Jump to content

Build Theme!
  •  
  • Infected?

big grin WE'RE SURE THAT YOU'LL LOVE US!

We invite you to ask questions, share experiences, and learn. It's 100% free. Did we mention that it's free. It is. It's free. Join 91603 other members! Anybody can ask, anybody can answer. Consistently helpful members with best answers are invited to staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Browser Hijacked & PC check-up [Closed]


  • This topic is locked This topic is locked
10 replies to this topic

#1 Lochy

Lochy

    Authentic Member

  • Authentic Member
  • PipPip
  • 187 posts

Posted 18 April 2014 - 08:40 PM

hello,

 

I have Noticed after the last few days that my Chrome browser instantly being redirected as soon as I open chrome. Also, I wanted a general check-up if at all possible:)  So, here is my logs OTL & HJT

 

 

OTL logfile created on: 19/04/2014 12:11:19 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Locky\Desktop\Anti V and MalwareSpyware\VirisMalware Removal
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy
 
7.95 Gb Total Physical Memory | 4.39 Gb Available Physical Memory | 55.17% Memory free
15.90 Gb Paging File | 12.17 Gb Available in Paging File | 76.55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 390.44 Gb Free Space | 41.92% Space Free | Partition Type: NTFS
Drive D: | 6.97 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 1.58 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: LOCKY-PC | User Name: Locky | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Locky\Desktop\Anti V and MalwareSpyware\VirisMalware Removal\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe (Conduit)
PRC - C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe (Conduit)
PRC - C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe (Conduit)
PRC - C:\Program Files (x86)\LPT\srpts.exe ()
PRC - C:\Users\Locky\AppData\Local\LPT\srptm.exe ()
PRC - C:\Users\Locky\AppData\Local\Smartbar\Application\Lrcnta.exe ()
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe (AVG Secure Search)
PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\loggingserver.exe ()
PRC - C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe (AnchorFree Inc.)
PRC - C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe ()
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe (Apple Inc.)
PRC - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Users\Locky\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
PRC - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe (VideoLAN)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Hostless Modem\Telstra USB+Wi-Fi\CheckNDISPort_df.exe ()
PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Codebox\BitMeter\BitMeter2.exe ( )
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\GAC_32\System.Data.SQLite\1.0.66.0__db937bc2d44ff139\System.Data.SQLite.dll ()
MOD - C:\Users\Locky\AppData\Local\Smartbar\Application\srut.dll ()
MOD - C:\Users\Locky\AppData\Local\LPT\srut.dll ()
MOD - C:\Users\Locky\AppData\Local\LPT\srpt.dll ()
MOD - C:\Users\Locky\AppData\Local\LPT\srptm.exe ()
MOD - C:\Users\Locky\AppData\Local\LPT\srptc.dll ()
MOD - C:\Users\Locky\AppData\Local\LPT\srpdm.dll ()
MOD - C:\Users\Locky\AppData\Local\LPT\srbu.dll ()
MOD - C:\Users\Locky\AppData\Local\Smartbar\Application\sppsm.dll ()
MOD - C:\Users\Locky\AppData\Local\LPT\sppsm.dll ()
MOD - C:\Users\Locky\AppData\Local\LPT\Smartbar.Resources.HistoryAndStatsWrapper.dll ()
MOD - C:\Users\Locky\AppData\Local\LPT\Smartbar.Monetization.Proxy.ProxyService.dll ()
MOD - C:\Users\Locky\AppData\Local\Smartbar\Application\Smartbar.Personalization.Common.dll ()
MOD - C:\Users\Locky\AppData\Local\LPT\Smartbar.Personalization.Common.dll ()
MOD - C:\Users\Locky\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Utilities.dll ()
MOD - C:\Users\Locky\AppData\Local\LPT\Smartbar.Infrastructure.Utilities.dll ()
MOD - C:\Users\Locky\AppData\Local\LPT\Smartbar.Common.dll ()
MOD - C:\Users\Locky\AppData\Local\Smartbar\Application\Lrcnta.exe ()
MOD - C:\Users\Locky\AppData\Local\Smartbar\Application\lrcnt.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ppgooglenaclpluginchrome.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\pdf.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\libglesv2.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\libegl.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ffmpegsumo.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\chrome_elf.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\gui\libqt4_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\libvlccore.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libtheora_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libpng_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_output\libwaveout_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_output\libaout_directx_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libdts_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libcdg_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liblibass_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libvorbis_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libschroedinger_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libopus_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liblpcm_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libspudec_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libmpeg_audio_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liba52_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libaes3_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libavcodec_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libfaad_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libflac_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\video_filter\libswscale_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libfluidsynth_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\video_filter\libatmo_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libspeex_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\control\libhotkeys_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libaraw_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\control\libglobalhotkeys_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\video_filter\libsharpen_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\video_filter\libyuvp_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_mixer\libfloat32_mixer_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\video_filter\libgrain_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\lua\liblua_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libdtstofloat32_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\liba52tofloat32_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libaudio_format_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\video_filter\libgradfun_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libdtstospdif_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libconverter_fixed_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\video_filter\libscale_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\meta_engine\libtaglib_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libsamplerate_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libmpgatofixed32_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libequalizer_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libscaletempo_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libsimple_channel_mixer_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libdolby_surround_decoder_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libugly_resampler_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\liba52tospdif_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\misc\libxml_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\mmxext\libmemcpymmxext_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\text_renderer\libfreetype_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\mmx\libi420_rgb_mmx_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi420_rgb_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\mmx\libi420_yuy2_mmx_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi420_yuy2_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\mmx\libi422_yuy2_mmx_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libyuy2_i422_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi422_i420_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\sse2\libi420_rgb_sse2_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\video_output\libdirect3d_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\video_output\libdirectx_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\sse2\libi420_yuy2_sse2_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\sse2\libi422_yuy2_sse2_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libyuy2_i420_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi422_yuy2_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libgrey_yuv_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libdvdnav_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libdshow_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\access\liblibbluray_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libzip_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libaccess_vdr_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libfilesystem_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libaccess_bd_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libstream_filter_rar_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libplaylist_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libmp4_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libstream_filter_dash_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libstream_filter_httplive_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\libvlc.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libstream_filter_record_plugin.dll ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\217eb642d94b1188dd41a80fe3476cb6\IAStorCommon.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorDataMgrSvcInt#\f62d4633c38df8ddcd9b18f103b494bd\IAStorDataMgrSvcInterfaces.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\769b1283b90cfa365a38efffeadc8fff\IAStorUtil.ni.dll ()
MOD - C:\Program Files (x86)\Hostless Modem\Telstra USB+Wi-Fi\CheckNDISPort_df.exe ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\56780b4bd164787631d4317d0556c3c0\UIAutomationClientsideProviders.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\f0f10d0591d11a36ee2aa8ee2fbdb2bf\System.WorkflowServices.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\4782a5d2bc7d86895faf404a3470aacb\System.ServiceModel.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\eca4310274a7a6ce651b33cd4278610c\UIAutomationClient.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\b4c60dd01be760ee0452df2c040de8fc\System.IdentityModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\e2642bff810609f64343e53dddb6b59c\System.ServiceModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\4a984a9ad59d14063bc6ae64a0c8f62a\System.Runtime.Serialization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\8218dc4808b77f3585fb048c61597af1\SMDiagnostics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\02d5be8209f0eac6f7725f8d83b87df6\System.Web.Services.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\da5da08245467818759aa44c4eb948e1\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\887ef2648686aad19feff405eddbffd2\System.EnterpriseServices.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\ad18f93fc713db2c4b29b25116c13bd8\System.Transactions.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\887ef2648686aad19feff405eddbffd2\System.EnterpriseServices.Wrapper.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\1e85062785e286cd9eae9c26d2c61f73\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\6820836e29efa97200d3fcfb4d0f170b\UIAutomationTypes.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\ab8ac659d9525c6a0cd22c6f3734862f\UIAutomationProvider.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\9859a6e0562f64eacfb8ad76f260a2d6\Accessibility.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf293040f3a93afa1ea782487acae816\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\d9a485330ec2708456134e4a9712a4ab\System.Security.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\4308c2310ca6f08c6e0068172e5b709f\System.Data.SqlXml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\461d3b6b3f43e6fbe6c897d5936e17e4\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bc09ad2d49d8535371845cd7532f9271\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (NvStreamSvc) -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation)
SRV:64bit: - (Intel® -- C:\Windows\SysNative\IPROSetMonitor.exe (Intel Corporation)
SRV:64bit: - (DTSAudioSvc) -- C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe (DTS, Inc)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (CltMngSvc) -- C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe (Conduit)
SRV - (LPTSystemUpdater) -- C:\Program Files (x86)\LPT\srpts.exe ()
SRV - (vToolbarUpdater18.0.5) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe (AVG Secure Search)
SRV - (hshld) -- C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe (AnchorFree Inc.)
SRV - (HssTrayService) -- C:\Program Files (x86)\Hotspot Shield\bin\HSSTrayService.exe ()
SRV - (HssWd) -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe ()
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (c2cautoupdatesvc) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation)
SRV - (c2cpnrsvc) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Microsoft Corporation)
SRV - (NvNetworkService) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (AtherosSvc) -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (Atheros Commnucations)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (wStLibG64) -- C:\Windows\SysNative\drivers\wStLibG64.sys (StdLib)
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (taphss6) -- C:\Windows\SysNative\drivers\taphss6.sys (Anchorfree Inc.)
DRV:64bit: - (HssDRV6) -- C:\Windows\SysNative\drivers\hssdrv6.sys (AnchorFree Inc.)
DRV:64bit: - (nvvad_WaveExtensible) -- C:\Windows\SysNative\drivers\nvvad64v.sys (NVIDIA Corporation)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.)
DRV:64bit: - (Avgloga) -- C:\Windows\SysNative\drivers\avgloga.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (asmtxhci) -- C:\Windows\SysNative\drivers\asmtxhci.sys (ASMedia Technology Inc)
DRV:64bit: - (asmthub3) -- C:\Windows\SysNative\drivers\asmthub3.sys (ASMedia Technology Inc)
DRV:64bit: - (iaStorF) -- C:\Windows\SysNative\drivers\iaStorF.sys (Intel Corporation)
DRV:64bit: - (iaStorA) -- C:\Windows\SysNative\drivers\iaStorA.sys (Intel Corporation)
DRV:64bit: - (asahci64) -- C:\Windows\SysNative\drivers\asahci64.sys (Asmedia Technology)
DRV:64bit: - (mv91cons) -- C:\Windows\SysNative\drivers\mv91cons.sys (Marvell Semiconductor Inc.)
DRV:64bit: - (mvs91xx) -- C:\Windows\SysNative\drivers\mvs91xx.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (e1cexpress) -- C:\Windows\SysNative\drivers\e1c62x64.sys (Intel Corporation)
DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\drivers\btfilter.sys (Atheros)
DRV:64bit: - (BTATH_HCRP) -- C:\Windows\SysNative\drivers\btath_hcrp.sys (Atheros)
DRV:64bit: - (BTATH_RCP) -- C:\Windows\SysNative\drivers\btath_rcp.sys (Atheros)
DRV:64bit: - (BTATH_LWFLT) -- C:\Windows\SysNative\drivers\btath_lwflt.sys (Atheros)
DRV:64bit: - (BTATH_A2DP) -- C:\Windows\SysNative\drivers\btath_a2dp.sys (Atheros)
DRV:64bit: - (ATHDFU) -- C:\Windows\SysNative\drivers\AthDfu.sys (Windows ® Win 7 DDK provider)
DRV:64bit: - (AthBTPort) -- C:\Windows\SysNative\drivers\btath_flt.sys (Atheros)
DRV:64bit: - (BTATH_BUS) -- C:\Windows\SysNative\drivers\btath_bus.sys (Atheros)
DRV:64bit: - (huawei_ext_ctrl) -- C:\Windows\SysNative\drivers\ew_juextctrl.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (huawei_cdcacm) -- C:\Windows\SysNative\drivers\ew_jucdcacm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (huawei_enumerator) -- C:\Windows\SysNative\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (huawei_wwanecm) -- C:\Windows\SysNative\drivers\ew_juwwanecm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (ew_usbenumfilter) -- C:\Windows\SysNative\drivers\ew_usbenumfilter.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (ew_hwusbdev) -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (RTL8192su) -- C:\Windows\SysNative\drivers\RTL8192su.sys (Realtek Semiconductor Corporation                           )
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (tsusbhub) -- C:\Windows\SysNative\drivers\tsusbhub.sys (Microsoft Corporation)
DRV:64bit: - (Synth3dVsc) -- C:\Windows\SysNative\drivers\Synth3dVsc.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (ZTEusbnet) -- C:\Windows\SysNative\drivers\ZTEusbnet.sys (ZTE Corporation)
DRV:64bit: - (ZTEusbnmea) -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys (ZTE Incorporated)
DRV:64bit: - (ZTEusbmdm6k) -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys (ZTE Incorporated)
DRV - (Hmonitor45) -- C:\Windows\SysWOW64\drivers\hmonitor45.sys (OpenLibSys.org)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snapdo.c...q={searchTerms}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.c...q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.c...q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...358E82BC4&SSPV=
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.ninemsn.com.au/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9A 99 FC 8B 0B 4C CF 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snapdo.c...q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snapdo.c...q={searchTerms}
IE - HKCU\..\SearchScopes,DefaultScope = {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snapdo.c...q={searchTerms}
IE - HKCU\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://search.condui...rchTerms}&SSPV=
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_199.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_199.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.0.5\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}: C:\PROGRAM FILES\V-BATES\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\15.3.0.11
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}: C:\Program Files\V-bates\Firefox
 
 
O1 HOSTS File: ([2009/06/11 07:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll File not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg_DTS] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [ShadowPlay] C:\Windows\SysNative\nvspcap64.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [tvncontrol] "C:\Program Files\TightVNC\tvnserver.exe" -controlservice -slave File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CheckNDISPort_df] C:\Program Files (x86)\Hostless Modem\Telstra USB+Wi-Fi\CheckNDISPort_df.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe Run File not found
O4 - HKCU..\Run: [Browser Infrastructure Helper] C:\Users\Locky\AppData\Local\Smartbar\Application\SnapDo.exe (Smartbar)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (Disc Soft Ltd)
O4 - HKCU..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [uTorrent] C:\Users\Locky\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455}  (ExentInf Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0D0054A8-6A0F-4C9A-A76F-3EB9557CC7D7}: DhcpNameServer = 10.143.147.147 10.143.147.148
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4ABE5F23-35B2-48F8-A403-5D158C973C81}: DhcpNameServer = 10.143.147.147 10.143.147.148
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{63028132-73F8-41A4-8DEE-CFC364554ACD}: DhcpNameServer = 10.143.147.147 10.143.147.148
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{63028132-73F8-41A4-8DEE-CFC364554ACD}: NameServer = 10.143.147.147 10.143.147.148
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{73D36460-CA81-4EB4-9BED-FE9E04E69318}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{74D9A283-BE47-4CA9-9D03-10A8756A33CB}: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9286E346-F9C1-4898-BCBB-2B3F79DAB721}: DhcpNameServer = 10.143.147.147 10.143.147.148
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A0EB1494-E492-4EF9-9ECC-2431BA8E9EA1}: DhcpNameServer = 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A325BABF-19D5-4B35-884C-BE187CF62C3D}: DhcpNameServer = 192.168.0.1 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AC5476FF-DF57-4E3B-BBE4-CF99AFE33995}: NameServer = 10.143.147.147 10.143.147.148
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BEC713B5-0566-48D4-8873-32B401CB6B90}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.0.5\ViProtocol.dll (AVG Secure Search)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll) - C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll (Conduit)
O20 - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll) - C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll (Conduit)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/09/21 03:03:23 | 000,000,041 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{55b46237-985f-11e2-bac4-00268339c5a6}\Shell - "" = AutoRun
O33 - MountPoints2\{55b46237-985f-11e2-bac4-00268339c5a6}\Shell\AutoRun\command - "" = E:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{55b462fa-985f-11e2-bac4-00268339c5a6}\Shell - "" = AutoRun
O33 - MountPoints2\{55b462fa-985f-11e2-bac4-00268339c5a6}\Shell\AutoRun\command - "" = E:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{55b46316-985f-11e2-bac4-00268339c5a6}\Shell - "" = AutoRun
O33 - MountPoints2\{55b46316-985f-11e2-bac4-00268339c5a6}\Shell\AutoRun\command - "" = E:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{6c5213d1-9e3d-11e2-bb70-00268339c5a6}\Shell - "" = AutoRun
O33 - MountPoints2\{6c5213d1-9e3d-11e2-bb70-00268339c5a6}\Shell\AutoRun\command - "" = E:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{84de1ce2-1f58-11e2-b017-00268339c5a6}\Shell - "" = AutoRun
O33 - MountPoints2\{84de1ce2-1f58-11e2-b017-00268339c5a6}\Shell\AutoRun\command - "" = E:\autorun.exe
O33 - MountPoints2\{8f9899ef-17e0-11e2-8728-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{8f9899ef-17e0-11e2-8728-806e6f6e6963}\Shell\AutoRun\command - "" = D:\.\Bin\ASSETUP.exe
O33 - MountPoints2\{b0328562-b4d3-11e2-bcbf-00268339c5a6}\Shell - "" = AutoRun
O33 - MountPoints2\{b0328562-b4d3-11e2-bcbf-00268339c5a6}\Shell\AutoRun\command - "" = E:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{e59f97bb-ce97-11e2-ad06-00268339c5a6}\Shell - "" = AutoRun
O33 - MountPoints2\{e59f97bb-ce97-11e2-ad06-00268339c5a6}\Shell\AutoRun\command - "" = F:\setup.exe -- [2012/09/21 03:04:10 | 000,356,922 | R--- | M] (                                                            )
O33 - MountPoints2\{ecf00d9d-b4a3-11e2-ba1a-3085a99a00b3}\Shell - "" = AutoRun
O33 - MountPoints2\{ecf00d9d-b4a3-11e2-ba1a-3085a99a00b3}\Shell\AutoRun\command - "" = E:\setup_vmb_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.vorbis - C:\Windows\SysWow64\vorbis.acm (HMS http://hp.vector.co....hors/VA012897/)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/04/19 02:58:31 | 000,000,000 | ---D | C] -- C:\Users\Locky\AppData\Roaming\TightVNC
[2014/04/19 02:40:06 | 000,000,000 | ---D | C] -- C:\Users\Locky\AppData\Local\SearchProtect
[2014/04/19 02:40:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SearchProtect
[2014/04/19 02:00:28 | 000,061,112 | ---- | C] (StdLib) -- C:\Windows\SysNative\drivers\wStLibG64.sys
[2014/04/18 20:49:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LPT
[2014/04/18 20:48:35 | 000,000,000 | ---D | C] -- C:\Users\Locky\AppData\Local\LPT
[2014/04/18 20:48:34 | 000,000,000 | ---D | C] -- C:\Users\Locky\AppData\Local\Smartbar
[2014/04/18 20:47:43 | 000,000,000 | ---D | C] -- C:\Users\Locky\AppData\Local\FilesFrog Update Checker
[2014/04/18 08:12:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2014/04/15 21:31:18 | 000,054,984 | ---- | C] (AnchorFree Inc.) -- C:\Windows\SysNative\drivers\hssdrv6.sys
[2014/04/15 13:35:26 | 000,240,952 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys
[2014/03/27 11:08:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
[2014/03/27 11:04:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\World of Warcraft
[2014/03/22 21:50:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/04/19 11:57:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/04/19 11:57:00 | 000,000,282 | ---- | M] () -- C:\Windows\tasks\FF Watcher {AE6EEC99-09A4-4BB4-B518-872EEDE8AFEA}.job
[2014/04/19 11:33:17 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/04/19 03:41:32 | 175,537,914 | ---- | M] () -- C:\Users\Locky\Desktop\ladchloedaniel_4k.mp4.crdownload
[2014/04/19 02:00:28 | 000,061,112 | ---- | M] (StdLib) -- C:\Windows\SysNative\drivers\wStLibG64.sys
[2014/04/19 01:03:51 | 000,023,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/04/19 01:03:51 | 000,023,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/04/19 00:58:41 | 000,779,966 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/04/19 00:58:41 | 000,660,618 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/04/19 00:58:41 | 000,121,044 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/04/19 00:52:52 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/04/19 00:52:47 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
[2014/04/19 00:52:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/04/19 00:52:32 | 2108,284,927 | -HS- | M] () -- C:\hiberfil.sys
[2014/04/18 21:58:25 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/04/18 21:58:25 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/04/15 21:57:00 | 343,094,861 | ---- | M] () -- C:\Users\Locky\Desktop\IMG_0478.MOV
[2014/04/15 21:30:33 | 000,001,048 | ---- | M] () -- C:\Users\Public\Desktop\Hotspot Shield.lnk
[2014/04/15 13:35:26 | 000,240,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys
[2014/04/13 11:37:09 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/03/27 11:08:39 | 000,001,238 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2014/03/22 21:50:21 | 000,002,212 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2014/03/21 17:00:46 | 000,049,952 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/04/19 03:35:23 | 175,537,914 | ---- | C] () -- C:\Users\Locky\Desktop\ladchloedaniel_4k.mp4.crdownload
[2014/04/19 00:27:00 | 000,000,282 | ---- | C] () -- C:\Windows\tasks\FF Watcher {AE6EEC99-09A4-4BB4-B518-872EEDE8AFEA}.job
[2014/04/18 21:02:44 | 343,094,861 | ---- | C] () -- C:\Users\Locky\Desktop\IMG_0478.MOV
[2014/03/27 11:08:39 | 000,001,238 | ---- | C] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2014/03/22 21:50:21 | 000,002,212 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013/07/18 13:32:34 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2013/07/18 13:32:34 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2013/07/18 13:32:34 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2013/07/18 13:32:34 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2013/03/14 18:22:12 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2012/11/14 17:57:31 | 000,000,049 | ---- | C] () -- C:\Users\Locky\jagex_cl_runescape_LIVE_BETA.dat
[2012/10/30 09:54:47 | 000,000,012 | ---- | C] () -- C:\Users\Locky\jagexappletviewer.preferences
[2012/10/27 18:19:52 | 000,000,046 | ---- | C] () -- C:\Users\Locky\jagex_cl_speccollect_LIVE.dat
[2012/10/27 17:58:40 | 000,000,044 | ---- | C] () -- C:\Users\Locky\jagex_cl_runescape_LIVE.dat
[2012/10/27 17:29:04 | 000,000,046 | ---- | C] () -- C:\Users\Locky\jagex_cl_loginapplet_LIVE.dat
[2012/10/27 17:29:04 | 000,000,024 | ---- | C] () -- C:\Users\Locky\random.dat
[2012/10/17 20:26:50 | 000,007,605 | ---- | C] () -- C:\Users\Locky\AppData\Local\Resmon.ResmonCfg
[2012/10/16 20:05:02 | 000,773,778 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/10/16 17:45:06 | 000,052,038 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2012/10/16 17:41:57 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012/10/16 17:41:53 | 000,036,736 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2012/07/03 06:11:02 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\theowl.dll
 
========== ZeroAccess Check ==========
 
[2009/07/14 14:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2010/11/21 13:23:55 | 014,174,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010/11/21 13:24:02 | 012,872,192 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 11:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 13:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 11:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/07/03 16:50:55 | 000,000,000 | ---D | M] -- C:\Users\Locky\AppData\Roaming\.minecraft
[2012/10/19 20:49:57 | 000,000,000 | ---D | M] -- C:\Users\Locky\AppData\Roaming\AVG2013
[2014/03/16 12:06:58 | 000,000,000 | ---D | M] -- C:\Users\Locky\AppData\Roaming\Battle.net
[2013/06/25 23:24:52 | 000,000,000 | ---D | M] -- C:\Users\Locky\AppData\Roaming\Bitcoin
[2012/10/20 17:16:09 | 000,000,000 | ---D | M] -- C:\Users\Locky\AppData\Roaming\Bitmeter2
[2013/09/28 21:41:30 | 000,000,000 | ---D | M] -- C:\Users\Locky\AppData\Roaming\DAEMON Tools Lite
[2013/11/06 20:50:42 | 000,000,000 | ---D | M] -- C:\Users\Locky\AppData\Roaming\FlowStone
[2013/09/07 21:26:13 | 000,000,000 | ---D | M] -- C:\Users\Locky\AppData\Roaming\Image-Line
[2012/10/27 11:51:43 | 000,000,000 | ---D | M] -- C:\Users\Locky\AppData\Roaming\LolClient
[2014/02/23 07:53:09 | 000,000,000 | ---D | M] -- C:\Users\Locky\AppData\Roaming\PacificPoker
[2013/11/13 11:24:27 | 000,000,000 | ---D | M] -- C:\Users\Locky\AppData\Roaming\redsn0w
[2014/03/24 04:48:23 | 000,000,000 | ---D | M] -- C:\Users\Locky\AppData\Roaming\Samsung
[2014/04/19 02:58:31 | 000,000,000 | ---D | M] -- C:\Users\Locky\AppData\Roaming\TightVNC
[2012/10/19 20:47:31 | 000,000,000 | ---D | M] -- C:\Users\Locky\AppData\Roaming\TuneUp Software
[2014/04/19 12:15:02 | 000,000,000 | ---D | M] -- C:\Users\Locky\AppData\Roaming\uTorrent
[2013/03/29 21:19:39 | 000,000,000 | ---D | M] -- C:\Users\Locky\AppData\Roaming\Vodafone
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %USERPROFILE%\..|smtmp;true;true;true /FP >
 
< %temp%\smtmp\*.* /s > >
 
< MD5 for: EXPLORER.ADML  >
[2010/11/21 17:06:30 | 000,003,695 | ---- | M] () MD5=7A4C7F3CB156543113596988479CAFCE -- C:\Windows\PolicyDefinitions\en-US\Explorer.adml
[2010/11/21 17:06:30 | 000,003,695 | ---- | M] () MD5=7A4C7F3CB156543113596988479CAFCE -- C:\Windows\winsxs\amd64_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.1.7600.16385_en-us_7ef5713984067904\Explorer.adml
 
< MD5 for: EXPLORER.ADMX  >
[2009/06/11 06:53:55 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\PolicyDefinitions\Explorer.admx
[2009/06/11 06:53:55 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\winsxs\amd64_microsoft-windows-shell-grouppolicy_31bf3856ad364e35_6.1.7600.16385_none_71af9b5b0a86e6b7\Explorer.admx
 
< MD5 for: EXPLORER.EXE  >
[2010/11/21 13:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SysWOW64\explorer.exe
[2010/11/21 13:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010/11/21 13:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\explorer.exe
[2010/11/21 13:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2012/11/13 14:07:52 | 003,906,584 | ---- | M] (Safer-Networking Ltd.) MD5=E4A0900CF535888DDD85B10040CA3E34 -- C:\Program Files (x86)\Spybot - Search & Destroy 2\explorer.exe
 
< MD5 for: EXPLORER.EXE.716.DMP  >
[2014/04/19 00:43:02 | 316,303,786 | ---- | M] () MD5=FC7A4209ED55E3D43D41F3585EA5354F -- C:\Windows\Temp\AtherosAppDump\explorer.exe.716.dmp
 
< MD5 for: EXPLORER.EXE.MUI  >
[2010/11/21 17:06:17 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=4B87EEFDC8E253F846A7DFB49A8E6C70 -- C:\Windows\en-US\explorer.exe.mui
[2010/11/21 17:06:17 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=4B87EEFDC8E253F846A7DFB49A8E6C70 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_61e778c48d52d19b\explorer.exe.mui
[2010/11/21 17:06:19 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- C:\Windows\SysWOW64\en-US\explorer.exe.mui
[2010/11/21 17:06:19 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_6c3c2316c1b39396\explorer.exe.mui
 
< MD5 for: IEXPLORE.EXE  >
[2010/11/21 13:24:43 | 000,695,056 | ---- | M] (Microsoft Corporation) MD5=86257731DDB311FBC283534CC0091634 -- C:\Program Files\Internet Explorer\iexplore.exe
[2010/11/21 13:24:43 | 000,695,056 | ---- | M] (Microsoft Corporation) MD5=86257731DDB311FBC283534CC0091634 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_1196a9003b674a92\iexplore.exe
[2010/11/21 13:25:08 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=C613E69C3B191BB02C7A191741A1D024 -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
[2010/11/21 13:25:08 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=C613E69C3B191BB02C7A191741A1D024 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_1beb53526fc80c8d\iexplore.exe
 
< MD5 for: IEXPLORE.EXE.MUI  >
[2009/07/14 12:29:20 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=C29BCFB504E33FEADDFA2D0183CEF62F -- C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui
[2009/07/14 12:29:20 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=C29BCFB504E33FEADDFA2D0183CEF62F -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7601.17514_en-us_0b433e7773148b79\iexplore.exe.mui
[2009/07/14 12:05:06 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=FBA4CD95930248053A2C3F43CA70B986 -- C:\Program Files (x86)\Internet Explorer\en-US\iexplore.exe.mui
[2009/07/14 12:05:06 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=FBA4CD95930248053A2C3F43CA70B986 -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7601.17514_en-us_1597e8c9a7754d74\iexplore.exe.mui
 
< MD5 for: SERVICES  >
[2009/06/11 07:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services
 
< MD5 for: SERVICES.EXE  >
[2009/07/14 11:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/14 11:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
 
< MD5 for: SERVICES.EXE.MUI  >
[2010/11/21 17:06:16 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui
[2010/11/21 17:06:16 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui
 
< MD5 for: SERVICES.LNK  >
[2009/07/14 14:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
 
< MD5 for: SERVICES.MOF  >
[2009/06/11 06:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/11 06:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof
 
< MD5 for: SERVICES.MSC  >
[2010/11/21 17:06:14 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2009/06/11 06:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2010/11/21 17:06:17 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/06/11 07:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2010/11/21 17:06:14 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/11 06:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2010/11/21 17:06:17 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/11 07:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc
 
< MD5 for: SERVICES.PTXML  >
[2009/07/14 06:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/14 06:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml
 
< MD5 for: SERVICES.SBS  >
[2011/03/01 08:58:46 | 000,034,818 | ---- | M] () MD5=62AFD4B2025CE6D4706B36F4C4808F9B -- C:\Program Files (x86)\Spybot - Search & Destroy 2\Includes\Services.sbs
 
< MD5 for: WINLOGON.ADML  >
[2010/11/21 17:06:30 | 000,008,013 | ---- | M] () MD5=CED0EAD8D152B3D0F114698DE2316C5E -- C:\Windows\PolicyDefinitions\en-US\WinLogon.adml
[2010/11/21 17:06:30 | 000,008,013 | ---- | M] () MD5=CED0EAD8D152B3D0F114698DE2316C5E -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_f0f9032ef6930070\WinLogon.adml
 
< MD5 for: WINLOGON.ADMX  >
[2009/06/11 07:04:41 | 000,005,237 | ---- | M] () MD5=89D8F50E186A16C2CED3CF36DBBC0B2C -- C:\Windows\PolicyDefinitions\WinLogon.admx
[2009/06/11 07:04:41 | 000,005,237 | ---- | M] () MD5=89D8F50E186A16C2CED3CF36DBBC0B2C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-adm_31bf3856ad364e35_6.1.7600.16385_none_d7024e6992f3424d\WinLogon.admx
 
< MD5 for: WINLOGON.EXE  >
[2010/11/21 13:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/21 13:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
 
< MD5 for: WINLOGON.EXE.MUI  >
[2010/11/21 17:06:14 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=34C7D2E30868EDAFB191341D963ABA5F -- C:\Windows\SysNative\en-US\winlogon.exe.mui
[2010/11/21 17:06:14 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=34C7D2E30868EDAFB191341D963ABA5F -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.1.7601.17514_en-us_291e96fa1ab5fc7b\winlogon.exe.mui
 
< MD5 for: WINLOGON.MFL  >
[2010/11/21 17:06:15 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\SysNative\wbem\en-US\winlogon.mfl
[2010/11/21 17:06:15 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-mof.resources_31bf3856ad364e35_6.1.7600.16385_en-us_84afd4fd38ffd276\winlogon.mfl
 
< MD5 for: WINLOGON.MOF  >
[2009/07/14 06:30:01 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\SysNative\wbem\winlogon.mof
[2009/07/14 06:30:01 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-mof_31bf3856ad364e35_6.1.7600.16385_none_dc2dbb778f98e40f\winlogon.mof
 
< %SYSTEMDRIVE%\*.* >
[2014/04/19 00:52:32 | 2108,284,927 | -HS- | M] () -- C:\hiberfil.sys
[2014/04/19 00:52:31 | 4242,706,431 | -HS- | M] () -- C:\pagefile.sys
[2012/10/16 17:55:35 | 000,002,187 | ---- | M] () -- C:\RHDSetup.log
 
< %systemroot%\Fonts\*.com >
[2009/07/14 15:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 15:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 15:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 15:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
 
< %systemroot%\Fonts\*.dll >
 
< %systemroot%\Fonts\*.ini >
[2009/06/11 06:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini
 
< %systemroot%\Fonts\*.ini2 >
 
< %systemroot%\Fonts\*.exe >
 
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
 
< %systemroot%\REPAIR\*.bak1 >
 
< %systemroot%\REPAIR\*.ini >
 
< %systemroot%\system32\*.jpg >
 
< %systemroot%\*.jpg >
 
< %systemroot%\*.png >
 
< %systemroot%\*.scr >
 
< %systemroot%\*._sy >
 
< %APPDATA%\Adobe\Update\*.* >
 
< %ALLUSERSPROFILE%\Favorites\*.* >
 
< %APPDATA%\Microsoft\*.* >
 
< %PROGRAMFILES%\*.* >
[2009/07/14 14:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
 
< %APPDATA%\Update\*.* >
 
< %systemroot%\*. /mp /s >
 
< dir "%systemdrive%\*" /S /A:L /C >
 Volume in drive C has no label.
 Volume Serial Number is C267-43C4
 Directory of C:\
14/07/2009  03:08 PM    <JUNCTION>     Documents and Settings [C:\Users]
               0 File(s)              0 bytes
 Directory of C:\ProgramData
14/07/2009  03:08 PM    <JUNCTION>     Application Data [C:\ProgramData]
14/07/2009  03:08 PM    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
14/07/2009  03:08 PM    <JUNCTION>     Documents [C:\Users\Public\Documents]
14/07/2009  03:08 PM    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
14/07/2009  03:08 PM    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009  03:08 PM    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users
14/07/2009  03:08 PM    <SYMLINKD>     All Users [C:\ProgramData]
14/07/2009  03:08 PM    <JUNCTION>     Default User [C:\Users\Default]
               0 File(s)              0 bytes
 Directory of C:\Users\All Users
14/07/2009  03:08 PM    <JUNCTION>     Application Data [C:\ProgramData]
14/07/2009  03:08 PM    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
14/07/2009  03:08 PM    <JUNCTION>     Documents [C:\Users\Public\Documents]
14/07/2009  03:08 PM    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
14/07/2009  03:08 PM    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009  03:08 PM    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Default
14/07/2009  03:08 PM    <JUNCTION>     Application Data [C:\Users\Default\AppData\Roaming]
14/07/2009  03:08 PM    <JUNCTION>     Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
14/07/2009  03:08 PM    <JUNCTION>     Local Settings [C:\Users\Default\AppData\Local]
14/07/2009  03:08 PM    <JUNCTION>     My Documents [C:\Users\Default\Documents]
14/07/2009  03:08 PM    <JUNCTION>     NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
14/07/2009  03:08 PM    <JUNCTION>     PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
14/07/2009  03:08 PM    <JUNCTION>     Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
14/07/2009  03:08 PM    <JUNCTION>     SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
14/07/2009  03:08 PM    <JUNCTION>     Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
14/07/2009  03:08 PM    <JUNCTION>     Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Default\AppData\Local
14/07/2009  03:08 PM    <JUNCTION>     Application Data [C:\Users\Default\AppData\Local]
14/07/2009  03:08 PM    <JUNCTION>     History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009  03:08 PM    <JUNCTION>     Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Default\Documents
14/07/2009  03:08 PM    <JUNCTION>     My Music [C:\Users\Default\Music]
14/07/2009  03:08 PM    <JUNCTION>     My Pictures [C:\Users\Default\Pictures]
14/07/2009  03:08 PM    <JUNCTION>     My Videos [C:\Users\Default\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\fbwuser
13/07/2013  12:27 PM    <JUNCTION>     Application Data [C:\Users\fbwuser\AppData\Roaming]
13/07/2013  12:27 PM    <JUNCTION>     Cookies [C:\Users\fbwuser\AppData\Roaming\Microsoft\Windows\Cookies]
13/07/2013  12:27 PM    <JUNCTION>     Local Settings [C:\Users\fbwuser\AppData\Local]
13/07/2013  12:27 PM    <JUNCTION>     My Documents [C:\Users\fbwuser\Documents]
13/07/2013  12:27 PM    <JUNCTION>     NetHood [C:\Users\fbwuser\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
13/07/2013  12:27 PM    <JUNCTION>     PrintHood [C:\Users\fbwuser\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
13/07/2013  12:27 PM    <JUNCTION>     Recent [C:\Users\fbwuser\AppData\Roaming\Microsoft\Windows\Recent]
13/07/2013  12:27 PM    <JUNCTION>     SendTo [C:\Users\fbwuser\AppData\Roaming\Microsoft\Windows\SendTo]
13/07/2013  12:27 PM    <JUNCTION>     Start Menu [C:\Users\fbwuser\AppData\Roaming\Microsoft\Windows\Start Menu]
13/07/2013  12:27 PM    <JUNCTION>     Templates [C:\Users\fbwuser\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\fbwuser\AppData\Local
13/07/2013  12:27 PM    <JUNCTION>     Application Data [C:\Users\fbwuser\AppData\Local]
13/07/2013  12:27 PM    <JUNCTION>     History [C:\Users\fbwuser\AppData\Local\Microsoft\Windows\History]
13/07/2013  12:27 PM    <JUNCTION>     Temporary Internet Files [C:\Users\fbwuser\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\fbwuser\Documents
13/07/2013  12:27 PM    <JUNCTION>     My Music [C:\Users\fbwuser\Music]
13/07/2013  12:27 PM    <JUNCTION>     My Pictures [C:\Users\fbwuser\Pictures]
13/07/2013  12:27 PM    <JUNCTION>     My Videos [C:\Users\fbwuser\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\Locky
16/10/2012  05:37 PM    <JUNCTION>     Application Data [C:\Users\Locky\AppData\Roaming]
16/10/2012  05:37 PM    <JUNCTION>     Cookies [C:\Users\Locky\AppData\Roaming\Microsoft\Windows\Cookies]
16/10/2012  05:37 PM    <JUNCTION>     Local Settings [C:\Users\Locky\AppData\Local]
16/10/2012  05:37 PM    <JUNCTION>     My Documents [C:\Users\Locky\Documents]
16/10/2012  05:37 PM    <JUNCTION>     NetHood [C:\Users\Locky\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
16/10/2012  05:37 PM    <JUNCTION>     PrintHood [C:\Users\Locky\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
16/10/2012  05:37 PM    <JUNCTION>     Recent [C:\Users\Locky\AppData\Roaming\Microsoft\Windows\Recent]
16/10/2012  05:37 PM    <JUNCTION>     SendTo [C:\Users\Locky\AppData\Roaming\Microsoft\Windows\SendTo]
16/10/2012  05:37 PM    <JUNCTION>     Start Menu [C:\Users\Locky\AppData\Roaming\Microsoft\Windows\Start Menu]
16/10/2012  05:37 PM    <JUNCTION>     Templates [C:\Users\Locky\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Locky\AppData\Local
16/10/2012  05:37 PM    <JUNCTION>     Application Data [C:\Users\Locky\AppData\Local]
16/10/2012  05:37 PM    <JUNCTION>     History [C:\Users\Locky\AppData\Local\Microsoft\Windows\History]
16/10/2012  05:37 PM    <JUNCTION>     Temporary Internet Files [C:\Users\Locky\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Locky\Documents
16/10/2012  05:37 PM    <JUNCTION>     My Music [C:\Users\Locky\Music]
16/10/2012  05:37 PM    <JUNCTION>     My Pictures [C:\Users\Locky\Pictures]
16/10/2012  05:37 PM    <JUNCTION>     My Videos [C:\Users\Locky\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\Public\Documents
14/07/2009  03:08 PM    <JUNCTION>     My Music [C:\Users\Public\Music]
14/07/2009  03:08 PM    <JUNCTION>     My Pictures [C:\Users\Public\Pictures]
14/07/2009  03:08 PM    <JUNCTION>     My Videos [C:\Users\Public\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\UpdatusUser
16/10/2012  08:39 PM    <JUNCTION>     PrintHood [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
16/10/2012  08:39 PM    <JUNCTION>     Recent [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Recent]
16/10/2012  08:39 PM    <JUNCTION>     SendTo [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\SendTo]
16/10/2012  08:39 PM    <JUNCTION>     Start Menu [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu]
16/10/2012  08:39 PM    <JUNCTION>     Templates [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
     Total Files Listed:
               0 File(s)              0 bytes
              71 Dir(s)  419,141,378,048 bytes free
 
< %systemroot%\System32\config\*.sav >
 
< %PROGRAMFILES%\bak. /s >
 
< %systemroot%\system32\bak. /s >
 
< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
 
< %systemroot%\system32\config\systemprofile\*.dat /x >
 
< %systemroot%\*.config >
 
< %systemroot%\system32\*.db >
 
< %PROGRAMFILES%\Internet Explorer\*.dat >
 
< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2012/10/16 21:06:49 | 000,000,221 | -HS- | M] () -- C:\Users\Locky\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
 
< %USERPROFILE%\Desktop\*.exe >
[2014/03/02 06:32:22 | 019,430,926 | ---- | M] () -- C:\Users\Locky\Desktop\evasi0n7.exe
 
< %PROGRAMFILES%\Common Files\*.* >
 
< %systemroot%\*.src >
 
< %systemroot%\install\*.* >
 
< %systemroot%\system32\DLL\*.* >
 
< %systemroot%\system32\HelpFiles\*.* >
 
< %systemroot%\system32\rundll\*.* >
 
< %systemroot%\winn32\*.* >
 
< %systemroot%\Java\*.* >
 
< %systemroot%\system32\test\*.* >
 
< %systemroot%\system32\Rundll32\*.* >
 
< %systemroot%\AppPatch\Custom\*.* >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
 
< End of report >
 
 
 
 
 
 
 
 
 
 
-----------------------------------------------------------------------------------------------------
 
& Here is the "Extras.txt" from the same OTL scan:
 
-----------------------------------------------------------------------------------------------------
 
 
 
 
 
 
 
 
 
 

OTL Extras logfile created on: 19/04/2014 12:11:19 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Locky\Desktop\Anti V and MalwareSpyware\VirisMalware Removal
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy
 
7.95 Gb Total Physical Memory | 4.39 Gb Available Physical Memory | 55.17% Memory free
15.90 Gb Paging File | 12.17 Gb Available in Paging File | 76.55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 390.44 Gb Free Space | 41.92% Space Free | Partition Type: NTFS
Drive D: | 6.97 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 1.58 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: LOCKY-PC | User Name: Locky | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00416413-575B-4A04-93B1-21F98B9D41CC}" = lport=445 | protocol=6 | dir=in | app=system | 
"{0205FF9D-9C01-4DEA-9D3D-FEEBD091F6A1}" = lport=137 | protocol=17 | dir=in | app=system | 
"{16775F09-ABB2-4B84-98D1-BF5253E74F41}" = rport=445 | protocol=6 | dir=out | app=system | 
"{1C29E3FC-3F53-4151-B73B-D88337490DDF}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{25510377-CCD1-495F-ABF7-9A3DAF232EC0}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{284DA7BC-0B7D-4F58-9734-8AADB97E5943}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{31A0B6A3-A81D-4BD5-A34C-2D7FE8174F91}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{3EBDA00B-AA03-47D8-88CE-985D38841155}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{3F9F78ED-11E2-42E5-A70C-3CB3F0757F5A}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{47540044-2C34-461B-A77A-4F057972E28A}" = lport=138 | protocol=17 | dir=in | app=system | 
"{4D0F2007-4250-4EDA-A9D8-249827EEBE12}" = lport=443 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe | 
"{4D36D48B-3304-4711-9671-9F906B11B815}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe | 
"{55F319D3-80DF-4392-A739-93B88F888348}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{563BCBB4-3FE2-4E2C-BECD-F0E4867E9C41}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{6664AD4F-4109-4FF6-B8F0-F2EAAD833C36}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{6A11BD00-BA88-4670-9F32-A22748F1FC34}" = lport=139 | protocol=6 | dir=in | app=system | 
"{6BAB047D-D4C1-4783-A747-A6D81BC209FE}" = lport=80 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe | 
"{6BED22F9-230F-4CC0-B212-EDEA4B01403D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{6BF923D6-5735-4075-BAF3-A16896DC4B65}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{6C3727A5-9126-4D57-B2EC-82EE79CF4963}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | 
"{6CFA85A0-1D86-4E10-8E60-6CC5EE8A1EE6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{8622CBCE-FB91-4D13-A1A3-C7B80559E443}" = rport=138 | protocol=17 | dir=out | app=system | 
"{A123F875-CDBE-4B81-BF67-622A30B3ED24}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A7A6BA36-9807-4B55-A8F9-B54E6FD1A296}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{AEB26A6F-1AB6-4922-BD2E-CF2E04F935D1}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B70409D3-6AF1-4E5E-A1EE-B75DCB940BA4}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe | 
"{B83753FD-5DD8-4C74-8C25-27939480C00F}" = rport=139 | protocol=6 | dir=out | app=system | 
"{BE4EAF76-FDDF-4B78-B28C-5AC4FDF0258D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D8CFAE21-6664-45FC-8C7C-012F9CEE9106}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E516BD04-3F8F-4DFB-AF5D-8E638BBDCB7D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{E9AF6523-C612-4586-BD9D-E01FABB83920}" = rport=137 | protocol=17 | dir=out | app=system | 
"{EE33633C-D43C-496F-9492-CAF0DFA7C788}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{F0CF95E1-DC3E-4C66-BA79-64AD6FF46112}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | 
"{F9EC38B6-E0C8-481F-A9A3-3CDA0EDBF599}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{FC699D68-6478-416D-9163-FA16851541CE}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00383AC8-69BF-40B2-839D-BF76F525E8C7}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{039D8DE8-DAB1-485D-973A-E07A22F06CA5}" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield 2\bf2.exe | 
"{08E9C28B-2E5D-41CE-B2AC-342CBCE8BE4D}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{0ACB49E4-089B-4241-9E7D-FD6B495B095D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{0F2F4E39-1039-4F1A-9B15-831C09CC4398}" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield 2\bf2.exe | 
"{1109CF1D-9EA4-4E50-8681-16C177E21F45}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{1279D3EB-FC84-40B9-8A00-0E586E3DE6AD}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe | 
"{164C037A-6814-477F-A4C6-2FC1C0178EE5}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{18C23583-B15E-42E9-9F62-BDB6A2FD2AD8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{2B039464-D893-417B-9D23-944035A8684C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{2E466C98-0AD2-47E9-BB84-5641A1281616}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2753\agent.exe | 
"{2E51E75E-4E7D-4275-AECA-4F958A5ACA06}" = protocol=6 | dir=in | app=c:\users\locky\desktop\world of warcraft\wow-x.x.x.x-4.0.0.12911-downloader.exe | 
"{35E542A5-FC08-497E-B14D-3683B6B870B8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{36683ED2-0BCC-4C7D-BF3D-3D7175769CE3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{3A3584E4-7223-4CB1-95D5-DF2E5061A069}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe | 
"{4BCC3509-D95D-47A9-AA7F-031026BEE9EA}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2753\agent.exe | 
"{4C7E4C9C-792B-4894-9EA1-4C153A514686}" = protocol=6 | dir=in | app=c:\program files (x86)\battle.net\battle.net.exe | 
"{4D7E9FB7-9EB7-40C7-95A0-C7C934D2C6B7}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
"{4DCA03E4-CD8E-4823-B1E1-5C6943F79673}" = protocol=17 | dir=in | app=c:\users\locky\appdata\roaming\utorrent\utorrent.exe | 
"{4E403F47-F6F8-40B0-88F0-B24D2240EDF0}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{4EAC3F63-4C25-4D49-9D3B-5F257F80783F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{551B2D11-65F9-441A-A499-A0CC2C0F8DEB}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe | 
"{5892EAAB-D0A7-44D7-B481-451661CF7D21}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{5903BF64-75BC-4C60-A4CD-91ECA5ECE3C1}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{5BBCC786-EB79-4FF6-B9F2-9CAC10188181}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{68886F62-D4A5-4A85-986A-3CCCCF308847}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{6FE07BAC-3C69-4149-B806-143A711831AA}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
"{702081AF-C78D-4BD5-9B05-223631459D4B}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{73FBBA72-2657-4D36-ACD8-19DC5368B267}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{776995CF-A3A3-4205-AF1D-2082B1EE773A}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | 
"{78C3C15E-2A0B-46ED-B77B-E25617CB57DD}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"{7A3F8176-DC3A-48E5-9234-DF8A6734369A}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2737\agent.exe | 
"{87780BFB-2A4E-4D4C-83E2-400CDA11C677}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2717\agent.exe | 
"{878AD1B2-DD34-4F7B-98BA-5640D897D8A6}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | 
"{8793A6C0-D462-4EF2-9A04-DE14F38B2EFF}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2717\agent.exe | 
"{8F495A55-7517-4C40-AD60-F48ED1D161AB}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | 
"{940E4215-8F1F-4F89-B004-8DFB17CB86B8}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{9530D582-D039-4102-9C48-8735E5AFAF8E}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe | 
"{95E5AA83-6D8A-424C-81D2-63D7546CDC7C}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
"{9A506EF6-D08D-4A84-8511-05BC1F18979A}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{A27BCD74-62A8-4ED7-A69D-689F6A6B9F11}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | 
"{A8B3A8CA-8FA4-4680-8E05-60C6776401EE}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe | 
"{AB50B738-E6F9-46DC-A19A-990FF77D1611}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{B09F1D8C-CC7F-482D-A0F0-CFE1BC737AC9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{B24BD279-B8C0-4840-BA0A-922977D36E61}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
"{C072C30A-4AA6-4C77-BCDF-1A6071117A7A}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe | 
"{C73CA31A-19A0-4DBA-B16E-729109F0B665}" = protocol=6 | dir=out | app=system | 
"{C9CB3696-1DC0-4BEB-A9B6-227ED5862A4E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{CAB3247F-E814-4840-9369-9A37F30496CD}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"{D23BF926-6951-4499-B416-26AD9B0BE6D7}" = protocol=17 | dir=in | app=c:\users\locky\desktop\world of warcraft\wow-x.x.x.x-4.0.0.12911-downloader.exe | 
"{D264F302-F50B-4D3A-960A-DB2ED609CB8E}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | 
"{D39B6105-783C-4BDC-9DB8-FED911765ACD}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | 
"{D7B26D28-248D-4A93-BC4E-C89C158C5970}" = protocol=6 | dir=in | app=c:\users\locky\appdata\roaming\utorrent\utorrent.exe | 
"{DAF72993-2F78-4AF1-A845-B89859EECBF0}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | 
"{E187A93A-03C5-44E9-862F-5C57244A3E8B}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe | 
"{E63394FB-7E18-4568-BFBC-A27FF0ED9D4C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{E7CDC860-39A2-4406-96E8-777BFBCD7129}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{E8B0DF51-E178-4125-ABB0-C3ACBE638659}" = protocol=17 | dir=in | app=c:\program files (x86)\battle.net\battle.net.exe | 
"{E912572D-5E57-4826-A250-33E74959BB9E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{EADE3C9D-04AF-480D-ACD8-80838A528E65}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | 
"{EF8C1C92-5D70-449D-BC35-7F37A1723DC6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{F517C3C5-C157-4747-AD5E-5FF54999F2FD}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe | 
"{F8F95A69-D865-4613-B7A5-99D281A3B992}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe | 
"{FA29214E-E487-400D-AFDA-8F1ADFD5A2DA}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{FA619484-7959-489C-B262-14E507D96E54}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2737\agent.exe | 
"{FBD2E479-36B6-4130-BF24-F66B1EEEA835}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe | 
"TCP Query User{1C049751-2E24-4EAF-8717-7915BA56E8B6}C:\program files (x86)\bitcoin\bitcoin-qt.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bitcoin\bitcoin-qt.exe | 
"TCP Query User{505FB91B-8005-4000-9A77-32D551F600CE}C:\westwood\sun\game.exe" = protocol=6 | dir=in | app=c:\westwood\sun\game.exe | 
"TCP Query User{5118AF79-E8D3-4652-AAB8-6D334421F011}C:\program files (x86)\ea games\battlefield 2\bf2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield 2\bf2.exe | 
"TCP Query User{8044B874-E6D6-4284-AD19-75CAD37BB4C3}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"TCP Query User{8119065E-E990-4E34-9E98-6DF791750F63}C:\westwood\sun\game.icd" = protocol=6 | dir=in | app=c:\westwood\sun\game.icd | 
"TCP Query User{93D5E372-9CA4-425A-9472-D055F6CB03D2}C:\users\locky\downloads\utorrent.exe" = protocol=6 | dir=in | app=c:\users\locky\downloads\utorrent.exe | 
"TCP Query User{AF7DAA94-6AB7-409D-8BC4-0A80827E0508}C:\program files (x86)\diablo iii\diablo iii.exe" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"TCP Query User{C48AB53B-7866-4DF0-BE42-49C38888C6EE}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe | 
"UDP Query User{15EA4B2D-75F4-459F-9FC8-43F0BDD8313E}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe | 
"UDP Query User{42D2ECE6-2D59-4948-B647-9F32A8E06DA7}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"UDP Query User{5690E83F-014D-4FF1-B98F-4A6FD32304E6}C:\program files (x86)\ea games\battlefield 2\bf2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield 2\bf2.exe | 
"UDP Query User{5D1D94CA-5532-4A25-81B3-15DD873D8E5C}C:\users\locky\downloads\utorrent.exe" = protocol=17 | dir=in | app=c:\users\locky\downloads\utorrent.exe | 
"UDP Query User{638ADA19-8762-402A-8262-C83DBDCD49DE}C:\westwood\sun\game.icd" = protocol=17 | dir=in | app=c:\westwood\sun\game.icd | 
"UDP Query User{9CDACDED-3D9F-4978-A720-7E534CBF81BB}C:\program files (x86)\bitcoin\bitcoin-qt.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bitcoin\bitcoin-qt.exe | 
"UDP Query User{E26CE3F0-6EEC-4112-8B3D-20CCE85DB102}C:\program files (x86)\diablo iii\diablo iii.exe" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"UDP Query User{EE78A297-AF75-4E29-8C60-7345265C4E80}C:\westwood\sun\game.exe" = protocol=17 | dir=in | app=c:\westwood\sun\game.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
"{357A82F9-B5FF-46C8-ABA2-104695E0F1D1}" = Intel® Network Connections 16.6.126.0
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{787136D2-F0F8-4625-AA3F-72D7795AC842}" = Apple Mobile Device Support
"{81E20D41-C277-4526-934D-F2380AF91B78}" = iCloud
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 335.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 335.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 335.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 1.8.2.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 335.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.13.1220
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 11.10.13
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.LEDVisualizer" = NVIDIA LED Visualizer 1.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamC" = GeForce Experience NvStream Client Components
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = SHIELD Streaming
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.30.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Network.Service" = NVIDIA Network Service
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay" = NVIDIA ShadowPlay 11.10.13
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core" = NVIDIA Update Core
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 1.2.20
"{B8BA155B-1E75-405F-9CB4-8A99615D09DC}" = iTunes
"{EF13DB20-03BE-4EDD-9C48-05ED03E3E852}" = AVG 2013
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FA53ADCA-2638-4D3C-9021-D57219A9D792}" = AVG 2013
"AVG" = AVG 2013
"CCleaner" = CCleaner
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.68
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"PROSetDX" = Intel® Network Connections 16.6.126.0
"Recuva" = Recuva
"WinRAR archiver" = WinRAR 4.20 (64-bit)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Bitcoin" = Bitcoin
"SwiftKit" = SwiftKit
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 18/04/2014 5:41:07 AM | Computer Name = Locky-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 18/04/2014 5:47:03 AM | Computer Name = Locky-PC | Source = Bonjour Service | ID = 100
Description = Client application bug: DNSServiceResolve(dc:86:d8:24:51:a0@fe80::de86:d8ff:fe24:51a0._apple-mobdev2._tcp.local.)
 active for over two minutes. This places considerable burden on the network.
 
Error - 18/04/2014 10:26:12 AM | Computer Name = Locky-PC | Source = Application Error | ID = 1000
Description = Faulting application name: update_checker.exe, version: 4.3.0.0, time
 stamp: 0x525d9c67  Faulting module name: ntdll.dll, version: 6.1.7601.17514, time
 stamp: 0x4ce7ba58  Exception code: 0xc0000005  Fault offset: 0x0003329d  Faulting process
 id: 0x1cd4  Faulting application start time: 0x01cf5af3a09a903b  Faulting application
 path: C:\Users\Locky\AppData\Local\FilesFrog Update Checker\update_checker.exe  Faulting
 module path: C:\Windows\SysWOW64\ntdll.dll  Report Id: 63bf82a3-c705-11e3-8731-00268339c5a6
 
Error - 18/04/2014 10:33:28 AM | Computer Name = Locky-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 18/04/2014 10:42:52 AM | Computer Name = Locky-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Explorer.EXE, version: 6.1.7601.17514, 
time stamp: 0x4ce7a144  Faulting module name: SHLWAPI.dll, version: 6.1.7601.17514,
 time stamp: 0x4ce7c9ab  Exception code: 0xc0000005  Fault offset: 0x000000000000ae81
Faulting
 process id: 0x2cc  Faulting application start time: 0x01cf5b12f927ff09  Faulting application
 path: C:\Windows\Explorer.EXE  Faulting module path: C:\Windows\system32\SHLWAPI.dll
Report
 Id: b79f9bd5-c707-11e3-a8c2-94620713b62f
 
Error - 18/04/2014 10:52:45 AM | Computer Name = Locky-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 18/04/2014 11:14:28 AM | Computer Name = Locky-PC | Source = Bonjour Service | ID = 100
Description = Client application bug: DNSServiceResolve(dc:86:d8:24:51:a0@fe80::de86:d8ff:fe24:51a0._apple-mobdev2._tcp.local.)
 active for over two minutes. This places considerable burden on the network.
 
Error - 18/04/2014 12:23:50 PM | Computer Name = Locky-PC | Source = Application Error | ID = 1000
Description = Faulting application name: update_checker.exe, version: 4.3.0.0, time
 stamp: 0x525d9c67  Faulting module name: ntdll.dll, version: 6.1.7601.17514, time
 stamp: 0x4ce7ba58  Exception code: 0xc0000005  Fault offset: 0x0003329d  Faulting process
 id: 0x18ec  Faulting application start time: 0x01cf5b15eed57635  Faulting application
 path: C:\Users\Locky\AppData\Local\FilesFrog Update Checker\update_checker.exe  Faulting
 module path: C:\Windows\SysWOW64\ntdll.dll  Report Id: d2afa345-c715-11e3-894d-00268339c5a6
 
Error - 18/04/2014 3:05:30 PM | Computer Name = Locky-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7601.17514, 
time stamp: 0x4ce79912  Faulting module name: unknown, version: 0.0.0.0, time stamp:
 0x00000000  Exception code: 0xc0000005  Fault offset: 0x03084657  Faulting process id:
 0x1cfc  Faulting application start time: 0x01cf5b392697737f  Faulting application path:
 C:\Program Files (x86)\Internet Explorer\iexplore.exe  Faulting module path: unknown
Report
 Id: 6860aa91-c72c-11e3-894d-00268339c5a6
 
Error - 18/04/2014 3:08:21 PM | Computer Name = Locky-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7601.17514, 
time stamp: 0x4ce79912  Faulting module name: unknown, version: 0.0.0.0, time stamp:
 0x00000000  Exception code: 0xc0000005  Fault offset: 0x03084657  Faulting process id:
 0x1cfc  Faulting application start time: 0x01cf5b392697737f  Faulting application path:
 C:\Program Files (x86)\Internet Explorer\iexplore.exe  Faulting module path: unknown
Report
 Id: ce9297f4-c72c-11e3-894d-00268339c5a6
 
[ Spybot - Search and Destroy Events ]
Error - 20/05/2013 8:18:53 AM | Computer Name = Locky-PC | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
 
[ System Events ]
Error - 28/09/2013 7:22:30 AM | Computer Name = Locky-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 9:17:25 PM on ?9/?28/?2013 was unexpected.
 
Error - 28/09/2013 8:31:04 AM | Computer Name = Locky-PC | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
 error:   %%5
 
Error - 28/09/2013 9:15:49 AM | Computer Name = Locky-PC | Source = Service Control Manager | ID = 7024
Description = The Windows Search service terminated with service-specific error 
%%-1073473535.
 
Error - 28/09/2013 9:15:49 AM | Computer Name = Locky-PC | Source = Service Control Manager | ID = 7031
Description = The Windows Search service terminated unexpectedly.  It has done this
 1 time(s).  The following corrective action will be taken in 30000 milliseconds:
 Restart the service.
 
Error - 29/09/2013 1:12:40 PM | Computer Name = Locky-PC | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly.  It has done
 this 1 time(s).  The following corrective action will be taken in 60000 milliseconds:
 Restart the service.
 
Error - 29/09/2013 1:15:06 PM | Computer Name = Locky-PC | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
 error:   %%5
 
Error - 11/10/2013 5:55:12 AM | Computer Name = Locky-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 5:33:57 PM on ?10/?4/?2013 was unexpected.
 
Error - 26/10/2013 11:26:26 AM | Computer Name = Locky-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 2:55:01 PM on ?10/?12/?2013 was unexpected.
 
Error - 3/11/2013 12:55:10 PM | Computer Name = Locky-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 4:30:12 PM on ?11/?1/?2013 was unexpected.
 
Error - 3/11/2013 12:55:19 PM | Computer Name = Locky-PC | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
 error:   %%5
 
 
< End of report >
 
 
 
 
 
 
-------------
 
HJT LOG:
 
 
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:21:23 PM, on 19/04/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal
 
Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Users\Locky\AppData\Roaming\uTorrent\uTorrent.exe
C:\Program Files (x86)\Codebox\BitMeter\BitMeter2.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorIcon.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Users\Locky\AppData\Local\LPT\srptm.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Hostless Modem\Telstra USB+Wi-Fi\CheckNDISPort_df.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\PROGRA~2\SearchProtect\SearchProtect\bin\cltmng.exe
C:\PROGRA~2\SearchProtect\UI\bin\cltmngui.exe
C:\Users\Locky\AppData\Local\Smartbar\Application\Lrcnta.exe
C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
C:\Users\Locky\Desktop\Anti V and MalwareSpyware\VirisMalware Removal\HiJackThis (1).exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.c...q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.c...q={searchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...358E82BC4&SSPV=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snapdo.c...q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snapdo.c...q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: SmartbarInternetExplorerBHOEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - mscoree.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
O3 - Toolbar: Snap.Do - {ae07101b-46d4-4a98-af68-0333ea26e113} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorIcon.exe
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [CheckNDISPort_df] C:\Program Files (x86)\Hostless Modem\Telstra USB+Wi-Fi\CheckNDISPort_df.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
O4 - HKCU\..\Run: [uTorrent] "C:\Users\Locky\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe Run
O4 - HKCU\..\Run: [Browser Infrastructure Helper] C:\Users\Locky\AppData\Local\Smartbar\Application\SnapDo.exe startup
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1473036763-2020998618-169115810-1010\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'fbwuser')
O4 - HKUS\S-1-5-21-1473036763-2020998618-169115810-1010\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'fbwuser')
O4 - Global Startup: Bitmeter2.lnk = C:\Program Files (x86)\Codebox\BitMeter\BitMeter2.exe
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - 
O17 - HKLM\System\CCS\Services\Tcpip\..\{63028132-73F8-41A4-8DEE-CFC364554ACD}: NameServer = 10.143.147.147 10.143.147.148
O17 - HKLM\System\CCS\Services\Tcpip\..\{AC5476FF-DF57-4E3B-BBE4-CF99AFE33995}: NameServer = 10.143.147.147 10.143.147.148
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.0.5\ViProtocol.dll
O20 - AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Search Protect by Conduit Service (CltMngSvc) - Conduit - C:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exe
O23 - Service: DTSAudioSvc - DTS, Inc - C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Hotspot Shield Service (hshld) - AnchorFree Inc. - C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: Hotspot Shield Monitoring Service (HssWd) - Unknown owner - C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe
O23 - Service: Intel® PROSet Monitoring Service - Unknown owner - C:\Windows\system32\IProsetMonitor.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LPT System Updater Service (LPTSystemUpdater) - Unknown owner - C:\Program Files (x86)\LPT\srpts.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater18.0.5 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
 
--
End of file - 14599 bytes
 
 
 
 
 
 
 

Edited by Lochy, 18 April 2014 - 08:43 PM.

    Advertisements

Register to Remove


#2 Conspire

Conspire

    SuperHelper

  • Classroom Teacher
  • 5,805 posts

Posted 19 April 2014 - 02:43 AM

**In any case where you happen to be busy or unable to give us a reply, we would be grateful if you keep us informed in advance and we will be more than happy to wait. Failure to do so we will have your thread closed in THREE(3) days.

:)


Hello there, Lochy

:welcome:

I'm Conspire, I'll be glad to help you with your computer problems.

Please observe these rules while we work:
  • Read the entire procedure
  • It is important to perform ALL actions in sequence.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with me till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process.
  • IMPORTANT NOTE : Please do not delete anything unless instructed to. Remember to backup all your important data(if possible) before moving on.

    ---------------------------------------------------------------------------------------------------

    Please download AdwCleaner by Xplode and save to your Desktop.
    • Double click on AdwCleaner.exe to run the tool.
      Vista/Windows 7/8 users right-click and select Run As Administrator
    • Click on the Scan button.
    • AdwCleaner will begin...be patient as the scan may take some time to complete.
    • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
    • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
    • Copy and paste the contents of that logfile in your next reply.
    • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
    ---------------------------------------------------------------------------------------------------

Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may Posted Image
Posted Image

#3 Lochy

Lochy

    Authentic Member

  • Authentic Member
  • PipPip
  • 187 posts

Posted 19 April 2014 - 06:02 AM

Thanks for the quick reply,
 
Here is the log from the scan:
 
# AdwCleaner v3.024 - Report created 19/04/2014 at 21:58:48
# Updated 18/04/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Locky - LOCKY-PC
# Running from : C:\Users\Locky\Downloads\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
Service Found : hshld
Service Found : hsstrayservice
Service Found : hsswd
Service Found : LPTSystemUpdater
Service Found : wStLibG64
 
***** [ Files / Folders ] *****
 
Folder Found C:\Program Files (x86)\AVG Secure Search
Folder Found C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Found C:\Program Files (x86)\GreenTree Applications
Folder Found C:\Program Files (x86)\hotspot shield
Folder Found C:\Program Files (x86)\LPT
Folder Found C:\ProgramData\AVG Secure Search
Folder Found C:\ProgramData\AVG Security Toolbar
Folder Found C:\ProgramData\boost_interprocess
Folder Found C:\ProgramData\hotspot shield
Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\hotspot shield
Folder Found C:\Users\Locky\AppData\Local\AVG Secure Search
Folder Found C:\Users\Locky\AppData\Local\eSupport.com
Folder Found C:\Users\Locky\AppData\Local\LPT
Folder Found C:\Users\Locky\AppData\Local\Temp\Smartbar
Folder Found C:\Users\Locky\AppData\LocalLow\AVG Secure Search
Folder Found C:\Users\Locky\AppData\LocalLow\Smartbar
Folder Found C:\Windows\SysWOW64\hotspot shield
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Data Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
Data Found : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll
Key Found : HKCU\Software\1ClickDownload
Key Found : HKCU\Software\84d8deb03fbf45
Key Found : HKCU\Software\anchorfree
Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\AVG Secure Search
Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\DataMngr_Toolbar
Key Found : HKCU\Software\hotspotshield
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Found : [x64] HKCU\Software\1ClickDownload
Key Found : [x64] HKCU\Software\anchorfree
Key Found : [x64] HKCU\Software\APN PIP
Key Found : [x64] HKCU\Software\AVG Secure Search
Key Found : [x64] HKCU\Software\DataMngr
Key Found : [x64] HKCU\Software\DataMngr_Toolbar
Key Found : [x64] HKCU\Software\hotspotshield
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : HKLM\SOFTWARE\84d8deb03fbf45
Key Found : HKLM\Software\AVG Secure Search
Key Found : HKLM\Software\AVG Security Toolbar
Key Found : HKLM\Software\Babylon
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{A2773ED4-83BD-488A-A186-73590706C916}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\S
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D}
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Found : HKLM\Software\hotspotshield
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKLM\Software\PIP
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Value Found : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}]
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.7601.17514
 
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page] - hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPBDDI6Pk-fpITtt_7-dx2uywuT-4gdlOp-CayquYWZzW-xgHaNJagvM2FY8HkSbl904Fa0VHQnfecyNuhSho98zpRZ94zHMW5zpiS-Yw8gBI3rKusCHfyzpT2Atjj9iR9pNIvw_kmbhZ9oVh5RiwoJPx329b0xrW5715uz07IWBw,,&q={searchTerms}
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar] - hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPBDDI6Pk-fpITtt_7-dx2uywuT-4gdlOp-CayquYWZzW-xgHaNJagvM2FY8HkSbl904Fa0VHQnfecyNuhSho98zpRZ94zHMW5zpiS-Yw8gBI3rKusCHfyzpT2Atjj9iR9pNIvw_kmbhZ9oVh5RiwoJPx329b0xrW5715uz07IWBw,,&q={searchTerms}
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL] - hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPBDDI6Pk-fpITtt_7-dx2uywuT-4gdlOp-CayquYWZzW-xgHaNJagvM2FY8HkSbl904Fa0VHQnfecyNuhSho98zpRZ94zHMW5zpiS-Yw8gBI3rKusCHfyzpT2Atjj9iR9pNIvw_kmbhZ9oVh5RiwoJPx329b0xrW5715uz07IWBw,,&q={searchTerms}
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant] - hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPBDDI6Pk-fpITtt_7-dx2uywuT-4gdlOp-CayquYWZzW-xgHaNJagvM2FY8HkSbl904Fa0VHQnfecyNuhSho98zpRZ94zHMW5zpiS-Yw8gBI3rKusCHfyzpT2Atjj9iR9pNIvw_kmbhZ9oVh5RiwoJPx329b0xrW5715uz07IWBw,,&q={searchTerms}
Setting Found : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default] - hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPBDDI6Pk-fpITtt_7-dx2uywuT-4gdlOp-CayquYWZzW-xgHaNJagvM2FY8HkSbl904Fa0VHQnfecyNuhSho98zpRZ94zHMW5zpiS-Yw8gBI3rKusCHfyzpT2Atjj9iR9pNIvw_kmbhZ9oVh5RiwoJPx329b0xrW5715uz07IWBw,,&q={searchTerms}
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default] - hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPBDDI6Pk-fpITtt_7-dx2uywuT-4gdlOp-CayquYWZzW-xgHaNJagvM2FY8HkSbl904Fa0VHQnfecyNuhSho98zpRZ94zHMW5zpiS-Yw8gBI3rKusCHfyzpT2Atjj9iR9pNIvw_kmbhZ9oVh5RiwoJPx329b0xrW5715uz07IWBw,,&q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [12131 octets] - [19/04/2014 21:58:48]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [12192 octets] ##########
 


#4 Conspire

Conspire

    SuperHelper

  • Classroom Teacher
  • 5,805 posts

Posted 19 April 2014 - 06:41 AM

Hi there,

Double click on AdwCleaner.exe to run the tool again.

  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
  • This time click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

===================================================

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

===================================================

On your next reply please post :
AdwCleaner log
JRT log



Please STOP and let me know if you have any problems in performing with the steps above or any questions you may have.


Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may Posted Image
Posted Image

#5 Lochy

Lochy

    Authentic Member

  • Authentic Member
  • PipPip
  • 187 posts

Posted 19 April 2014 - 07:48 AM

Ok, done that, here's the new logs: 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Ultimate x64
Ran by Locky on Sat 19/04/2014 at 23:43:58.81
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1473036763-2020998618-169115810-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211621176}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\Deal Spy_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\Deal Spy_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\Deal Spy_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\Deal Spy_RASMANCS
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\ytd video downloader"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 19/04/2014 at 23:46:58.35
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
 
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
 
 
 
 
 
 
 
 
 
# AdwCleaner v3.024 - Report created 19/04/2014 at 23:36:09
# Updated 18/04/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Locky - LOCKY-PC
# Running from : C:\Users\Locky\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
Service Deleted : hshld
[#] Service Deleted : hsstrayservice
Service Deleted : hsswd
Service Deleted : LPTSystemUpdater
Service Deleted : wStLibG64
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\AVG Security Toolbar
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\hotspot shield
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\hotspot shield
Folder Deleted : C:\Program Files (x86)\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\GreenTree Applications
Folder Deleted : C:\Program Files (x86)\hotspot shield
Folder Deleted : C:\Program Files (x86)\LPT
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Windows\SysWOW64\hotspot shield
Folder Deleted : C:\Users\Locky\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Locky\AppData\Local\eSupport.com
Folder Deleted : C:\Users\Locky\AppData\Local\LPT
Folder Deleted : C:\Users\Locky\AppData\Local\Temp\Smartbar
Folder Deleted : C:\Users\Locky\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Locky\AppData\LocalLow\Smartbar
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}]
Value Deleted : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKCU\Software\84d8deb03fbf45
Key Deleted : HKLM\SOFTWARE\84d8deb03fbf45
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A2773ED4-83BD-488A-A186-73590706C916}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\anchorfree
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\DataMngr
[#] Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\hotspotshield
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\hotspotshield
Key Deleted : HKLM\Software\PIP
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.7601.17514
 
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]
 
*************************
 
AdwCleaner[R0].txt - [12361 octets] - [19/04/2014 21:58:48]
AdwCleaner[R1].txt - [12422 octets] - [19/04/2014 23:34:36]
AdwCleaner[S0].txt - [10645 octets] - [19/04/2014 23:36:09]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10706 octets] ##########

Edited by Lochy, 19 April 2014 - 07:49 AM.


#6 Conspire

Conspire

    SuperHelper

  • Classroom Teacher
  • 5,805 posts

Posted 19 April 2014 - 07:56 AM

How is it running now?

 

I need you to run a fresh OTL log for a review.


Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may Posted Image
Posted Image

#7 Lochy

Lochy

    Authentic Member

  • Authentic Member
  • PipPip
  • 187 posts

Posted 19 April 2014 - 08:25 PM

Running much better and as far as I can tell my browser isn't redirecting me anymore so your help is much appreciated. Here is my new OTL log(With custom scan from LDTate's Sticky post):
 
 
OTL logfile created on: 20/04/2014 12:20:15 PM - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Locky\Desktop\Anti V and MalwareSpyware\VirisMalware Removal
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy
 
7.95 Gb Total Physical Memory | 5.77 Gb Available Physical Memory | 72.53% Memory free
15.90 Gb Paging File | 13.23 Gb Available in Paging File | 83.23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 387.95 Gb Free Space | 41.65% Space Free | Partition Type: NTFS
Drive D: | 6.97 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 1.58 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: LOCKY-PC | User Name: Locky | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Locky\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
PRC - C:\Users\Locky\Desktop\Anti V and MalwareSpyware\VirisMalware Removal\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\ATH.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe (Apple Inc.)
PRC - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Hostless Modem\Telstra USB+Wi-Fi\CheckNDISPort_df.exe ()
PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Codebox\BitMeter\BitMeter2.exe ( )
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ppgooglenaclpluginchrome.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\pdf.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\libglesv2.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\libegl.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ffmpegsumo.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\chrome_elf.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\217eb642d94b1188dd41a80fe3476cb6\IAStorCommon.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorDataMgrSvcInt#\f62d4633c38df8ddcd9b18f103b494bd\IAStorDataMgrSvcInterfaces.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\769b1283b90cfa365a38efffeadc8fff\IAStorUtil.ni.dll ()
MOD - C:\Program Files (x86)\Hostless Modem\Telstra USB+Wi-Fi\CheckNDISPort_df.exe ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\f0f10d0591d11a36ee2aa8ee2fbdb2bf\System.WorkflowServices.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\4782a5d2bc7d86895faf404a3470aacb\System.ServiceModel.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\b4c60dd01be760ee0452df2c040de8fc\System.IdentityModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\e2642bff810609f64343e53dddb6b59c\System.ServiceModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\4a984a9ad59d14063bc6ae64a0c8f62a\System.Runtime.Serialization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\8218dc4808b77f3585fb048c61597af1\SMDiagnostics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\da5da08245467818759aa44c4eb948e1\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\461d3b6b3f43e6fbe6c897d5936e17e4\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bc09ad2d49d8535371845cd7532f9271\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (NvStreamSvc) -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation)
SRV:64bit: - (DTSAudioSvc) -- C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe (DTS, Inc)
SRV:64bit: - (Intel® -- C:\Windows\SysNative\IPROSetMonitor.exe (Intel Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (c2cautoupdatesvc) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation)
SRV - (c2cpnrsvc) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Microsoft Corporation)
SRV - (NvNetworkService) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (AtherosSvc) -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (Atheros Commnucations)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (taphss6) -- C:\Windows\SysNative\drivers\taphss6.sys (Anchorfree Inc.)
DRV:64bit: - (HssDRV6) -- C:\Windows\SysNative\drivers\hssdrv6.sys (AnchorFree Inc.)
DRV:64bit: - (nvvad_WaveExtensible) -- C:\Windows\SysNative\drivers\nvvad64v.sys (NVIDIA Corporation)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.)
DRV:64bit: - (Avgloga) -- C:\Windows\SysNative\drivers\avgloga.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (asmtxhci) -- C:\Windows\SysNative\drivers\asmtxhci.sys (ASMedia Technology Inc)
DRV:64bit: - (asmthub3) -- C:\Windows\SysNative\drivers\asmthub3.sys (ASMedia Technology Inc)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (iaStorF) -- C:\Windows\SysNative\drivers\iaStorF.sys (Intel Corporation)
DRV:64bit: - (iaStorA) -- C:\Windows\SysNative\drivers\iaStorA.sys (Intel Corporation)
DRV:64bit: - (asahci64) -- C:\Windows\SysNative\drivers\asahci64.sys (Asmedia Technology)
DRV:64bit: - (mv91cons) -- C:\Windows\SysNative\drivers\mv91cons.sys (Marvell Semiconductor Inc.)
DRV:64bit: - (mvs91xx) -- C:\Windows\SysNative\drivers\mvs91xx.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (e1cexpress) -- C:\Windows\SysNative\drivers\e1c62x64.sys (Intel Corporation)
DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\drivers\btfilter.sys (Atheros)
DRV:64bit: - (BTATH_HCRP) -- C:\Windows\SysNative\drivers\btath_hcrp.sys (Atheros)
DRV:64bit: - (BTATH_RCP) -- C:\Windows\SysNative\drivers\btath_rcp.sys (Atheros)
DRV:64bit: - (BTATH_LWFLT) -- C:\Windows\SysNative\drivers\btath_lwflt.sys (Atheros)
DRV:64bit: - (BTATH_A2DP) -- C:\Windows\SysNative\drivers\btath_a2dp.sys (Atheros)
DRV:64bit: - (ATHDFU) -- C:\Windows\SysNative\drivers\AthDfu.sys (Windows ® Win 7 DDK provider)
DRV:64bit: - (AthBTPort) -- C:\Windows\SysNative\drivers\btath_flt.sys (Atheros)
DRV:64bit: - (BTATH_BUS) -- C:\Windows\SysNative\drivers\btath_bus.sys (Atheros)
DRV:64bit: - (huawei_ext_ctrl) -- C:\Windows\SysNative\drivers\ew_juextctrl.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (huawei_cdcacm) -- C:\Windows\SysNative\drivers\ew_jucdcacm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (huawei_enumerator) -- C:\Windows\SysNative\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (huawei_wwanecm) -- C:\Windows\SysNative\drivers\ew_juwwanecm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (ew_usbenumfilter) -- C:\Windows\SysNative\drivers\ew_usbenumfilter.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (ew_hwusbdev) -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (RTL8192su) -- C:\Windows\SysNative\drivers\RTL8192su.sys (Realtek Semiconductor Corporation                           )
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (tsusbhub) -- C:\Windows\SysNative\drivers\tsusbhub.sys (Microsoft Corporation)
DRV:64bit: - (Synth3dVsc) -- C:\Windows\SysNative\drivers\Synth3dVsc.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (ZTEusbnet) -- C:\Windows\SysNative\drivers\ZTEusbnet.sys (ZTE Corporation)
DRV:64bit: - (ZTEusbnmea) -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys (ZTE Incorporated)
DRV:64bit: - (ZTEusbmdm6k) -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys (ZTE Incorporated)
DRV - (DrvAgent64) -- C:\Windows\SysWOW64\drivers\DrvAgent64.SYS (Phoenix Technologies)
DRV - (Hmonitor45) -- C:\Windows\SysWOW64\drivers\hmonitor45.sys (OpenLibSys.org)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.ninemsn.com.au/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9A 99 FC 8B 0B 4C CF 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_199.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_199.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
 
 
 
O1 HOSTS File: ([2009/06/11 07:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg_DTS] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [ShadowPlay] C:\Windows\SysNative\nvspcap64.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [tvncontrol] "C:\Program Files\TightVNC\tvnserver.exe" -controlservice -slave File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CheckNDISPort_df] C:\Program Files (x86)\Hostless Modem\Telstra USB+Wi-Fi\CheckNDISPort_df.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe Run File not found
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (Disc Soft Ltd)
O4 - HKCU..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455}  (ExentInf Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0D0054A8-6A0F-4C9A-A76F-3EB9557CC7D7}: DhcpNameServer = 10.143.147.147 10.143.147.148
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4ABE5F23-35B2-48F8-A403-5D158C973C81}: DhcpNameServer = 10.143.147.147 10.143.147.148
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{63028132-73F8-41A4-8DEE-CFC364554ACD}: DhcpNameServer = 10.143.147.147 10.143.147.148
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{63028132-73F8-41A4-8DEE-CFC364554ACD}: NameServer = 10.143.147.147 10.143.147.148
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{73D36460-CA81-4EB4-9BED-FE9E04E69318}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{74D9A283-BE47-4CA9-9D03-10A8756A33CB}: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9286E346-F9C1-4898-BCBB-2B3F79DAB721}: DhcpNameServer = 10.143.147.147 10.143.147.148
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A0EB1494-E492-4EF9-9ECC-2431BA8E9EA1}: DhcpNameServer = 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A325BABF-19D5-4B35-884C-BE187CF62C3D}: DhcpNameServer = 192.168.0.1 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AC5476FF-DF57-4E3B-BBE4-CF99AFE33995}: NameServer = 10.143.147.147 10.143.147.148
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BEC713B5-0566-48D4-8873-32B401CB6B90}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/09/21 03:03:23 | 000,000,041 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{55b46237-985f-11e2-bac4-00268339c5a6}\Shell - "" = AutoRun
O33 - MountPoints2\{55b46237-985f-11e2-bac4-00268339c5a6}\Shell\AutoRun\command - "" = E:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{55b462fa-985f-11e2-bac4-00268339c5a6}\Shell - "" = AutoRun
O33 - MountPoints2\{55b462fa-985f-11e2-bac4-00268339c5a6}\Shell\AutoRun\command - "" = E:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{55b46316-985f-11e2-bac4-00268339c5a6}\Shell - "" = AutoRun
O33 - MountPoints2\{55b46316-985f-11e2-bac4-00268339c5a6}\Shell\AutoRun\command - "" = E:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{6c5213d1-9e3d-11e2-bb70-00268339c5a6}\Shell - "" = AutoRun
O33 - MountPoints2\{6c5213d1-9e3d-11e2-bb70-00268339c5a6}\Shell\AutoRun\command - "" = E:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{84de1ce2-1f58-11e2-b017-00268339c5a6}\Shell - "" = AutoRun
O33 - MountPoints2\{84de1ce2-1f58-11e2-b017-00268339c5a6}\Shell\AutoRun\command - "" = E:\autorun.exe
O33 - MountPoints2\{8f9899ef-17e0-11e2-8728-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{8f9899ef-17e0-11e2-8728-806e6f6e6963}\Shell\AutoRun\command - "" = D:\.\Bin\ASSETUP.exe
O33 - MountPoints2\{b0328562-b4d3-11e2-bcbf-00268339c5a6}\Shell - "" = AutoRun
O33 - MountPoints2\{b0328562-b4d3-11e2-bcbf-00268339c5a6}\Shell\AutoRun\command - "" = E:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{e59f97bb-ce97-11e2-ad06-00268339c5a6}\Shell - "" = AutoRun
O33 - MountPoints2\{e59f97bb-ce97-11e2-ad06-00268339c5a6}\Shell\AutoRun\command - "" = F:\setup.exe -- [2012/09/21 03:04:10 | 000,356,922 | R--- | M] (                                                            )
O33 - MountPoints2\{ecf00d9d-b4a3-11e2-ba1a-3085a99a00b3}\Shell - "" = AutoRun
O33 - MountPoints2\{ecf00d9d-b4a3-11e2-ba1a-3085a99a00b3}\Shell\AutoRun\command - "" = E:\setup_vmb_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.vorbis - C:\Windows\SysWow64\vorbis.acm (HMS http://hp.vector.co....hors/VA012897/)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/04/19 23:43:57 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/04/19 23:40:25 | 000,000,000 | R--D | C] -- C:\Users\Locky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
[2014/04/19 21:57:33 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/04/19 15:49:28 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2014/04/19 15:49:07 | 002,809,048 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll
[2014/04/19 15:49:07 | 002,103,040 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib64.dll
[2014/04/19 15:49:07 | 001,662,024 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl
[2014/04/19 15:49:07 | 001,361,336 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\SysNative\tosade.dll
[2014/04/19 15:49:07 | 001,019,136 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\slcnt64.dll
[2014/04/19 15:49:07 | 000,947,248 | ---- | C] (Sony Corporation) -- C:\Windows\SysNative\SFSS_APO.dll
[2014/04/19 15:49:07 | 000,899,328 | ---- | C] (DTS, Inc.) -- C:\Windows\SysNative\sl3apo64.dll
[2014/04/19 15:49:07 | 000,871,856 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\SysNative\tossaeapo64.dll
[2014/04/19 15:49:07 | 000,836,544 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\SysNative\tadefxapo264.dll
[2014/04/19 15:49:07 | 000,720,128 | ---- | C] (DTS, Inc.) -- C:\Windows\SysNative\sltech64.dll
[2014/04/19 15:49:07 | 000,582,056 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\SysNative\tosasfapo64.dll
[2014/04/19 15:49:07 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2014/04/19 15:49:07 | 000,244,480 | ---- | C] (TODO: <Company name>) -- C:\Windows\SysNative\slprp64.dll
[2014/04/19 15:49:07 | 000,221,024 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFNHK64.dll
[2014/04/19 15:49:07 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2014/04/19 15:49:07 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2014/04/19 15:49:07 | 000,162,224 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\SysNative\toseaeapo64.dll
[2014/04/19 15:49:07 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2014/04/19 15:49:07 | 000,148,416 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\SysNative\tadefxapo.dll
[2014/04/19 15:49:07 | 000,081,248 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFCOM64.dll
[2014/04/19 15:49:07 | 000,078,688 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFAPO64.dll
[2014/04/19 15:49:07 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll
[2014/04/19 15:49:07 | 000,065,944 | ---- | C] (TOSHIBA CORPORATION.) -- C:\Windows\SysNative\tepeqapo64.dll
[2014/04/19 15:49:06 | 000,331,880 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll
[2014/04/19 15:49:05 | 004,848,920 | ---- | C] (ASUSTeKcomputer.Inc Inc) -- C:\Windows\SysNative\RTKSMlfx.dll
[2014/04/19 15:49:05 | 002,585,304 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll
[2014/04/19 15:49:05 | 000,818,008 | ---- | C] (ASUSTeKcomputer.Inc Inc) -- C:\Windows\SysNative\RTKSMSettingsIPC.dll
[2014/04/19 15:49:05 | 000,149,608 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll
[2014/04/19 15:49:05 | 000,014,952 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCoLDR64.dll
[2014/04/19 15:49:04 | 001,005,784 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll
[2014/04/19 15:49:04 | 000,617,176 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtDataProc64.dll
[2014/04/19 15:49:04 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2014/04/19 15:49:04 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2014/04/19 15:49:04 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2014/04/19 15:49:04 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2014/04/19 15:49:03 | 031,488,000 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoRes64.dat
[2014/04/19 15:49:03 | 001,284,680 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll
[2014/04/19 15:49:03 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2014/04/19 15:49:03 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2014/04/19 15:49:02 | 000,148,184 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInstII64.dll
[2014/04/19 15:49:00 | 007,164,176 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64A.dll
[2014/04/19 15:49:00 | 000,141,584 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64A.dll
[2014/04/19 15:48:59 | 000,906,800 | ---- | C] (Sony Corporation) -- C:\Windows\SysNative\MISS_APO.dll
[2014/04/19 15:48:59 | 000,662,784 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll
[2014/04/19 15:48:59 | 000,434,960 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64A.dll
[2014/04/19 15:48:59 | 000,124,176 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64A.dll
[2014/04/19 15:48:59 | 000,075,024 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64A.dll
[2014/04/19 15:48:58 | 027,518,208 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioVnA64.dll
[2014/04/19 15:48:58 | 003,610,880 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioVnN64.dll
[2014/04/19 15:48:58 | 000,907,008 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVoiceAPO2064.dll
[2014/04/19 15:48:58 | 000,765,184 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxSpeechAPO64.dll
[2014/04/19 15:48:57 | 014,048,512 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek64.dll
[2014/04/19 15:48:57 | 002,032,896 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ64.dll
[2014/04/19 15:48:57 | 001,916,672 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek264.dll
[2014/04/19 15:48:57 | 001,325,312 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO5064.dll
[2014/04/19 15:48:57 | 001,084,160 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO4064.dll
[2014/04/19 15:48:57 | 000,922,880 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPOShell64.dll
[2014/04/19 15:48:57 | 000,663,296 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll
[2014/04/19 15:48:57 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2014/04/19 15:48:56 | 000,603,984 | ---- | C] (Knowles Acoustics ) -- C:\Windows\SysNative\KAAPORT64.dll
[2014/04/19 15:48:55 | 002,743,328 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2014/04/19 15:48:54 | 000,693,352 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll
[2014/04/19 15:48:54 | 000,501,192 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PLFX64.dll
[2014/04/19 15:48:54 | 000,415,688 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PREC64.dll
[2014/04/19 15:48:53 | 006,219,096 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\DDPP64A.dll
[2014/04/19 15:48:53 | 001,756,264 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll
[2014/04/19 15:48:53 | 001,568,360 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll
[2014/04/19 15:48:53 | 001,486,952 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll
[2014/04/19 15:48:53 | 000,728,680 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll
[2014/04/19 15:48:53 | 000,712,296 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll
[2014/04/19 15:48:53 | 000,491,112 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll
[2014/04/19 15:48:53 | 000,487,368 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PGFX64.dll
[2014/04/19 15:48:53 | 000,432,744 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll
[2014/04/19 15:48:53 | 000,428,648 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll
[2014/04/19 15:48:53 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll
[2014/04/19 15:48:53 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll
[2014/04/19 15:48:53 | 000,241,768 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll
[2014/04/19 15:48:52 | 001,908,568 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\DDPD64A.dll
[2014/04/19 15:48:52 | 000,312,152 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\DDPO64A.dll
[2014/04/19 15:48:52 | 000,261,464 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\DDPA64.dll
[2014/04/19 15:48:52 | 000,208,072 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAC64.dll
[2014/04/19 15:48:52 | 000,113,576 | ---- | C] (Real Sound Lab SIA) -- C:\Windows\SysNative\CONEQMSAPOGUILibrary.dll
[2014/04/19 15:48:52 | 000,108,640 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAR64.dll
[2014/04/19 15:48:48 | 002,080,472 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll
[2014/04/19 14:24:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASM104xUSB3
[2014/04/19 14:20:28 | 000,000,000 | ---D | C] -- C:\Users\Locky\Desktop\New Drivers For Chipset 19-4-14
[2014/04/19 14:02:42 | 000,021,712 | ---- | C] (Phoenix Technologies) -- C:\Windows\SysWow64\drivers\DrvAgent64.SYS
[2014/04/19 12:22:59 | 000,000,000 | R--D | C] -- C:\Users\Locky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2014/04/19 12:22:59 | 000,000,000 | R--D | C] -- C:\Users\Locky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2014/04/19 02:58:31 | 000,000,000 | ---D | C] -- C:\Users\Locky\AppData\Roaming\TightVNC
[2014/04/19 02:00:28 | 000,061,112 | ---- | C] (StdLib) -- C:\Windows\SysNative\drivers\wStLibG64.sys
[2014/04/18 08:12:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2014/04/15 21:31:18 | 000,054,984 | ---- | C] (AnchorFree Inc.) -- C:\Windows\SysNative\drivers\hssdrv6.sys
[2014/04/15 13:35:26 | 000,240,952 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys
[2014/03/27 11:08:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
[2014/03/27 11:04:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\World of Warcraft
[2014/03/22 21:50:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/04/20 11:57:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/04/20 11:57:00 | 000,000,282 | ---- | M] () -- C:\Windows\tasks\FF Watcher {AE6EEC99-09A4-4BB4-B518-872EEDE8AFEA}.job
[2014/04/20 11:33:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/04/19 23:47:13 | 000,023,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/04/19 23:47:13 | 000,023,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/04/19 23:46:29 | 000,779,966 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/04/19 23:46:29 | 000,660,618 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/04/19 23:46:29 | 000,121,044 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/04/19 23:40:19 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/04/19 23:40:19 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
[2014/04/19 23:39:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/04/19 23:39:56 | 2108,284,927 | -HS- | M] () -- C:\hiberfil.sys
[2014/04/19 16:40:39 | 000,003,908 | ---- | M] () -- C:\Windows\wininit.ini
[2014/04/19 15:53:28 | 000,000,851 | ---- | M] () -- C:\Users\Locky\Desktop\µTorrent.lnk
[2014/04/19 15:53:28 | 000,000,831 | ---- | M] () -- C:\Users\Locky\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2014/04/19 15:49:39 | 000,000,000 | -H-- | M] () -- C:\ProgramData\DP45977C.lfl
[2014/04/19 14:02:42 | 000,021,712 | ---- | M] (Phoenix Technologies) -- C:\Windows\SysWow64\drivers\DrvAgent64.SYS
[2014/04/19 13:57:57 | 000,000,869 | ---- | M] () -- C:\Users\Public\Desktop\CPUID CPU-Z.lnk
[2014/04/19 03:41:32 | 175,537,914 | ---- | M] () -- C:\Users\Locky\Desktop\ladchloedaniel_4k.mp4.crdownload
[2014/04/19 02:00:28 | 000,061,112 | ---- | M] (StdLib) -- C:\Windows\SysNative\drivers\wStLibG64.sys
[2014/04/18 21:58:25 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/04/18 21:58:25 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/04/15 21:57:00 | 343,094,861 | ---- | M] () -- C:\Users\Locky\Desktop\IMG_0478.MOV
[2014/04/15 21:30:33 | 000,001,048 | ---- | M] () -- C:\Users\Public\Desktop\Hotspot Shield.lnk
[2014/04/15 13:35:26 | 000,240,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys
[2014/04/13 11:37:09 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/03/22 21:50:21 | 000,002,212 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2014/03/21 17:00:46 | 000,049,952 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/04/19 16:39:36 | 000,003,908 | ---- | C] () -- C:\Windows\wininit.ini
[2014/04/19 15:53:28 | 000,000,851 | ---- | C] () -- C:\Users\Locky\Desktop\µTorrent.lnk
[2014/04/19 15:49:39 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2014/04/19 15:49:07 | 005,694,760 | ---- | C] () -- C:\Windows\SysNative\drivers\rtvienna.dat
[2014/04/19 15:49:03 | 000,633,381 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT
[2014/04/19 15:48:52 | 000,557,880 | ---- | C] () -- C:\Windows\SysNative\audioLibVc.dll
[2014/04/19 15:48:52 | 000,109,848 | ---- | C] () -- C:\Windows\SysNative\AcpiServiceVnA64.dll
[2014/04/19 03:35:23 | 175,537,914 | ---- | C] () -- C:\Users\Locky\Desktop\ladchloedaniel_4k.mp4.crdownload
[2014/04/19 00:27:00 | 000,000,282 | ---- | C] () -- C:\Windows\tasks\FF Watcher {AE6EEC99-09A4-4BB4-B518-872EEDE8AFEA}.job
[2014/04/18 21:02:44 | 343,094,861 | ---- | C] () -- C:\Users\Locky\Desktop\IMG_0478.MOV
[2014/03/22 21:50:21 | 000,002,212 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013/07/18 13:32:34 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2013/07/18 13:32:34 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2013/07/18 13:32:34 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2013/07/18 13:32:34 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2013/03/14 18:22:12 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2012/11/14 17:57:31 | 000,000,049 | ---- | C] () -- C:\Users\Locky\jagex_cl_runescape_LIVE_BETA.dat
[2012/10/30 09:54:47 | 000,000,012 | ---- | C] () -- C:\Users\Locky\jagexappletviewer.preferences
[2012/10/27 18:19:52 | 000,000,046 | ---- | C] () -- C:\Users\Locky\jagex_cl_speccollect_LIVE.dat
[2012/10/27 17:58:40 | 000,000,044 | ---- | C] () -- C:\Users\Locky\jagex_cl_runescape_LIVE.dat
[2012/10/27 17:29:04 | 000,000,046 | ---- | C] () -- C:\Users\Locky\jagex_cl_loginapplet_LIVE.dat
[2012/10/27 17:29:04 | 000,000,024 | ---- | C] () -- C:\Users\Locky\random.dat
[2012/10/17 20:26:50 | 000,007,605 | ---- | C] () -- C:\Users\Locky\AppData\Local\Resmon.ResmonCfg
[2012/10/16 20:05:02 | 000,773,778 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/10/16 17:45:06 | 000,052,038 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2012/10/16 17:41:57 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012/10/16 17:41:53 | 000,036,736 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2012/07/03 06:11:02 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\theowl.dll
 
========== ZeroAccess Check ==========
 
[2009/07/14 14:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2010/11/21 13:23:55 | 014,174,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010/11/21 13:24:02 | 012,872,192 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 11:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 13:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 11:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Custom Scans ==========
 
< %USERPROFILE%\..|smtmp;true;true;true /FP >
 
< %temp%\smtmp\*.* /s > >
 
< MD5 for: EXPLORER.ADML  >
[2010/11/21 17:06:30 | 000,003,695 | ---- | M] () MD5=7A4C7F3CB156543113596988479CAFCE -- C:\Windows\PolicyDefinitions\en-US\Explorer.adml
[2010/11/21 17:06:30 | 000,003,695 | ---- | M] () MD5=7A4C7F3CB156543113596988479CAFCE -- C:\Windows\winsxs\amd64_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.1.7600.16385_en-us_7ef5713984067904\Explorer.adml
 
< MD5 for: EXPLORER.ADMX  >
[2009/06/11 06:53:55 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\PolicyDefinitions\Explorer.admx
[2009/06/11 06:53:55 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\winsxs\amd64_microsoft-windows-shell-grouppolicy_31bf3856ad364e35_6.1.7600.16385_none_71af9b5b0a86e6b7\Explorer.admx
 
< MD5 for: EXPLORER.EXE  >
[2010/11/21 13:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SysWOW64\explorer.exe
[2010/11/21 13:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010/11/21 13:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\explorer.exe
[2010/11/21 13:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2012/11/13 14:07:52 | 003,906,584 | ---- | M] (Safer-Networking Ltd.) MD5=E4A0900CF535888DDD85B10040CA3E34 -- C:\Program Files (x86)\Spybot - Search & Destroy 2\explorer.exe
 
< MD5 for: EXPLORER.EXE.716.DMP  >
[2014/04/19 00:43:02 | 316,303,786 | ---- | M] () MD5=FC7A4209ED55E3D43D41F3585EA5354F -- C:\Windows\Temp\AtherosAppDump\explorer.exe.716.dmp
 
< MD5 for: EXPLORER.EXE.MUI  >
[2010/11/21 17:06:17 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=4B87EEFDC8E253F846A7DFB49A8E6C70 -- C:\Windows\en-US\explorer.exe.mui
[2010/11/21 17:06:17 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=4B87EEFDC8E253F846A7DFB49A8E6C70 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_61e778c48d52d19b\explorer.exe.mui
[2010/11/21 17:06:19 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- C:\Windows\SysWOW64\en-US\explorer.exe.mui
[2010/11/21 17:06:19 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_6c3c2316c1b39396\explorer.exe.mui
 
< MD5 for: EXPLORER.EXE-A80E4F97.PF  >
[2014/04/19 23:45:13 | 000,101,728 | ---- | M] () MD5=0B9507A99EC6007827F1C9B23867A883 -- C:\Windows\Prefetch\EXPLORER.EXE-A80E4F97.pf
 
< MD5 for: IEXPLORE.BAT  >
[2014/04/06 15:13:18 | 000,031,401 | ---- | M] () MD5=335DFF8F23E5EC02B5426362F0F8509B -- C:\Users\Locky\AppData\Local\Temp\jrt\iexplore.bat
 
< MD5 for: IEXPLORE.EXE  >
[2010/11/21 13:24:43 | 000,695,056 | ---- | M] (Microsoft Corporation) MD5=86257731DDB311FBC283534CC0091634 -- C:\Program Files\Internet Explorer\iexplore.exe
[2010/11/21 13:24:43 | 000,695,056 | ---- | M] (Microsoft Corporation) MD5=86257731DDB311FBC283534CC0091634 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_1196a9003b674a92\iexplore.exe
[2010/11/21 13:25:08 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=C613E69C3B191BB02C7A191741A1D024 -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
[2010/11/21 13:25:08 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=C613E69C3B191BB02C7A191741A1D024 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_1beb53526fc80c8d\iexplore.exe
 
< MD5 for: IEXPLORE.EXE.MUI  >
[2009/07/14 12:29:20 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=C29BCFB504E33FEADDFA2D0183CEF62F -- C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui
[2009/07/14 12:29:20 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=C29BCFB504E33FEADDFA2D0183CEF62F -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7601.17514_en-us_0b433e7773148b79\iexplore.exe.mui
[2009/07/14 12:05:06 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=FBA4CD95930248053A2C3F43CA70B986 -- C:\Program Files (x86)\Internet Explorer\en-US\iexplore.exe.mui
[2009/07/14 12:05:06 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=FBA4CD95930248053A2C3F43CA70B986 -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7601.17514_en-us_1597e8c9a7754d74\iexplore.exe.mui
 
< MD5 for: SERVICES  >
[2009/06/11 07:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services
 
< MD5 for: SERVICES.DAT  >
[2014/04/06 14:32:27 | 000,004,173 | ---- | M] () MD5=ED018DB6916ACAB46011A330B4B116AA -- C:\Users\Locky\AppData\Local\Temp\jrt\services.dat
 
< MD5 for: SERVICES.EXE  >
[2009/07/14 11:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/14 11:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
 
< MD5 for: SERVICES.EXE.MUI  >
[2010/11/21 17:06:16 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui
[2010/11/21 17:06:16 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui
 
< MD5 for: SERVICES.LNK  >
[2009/07/14 14:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
 
< MD5 for: SERVICES.MOF  >
[2009/06/11 06:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/11 06:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof
 
< MD5 for: SERVICES.MSC  >
[2010/11/21 17:06:14 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2009/06/11 06:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2010/11/21 17:06:17 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/06/11 07:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2010/11/21 17:06:14 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/11 06:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2010/11/21 17:06:17 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/11 07:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc
 
< MD5 for: SERVICES.PTXML  >
[2009/07/14 06:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/14 06:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml
 
< MD5 for: SERVICES.SBS  >
[2011/03/01 08:58:46 | 000,034,818 | ---- | M] () MD5=62AFD4B2025CE6D4706B36F4C4808F9B -- C:\Program Files (x86)\Spybot - Search & Destroy 2\Includes\Services.sbs
 
< MD5 for: WINLOGON.ADML  >
[2010/11/21 17:06:30 | 000,008,013 | ---- | M] () MD5=CED0EAD8D152B3D0F114698DE2316C5E -- C:\Windows\PolicyDefinitions\en-US\WinLogon.adml
[2010/11/21 17:06:30 | 000,008,013 | ---- | M] () MD5=CED0EAD8D152B3D0F114698DE2316C5E -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_f0f9032ef6930070\WinLogon.adml
 
< MD5 for: WINLOGON.ADMX  >
[2009/06/11 07:04:41 | 000,005,237 | ---- | M] () MD5=89D8F50E186A16C2CED3CF36DBBC0B2C -- C:\Windows\PolicyDefinitions\WinLogon.admx
[2009/06/11 07:04:41 | 000,005,237 | ---- | M] () MD5=89D8F50E186A16C2CED3CF36DBBC0B2C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-adm_31bf3856ad364e35_6.1.7600.16385_none_d7024e6992f3424d\WinLogon.admx
 
< MD5 for: WINLOGON.EXE  >
[2010/11/21 13:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/21 13:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
 
< MD5 for: WINLOGON.EXE.MUI  >
[2010/11/21 17:06:14 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=34C7D2E30868EDAFB191341D963ABA5F -- C:\Windows\SysNative\en-US\winlogon.exe.mui
[2010/11/21 17:06:14 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=34C7D2E30868EDAFB191341D963ABA5F -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.1.7601.17514_en-us_291e96fa1ab5fc7b\winlogon.exe.mui
 
< MD5 for: WINLOGON.MFL  >
[2010/11/21 17:06:15 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\SysNative\wbem\en-US\winlogon.mfl
[2010/11/21 17:06:15 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-mof.resources_31bf3856ad364e35_6.1.7600.16385_en-us_84afd4fd38ffd276\winlogon.mfl
 
< MD5 for: WINLOGON.MOF  >
[2009/07/14 06:30:01 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\SysNative\wbem\winlogon.mof
[2009/07/14 06:30:01 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-mof_31bf3856ad364e35_6.1.7600.16385_none_dc2dbb778f98e40f\winlogon.mof
 
< %SYSTEMDRIVE%\*.* >
[2014/04/19 23:39:56 | 2108,284,927 | -HS- | M] () -- C:\hiberfil.sys
[2014/04/19 23:39:56 | 4242,706,431 | -HS- | M] () -- C:\pagefile.sys
[2012/10/16 17:55:35 | 000,002,187 | ---- | M] () -- C:\RHDSetup.log
 
< %systemroot%\Fonts\*.com >
[2009/07/14 15:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 15:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 15:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 15:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
 
< %systemroot%\Fonts\*.dll >
 
< %systemroot%\Fonts\*.ini >
[2009/06/11 06:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini
 
< %systemroot%\Fonts\*.ini2 >
 
< %systemroot%\Fonts\*.exe >
 
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
 
< %systemroot%\REPAIR\*.bak1 >
 
< %systemroot%\REPAIR\*.ini >
 
< %systemroot%\system32\*.jpg >
 
< %systemroot%\*.jpg >
 
< %systemroot%\*.png >
 
< %systemroot%\*.scr >
 
< %systemroot%\*._sy >
 
< %APPDATA%\Adobe\Update\*.* >
 
< %ALLUSERSPROFILE%\Favorites\*.* >
 
< %APPDATA%\Microsoft\*.* >
 
< %PROGRAMFILES%\*.* >
[2009/07/14 14:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
 
< %APPDATA%\Update\*.* >
 
< %systemroot%\*. /mp /s >
 
< dir "%systemdrive%\*" /S /A:L /C >
 Volume in drive C has no label.
 Volume Serial Number is C267-43C4
 Directory of C:\
14/07/2009  03:08 PM    <JUNCTION>     Documents and Settings [C:\Users]
               0 File(s)              0 bytes
 Directory of C:\ProgramData
14/07/2009  03:08 PM    <JUNCTION>     Application Data [C:\ProgramData]
14/07/2009  03:08 PM    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
14/07/2009  03:08 PM    <JUNCTION>     Documents [C:\Users\Public\Documents]
14/07/2009  03:08 PM    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
14/07/2009  03:08 PM    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009  03:08 PM    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users
14/07/2009  03:08 PM    <SYMLINKD>     All Users [C:\ProgramData]
14/07/2009  03:08 PM    <JUNCTION>     Default User [C:\Users\Default]
               0 File(s)              0 bytes
 Directory of C:\Users\All Users
14/07/2009  03:08 PM    <JUNCTION>     Application Data [C:\ProgramData]
14/07/2009  03:08 PM    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
14/07/2009  03:08 PM    <JUNCTION>     Documents [C:\Users\Public\Documents]
14/07/2009  03:08 PM    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
14/07/2009  03:08 PM    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009  03:08 PM    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Default
14/07/2009  03:08 PM    <JUNCTION>     Application Data [C:\Users\Default\AppData\Roaming]
14/07/2009  03:08 PM    <JUNCTION>     Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
14/07/2009  03:08 PM    <JUNCTION>     Local Settings [C:\Users\Default\AppData\Local]
14/07/2009  03:08 PM    <JUNCTION>     My Documents [C:\Users\Default\Documents]
14/07/2009  03:08 PM    <JUNCTION>     NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
14/07/2009  03:08 PM    <JUNCTION>     PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
14/07/2009  03:08 PM    <JUNCTION>     Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
14/07/2009  03:08 PM    <JUNCTION>     SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
14/07/2009  03:08 PM    <JUNCTION>     Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
14/07/2009  03:08 PM    <JUNCTION>     Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Default\AppData\Local
14/07/2009  03:08 PM    <JUNCTION>     Application Data [C:\Users\Default\AppData\Local]
14/07/2009  03:08 PM    <JUNCTION>     History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009  03:08 PM    <JUNCTION>     Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Default\Documents
14/07/2009  03:08 PM    <JUNCTION>     My Music [C:\Users\Default\Music]
14/07/2009  03:08 PM    <JUNCTION>     My Pictures [C:\Users\Default\Pictures]
14/07/2009  03:08 PM    <JUNCTION>     My Videos [C:\Users\Default\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\fbwuser
13/07/2013  12:27 PM    <JUNCTION>     Application Data [C:\Users\fbwuser\AppData\Roaming]
13/07/2013  12:27 PM    <JUNCTION>     Cookies [C:\Users\fbwuser\AppData\Roaming\Microsoft\Windows\Cookies]
13/07/2013  12:27 PM    <JUNCTION>     Local Settings [C:\Users\fbwuser\AppData\Local]
13/07/2013  12:27 PM    <JUNCTION>     My Documents [C:\Users\fbwuser\Documents]
13/07/2013  12:27 PM    <JUNCTION>     NetHood [C:\Users\fbwuser\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
13/07/2013  12:27 PM    <JUNCTION>     PrintHood [C:\Users\fbwuser\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
13/07/2013  12:27 PM    <JUNCTION>     Recent [C:\Users\fbwuser\AppData\Roaming\Microsoft\Windows\Recent]
13/07/2013  12:27 PM    <JUNCTION>     SendTo [C:\Users\fbwuser\AppData\Roaming\Microsoft\Windows\SendTo]
13/07/2013  12:27 PM    <JUNCTION>     Start Menu [C:\Users\fbwuser\AppData\Roaming\Microsoft\Windows\Start Menu]
13/07/2013  12:27 PM    <JUNCTION>     Templates [C:\Users\fbwuser\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\fbwuser\AppData\Local
13/07/2013  12:27 PM    <JUNCTION>     Application Data [C:\Users\fbwuser\AppData\Local]
13/07/2013  12:27 PM    <JUNCTION>     History [C:\Users\fbwuser\AppData\Local\Microsoft\Windows\History]
13/07/2013  12:27 PM    <JUNCTION>     Temporary Internet Files [C:\Users\fbwuser\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\fbwuser\Documents
13/07/2013  12:27 PM    <JUNCTION>     My Music [C:\Users\fbwuser\Music]
13/07/2013  12:27 PM    <JUNCTION>     My Pictures [C:\Users\fbwuser\Pictures]
13/07/2013  12:27 PM    <JUNCTION>     My Videos [C:\Users\fbwuser\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\Locky
16/10/2012  05:37 PM    <JUNCTION>     Application Data [C:\Users\Locky\AppData\Roaming]
16/10/2012  05:37 PM    <JUNCTION>     Cookies [C:\Users\Locky\AppData\Roaming\Microsoft\Windows\Cookies]
16/10/2012  05:37 PM    <JUNCTION>     Local Settings [C:\Users\Locky\AppData\Local]
16/10/2012  05:37 PM    <JUNCTION>     My Documents [C:\Users\Locky\Documents]
16/10/2012  05:37 PM    <JUNCTION>     NetHood [C:\Users\Locky\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
16/10/2012  05:37 PM    <JUNCTION>     PrintHood [C:\Users\Locky\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
16/10/2012  05:37 PM    <JUNCTION>     Recent [C:\Users\Locky\AppData\Roaming\Microsoft\Windows\Recent]
16/10/2012  05:37 PM    <JUNCTION>     SendTo [C:\Users\Locky\AppData\Roaming\Microsoft\Windows\SendTo]
16/10/2012  05:37 PM    <JUNCTION>     Start Menu [C:\Users\Locky\AppData\Roaming\Microsoft\Windows\Start Menu]
16/10/2012  05:37 PM    <JUNCTION>     Templates [C:\Users\Locky\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Locky\AppData\Local
16/10/2012  05:37 PM    <JUNCTION>     Application Data [C:\Users\Locky\AppData\Local]
16/10/2012  05:37 PM    <JUNCTION>     History [C:\Users\Locky\AppData\Local\Microsoft\Windows\History]
16/10/2012  05:37 PM    <JUNCTION>     Temporary Internet Files [C:\Users\Locky\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Locky\Documents
16/10/2012  05:37 PM    <JUNCTION>     My Music [C:\Users\Locky\Music]
16/10/2012  05:37 PM    <JUNCTION>     My Pictures [C:\Users\Locky\Pictures]
16/10/2012  05:37 PM    <JUNCTION>     My Videos [C:\Users\Locky\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\Public\Documents
14/07/2009  03:08 PM    <JUNCTION>     My Music [C:\Users\Public\Music]
14/07/2009  03:08 PM    <JUNCTION>     My Pictures [C:\Users\Public\Pictures]
14/07/2009  03:08 PM    <JUNCTION>     My Videos [C:\Users\Public\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\UpdatusUser
16/10/2012  08:39 PM    <JUNCTION>     PrintHood [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
16/10/2012  08:39 PM    <JUNCTION>     Recent [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Recent]
16/10/2012  08:39 PM    <JUNCTION>     SendTo [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\SendTo]
16/10/2012  08:39 PM    <JUNCTION>     Start Menu [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu]
16/10/2012  08:39 PM    <JUNCTION>     Templates [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Windows\System32\config\systemprofile
19/04/2014  03:48 PM    <JUNCTION>     Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
19/04/2014  03:48 PM    <JUNCTION>     Cookies [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies]
19/04/2014  03:48 PM    <JUNCTION>     Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
19/04/2014  03:48 PM    <JUNCTION>     My Documents [C:\Windows\system32\config\systemprofile\Documents]
19/04/2014  03:48 PM    <JUNCTION>     NetHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
19/04/2014  03:48 PM    <JUNCTION>     PrintHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
19/04/2014  03:48 PM    <JUNCTION>     Recent [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent]
19/04/2014  03:48 PM    <JUNCTION>     SendTo [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo]
19/04/2014  03:48 PM    <JUNCTION>     Start Menu [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu]
19/04/2014  03:48 PM    <JUNCTION>     Templates [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Windows\System32\config\systemprofile\AppData\Local
19/04/2014  03:48 PM    <JUNCTION>     Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
19/04/2014  03:48 PM    <JUNCTION>     History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
19/04/2014  03:48 PM    <JUNCTION>     Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows\System32\config\systemprofile\Documents
19/04/2014  03:48 PM    <JUNCTION>     My Music [C:\Windows\system32\config\systemprofile\Music]
19/04/2014  03:48 PM    <JUNCTION>     My Pictures [C:\Windows\system32\config\systemprofile\Pictures]
19/04/2014  03:48 PM    <JUNCTION>     My Videos [C:\Windows\system32\config\systemprofile\Videos]
               0 File(s)              0 bytes
 Directory of C:\Windows\SysWOW64\config\systemprofile
19/04/2014  03:48 PM    <JUNCTION>     Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
19/04/2014  03:48 PM    <JUNCTION>     Cookies [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies]
19/04/2014  03:48 PM    <JUNCTION>     Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
19/04/2014  03:48 PM    <JUNCTION>     My Documents [C:\Windows\system32\config\systemprofile\Documents]
19/04/2014  03:48 PM    <JUNCTION>     NetHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
19/04/2014  03:48 PM    <JUNCTION>     PrintHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
19/04/2014  03:48 PM    <JUNCTION>     Recent [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent]
19/04/2014  03:48 PM    <JUNCTION>     SendTo [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo]
19/04/2014  03:48 PM    <JUNCTION>     Start Menu [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu]
19/04/2014  03:48 PM    <JUNCTION>     Templates [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Windows\SysWOW64\config\systemprofile\AppData\Local
19/04/2014  03:48 PM    <JUNCTION>     Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
19/04/2014  03:48 PM    <JUNCTION>     History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
19/04/2014  03:48 PM    <JUNCTION>     Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows\SysWOW64\config\systemprofile\Documents
19/04/2014  03:48 PM    <JUNCTION>     My Music [C:\Windows\system32\config\systemprofile\Music]
19/04/2014  03:48 PM    <JUNCTION>     My Pictures [C:\Windows\system32\config\systemprofile\Pictures]
19/04/2014  03:48 PM    <JUNCTION>     My Videos [C:\Windows\system32\config\systemprofile\Videos]
               0 File(s)              0 bytes
     Total Files Listed:
               0 File(s)              0 bytes
             103 Dir(s)  425,345,671,168 bytes free
 
< %systemroot%\System32\config\*.sav >
 
< %PROGRAMFILES%\bak. /s >
 
< %systemroot%\system32\bak. /s >
 
< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
 
< %systemroot%\system32\config\systemprofile\*.dat /x >
 
< %systemroot%\*.config >
 
< %systemroot%\system32\*.db >
 
< %PROGRAMFILES%\Internet Explorer\*.dat >
 
< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2012/10/16 21:06:49 | 000,000,221 | -HS- | M] () -- C:\Users\Locky\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
 
< %USERPROFILE%\Desktop\*.exe >
[2014/03/02 06:32:22 | 019,430,926 | ---- | M] () -- C:\Users\Locky\Desktop\evasi0n7.exe
 
< %PROGRAMFILES%\Common Files\*.* >
 
< %systemroot%\*.src >
 
< %systemroot%\install\*.* >
 
< %systemroot%\system32\DLL\*.* >
 
< %systemroot%\system32\HelpFiles\*.* >
 
< %systemroot%\system32\rundll\*.* >
 
< %systemroot%\winn32\*.* >
 
< %systemroot%\Java\*.* >
 
< %systemroot%\system32\test\*.* >
 
< %systemroot%\system32\Rundll32\*.* >
 
< %systemroot%\AppPatch\Custom\*.* >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
 
< End of report >

Edited by Lochy, 19 April 2014 - 08:27 PM.


#8 Conspire

Conspire

    SuperHelper

  • Classroom Teacher
  • 5,805 posts

Posted 19 April 2014 - 08:54 PM

Hi,

Good to hear that it's running better now. We will do a final checkup before we conclude this.

Go here and click 'ESET Online Scanner'.

  • If you are not using Internet Explorer, double-click esetsmartinstaller_enu.exe to install it, then click 'Run'.
  • Turn off the real-time scanner of any existing antivirus program while performing the online scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • If using Internet Explorer, allow the ActiveX control to install when asked.
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Next to 'Current scan targets: Operating memory, Local drives', click the Change.. button.
  • Tick all the boxes that correspond to your external/inserted drives.
  • Click Start
  • Wait for the scan to finish.
  • When the scan is done, if it shows a screen that says "Threats found!", click "List of found threats", and then click "Export to text file..."
  • Save that text file to your desktop, and then copy/paste the contents in your next reply. Please do not attach it.

===================================================

Malwarebytes' Anti-Malware
Download Malwarebytes' Anti-Malware here and save to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program. (Note to Vista users, please right-click and select Run as Administrator.)
  • At the end, be sure a checkmark is placed next to:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please copy and paste the log back into your next reply

Note:

  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  • Or via the Logs tab when Malwarebytes' Anti-Malware is started.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so. Failure to reboot will prevent MBAM from removing all the malware.


===================================================

On your next reply please post :
ESET log
MBAM log



Please STOP and let me know if you have any problems in performing with the steps above or any questions you may have.


Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may Posted Image
Posted Image

#9 Lochy

Lochy

    Authentic Member

  • Authentic Member
  • PipPip
  • 187 posts

Posted 20 April 2014 - 01:27 AM

Hey Conspire,

 

According to these logs, there a few potential issues. But here they are:

 

ESET,

 

C:\Program Files (x86)\Bitcoin\bitcoin-qt.exe a variant of Win32/BitCoinMiner.BJ potentially unsafe application
C:\Program Files (x86)\Bitcoin\daemon\bitcoind.exe a variant of Win32/BitCoinMiner.BJ potentially unsafe application
C:\Program Files (x86)\Torchlight II\steam_api.dll a variant of Win32/HackTool.Crack.BQ potentially unsafe application
C:\Users\Locky\AppData\Local\Temp\UNT4A3F.exe Win32/Toolbar.Conduit.R potentially unwanted application
C:\Users\Locky\AppData\Local\Temp\UNT84EE.tmp Win32/Toolbar.Conduit.R potentially unwanted application
C:\Users\Locky\AppData\Local\Temp\nsxAB02\SpSetup.exe a variant of Win32/Conduit.SearchProtect.H potentially unwanted application
C:\Users\Locky\Desktop\Anti V and MalwareSpyware\setups\ccsetup401.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Locky\Desktop\Movies\The Dilemma {2011} DVDRIP. Jaybob\Jaybob's_Movies_Toolbar_Internet Explorer.exe a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\Users\Locky\Desktop\Movies\The Fighter {2010} DVDRIP. Jaybob\Jaybob's_Movies_Toolbar_Internet Explorer.exe a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\Users\Locky\Desktop\New folder\Private\This comp\ccsetup412.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Locky\Downloads\bitcoin-0.8.1-win32-setup.exe a variant of Win32/BitCoinMiner.BJ potentially unsafe application
C:\Users\Locky\Downloads\cbsidlm-tr1_11-Command__Conquer_Tiberian_Sun_Patch-ORG-10033210.exe Win32/DownloadAdmin.G potentially unwanted application
C:\Users\Locky\Downloads\ccsetup402.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Locky\Downloads\ccsetup410.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Locky\Downloads\ccsetup411.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Locky\Downloads\DTLite4471-0333.exe Win32/DownWare.L potentially unwanted application
C:\Users\Locky\Downloads\File_Downloader.exe MSIL/Solimba potentially unwanted application
C:\Users\Locky\Downloads\HSS-2.78-install-download-80-conduit.exe Win32/Toolbar.Conduit potentially unwanted application
C:\Users\Locky\Downloads\iPadian.exe Win32/Somoto.A potentially unwanted application
C:\Users\Locky\Downloads\ipadianew.rar Win32/Somoto.A potentially unwanted application
C:\Users\Locky\Downloads\rcsetup146 (1).exe Win32/Bundled.Toolbar.Google.E potentially unsafe application
C:\Users\Locky\Downloads\rcsetup146.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application
C:\Users\Locky\Downloads\utorrent.exe a variant of Win32/Bunndle potentially unsafe application
C:\Users\Locky\Downloads\YTDSetup.exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application
C:\Users\Locky\Downloads\FL Studio Producer Edition 11.0.2 + Plugins Bundle R2R [ChingLiu]\flstudio_11.0.2.exe Win32/OpenCandy potentially unsafe application
C:\Users\Locky\Downloads\Torchlight.II-RELOADED\rld-torc2.iso a variant of Win32/HackTool.Crack.BQ potentially unsafe application
C:\Windows\Installer\3e6af7.msi Win32/Toolbar.Linkury.D potentially unwanted application
F:\Crack\steam_api.dll a variant of Win32/HackTool.Crack.BQ potentially unsafe application
 

 

And MalwareBytes:

 

 

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 20/04/2014
Scan Time: 5:24:34 PM
Logfile: MalwareBytes.txt
Administrator: Yes
 
Version: 2.00.1.1004
Malware Database: v2014.04.20.02
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Locky
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 286173
Time Elapsed: 1 hr, 5 min, 49 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 4
PUP.Optional.QuickShare.A, HKU\S-1-5-21-1473036763-2020998618-169115810-1010-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}, , [f0a2bd6fbcbf191d387e0a4134ce4db3], 
PUP.Optional.QuickShare.A, HKU\S-1-5-21-1473036763-2020998618-169115810-1010-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}, , [f0a2bd6fbcbf191d387e0a4134ce4db3], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-1473036763-2020998618-169115810-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, , [256d4ede42393afc1a017238ae558c74], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-1473036763-2020998618-169115810-1010-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, , [cbc76dbfaccfcc6a2fecacfe24df0af6], 
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 5
PUP.Optional.SnapDo.A, HKU\S-1-5-21-1473036763-2020998618-169115810-1010-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, http://feed.snapdo.c...15uz07IWBw,,&q={searchTerms}, Good: (www.google.com), Bad: (http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPBDDI6Pk-fpITtt_7-dx2uywuT-4gdlOp-CayquYWZzW-xgHaNJagvM2FY8HkSbl904Fa0VHQnfecyNuhSho98zpRZ94zHMW5zpiS-Yw8gBI3rKusCHfyzpT2Atjj9iR9pNIvw_kmbhZ9oVh5RiwoJPx329b0xrW5715uz07IWBw,,&q={searchTerms}),,[880a8e9e6c0ff640bb87f42b51b3a25e]
 
Folders: 1
PUP.Optional.CrossRider.A, C:\Users\Locky\AppData\Local\Updater26276, , [f59dc5676615d95d09f9e08241c141bf], 
 
Files: 14
PUP.Optional.SearchProtect.A, C:\Users\Locky\AppData\Local\Temp\nsa21DD.exe, , [2b676cc02b50d95d0a4ac26232cff907], 
PUP.Optional.SearchProtect.A, C:\Users\Locky\AppData\Local\Temp\nsf1F8B.exe, , [d0c2f8342358e65044101212f20f1ae6], 
PUP.Optional.SearchProtect.A, C:\Users\Locky\AppData\Local\Temp\nsfFB93.exe, , [623042eae992290d3b19af75a65bf20e], 
PUP.Optional.SearchProtect.A, C:\Users\Locky\AppData\Local\Temp\nsuFDC5.exe, , [c1d1be6e047793a34f0556cec73a19e7], 
PUP.Optional.Conduit.A, C:\Users\Locky\AppData\Local\Temp\UNT84EE.tmp, , [4e447eae344782b4d4ab1ef97e8302fe], 
PUP.Optional.CostMin.A, C:\Users\Locky\AppData\Local\Temp\UNT4A3D.exe, , [3f5355d77dfed0660566769d2ad801ff], 
PUP.Optional.Conduit.A, C:\Users\Locky\AppData\Local\Temp\UNT4A3F.exe, , [d8ba85a77ffca78facd36bac936ef907], 
PUP.Optional.Conduit.A, C:\Users\Locky\AppData\Local\Temp\nsxAB02\SpSetup.exe, , [6b27919b403b34028cb7b06916ebca36], 
PUP.Optional.OpenCandy, C:\Users\Locky\Downloads\DTLite4471-0333.exe, , [a8ea19135c1fed49bae193b9877d21df], 
PUP.Optional.Somoto, C:\Users\Locky\Downloads\iPadian.exe, , [f0a25bd139420e28f3e060ebe61e06fa], 
PUP.Optional.Somoto, C:\Users\Locky\Downloads\ipadianew.rar, , [c9c9191394e7ba7cb2210546da2a39c7], 
PUP.Optional.Solimba, C:\Users\Locky\Downloads\File_Downloader.exe, , [eda557d5d0ab1521632a22deca37c739], 
PUP.Optional.Spigot.A, C:\Users\Locky\Downloads\YTDSetup.exe, , [c7cb111b62195fd74d2ca581768a8878], 
PUP.Optional.SmartBar.A, C:\Windows\Installer\3e6af7.msi, , [e1b19c906912fc3a656ef1362fd111ef], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#10 Conspire

Conspire

    SuperHelper

  • Classroom Teacher
  • 5,805 posts

Posted 20 April 2014 - 02:15 AM

That's the reason why we have follow ups to check for remnants. ;)

Did you click Apply Actions to allow MBAM to clean what was detected?

You have ( uTorrent ), a P2P/file sharing programs installed on your computer. P2P applications like it are the largest source of malware we see. You'll be doing yourself a favor by removing it.

We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It likely contributed to your current situation. This page will give you further information.
Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.
Please see this topic for more information:
Perils of P2P File Sharing.

I would recommend that you uninstall it, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.

Run OTL.exe

  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :Files
    C:\Program Files (x86)\Bitcoin\bitcoin-qt.exe
    C:\Program Files (x86)\Bitcoin\daemon\bitcoind.exe
    C:\Program Files (x86)\Torchlight II\steam_api.dll
    C:\Users\Locky\AppData\Local\Temp\UNT4A3F.exe
    C:\Users\Locky\AppData\Local\Temp\UNT84EE.tmp
    C:\Users\Locky\AppData\Local\Temp\nsxAB02
    C:\Users\Locky\Desktop\Movies\The Dilemma {2011} DVDRIP. Jaybob\Jaybob's_Movies_Toolbar_Internet Explorer.exe
    C:\Users\Locky\Desktop\Movies\The Fighter {2010} DVDRIP. Jaybob\Jaybob's_Movies_Toolbar_Internet Explorer.exe
    C:\Users\Locky\Downloads\bitcoin-0.8.1-win32-setup.exe
    C:\Users\Locky\Downloads\File_Downloader.exe
    C:\Users\Locky\Downloads\HSS-2.78-install-download-80-conduit.exe
    C:\Users\Locky\Downloads\iPadian.exe
    C:\Users\Locky\Downloads\ipadianew.rar
    C:\Users\Locky\Downloads\rcsetup146 (1).exe
    C:\Users\Locky\Downloads\rcsetup146.exe
    C:\Users\Locky\Downloads\utorrent.exe
    C:\Users\Locky\Downloads\YTDSetup.exe
    C:\Users\Locky\Downloads\FL Studio Producer Edition 11.0.2 + Plugins Bundle R2R [ChingLiu]\flstudio_11.0.2.exe
    C:\Users\Locky\Downloads\Torchlight.II-RELOADED\rld-torc2.iso
    C:\Windows\Installer\3e6af7.msi
    F:\Crack
    
    :Commands
    [EMPTYTEMP]
    [CLEARALLRESTOREPOINTS]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post Fix OTL log as well as a new OTL log by rerunning it after reboot without custom scans script.

Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may Posted Image
Posted Image

#11 Conspire

Conspire

    SuperHelper

  • Classroom Teacher
  • 5,805 posts

Posted 22 April 2014 - 10:11 PM

Due to inactivity this topic will be closed.
If you need help please start a new thread.

New members follow the instructions here http://forums.whatth...ed_t106388.html and start a new topic
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may Posted Image
Posted Image

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users