\Internet Explorer\Quick Launch\[FONT=SimSun]美图秀秀[/FONT].lnk
(C:\Users\MH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\??) -- C:\Users\MH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\[FONT=SimSun]美图[/FONT]
(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\??) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\[FONT=SimSun]美图[/FONT]


< End of report >

 

[Broni]

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RtsUCcid.sys -- (USBCCID)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Rts516xIR.sys -- (RtsUIR)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lvuvc.sys -- (LVUVC)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lvrs.sys -- (LVRS)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lvpopflt.sys -- (lvpopflt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\MAITAO~1\AppData\Local\Temp\catchme.sys -- (catchme)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
O4 - HKU\S-1-5-21-1582868316-1146028689-1569875838-1002..\Run: [Wisdom-soft ScreenHunter 5.1 Free] 0 File not found
O8 - Extra context menu item: &U使用米人下载并收藏 - C:\Program Files\NamiRobot\Data\du.html ()
O8 - Extra context menu item: &使用115优蛋 3下载 - C:\Program Files\115\UDown\getUrl.htm File not found
O8 - Extra context menu item: &使用115优蛋 3下载全部链接 - C:\Program Files\115\UDown\getAllUrl.htm File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html File not found
O15 - HKU\S-1-5-21-1582868316-1146028689-1569875838-1002\..Trusted Domains: clubbox.co.kr ([]http in Trusted sites)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
[2011/07/25 04:08:22 | 000,000,000 | ---D | M] -- C:\Users\MH\AppData\Roaming\AVG10
PRC - [2012/09/17 16:52:12 | 002,863,168 | ---- | M] (Sophos Limited) -- C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
PRC - [2012/09/17 16:51:33 | 000,216,640 | ---- | M] (Sophos Limited) -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
PRC - [2012/09/17 16:47:16 | 000,818,240 | ---- | M] (Sophos Limited) -- C:\Program Files\Sophos\Remote Management System\RouterNT.exe
PRC - [2012/09/17 16:47:06 | 000,289,856 | ---- | M] (Sophos Limited) -- C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe
PRC - [2012/07/26 17:19:14 | 000,357,400 | ---- | M] (Sophos Limited) -- C:\Program Files\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
PRC - [2012/07/26 17:18:08 | 000,139,840 | ---- | M] (Sophos Limited) -- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
SRV - [2012/09/17 16:52:12 | 002,863,168 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe -- (swi_service)
SRV - [2012/09/17 16:51:33 | 000,216,640 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService)
SRV - [2012/09/17 16:47:16 | 000,818,240 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files\Sophos\Remote Management System\RouterNT.exe -- (Sophos Message Router)
SRV - [2012/09/17 16:47:06 | 000,289,856 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe -- (Sophos Agent)
SRV - [2012/08/08 09:45:27 | 001,465,920 | ---- | M] (Sophos Limited) [Auto | Stopped] -- C:\ProgramData\Sophos\Web Intelligence\swi_update.exe -- (swi_update)
SRV - [2012/07/26 17:19:14 | 000,357,400 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe -- (Sophos Web Control Service)
SRV - [2012/07/26 17:18:08 | 000,139,840 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService)
DRV - [2012/07/26 17:19:52 | 000,033,696 | ---- | M] (Sophos Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sdcfilter.sys -- (sdcfilter)
DRV - [2012/07/26 17:19:41 | 000,123,680 | ---- | M] (Sophos Limited) [File_System | System | Running] -- C:\Windows\System32\drivers\savonaccess.sys -- (SAVOnAccess)
DRV - [2012/07/26 17:18:43 | 000,031,736 | ---- | M] (Sophos Plc) [Kernel | System | Running] -- C:\Windows\System32\drivers\skmscan.sys -- (SKMScan)
DRV - [2012/07/21 00:39:21 | 000,022,536 | ---- | M] (Sophos Plc) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\SophosBootDriver.sys -- (SophosBootDriver)
O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Program Files\Sophos\AutoUpdate\ALMon.exe (Sophos Limited)


:Services

:Reg

:Files
C:\FRST
C:\Program Files\Sophos

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.

NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.
Then continue with other steps from my reply #24.

 

[hi2001]

All processes killed
========== OTL ==========
Error: No service named USBCCID was found to stop!
Service\Driver key USBCCID not found.
File system32\DRIVERS\RtsUCcid.sys not found.
Error: No service named RtsUIR was found to stop!
Service\Driver key RtsUIR not found.
File system32\DRIVERS\Rts516xIR.sys not found.
Error: No service named RSUSBSTOR was found to stop!
Service\Driver key RSUSBSTOR not found.
File System32\Drivers\RtsUStor.sys not found.
Error: No service named LVUVC was found to stop!
Service\Driver key LVUVC not found.
File system32\DRIVERS\lvuvc.sys not found.
Error: No service named LVRS was found to stop!
Service\Driver key LVRS not found.
File system32\DRIVERS\lvrs.sys not found.
Error: No service named lvpopflt was found to stop!
Service\Driver key lvpopflt not found.
File system32\DRIVERS\lvpopflt.sys not found.
Error: No service named catchme was found to stop!
Service\Driver key catchme not found.
File C:\Users\MAITAO~1\AppData\Local\Temp\catchme.sys not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=\ not found.
Registry value HKEY_USERS\S-1-5-21-1582868316-1146028689-1569875838-1002\Software\Microsoft\Windows\CurrentVersion\Run\\Wisdom-soft ScreenHunter 5.1 Free not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&U[FONT=SimSun]使用米人下载并收藏[/FONT]\ not found.
File C:\Program Files\NamiRobot\Data\du.html not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&[FONT=SimSun]使用[/FONT]115[FONT=SimSun]优蛋[/FONT] 3[FONT=SimSun]下载[/FONT]\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&[FONT=SimSun]使用[/FONT]115[FONT=SimSun]优蛋[/FONT] 3[FONT=SimSun]下载全部链接[/FONT]\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ not found.
Registry key HKEY_USERS\S-1-5-21-1582868316-1146028689-1569875838-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clubbox.co.kr\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Folder C:\Users\MH\AppData\Roaming\AVG10\ not found.
Process swi_service.exe killed successfully!
Process SAVAdminService.exe killed successfully!
Process RouterNT.exe killed successfully!
Process ManagementAgentNT.exe killed successfully!
Process swc_service.exe killed successfully!
Process SavService.exe killed successfully!
Service swi_service stopped successfully!
Service swi_service deleted successfully!
C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe moved successfully.
Error: No service named SAVAdminService was found to stop!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SAVAdminService deleted successfully.
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe moved successfully.
Service Sophos Message Router stopped successfully!
Service Sophos Message Router deleted successfully!
C:\Program Files\Sophos\Remote Management System\RouterNT.exe moved successfully.
Service Sophos Agent stopped successfully!
Service Sophos Agent deleted successfully!
C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe moved successfully.
Service swi_update stopped successfully!
Service swi_update deleted successfully!
C:\ProgramData\Sophos\Web Intelligence\swi_update.exe moved successfully.
Service Sophos Web Control Service stopped successfully!
Service Sophos Web Control Service deleted successfully!
C:\Program Files\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe moved successfully.
Error: No service named SAVService was found to stop!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SAVService deleted successfully.
C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe moved successfully.
Service sdcfilter stopped successfully!
Service sdcfilter deleted successfully!
C:\Windows\System32\drivers\sdcfilter.sys moved successfully.
Service SAVOnAccess stopped successfully!
Service SAVOnAccess deleted successfully!
C:\Windows\System32\drivers\savonaccess.sys moved successfully.
Service SKMScan stopped successfully!
Service SKMScan deleted successfully!
C:\Windows\System32\drivers\skmscan.sys moved successfully.
Service SophosBootDriver stopped successfully!
Service SophosBootDriver deleted successfully!
C:\Windows\System32\drivers\SophosBootDriver.sys moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Sophos AutoUpdate Monitor deleted successfully.
C:\Program Files\Sophos\AutoUpdate\ALMon.exe moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File\Folder C:\FRST not found.
C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence folder moved successfully.
C:\Program Files\Sophos\Sophos Anti-Virus\Web Control folder moved successfully.
C:\Program Files\Sophos\Sophos Anti-Virus folder moved successfully.
C:\Program Files\Sophos\Remote Management System folder moved successfully.
C:\Program Files\Sophos\AutoUpdate\zh_tw folder moved successfully.
C:\Program Files\Sophos\AutoUpdate\zh_cn folder moved successfully.
C:\Program Files\Sophos\AutoUpdate\ja folder moved successfully.
C:\Program Files\Sophos\AutoUpdate\it folder moved successfully.
C:\Program Files\Sophos\AutoUpdate\fr folder moved successfully.
C:\Program Files\Sophos\AutoUpdate\es folder moved successfully.
C:\Program Files\Sophos\AutoUpdate\en folder moved successfully.
C:\Program Files\Sophos\AutoUpdate\de folder moved successfully.
C:\Program Files\Sophos\AutoUpdate folder moved successfully.
C:\Program Files\Sophos folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: MH
->Temp folder emptied: 200295 bytes
->Temporary Internet Files folder emptied: 350287 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 240453222 bytes
->Flash cache emptied: 492 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 162674 bytes
RecycleBin emptied: 428600 bytes

Total Files Cleaned = 230.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: MH
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: MH
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 09092013_133743

Files\Folders moved on Reboot...
File\Folder C:\Users\MH\AppData\Local\Temp\~DF8C8E49D989370390.TMP not found!
File\Folder C:\Users\MH\AppData\Local\Temp\~DF8E5CB7924306CF1C.TMP not found!
C:\Users\MH\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRC0001.tmp moved successfully.
C:\Users\MH\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRC0710.tmp moved successfully.
C:\Users\MH\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{3FD5B9DC-C952-42D2-9ACE-022F6A019C67}.tmp moved successfully.
C:\Users\MH\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{4A80D98E-D0AA-4E70-B5B6-3AA6D6ED6A4F}.tmp moved successfully.
C:\Users\MH\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{A6735922-BDC7-44B2-9230-25CF9F5B6381}.tmp moved successfully.
File move failed. C:\windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.

PendingFileRenameOperations files...


Registry entries deleted on Reboot...

 

[hi2001]

Results of screen317's Security Check version 0.99.73
Windows 7 x86 (UAC is enabled)
Out of date service pack!!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG AntiVirus Free Edition 2014
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Out of date HijackThis installed!
Malwarebytes Anti-Malware version 1.75.0.1300
HijackThis 2.0.2
CCleaner
Java(TM) 6 Update 14
Java 7 Update 25
Adobe Flash Player 11.5.502.135
Adobe Reader 9 Adobe Reader out of Date!
Google Chrome 28.0.1500.72
Google Chrome 28.0.1500.95
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
AVG avgrsx.exe
AVG avgemc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 9%
````````````````````End of Log``````````````````````


---------------------------------------------------------------------

Farbar Service Scanner Version: 05-09-2013
Ran by MH (administrator) on 09-09-2013 at 13:55:16
Running from "C:\Users\MH\Downloads"
Microsoft Windows 7 Home Premium (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\windows\system32\nsisvc.dll => MD5 is legit
C:\windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\windows\system32\dhcpcore.dll => MD5 is legit
C:\windows\system32\Drivers\afd.sys => MD5 is legit
C:\windows\system32\Drivers\tdx.sys => MD5 is legit
C:\windows\system32\Drivers\tcpip.sys
[2011-10-29 02:22] - [2011-06-21 01:39] - 1286016 ____A (Microsoft Corporation) C2DAAEB48F3A47C410B041A0D2382EE1

C:\windows\system32\dnsrslvr.dll => MD5 is legit
C:\windows\system32\mpssvc.dll => MD5 is legit
C:\windows\system32\bfe.dll => MD5 is legit
C:\windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\windows\system32\SDRSVC.dll => MD5 is legit
C:\windows\system32\vssvc.exe => MD5 is legit
C:\windows\system32\wuaueng.dll => MD5 is legit
C:\windows\system32\qmgr.dll => MD5 is legit
C:\windows\system32\es.dll => MD5 is legit
C:\windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\windows\system32\ipnathlp.dll => MD5 is legit
C:\windows\system32\iphlpsvc.dll => MD5 is legit
C:\windows\system32\svchost.exe => MD5 is legit
C:\windows\system32\rpcss.dll => MD5 is legit



**** End of log ****

----------------

the ESET scan didn't produce a log.

 

[Broni]

Update Adobe Flash Player: http://get.adobe.com/flashplayer/
Make sure you UN-check Yes, install McAfee Security Scan Plus

NOTE 1: Beginning with Adobe Flash Version 11.3, the universal installer includes the 32-bit and 64-bit versions of the Flash Player.
NOTE 2: While installing make sure you UN-check any extra garbage which wants to install alongside.

Update Adobe Reader

You can download it from https://www.techspot.com/downloads/2083-adobe-reader-dc.html
After installing the latest Adobe Reader, uninstall all previous versions (if present).
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader and install one of two free alternatives:

- Foxit PDF Reader from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.

- PDF-XChange Viewer: http://www.tracker-software.com/product/pdf-xchange-viewer

We need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it.

• Run JavaRa.exe (Vista and 7 users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
• Accept any prompts.
• Do NOT post JavaRa log.

========================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following:

:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

• Double-click OTL.exe to start the program.
• Close all other programs apart from OTL as this step will require a reboot
• On the OTL main screen, press the CLEANUP button
• Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure Windows Updates are current (Service Pack1!!!)

4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

7. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

8. Run Temporary File Cleaner (TFC) weekly.

9. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

10. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

11. (Windows XP only) Run defrag at your convenience.

12. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

13. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

14. Please, let me know, how your computer is doing.

 

[Broni]

The issue seems to be resolved.