hi guys,
my laptop crashed recently and it has been acting strsnge ever since, it wont start properly or shut down, the only way i can use it is in safe mode, also windows security centre wont turn on and system restore will make no difference, i would suspect a virus or something similar
grateful for any help you can give me hijack this log attached
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:36:13 PM, on 12/12/2013
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Safe mode with network support
Running processes:
C:\windows\Explorer.EXE
C:\windows\system32\ctfmon.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Users\martin\Downloads\OTL.exe
C:\Users\martin\Downloads\HiJackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
O4 - HKLM\..\Run: [332BigDog] C:\Program Files\USB Camera2\VM332_STI.EXE
O4 - HKLM\..\Run: [VeriFaceManager] C:\Program Files\Lenovo\VeriFace\PManage.exe
O4 - HKLM\..\Run: [UpdateP2GShortCut] "C:\Program Files\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
O4 - HKLM\..\Run: [EnergyUtility] C:\Program Files\Lenovo\Energy Management\utility.exe
O4 - HKLM\..\Run: [Energy Management] C:\Program Files\Lenovo\Energy Management\Energy Management.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2014\avgui.exe" /TRAYONLY
O4 - HKLM\..\RunOnce: [GrpConv] grpconv -o
O4 - HKCU\..\Run: [ooVoo.exe] C:\Program Files\ooVoo\ooVoo.exe /minimized
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [WLStart] "C:\Program Files\Windows Live\Installer\wlstart.exe" /nosearch /nohomepage (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [WLStart] "C:\Program Files\Windows Live\Installer\wlstart.exe" /nosearch /nohomepage (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: IGRS - Lenovo Group Limited - C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe
O23 - Service: Lenovo ReadyComm AppSvc - Lenovo Group Limited - C:\Program Files\Lenovo\ReadyComm\AppSvc.exe
O23 - Service: Lenovo ReadyComm ConnSvc - Lenovo Group Limited - C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
--
End of file - 8375 bytes
otl scan also
OTL logfile created on: 12/12/2013 12:33:48 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\martin\Downloads
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.96 Gb Total Physical Memory | 2.58 Gb Available Physical Memory | 87.07% Memory free
5.92 Gb Paging File | 5.56 Gb Available in Paging File | 93.97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 252.89 Gb Total Space | 227.02 Gb Free Space | 89.77% Space Free | Partition Type: NTFS
Drive D: | 30.25 Gb Total Space | 29.45 Gb Free Space | 97.37% Space Free | Partition Type: NTFS
Computer Name: MARTIN-PC | User Name: martin | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013/12/12 12:31:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\martin\Downloads\OTL.exe
PRC - [2010/04/29 04:11:33 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/14 03:36:40 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2009/07/14 03:36:40 | 000,645,328 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009/07/08 09:07:46 | 000,894,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
========== Modules (No Company Name) ==========
MOD - [2010/08/21 23:52:12 | 001,410,312 | ---- | M] () -- C:\Windows\System32\IcnOvrly.dll
========== Services (SafeList) ==========
SRV - [2013/12/01 21:29:45 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/11/11 22:02:14 | 003,478,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/09/24 01:33:08 | 000,348,008 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
SRV - [2010/03/15 20:11:02 | 000,009,216 | ---- | M] (Vodafone) [Auto | Stopped] -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService)
SRV - [2009/12/08 14:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2009/09/22 10:16:32 | 000,579,400 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe -- (Lenovo ReadyComm ConnSvc)
SRV - [2009/08/14 06:22:48 | 000,509,192 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files\Lenovo\ReadyComm\AppSvc.exe -- (Lenovo ReadyComm AppSvc)
SRV - [2009/08/11 08:09:52 | 000,582,944 | ---- | M] (Broadcom Corporation.) [Auto | Stopped] -- C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009/07/15 19:12:42 | 000,276,296 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files\Lenovo\ReadyComm\PS_MDP.dll -- (PS_MDP)
SRV - [2009/07/14 06:27:26 | 000,038,152 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe -- (IGRS)
SRV - [2009/07/14 06:27:20 | 000,103,688 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\ReadyComm\common\router.dll -- (ReadyComm.DirectRouter)
SRV - [2009/07/14 03:36:40 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2009/07/13 17:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 17:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/08 09:07:46 | 000,894,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MpfSrv.exe -- (MpfService)
SRV - [2009/06/18 02:14:46 | 000,144,704 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/06/16 12:29:18 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/06/16 11:00:46 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/06/04 11:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2009/04/09 03:46:14 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/04/09 00:18:50 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\test\ECECECEC\WinRing0.sys -- (WinRing0_1_2_0)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RtsUCcid.sys -- (USBCCID)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Rts516xIR.sys -- (RtsUIR)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2013/11/05 21:50:48 | 000,120,600 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\Windows\System32\drivers\avgdiskx.sys -- (Avgdiskx)
DRV - [2013/11/04 21:57:30 | 000,209,176 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2013/10/31 23:00:28 | 000,176,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2013/10/31 22:30:08 | 000,222,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avglogx.sys -- (Avglogx)
DRV - [2013/10/24 22:28:32 | 000,147,768 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2013/10/01 00:49:38 | 000,102,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2013/09/17 00:57:26 | 000,022,840 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2013/09/10 00:43:20 | 000,027,448 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2013/08/01 16:08:52 | 000,193,848 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2010/08/21 23:51:33 | 000,054,800 | ---- | M] () [Kernel | System | Stopped] -- C:\windows\System32\drivers\funfrm.sys -- (funfrm)
DRV - [2010/04/21 20:08:22 | 000,218,744 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2010/04/20 09:45:28 | 000,198,000 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vm332avs.sys -- (vm332avs)
DRV - [2010/03/30 22:49:52 | 000,517,688 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2009/11/04 16:59:38 | 000,112,640 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2009/11/04 16:59:38 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009/11/04 16:59:38 | 000,101,120 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbfake.sys -- (hwusbfake)
DRV - [2009/07/28 13:09:36 | 000,063,240 | ---- | M] (Lenovo) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdbridge.sys -- (Bridge0)
DRV - [2009/07/21 13:14:58 | 000,081,704 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wsvd.sys -- (wsvd)
DRV - [2009/07/16 04:37:14 | 000,011,792 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WDMirror.sys -- (wdmirror)
DRV - [2009/07/13 14:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)
DRV - [2009/07/13 14:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x)
DRV - [2009/06/18 02:15:22 | 000,214,024 | ---- | M] (McAfee, Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/06/18 02:15:22 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/06/18 02:15:22 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/06/18 02:15:22 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/06/18 02:14:52 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/05/25 12:12:36 | 000,122,368 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV - [2009/05/19 05:43:08 | 000,021,520 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV - [2009/04/09 06:23:02 | 000,130,424 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\Mpfp.sys -- (MPFP)
DRV - [2008/08/06 04:34:16 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages =
http://www.lenovo.com/ [binary data]
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2013/12/02 05:37:03 | 000,000,000 | ---D | M]
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - Extension: Google Docs = C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Gmail = C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
O1 HOSTS File: ([2009/06/10 13:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [332BigDog] C:\Program Files\USB Camera2\VM332_STI.EXE (Vimicro)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Energy Management] C:\Program Files\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4 - HKLM..\Run: [EnergyUtility] C:\Program Files\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MobileConnect] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
O4 - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files\Lenovo\VeriFace\PManage.exe (Lenovo)
O4 - HKCU..\Run: [ooVoo.exe] C:\Program Files\ooVoo\ooVoo.exe (ooVoo LLC)
O4 - HKLM..\RunOnce: [GrpConv] C:\windows\System32\grpconv.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0A0D17EF-1BD4-48ED-998E-840F24AA89C3}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2B2AA886-AE9D-4852-B411-D47B800CCD63}: DhcpNameServer = 89.19.64.164 89.19.64.36
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 13:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{dab189b3-5a04-11e3-8695-f07bcbf86953}\Shell - "" = AutoRun
O33 - MountPoints2\{dab189b3-5a04-11e3-8695-f07bcbf86953}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{dab189c9-5a04-11e3-8695-f07bcbf86953}\Shell - "" = AutoRun
O33 - MountPoints2\{dab189c9-5a04-11e3-8695-f07bcbf86953}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013/12/07 19:03:44 | 000,000,000 | ---D | C] -- C:\Users\martin\AppData\Local\ElevatedDiagnostics
[2013/12/02 20:30:07 | 000,000,000 | ---D | C] -- C:\windows\System32\EventProviders
[2013/12/02 20:30:05 | 000,000,000 | ---D | C] -- C:\c2e99f474d8436d4efe16e
[2013/12/02 17:44:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/12/02 09:47:15 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d2d1.dll
[2013/12/02 09:47:13 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\DWrite.dll
[2013/12/01 21:29:50 | 000,000,000 | ---D | C] -- C:\Users\martin\AppData\Roaming\Macromedia
[2013/12/01 21:29:50 | 000,000,000 | ---D | C] -- C:\Users\martin\AppData\Roaming\Adobe
[2013/12/01 21:29:41 | 000,692,616 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe
[2013/12/01 21:29:41 | 000,071,048 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl
[2013/12/01 21:29:39 | 000,000,000 | ---D | C] -- C:\windows\System32\Macromed
[2013/12/01 21:20:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013/12/01 21:19:56 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\poqexec.exe
[2013/12/01 21:15:09 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wucltux.dll
[2013/12/01 21:15:09 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wups2.dll
[2013/12/01 21:14:36 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wuwebv.dll
[2013/12/01 21:14:36 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wuapp.exe
[2013/11/30 13:33:58 | 000,000,000 | ---D | C] -- C:\Users\martin\AppData\Roaming\FLEXnet
[2013/11/30 13:23:38 | 000,000,000 | ---D | C] -- C:\Users\martin\AppData\Roaming\Vodafone
[2013/11/30 13:23:20 | 000,102,912 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\windows\System32\drivers\ewusbmdm.sys
[2013/11/30 13:23:18 | 000,112,640 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\windows\System32\drivers\ewusbnet.sys
[2013/11/30 13:23:14 | 000,101,120 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\windows\System32\drivers\ewusbfake.sys
[2013/11/30 13:22:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vodafone
[2013/11/30 13:22:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Vodafone
[2013/11/30 13:22:37 | 000,000,000 | ---D | C] -- C:\Program Files\Vodafone
[2013/11/30 13:22:37 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2013/11/30 13:22:06 | 000,000,000 | ---D | C] -- C:\Users\martin\AppData\Local\{8E7E61FA-3ECB-42E9-B640-9C50AE76B9D0}
[2013/11/25 19:15:18 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/11/25 18:39:30 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2013/11/25 18:39:06 | 000,000,000 | ---D | C] -- C:\Users\martin\AppData\Local\Google
[2013/11/25 18:38:40 | 000,000,000 | ---D | C] -- C:\Users\martin\AppData\Local\Apps
[2013/11/25 18:38:39 | 000,000,000 | ---D | C] -- C:\Users\martin\AppData\Local\Deployment
[2013/11/24 15:42:13 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2013/11/24 09:29:17 | 000,000,000 | ---D | C] -- C:\windows\Minidump
[2013/11/23 09:45:36 | 000,000,000 | ---D | C] -- C:\Users\martin\AppData\Local\Adobe
[2013/11/23 09:08:36 | 000,000,000 | ---D | C] -- C:\Users\martin\AppData\Roaming\AVG2014
[2013/11/23 09:07:46 | 000,000,000 | ---D | C] -- C:\Users\martin\AppData\Roaming\TuneUp Software
[2013/11/23 09:07:21 | 000,000,000 | -H-D | C] -- C:\$AVG
[2013/11/23 09:07:20 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2014
[2013/11/23 09:05:49 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2013/11/20 19:30:06 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013/11/20 19:30:06 | 000,000,000 | ---D | C] -- C:\Users\martin\AppData\Local\MFAData
[2013/11/20 19:30:06 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2013/11/20 19:30:06 | 000,000,000 | ---D | C] -- C:\Users\martin\AppData\Local\Avg2014
[2013/11/18 16:36:50 | 000,000,000 | ---D | C] -- C:\Users\martin\AppData\Local\Microsoft Games
[2013/11/17 22:23:05 | 000,000,000 | ---D | C] -- C:\Users\martin\AppData\Local\Diagnostics
[2013/11/17 22:20:20 | 000,000,000 | ---D | C] -- C:\Users\martin\AppData\Roaming\ooVoo Details
[2013/11/17 22:20:11 | 000,000,000 | ---D | C] -- C:\Users\martin\AppData\Local\Conexant
[2013/11/17 22:20:11 | 000,000,000 | ---D | C] -- C:\Users\martin\AppData\Local\Broadcom
[2013/11/17 22:20:11 | 000,000,000 | ---D | C] -- C:\Users\martin\Documents\Bluetooth Exchange Folder
[2013/11/17 22:19:09 | 000,000,000 | R--D | C] -- C:\Users\martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013/11/17 22:19:09 | 000,000,000 | R--D | C] -- C:\Users\martin\Searches
[2013/11/17 22:19:09 | 000,000,000 | R--D | C] -- C:\Users\martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013/11/17 22:19:09 | 000,000,000 | -H-D | C] -- C:\Users\martin\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2013/11/17 22:19:00 | 000,000,000 | ---D | C] -- C:\Users\martin\AppData\Roaming\Identities
[2013/11/17 22:18:58 | 000,000,000 | R--D | C] -- C:\Users\martin\Contacts
[2013/11/17 22:18:58 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/11/17 22:18:53 | 000,000,000 | ---D | C] -- C:\Users\martin\AppData\Local\VirtualStore
[2013/11/17 22:18:51 | 000,000,000 | --SD | C] -- C:\Users\martin\AppData\Roaming\Microsoft
[2013/11/17 22:18:51 | 000,000,000 | R--D | C] -- C:\Users\martin\Videos
[2013/11/17 22:18:51 | 000,000,000 | R--D | C] -- C:\Users\martin\Saved Games
[2013/11/17 22:18:51 | 000,000,000 | R--D | C] -- C:\Users\martin\Pictures
[2013/11/17 22:18:51 | 000,000,000 | R--D | C] -- C:\Users\martin\Music
[2013/11/17 22:18:51 | 000,000,000 | R--D | C] -- C:\Users\martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013/11/17 22:18:51 | 000,000,000 | R--D | C] -- C:\Users\martin\Links
[2013/11/17 22:18:51 | 000,000,000 | R--D | C] -- C:\Users\martin\Favorites
[2013/11/17 22:18:51 | 000,000,000 | R--D | C] -- C:\Users\martin\Downloads
[2013/11/17 22:18:51 | 000,000,000 | R--D | C] -- C:\Users\martin\Documents
[2013/11/17 22:18:51 | 000,000,000 | R--D | C] -- C:\Users\martin\Desktop
[2013/11/17 22:18:51 | 000,000,000 | R--D | C] -- C:\Users\martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013/11/17 22:18:51 | 000,000,000 | -HSD | C] -- C:\Users\martin\AppData\Local\Temporary Internet Files
[2013/11/17 22:18:51 | 000,000,000 | -HSD | C] -- C:\Users\martin\Templates
[2013/11/17 22:18:51 | 000,000,000 | -HSD | C] -- C:\Users\martin\Start Menu
[2013/11/17 22:18:51 | 000,000,000 | -HSD | C] -- C:\Users\martin\SendTo
[2013/11/17 22:18:51 | 000,000,000 | -HSD | C] -- C:\Users\martin\Recent
[2013/11/17 22:18:51 | 000,000,000 | -HSD | C] -- C:\Users\martin\PrintHood
[2013/11/17 22:18:51 | 000,000,000 | -HSD | C] -- C:\Users\martin\NetHood
[2013/11/17 22:18:51 | 000,000,000 | -HSD | C] -- C:\Users\martin\Documents\My Videos
[2013/11/17 22:18:51 | 000,000,000 | -HSD | C] -- C:\Users\martin\Documents\My Pictures
[2013/11/17 22:18:51 | 000,000,000 | -HSD | C] -- C:\Users\martin\Documents\My Music
[2013/11/17 22:18:51 | 000,000,000 | -HSD | C] -- C:\Users\martin\My Documents
[2013/11/17 22:18:51 | 000,000,000 | -HSD | C] -- C:\Users\martin\Local Settings
[2013/11/17 22:18:51 | 000,000,000 | -HSD | C] -- C:\Users\martin\AppData\Local\History
[2013/11/17 22:18:51 | 000,000,000 | -HSD | C] -- C:\Users\martin\Cookies
[2013/11/17 22:18:51 | 000,000,000 | -HSD | C] -- C:\Users\martin\Application Data
[2013/11/17 22:18:51 | 000,000,000 | -HSD | C] -- C:\Users\martin\AppData\Local\Application Data
[2013/11/17 22:18:51 | 000,000,000 | -H-D | C] -- C:\Users\martin\AppData
[2013/11/17 22:18:51 | 000,000,000 | ---D | C] -- C:\Users\martin\AppData\Local\Temp
[2013/11/17 22:18:51 | 000,000,000 | ---D | C] -- C:\Users\martin\AppData\Local\Microsoft
[2013/11/17 22:18:51 | 000,000,000 | ---D | C] -- C:\Users\martin\AppData\Roaming\Media Center Programs
[2013/11/17 22:18:51 | 000,000,000 | ---D | C] -- C:\Users\martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
[2013/11/17 22:18:29 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2013/11/17 22:17:54 | 000,000,000 | -HSD | C] -- C:\Recovery
[2013/11/17 13:42:52 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/12/12 12:10:03 | 000,623,940 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2013/12/12 12:10:03 | 000,106,316 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2013/12/12 12:06:26 | 000,002,239 | ---- | M] () -- C:\Users\martin\Desktop\OneKey Recovery.lnk
[2013/12/12 12:05:35 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/12/12 12:05:27 | 2384,932,864 | -HS- | M] () -- C:\hiberfil.sys
[2013/12/12 12:00:04 | 000,000,882 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/12/12 11:59:31 | 000,000,886 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/12/09 15:42:20 | 000,002,225 | ---- | M] () -- C:\Users\martin\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/12/09 15:40:27 | 000,001,427 | ---- | M] () -- C:\windows\System32\Config.MPF
[2013/12/07 09:26:42 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/12/07 09:26:42 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/12/02 20:05:02 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/12/02 17:44:54 | 000,002,201 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/12/02 06:47:21 | 221,674,625 | ---- | M] () -- C:\windows\MEMORY.DMP
[2013/12/01 21:29:41 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe
[2013/12/01 21:29:41 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl
[2013/12/01 21:20:59 | 000,000,935 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2014.lnk
[2013/11/30 13:22:58 | 000,002,755 | ---- | M] () -- C:\Users\Public\Desktop\Vodafone Mobile Connect.lnk
[2013/11/30 13:22:58 | 000,002,755 | ---- | M] () -- C:\Users\Public\Desktop\SMS.lnk
[2013/11/18 16:34:40 | 000,000,342 | ---- | M] () -- C:\windows\tasks\McDefragTask.job
[2013/11/18 16:34:40 | 000,000,320 | ---- | M] () -- C:\windows\tasks\McQcTask.job
[2013/11/17 22:22:07 | 000,001,407 | ---- | M] () -- C:\Users\martin\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/11/17 22:20:01 | 000,001,080 | ---- | M] () -- C:\Users\martin\Desktop\Cyberlink Power2Go.lnk
[2013/11/17 14:16:39 | 000,039,252 | ---- | M] () -- C:\windows\System32\license.rtf
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/12/02 17:44:54 | 000,002,225 | ---- | C] () -- C:\Users\martin\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/12/02 17:44:54 | 000,002,201 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/12/02 17:40:30 | 000,000,886 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/12/02 17:40:25 | 000,000,882 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/12/02 06:03:54 | 221,674,625 | ---- | C] () -- C:\windows\MEMORY.DMP
[2013/12/01 21:29:45 | 000,000,830 | ---- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/12/01 21:20:59 | 000,000,935 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2014.lnk
[2013/11/30 13:22:58 | 000,002,755 | ---- | C] () -- C:\Users\Public\Desktop\Vodafone Mobile Connect.lnk
[2013/11/30 13:22:58 | 000,002,755 | ---- | C] () -- C:\Users\Public\Desktop\SMS.lnk
[2013/11/17 22:22:07 | 000,001,407 | ---- | C] () -- C:\Users\martin\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/11/17 22:19:39 | 000,001,413 | ---- | C] () -- C:\Users\martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013/11/17 22:19:02 | 000,000,342 | ---- | C] () -- C:\windows\tasks\McDefragTask.job
[2013/11/17 22:19:01 | 000,000,320 | ---- | C] () -- C:\windows\tasks\McQcTask.job
[2013/11/17 22:18:51 | 000,002,239 | ---- | C] () -- C:\Users\martin\Desktop\OneKey Recovery.lnk
[2013/11/17 22:18:51 | 000,001,080 | ---- | C] () -- C:\Users\martin\Desktop\Cyberlink Power2Go.lnk
[2013/11/17 22:18:51 | 000,000,290 | ---- | C] () -- C:\Users\martin\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2013/11/17 22:18:51 | 000,000,272 | ---- | C] () -- C:\Users\martin\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2013/11/17 13:42:43 | 2384,932,864 | -HS- | C] () -- C:\hiberfil.sys
[2010/03/15 19:15:34 | 000,156,430 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
========== ZeroAccess Check ==========
[2009/07/13 20:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2009/07/13 17:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 17:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 17:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
< End of report >
Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. 
Join 
