hello,
I have Noticed after the last few days that my Chrome browser instantly being redirected as soon as I open chrome. Also, I wanted a general check-up if at all possible:) So, here is my logs OTL & HJT
OTL logfile created on: 19/04/2014 12:11:19 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Locky\Desktop\Anti V and MalwareSpyware\VirisMalware Removal
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy
7.95 Gb Total Physical Memory | 4.39 Gb Available Physical Memory | 55.17% Memory free
15.90 Gb Paging File | 12.17 Gb Available in Paging File | 76.55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 390.44 Gb Free Space | 41.92% Space Free | Partition Type: NTFS
Drive D: | 6.97 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 1.58 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: LOCKY-PC | User Name: Locky | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Locky\Desktop\Anti V and MalwareSpyware\VirisMalware Removal\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe (Conduit)
PRC - C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe (Conduit)
PRC - C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe (Conduit)
PRC - C:\Program Files (x86)\LPT\srpts.exe ()
PRC - C:\Users\Locky\AppData\Local\LPT\srptm.exe ()
PRC - C:\Users\Locky\AppData\Local\Smartbar\Application\Lrcnta.exe ()
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe (AVG Secure Search)
PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\loggingserver.exe ()
PRC - C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe (AnchorFree Inc.)
PRC - C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe ()
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe (Apple Inc.)
PRC - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Users\Locky\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
PRC - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe (VideoLAN)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Hostless Modem\Telstra USB+Wi-Fi\CheckNDISPort_df.exe ()
PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Codebox\BitMeter\BitMeter2.exe ( )
========== Modules (No Company Name) ==========
MOD - C:\Windows\assembly\GAC_32\System.Data.SQLite\1.0.66.0__db937bc2d44ff139\System.Data.SQLite.dll ()
MOD - C:\Users\Locky\AppData\Local\Smartbar\Application\srut.dll ()
MOD - C:\Users\Locky\AppData\Local\LPT\srut.dll ()
MOD - C:\Users\Locky\AppData\Local\LPT\srpt.dll ()
MOD - C:\Users\Locky\AppData\Local\LPT\srptm.exe ()
MOD - C:\Users\Locky\AppData\Local\LPT\srptc.dll ()
MOD - C:\Users\Locky\AppData\Local\LPT\srpdm.dll ()
MOD - C:\Users\Locky\AppData\Local\LPT\srbu.dll ()
MOD - C:\Users\Locky\AppData\Local\Smartbar\Application\sppsm.dll ()
MOD - C:\Users\Locky\AppData\Local\LPT\sppsm.dll ()
MOD - C:\Users\Locky\AppData\Local\LPT\Smartbar.Resources.HistoryAndStatsWrapper.dll ()
MOD - C:\Users\Locky\AppData\Local\LPT\Smartbar.Monetization.Proxy.ProxyService.dll ()
MOD - C:\Users\Locky\AppData\Local\Smartbar\Application\Smartbar.Personalization.Common.dll ()
MOD - C:\Users\Locky\AppData\Local\LPT\Smartbar.Personalization.Common.dll ()
MOD - C:\Users\Locky\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Utilities.dll ()
MOD - C:\Users\Locky\AppData\Local\LPT\Smartbar.Infrastructure.Utilities.dll ()
MOD - C:\Users\Locky\AppData\Local\LPT\Smartbar.Common.dll ()
MOD - C:\Users\Locky\AppData\Local\Smartbar\Application\Lrcnta.exe ()
MOD - C:\Users\Locky\AppData\Local\Smartbar\Application\lrcnt.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ppgooglenaclpluginchrome.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\pdf.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\libglesv2.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\libegl.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ffmpegsumo.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\chrome_elf.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\gui\libqt4_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\libvlccore.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libtheora_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libpng_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_output\libwaveout_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_output\libaout_directx_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libdts_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libcdg_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liblibass_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libvorbis_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libschroedinger_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libopus_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liblpcm_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libspudec_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libmpeg_audio_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liba52_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libaes3_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libavcodec_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libfaad_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libflac_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\video_filter\libswscale_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libfluidsynth_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\video_filter\libatmo_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libspeex_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\control\libhotkeys_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libaraw_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\control\libglobalhotkeys_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\video_filter\libsharpen_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\video_filter\libyuvp_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_mixer\libfloat32_mixer_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\video_filter\libgrain_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\lua\liblua_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libdtstofloat32_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\liba52tofloat32_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libaudio_format_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\video_filter\libgradfun_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libdtstospdif_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libconverter_fixed_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\video_filter\libscale_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\meta_engine\libtaglib_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libsamplerate_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libmpgatofixed32_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libequalizer_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libscaletempo_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libsimple_channel_mixer_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libdolby_surround_decoder_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libugly_resampler_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\liba52tospdif_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\misc\libxml_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\mmxext\libmemcpymmxext_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\text_renderer\libfreetype_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\mmx\libi420_rgb_mmx_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi420_rgb_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\mmx\libi420_yuy2_mmx_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi420_yuy2_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\mmx\libi422_yuy2_mmx_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libyuy2_i422_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi422_i420_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\sse2\libi420_rgb_sse2_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\video_output\libdirect3d_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\video_output\libdirectx_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\sse2\libi420_yuy2_sse2_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\sse2\libi422_yuy2_sse2_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libyuy2_i420_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi422_yuy2_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libgrey_yuv_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libdvdnav_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libdshow_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\access\liblibbluray_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libzip_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libaccess_vdr_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libfilesystem_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libaccess_bd_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libstream_filter_rar_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libplaylist_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libmp4_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libstream_filter_dash_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libstream_filter_httplive_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\libvlc.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libstream_filter_record_plugin.dll ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\217eb642d94b1188dd41a80fe3476cb6\IAStorCommon.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorDataMgrSvcInt#\f62d4633c38df8ddcd9b18f103b494bd\IAStorDataMgrSvcInterfaces.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\769b1283b90cfa365a38efffeadc8fff\IAStorUtil.ni.dll ()
MOD - C:\Program Files (x86)\Hostless Modem\Telstra USB+Wi-Fi\CheckNDISPort_df.exe ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\56780b4bd164787631d4317d0556c3c0\UIAutomationClientsideProviders.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\f0f10d0591d11a36ee2aa8ee2fbdb2bf\System.WorkflowServices.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\4782a5d2bc7d86895faf404a3470aacb\System.ServiceModel.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\eca4310274a7a6ce651b33cd4278610c\UIAutomationClient.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\b4c60dd01be760ee0452df2c040de8fc\System.IdentityModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\e2642bff810609f64343e53dddb6b59c\System.ServiceModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\4a984a9ad59d14063bc6ae64a0c8f62a\System.Runtime.Serialization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\8218dc4808b77f3585fb048c61597af1\SMDiagnostics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\02d5be8209f0eac6f7725f8d83b87df6\System.Web.Services.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\da5da08245467818759aa44c4eb948e1\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\887ef2648686aad19feff405eddbffd2\System.EnterpriseServices.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\ad18f93fc713db2c4b29b25116c13bd8\System.Transactions.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\887ef2648686aad19feff405eddbffd2\System.EnterpriseServices.Wrapper.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\1e85062785e286cd9eae9c26d2c61f73\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\6820836e29efa97200d3fcfb4d0f170b\UIAutomationTypes.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\ab8ac659d9525c6a0cd22c6f3734862f\UIAutomationProvider.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\9859a6e0562f64eacfb8ad76f260a2d6\Accessibility.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf293040f3a93afa1ea782487acae816\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\d9a485330ec2708456134e4a9712a4ab\System.Security.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\4308c2310ca6f08c6e0068172e5b709f\System.Data.SqlXml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\461d3b6b3f43e6fbe6c897d5936e17e4\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bc09ad2d49d8535371845cd7532f9271\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
========== Services (SafeList) ==========
SRV:64bit: - (NvStreamSvc) -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation)
SRV:64bit: - (Intel® -- C:\Windows\SysNative\IPROSetMonitor.exe (Intel Corporation)
SRV:64bit: - (DTSAudioSvc) -- C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe (DTS, Inc)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (CltMngSvc) -- C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe (Conduit)
SRV - (LPTSystemUpdater) -- C:\Program Files (x86)\LPT\srpts.exe ()
SRV - (vToolbarUpdater18.0.5) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe (AVG Secure Search)
SRV - (hshld) -- C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe (AnchorFree Inc.)
SRV - (HssTrayService) -- C:\Program Files (x86)\Hotspot Shield\bin\HSSTrayService.exe ()
SRV - (HssWd) -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe ()
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (c2cautoupdatesvc) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation)
SRV - (c2cpnrsvc) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Microsoft Corporation)
SRV - (NvNetworkService) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (AtherosSvc) -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (Atheros Commnucations)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV:64bit: - (wStLibG64) -- C:\Windows\SysNative\drivers\wStLibG64.sys (StdLib)
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (taphss6) -- C:\Windows\SysNative\drivers\taphss6.sys (Anchorfree Inc.)
DRV:64bit: - (HssDRV6) -- C:\Windows\SysNative\drivers\hssdrv6.sys (AnchorFree Inc.)
DRV:64bit: - (nvvad_WaveExtensible) -- C:\Windows\SysNative\drivers\nvvad64v.sys (NVIDIA Corporation)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.)
DRV:64bit: - (Avgloga) -- C:\Windows\SysNative\drivers\avgloga.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (asmtxhci) -- C:\Windows\SysNative\drivers\asmtxhci.sys (ASMedia Technology Inc)
DRV:64bit: - (asmthub3) -- C:\Windows\SysNative\drivers\asmthub3.sys (ASMedia Technology Inc)
DRV:64bit: - (iaStorF) -- C:\Windows\SysNative\drivers\iaStorF.sys (Intel Corporation)
DRV:64bit: - (iaStorA) -- C:\Windows\SysNative\drivers\iaStorA.sys (Intel Corporation)
DRV:64bit: - (asahci64) -- C:\Windows\SysNative\drivers\asahci64.sys (Asmedia Technology)
DRV:64bit: - (mv91cons) -- C:\Windows\SysNative\drivers\mv91cons.sys (Marvell Semiconductor Inc.)
DRV:64bit: - (mvs91xx) -- C:\Windows\SysNative\drivers\mvs91xx.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (e1cexpress) -- C:\Windows\SysNative\drivers\e1c62x64.sys (Intel Corporation)
DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\drivers\btfilter.sys (Atheros)
DRV:64bit: - (BTATH_HCRP) -- C:\Windows\SysNative\drivers\btath_hcrp.sys (Atheros)
DRV:64bit: - (BTATH_RCP) -- C:\Windows\SysNative\drivers\btath_rcp.sys (Atheros)
DRV:64bit: - (BTATH_LWFLT) -- C:\Windows\SysNative\drivers\btath_lwflt.sys (Atheros)
DRV:64bit: - (BTATH_A2DP) -- C:\Windows\SysNative\drivers\btath_a2dp.sys (Atheros)
DRV:64bit: - (ATHDFU) -- C:\Windows\SysNative\drivers\AthDfu.sys (Windows ® Win 7 DDK provider)
DRV:64bit: - (AthBTPort) -- C:\Windows\SysNative\drivers\btath_flt.sys (Atheros)
DRV:64bit: - (BTATH_BUS) -- C:\Windows\SysNative\drivers\btath_bus.sys (Atheros)
DRV:64bit: - (huawei_ext_ctrl) -- C:\Windows\SysNative\drivers\ew_juextctrl.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (huawei_cdcacm) -- C:\Windows\SysNative\drivers\ew_jucdcacm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (huawei_enumerator) -- C:\Windows\SysNative\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (huawei_wwanecm) -- C:\Windows\SysNative\drivers\ew_juwwanecm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (ew_usbenumfilter) -- C:\Windows\SysNative\drivers\ew_usbenumfilter.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (ew_hwusbdev) -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (RTL8192su) -- C:\Windows\SysNative\drivers\RTL8192su.sys (Realtek Semiconductor Corporation )
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (tsusbhub) -- C:\Windows\SysNative\drivers\tsusbhub.sys (Microsoft Corporation)
DRV:64bit: - (Synth3dVsc) -- C:\Windows\SysNative\drivers\Synth3dVsc.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (ZTEusbnet) -- C:\Windows\SysNative\drivers\ZTEusbnet.sys (ZTE Corporation)
DRV:64bit: - (ZTEusbnmea) -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys (ZTE Incorporated)
DRV:64bit: - (ZTEusbmdm6k) -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys (ZTE Incorporated)
DRV - (Hmonitor45) -- C:\Windows\SysWOW64\drivers\hmonitor45.sys (OpenLibSys.org)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9A 99 FC 8B 0B 4C CF 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =
========== FireFox ==========
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_199.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_199.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.0.5\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}: C:\PROGRAM FILES\V-BATES\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\15.3.0.11
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}: C:\Program Files\V-bates\Firefox
O1 HOSTS File: ([2009/06/11 07:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll File not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg_DTS] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [ShadowPlay] C:\Windows\SysNative\nvspcap64.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [tvncontrol] "C:\Program Files\TightVNC\tvnserver.exe" -controlservice -slave File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CheckNDISPort_df] C:\Program Files (x86)\Hostless Modem\Telstra USB+Wi-Fi\CheckNDISPort_df.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe Run File not found
O4 - HKCU..\Run: [Browser Infrastructure Helper] C:\Users\Locky\AppData\Local\Smartbar\Application\SnapDo.exe (Smartbar)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (Disc Soft Ltd)
O4 - HKCU..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [uTorrent] C:\Users\Locky\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0D0054A8-6A0F-4C9A-A76F-3EB9557CC7D7}: DhcpNameServer = 10.143.147.147 10.143.147.148
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4ABE5F23-35B2-48F8-A403-5D158C973C81}: DhcpNameServer = 10.143.147.147 10.143.147.148
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{63028132-73F8-41A4-8DEE-CFC364554ACD}: DhcpNameServer = 10.143.147.147 10.143.147.148
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{63028132-73F8-41A4-8DEE-CFC364554ACD}: NameServer = 10.143.147.147 10.143.147.148
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{73D36460-CA81-4EB4-9BED-FE9E04E69318}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{74D9A283-BE47-4CA9-9D03-10A8756A33CB}: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9286E346-F9C1-4898-BCBB-2B3F79DAB721}: DhcpNameServer = 10.143.147.147 10.143.147.148
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A0EB1494-E492-4EF9-9ECC-2431BA8E9EA1}: DhcpNameServer = 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A325BABF-19D5-4B35-884C-BE187CF62C3D}: DhcpNameServer = 192.168.0.1 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AC5476FF-DF57-4E3B-BBE4-CF99AFE33995}: NameServer = 10.143.147.147 10.143.147.148
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BEC713B5-0566-48D4-8873-32B401CB6B90}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.0.5\ViProtocol.dll (AVG Secure Search)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll) - C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll (Conduit)
O20 - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll) - C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll (Conduit)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/09/21 03:03:23 | 000,000,041 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{55b46237-985f-11e2-bac4-00268339c5a6}\Shell - "" = AutoRun
O33 - MountPoints2\{55b46237-985f-11e2-bac4-00268339c5a6}\Shell\AutoRun\command - "" = E:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{55b462fa-985f-11e2-bac4-00268339c5a6}\Shell - "" = AutoRun
O33 - MountPoints2\{55b462fa-985f-11e2-bac4-00268339c5a6}\Shell\AutoRun\command - "" = E:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{55b46316-985f-11e2-bac4-00268339c5a6}\Shell - "" = AutoRun
O33 - MountPoints2\{55b46316-985f-11e2-bac4-00268339c5a6}\Shell\AutoRun\command - "" = E:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{6c5213d1-9e3d-11e2-bb70-00268339c5a6}\Shell - "" = AutoRun
O33 - MountPoints2\{6c5213d1-9e3d-11e2-bb70-00268339c5a6}\Shell\AutoRun\command - "" = E:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{84de1ce2-1f58-11e2-b017-00268339c5a6}\Shell - "" = AutoRun
O33 - MountPoints2\{84de1ce2-1f58-11e2-b017-00268339c5a6}\Shell\AutoRun\command - "" = E:\autorun.exe
O33 - MountPoints2\{8f9899ef-17e0-11e2-8728-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{8f9899ef-17e0-11e2-8728-806e6f6e6963}\Shell\AutoRun\command - "" = D:\.\Bin\ASSETUP.exe
O33 - MountPoints2\{b0328562-b4d3-11e2-bcbf-00268339c5a6}\Shell - "" = AutoRun
O33 - MountPoints2\{b0328562-b4d3-11e2-bcbf-00268339c5a6}\Shell\AutoRun\command - "" = E:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{e59f97bb-ce97-11e2-ad06-00268339c5a6}\Shell - "" = AutoRun
O33 - MountPoints2\{e59f97bb-ce97-11e2-ad06-00268339c5a6}\Shell\AutoRun\command - "" = F:\setup.exe -- [2012/09/21 03:04:10 | 000,356,922 | R--- | M] ( )
O33 - MountPoints2\{ecf00d9d-b4a3-11e2-ba1a-3085a99a00b3}\Shell - "" = AutoRun
O33 - MountPoints2\{ecf00d9d-b4a3-11e2-ba1a-3085a99a00b3}\Shell\AutoRun\command - "" = E:\setup_vmb_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2014/04/19 02:58:31 | 000,000,000 | ---D | C] -- C:\Users\Locky\AppData\Roaming\TightVNC
[2014/04/19 02:40:06 | 000,000,000 | ---D | C] -- C:\Users\Locky\AppData\Local\SearchProtect
[2014/04/19 02:40:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SearchProtect
[2014/04/19 02:00:28 | 000,061,112 | ---- | C] (StdLib) -- C:\Windows\SysNative\drivers\wStLibG64.sys
[2014/04/18 20:49:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LPT
[2014/04/18 20:48:35 | 000,000,000 | ---D | C] -- C:\Users\Locky\AppData\Local\LPT
[2014/04/18 20:48:34 | 000,000,000 | ---D | C] -- C:\Users\Locky\AppData\Local\Smartbar
[2014/04/18 20:47:43 | 000,000,000 | ---D | C] -- C:\Users\Locky\AppData\Local\FilesFrog Update Checker
[2014/04/18 08:12:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2014/04/15 21:31:18 | 000,054,984 | ---- | C] (AnchorFree Inc.) -- C:\Windows\SysNative\drivers\hssdrv6.sys
[2014/04/15 13:35:26 | 000,240,952 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys
[2014/03/27 11:08:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
[2014/03/27 11:04:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\World of Warcraft
[2014/03/22 21:50:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2014/04/19 11:57:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/04/19 11:57:00 | 000,000,282 | ---- | M] () -- C:\Windows\tasks\FF Watcher {AE6EEC99-09A4-4BB4-B518-872EEDE8AFEA}.job
[2014/04/19 11:33:17 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/04/19 03:41:32 | 175,537,914 | ---- | M] () -- C:\Users\Locky\Desktop\ladchloedaniel_4k.mp4.crdownload
[2014/04/19 02:00:28 | 000,061,112 | ---- | M] (StdLib) -- C:\Windows\SysNative\drivers\wStLibG64.sys
[2014/04/19 01:03:51 | 000,023,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/04/19 01:03:51 | 000,023,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/04/19 00:58:41 | 000,779,966 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/04/19 00:58:41 | 000,660,618 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/04/19 00:58:41 | 000,121,044 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/04/19 00:52:52 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/04/19 00:52:47 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
[2014/04/19 00:52:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/04/19 00:52:32 | 2108,284,927 | -HS- | M] () -- C:\hiberfil.sys
[2014/04/18 21:58:25 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/04/18 21:58:25 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/04/15 21:57:00 | 343,094,861 | ---- | M] () -- C:\Users\Locky\Desktop\IMG_0478.MOV
[2014/04/15 21:30:33 | 000,001,048 | ---- | M] () -- C:\Users\Public\Desktop\Hotspot Shield.lnk
[2014/04/15 13:35:26 | 000,240,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys
[2014/04/13 11:37:09 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/03/27 11:08:39 | 000,001,238 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2014/03/22 21:50:21 | 000,002,212 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2014/03/21 17:00:46 | 000,049,952 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2014/04/19 03:35:23 | 175,537,914 | ---- | C] () -- C:\Users\Locky\Desktop\ladchloedaniel_4k.mp4.crdownload
[2014/04/19 00:27:00 | 000,000,282 | ---- | C] () -- C:\Windows\tasks\FF Watcher {AE6EEC99-09A4-4BB4-B518-872EEDE8AFEA}.job
[2014/04/18 21:02:44 | 343,094,861 | ---- | C] () -- C:\Users\Locky\Desktop\IMG_0478.MOV
[2014/03/27 11:08:39 | 000,001,238 | ---- | C] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2014/03/22 21:50:21 | 000,002,212 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013/07/18 13:32:34 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2013/07/18 13:32:34 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2013/07/18 13:32:34 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2013/07/18 13:32:34 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2013/03/14 18:22:12 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2012/11/14 17:57:31 | 000,000,049 | ---- | C] () -- C:\Users\Locky\jagex_cl_runescape_LIVE_BETA.dat
[2012/10/30 09:54:47 | 000,000,012 | ---- | C] () -- C:\Users\Locky\jagexappletviewer.preferences
[2012/10/27 18:19:52 | 000,000,046 | ---- | C] () -- C:\Users\Locky\jagex_cl_speccollect_LIVE.dat
[2012/10/27 17:58:40 | 000,000,044 | ---- | C] () -- C:\Users\Locky\jagex_cl_runescape_LIVE.dat
[2012/10/27 17:29:04 | 000,000,046 | ---- | C] () -- C:\Users\Locky\jagex_cl_loginapplet_LIVE.dat
[2012/10/27 17:29:04 | 000,000,024 | ---- | C] () -- C:\Users\Locky\random.dat
[2012/10/17 20:26:50 | 000,007,605 | ---- | C] () -- C:\Users\Locky\AppData\Local\Resmon.ResmonCfg
[2012/10/16 20:05:02 | 000,773,778 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/10/16 17:45:06 | 000,052,038 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2012/10/16 17:41:57 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012/10/16 17:41:53 | 000,036,736 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2012/07/03 06:11:02 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\theowl.dll
========== ZeroAccess Check ==========
[2009/07/14 14:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2010/11/21 13:23:55 | 014,174,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010/11/21 13:24:02 | 012,872,192 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 11:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 13:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 11:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2013/07/03 16:50:55 | 000,000,000 | ---D | M] -- C:\Users\Locky\AppData\Roaming\.minecraft
[2012/10/19 20:49:57 | 000,000,000 | ---D | M] -- C:\Users\Locky\AppData\Roaming\AVG2013
[2014/03/16 12:06:58 | 000,000,000 | ---D | M] -- C:\Users\Locky\AppData\Roaming\Battle.net
[2013/06/25 23:24:52 | 000,000,000 | ---D | M] -- C:\Users\Locky\AppData\Roaming\Bitcoin
[2012/10/20 17:16:09 | 000,000,000 | ---D | M] -- C:\Users\Locky\AppData\Roaming\Bitmeter2
[2013/09/28 21:41:30 | 000,000,000 | ---D | M] -- C:\Users\Locky\AppData\Roaming\DAEMON Tools Lite
[2013/11/06 20:50:42 | 000,000,000 | ---D | M] -- C:\Users\Locky\AppData\Roaming\FlowStone
[2013/09/07 21:26:13 | 000,000,000 | ---D | M] -- C:\Users\Locky\AppData\Roaming\Image-Line
[2012/10/27 11:51:43 | 000,000,000 | ---D | M] -- C:\Users\Locky\AppData\Roaming\LolClient
[2014/02/23 07:53:09 | 000,000,000 | ---D | M] -- C:\Users\Locky\AppData\Roaming\PacificPoker
[2013/11/13 11:24:27 | 000,000,000 | ---D | M] -- C:\Users\Locky\AppData\Roaming\redsn0w
[2014/03/24 04:48:23 | 000,000,000 | ---D | M] -- C:\Users\Locky\AppData\Roaming\Samsung
[2014/04/19 02:58:31 | 000,000,000 | ---D | M] -- C:\Users\Locky\AppData\Roaming\TightVNC
[2012/10/19 20:47:31 | 000,000,000 | ---D | M] -- C:\Users\Locky\AppData\Roaming\TuneUp Software
[2014/04/19 12:15:02 | 000,000,000 | ---D | M] -- C:\Users\Locky\AppData\Roaming\uTorrent
[2013/03/29 21:19:39 | 000,000,000 | ---D | M] -- C:\Users\Locky\AppData\Roaming\Vodafone
========== Purity Check ==========
========== Custom Scans ==========
< %USERPROFILE%\..|smtmp;true;true;true /FP >
< %temp%\smtmp\*.* /s > >
< MD5 for: EXPLORER.ADML >
[2010/11/21 17:06:30 | 000,003,695 | ---- | M] () MD5=7A4C7F3CB156543113596988479CAFCE -- C:\Windows\PolicyDefinitions\en-US\Explorer.adml
[2010/11/21 17:06:30 | 000,003,695 | ---- | M] () MD5=7A4C7F3CB156543113596988479CAFCE -- C:\Windows\winsxs\amd64_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.1.7600.16385_en-us_7ef5713984067904\Explorer.adml
< MD5 for: EXPLORER.ADMX >
[2009/06/11 06:53:55 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\PolicyDefinitions\Explorer.admx
[2009/06/11 06:53:55 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\winsxs\amd64_microsoft-windows-shell-grouppolicy_31bf3856ad364e35_6.1.7600.16385_none_71af9b5b0a86e6b7\Explorer.admx
< MD5 for: EXPLORER.EXE >
[2010/11/21 13:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SysWOW64\explorer.exe
[2010/11/21 13:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010/11/21 13:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\explorer.exe
[2010/11/21 13:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2012/11/13 14:07:52 | 003,906,584 | ---- | M] (Safer-Networking Ltd.) MD5=E4A0900CF535888DDD85B10040CA3E34 -- C:\Program Files (x86)\Spybot - Search & Destroy 2\explorer.exe
< MD5 for: EXPLORER.EXE.716.DMP >
[2014/04/19 00:43:02 | 316,303,786 | ---- | M] () MD5=FC7A4209ED55E3D43D41F3585EA5354F -- C:\Windows\Temp\AtherosAppDump\explorer.exe.716.dmp
< MD5 for: EXPLORER.EXE.MUI >
[2010/11/21 17:06:17 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=4B87EEFDC8E253F846A7DFB49A8E6C70 -- C:\Windows\en-US\explorer.exe.mui
[2010/11/21 17:06:17 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=4B87EEFDC8E253F846A7DFB49A8E6C70 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_61e778c48d52d19b\explorer.exe.mui
[2010/11/21 17:06:19 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- C:\Windows\SysWOW64\en-US\explorer.exe.mui
[2010/11/21 17:06:19 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_6c3c2316c1b39396\explorer.exe.mui
< MD5 for: IEXPLORE.EXE >
[2010/11/21 13:24:43 | 000,695,056 | ---- | M] (Microsoft Corporation) MD5=86257731DDB311FBC283534CC0091634 -- C:\Program Files\Internet Explorer\iexplore.exe
[2010/11/21 13:24:43 | 000,695,056 | ---- | M] (Microsoft Corporation) MD5=86257731DDB311FBC283534CC0091634 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_1196a9003b674a92\iexplore.exe
[2010/11/21 13:25:08 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=C613E69C3B191BB02C7A191741A1D024 -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
[2010/11/21 13:25:08 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=C613E69C3B191BB02C7A191741A1D024 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_1beb53526fc80c8d\iexplore.exe
< MD5 for: IEXPLORE.EXE.MUI >
[2009/07/14 12:29:20 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=C29BCFB504E33FEADDFA2D0183CEF62F -- C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui
[2009/07/14 12:29:20 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=C29BCFB504E33FEADDFA2D0183CEF62F -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7601.17514_en-us_0b433e7773148b79\iexplore.exe.mui
[2009/07/14 12:05:06 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=FBA4CD95930248053A2C3F43CA70B986 -- C:\Program Files (x86)\Internet Explorer\en-US\iexplore.exe.mui
[2009/07/14 12:05:06 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=FBA4CD95930248053A2C3F43CA70B986 -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7601.17514_en-us_1597e8c9a7754d74\iexplore.exe.mui
< MD5 for: SERVICES >
[2009/06/11 07:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services
< MD5 for: SERVICES.EXE >
[2009/07/14 11:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/14 11:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
< MD5 for: SERVICES.EXE.MUI >
[2010/11/21 17:06:16 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui
[2010/11/21 17:06:16 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui
< MD5 for: SERVICES.LNK >
[2009/07/14 14:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
< MD5 for: SERVICES.MOF >
[2009/06/11 06:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/11 06:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof
< MD5 for: SERVICES.MSC >
[2010/11/21 17:06:14 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2009/06/11 06:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2010/11/21 17:06:17 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/06/11 07:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2010/11/21 17:06:14 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/11 06:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2010/11/21 17:06:17 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/11 07:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc
< MD5 for: SERVICES.PTXML >
[2009/07/14 06:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/14 06:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml
< MD5 for: SERVICES.SBS >
[2011/03/01 08:58:46 | 000,034,818 | ---- | M] () MD5=62AFD4B2025CE6D4706B36F4C4808F9B -- C:\Program Files (x86)\Spybot - Search & Destroy 2\Includes\Services.sbs
< MD5 for: WINLOGON.ADML >
[2010/11/21 17:06:30 | 000,008,013 | ---- | M] () MD5=CED0EAD8D152B3D0F114698DE2316C5E -- C:\Windows\PolicyDefinitions\en-US\WinLogon.adml
[2010/11/21 17:06:30 | 000,008,013 | ---- | M] () MD5=CED0EAD8D152B3D0F114698DE2316C5E -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_f0f9032ef6930070\WinLogon.adml
< MD5 for: WINLOGON.ADMX >
[2009/06/11 07:04:41 | 000,005,237 | ---- | M] () MD5=89D8F50E186A16C2CED3CF36DBBC0B2C -- C:\Windows\PolicyDefinitions\WinLogon.admx
[2009/06/11 07:04:41 | 000,005,237 | ---- | M] () MD5=89D8F50E186A16C2CED3CF36DBBC0B2C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-adm_31bf3856ad364e35_6.1.7600.16385_none_d7024e6992f3424d\WinLogon.admx
< MD5 for: WINLOGON.EXE >
[2010/11/21 13:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/21 13:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
< MD5 for: WINLOGON.EXE.MUI >
[2010/11/21 17:06:14 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=34C7D2E30868EDAFB191341D963ABA5F -- C:\Windows\SysNative\en-US\winlogon.exe.mui
[2010/11/21 17:06:14 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=34C7D2E30868EDAFB191341D963ABA5F -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.1.7601.17514_en-us_291e96fa1ab5fc7b\winlogon.exe.mui
< MD5 for: WINLOGON.MFL >
[2010/11/21 17:06:15 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\SysNative\wbem\en-US\winlogon.mfl
[2010/11/21 17:06:15 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-mof.resources_31bf3856ad364e35_6.1.7600.16385_en-us_84afd4fd38ffd276\winlogon.mfl
< MD5 for: WINLOGON.MOF >
[2009/07/14 06:30:01 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\SysNative\wbem\winlogon.mof
[2009/07/14 06:30:01 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-mof_31bf3856ad364e35_6.1.7600.16385_none_dc2dbb778f98e40f\winlogon.mof
< %SYSTEMDRIVE%\*.* >
[2014/04/19 00:52:32 | 2108,284,927 | -HS- | M] () -- C:\hiberfil.sys
[2014/04/19 00:52:31 | 4242,706,431 | -HS- | M] () -- C:\pagefile.sys
[2012/10/16 17:55:35 | 000,002,187 | ---- | M] () -- C:\RHDSetup.log
< %systemroot%\Fonts\*.com >
[2009/07/14 15:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 15:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 15:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 15:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
< %systemroot%\Fonts\*.dll >
< %systemroot%\Fonts\*.ini >
[2009/06/11 06:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini
< %systemroot%\Fonts\*.ini2 >
< %systemroot%\Fonts\*.exe >
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
< %systemroot%\REPAIR\*.bak1 >
< %systemroot%\REPAIR\*.ini >
< %systemroot%\system32\*.jpg >
< %systemroot%\*.jpg >
< %systemroot%\*.png >
< %systemroot%\*.scr >
< %systemroot%\*._sy >
< %APPDATA%\Adobe\Update\*.* >
< %ALLUSERSPROFILE%\Favorites\*.* >
< %APPDATA%\Microsoft\*.* >
< %PROGRAMFILES%\*.* >
[2009/07/14 14:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
< %APPDATA%\Update\*.* >
< %systemroot%\*. /mp /s >
< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C has no label.
Volume Serial Number is C267-43C4
Directory of C:\
14/07/2009 03:08 PM <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
14/07/2009 03:08 PM <JUNCTION> Application Data [C:\ProgramData]
14/07/2009 03:08 PM <JUNCTION> Desktop [C:\Users\Public\Desktop]
14/07/2009 03:08 PM <JUNCTION> Documents [C:\Users\Public\Documents]
14/07/2009 03:08 PM <JUNCTION> Favorites [C:\Users\Public\Favorites]
14/07/2009 03:08 PM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009 03:08 PM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
14/07/2009 03:08 PM <SYMLINKD> All Users [C:\ProgramData]
14/07/2009 03:08 PM <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
14/07/2009 03:08 PM <JUNCTION> Application Data [C:\ProgramData]
14/07/2009 03:08 PM <JUNCTION> Desktop [C:\Users\Public\Desktop]
14/07/2009 03:08 PM <JUNCTION> Documents [C:\Users\Public\Documents]
14/07/2009 03:08 PM <JUNCTION> Favorites [C:\Users\Public\Favorites]
14/07/2009 03:08 PM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009 03:08 PM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default
14/07/2009 03:08 PM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
14/07/2009 03:08 PM <JUNCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
14/07/2009 03:08 PM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
14/07/2009 03:08 PM <JUNCTION> My Documents [C:\Users\Default\Documents]
14/07/2009 03:08 PM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
14/07/2009 03:08 PM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
14/07/2009 03:08 PM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
14/07/2009 03:08 PM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
14/07/2009 03:08 PM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
14/07/2009 03:08 PM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
14/07/2009 03:08 PM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
14/07/2009 03:08 PM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009 03:08 PM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
14/07/2009 03:08 PM <JUNCTION> My Music [C:\Users\Default\Music]
14/07/2009 03:08 PM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
14/07/2009 03:08 PM <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\fbwuser
13/07/2013 12:27 PM <JUNCTION> Application Data [C:\Users\fbwuser\AppData\Roaming]
13/07/2013 12:27 PM <JUNCTION> Cookies [C:\Users\fbwuser\AppData\Roaming\Microsoft\Windows\Cookies]
13/07/2013 12:27 PM <JUNCTION> Local Settings [C:\Users\fbwuser\AppData\Local]
13/07/2013 12:27 PM <JUNCTION> My Documents [C:\Users\fbwuser\Documents]
13/07/2013 12:27 PM <JUNCTION> NetHood [C:\Users\fbwuser\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
13/07/2013 12:27 PM <JUNCTION> PrintHood [C:\Users\fbwuser\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
13/07/2013 12:27 PM <JUNCTION> Recent [C:\Users\fbwuser\AppData\Roaming\Microsoft\Windows\Recent]
13/07/2013 12:27 PM <JUNCTION> SendTo [C:\Users\fbwuser\AppData\Roaming\Microsoft\Windows\SendTo]
13/07/2013 12:27 PM <JUNCTION> Start Menu [C:\Users\fbwuser\AppData\Roaming\Microsoft\Windows\Start Menu]
13/07/2013 12:27 PM <JUNCTION> Templates [C:\Users\fbwuser\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\fbwuser\AppData\Local
13/07/2013 12:27 PM <JUNCTION> Application Data [C:\Users\fbwuser\AppData\Local]
13/07/2013 12:27 PM <JUNCTION> History [C:\Users\fbwuser\AppData\Local\Microsoft\Windows\History]
13/07/2013 12:27 PM <JUNCTION> Temporary Internet Files [C:\Users\fbwuser\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\fbwuser\Documents
13/07/2013 12:27 PM <JUNCTION> My Music [C:\Users\fbwuser\Music]
13/07/2013 12:27 PM <JUNCTION> My Pictures [C:\Users\fbwuser\Pictures]
13/07/2013 12:27 PM <JUNCTION> My Videos [C:\Users\fbwuser\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Locky
16/10/2012 05:37 PM <JUNCTION> Application Data [C:\Users\Locky\AppData\Roaming]
16/10/2012 05:37 PM <JUNCTION> Cookies [C:\Users\Locky\AppData\Roaming\Microsoft\Windows\Cookies]
16/10/2012 05:37 PM <JUNCTION> Local Settings [C:\Users\Locky\AppData\Local]
16/10/2012 05:37 PM <JUNCTION> My Documents [C:\Users\Locky\Documents]
16/10/2012 05:37 PM <JUNCTION> NetHood [C:\Users\Locky\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
16/10/2012 05:37 PM <JUNCTION> PrintHood [C:\Users\Locky\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
16/10/2012 05:37 PM <JUNCTION> Recent [C:\Users\Locky\AppData\Roaming\Microsoft\Windows\Recent]
16/10/2012 05:37 PM <JUNCTION> SendTo [C:\Users\Locky\AppData\Roaming\Microsoft\Windows\SendTo]
16/10/2012 05:37 PM <JUNCTION> Start Menu [C:\Users\Locky\AppData\Roaming\Microsoft\Windows\Start Menu]
16/10/2012 05:37 PM <JUNCTION> Templates [C:\Users\Locky\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Locky\AppData\Local
16/10/2012 05:37 PM <JUNCTION> Application Data [C:\Users\Locky\AppData\Local]
16/10/2012 05:37 PM <JUNCTION> History [C:\Users\Locky\AppData\Local\Microsoft\Windows\History]
16/10/2012 05:37 PM <JUNCTION> Temporary Internet Files [C:\Users\Locky\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Locky\Documents
16/10/2012 05:37 PM <JUNCTION> My Music [C:\Users\Locky\Music]
16/10/2012 05:37 PM <JUNCTION> My Pictures [C:\Users\Locky\Pictures]
16/10/2012 05:37 PM <JUNCTION> My Videos [C:\Users\Locky\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
14/07/2009 03:08 PM <JUNCTION> My Music [C:\Users\Public\Music]
14/07/2009 03:08 PM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
14/07/2009 03:08 PM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Users\UpdatusUser
16/10/2012 08:39 PM <JUNCTION> PrintHood [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
16/10/2012 08:39 PM <JUNCTION> Recent [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Recent]
16/10/2012 08:39 PM <JUNCTION> SendTo [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\SendTo]
16/10/2012 08:39 PM <JUNCTION> Start Menu [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu]
16/10/2012 08:39 PM <JUNCTION> Templates [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
71 Dir(s) 419,141,378,048 bytes free
< %systemroot%\System32\config\*.sav >
< %PROGRAMFILES%\bak. /s >
< %systemroot%\system32\bak. /s >
< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
< %systemroot%\system32\config\systemprofile\*.dat /x >
< %systemroot%\*.config >
< %systemroot%\system32\*.db >
< %PROGRAMFILES%\Internet Explorer\*.dat >
< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2012/10/16 21:06:49 | 000,000,221 | -HS- | M] () -- C:\Users\Locky\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
< %USERPROFILE%\Desktop\*.exe >
[2014/03/02 06:32:22 | 019,430,926 | ---- | M] () -- C:\Users\Locky\Desktop\evasi0n7.exe
< %PROGRAMFILES%\Common Files\*.* >
< %systemroot%\*.src >
< %systemroot%\install\*.* >
< %systemroot%\system32\DLL\*.* >
< %systemroot%\system32\HelpFiles\*.* >
< %systemroot%\system32\rundll\*.* >
< %systemroot%\winn32\*.* >
< %systemroot%\Java\*.* >
< %systemroot%\system32\test\*.* >
< %systemroot%\system32\Rundll32\*.* >
< %systemroot%\AppPatch\Custom\*.* >
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
< End of report >
-----------------------------------------------------------------------------------------------------
& Here is the "Extras.txt" from the same OTL scan:
-----------------------------------------------------------------------------------------------------
OTL Extras logfile created on: 19/04/2014 12:11:19 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Locky\Desktop\Anti V and MalwareSpyware\VirisMalware Removal
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy
7.95 Gb Total Physical Memory | 4.39 Gb Available Physical Memory | 55.17% Memory free
15.90 Gb Paging File | 12.17 Gb Available in Paging File | 76.55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 390.44 Gb Free Space | 41.92% Space Free | Partition Type: NTFS
Drive D: | 6.97 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 1.58 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: LOCKY-PC | User Name: Locky | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00416413-575B-4A04-93B1-21F98B9D41CC}" = lport=445 | protocol=6 | dir=in | app=system |
"{0205FF9D-9C01-4DEA-9D3D-FEEBD091F6A1}" = lport=137 | protocol=17 | dir=in | app=system |
"{16775F09-ABB2-4B84-98D1-BF5253E74F41}" = rport=445 | protocol=6 | dir=out | app=system |
"{1C29E3FC-3F53-4151-B73B-D88337490DDF}" = lport=10243 | protocol=6 | dir=in | app=system |
"{25510377-CCD1-495F-ABF7-9A3DAF232EC0}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{284DA7BC-0B7D-4F58-9734-8AADB97E5943}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{31A0B6A3-A81D-4BD5-A34C-2D7FE8174F91}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3EBDA00B-AA03-47D8-88CE-985D38841155}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3F9F78ED-11E2-42E5-A70C-3CB3F0757F5A}" = rport=10243 | protocol=6 | dir=out | app=system |
"{47540044-2C34-461B-A77A-4F057972E28A}" = lport=138 | protocol=17 | dir=in | app=system |
"{4D0F2007-4250-4EDA-A9D8-249827EEBE12}" = lport=443 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
"{4D36D48B-3304-4711-9671-9F906B11B815}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{55F319D3-80DF-4392-A739-93B88F888348}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{563BCBB4-3FE2-4E2C-BECD-F0E4867E9C41}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6664AD4F-4109-4FF6-B8F0-F2EAAD833C36}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6A11BD00-BA88-4670-9F32-A22748F1FC34}" = lport=139 | protocol=6 | dir=in | app=system |
"{6BAB047D-D4C1-4783-A747-A6D81BC209FE}" = lport=80 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
"{6BED22F9-230F-4CC0-B212-EDEA4B01403D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{6BF923D6-5735-4075-BAF3-A16896DC4B65}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6C3727A5-9126-4D57-B2EC-82EE79CF4963}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{6CFA85A0-1D86-4E10-8E60-6CC5EE8A1EE6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8622CBCE-FB91-4D13-A1A3-C7B80559E443}" = rport=138 | protocol=17 | dir=out | app=system |
"{A123F875-CDBE-4B81-BF67-622A30B3ED24}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A7A6BA36-9807-4B55-A8F9-B54E6FD1A296}" = lport=2869 | protocol=6 | dir=in | app=system |
"{AEB26A6F-1AB6-4922-BD2E-CF2E04F935D1}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B70409D3-6AF1-4E5E-A1EE-B75DCB940BA4}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{B83753FD-5DD8-4C74-8C25-27939480C00F}" = rport=139 | protocol=6 | dir=out | app=system |
"{BE4EAF76-FDDF-4B78-B28C-5AC4FDF0258D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D8CFAE21-6664-45FC-8C7C-012F9CEE9106}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E516BD04-3F8F-4DFB-AF5D-8E638BBDCB7D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{E9AF6523-C612-4586-BD9D-E01FABB83920}" = rport=137 | protocol=17 | dir=out | app=system |
"{EE33633C-D43C-496F-9492-CAF0DFA7C788}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{F0CF95E1-DC3E-4C66-BA79-64AD6FF46112}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{F9EC38B6-E0C8-481F-A9A3-3CDA0EDBF599}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{FC699D68-6478-416D-9163-FA16851541CE}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00383AC8-69BF-40B2-839D-BF76F525E8C7}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{039D8DE8-DAB1-485D-973A-E07A22F06CA5}" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield 2\bf2.exe |
"{08E9C28B-2E5D-41CE-B2AC-342CBCE8BE4D}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{0ACB49E4-089B-4241-9E7D-FD6B495B095D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0F2F4E39-1039-4F1A-9B15-831C09CC4398}" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield 2\bf2.exe |
"{1109CF1D-9EA4-4E50-8681-16C177E21F45}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1279D3EB-FC84-40B9-8A00-0E586E3DE6AD}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{164C037A-6814-477F-A4C6-2FC1C0178EE5}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{18C23583-B15E-42E9-9F62-BDB6A2FD2AD8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2B039464-D893-417B-9D23-944035A8684C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2E466C98-0AD2-47E9-BB84-5641A1281616}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2753\agent.exe |
"{2E51E75E-4E7D-4275-AECA-4F958A5ACA06}" = protocol=6 | dir=in | app=c:\users\locky\desktop\world of warcraft\wow-x.x.x.x-4.0.0.12911-downloader.exe |
"{35E542A5-FC08-497E-B14D-3683B6B870B8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{36683ED2-0BCC-4C7D-BF3D-3D7175769CE3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3A3584E4-7223-4CB1-95D5-DF2E5061A069}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{4BCC3509-D95D-47A9-AA7F-031026BEE9EA}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2753\agent.exe |
"{4C7E4C9C-792B-4894-9EA1-4C153A514686}" = protocol=6 | dir=in | app=c:\program files (x86)\battle.net\battle.net.exe |
"{4D7E9FB7-9EB7-40C7-95A0-C7C934D2C6B7}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{4DCA03E4-CD8E-4823-B1E1-5C6943F79673}" = protocol=17 | dir=in | app=c:\users\locky\appdata\roaming\utorrent\utorrent.exe |
"{4E403F47-F6F8-40B0-88F0-B24D2240EDF0}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{4EAC3F63-4C25-4D49-9D3B-5F257F80783F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{551B2D11-65F9-441A-A499-A0CC2C0F8DEB}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{5892EAAB-D0A7-44D7-B481-451661CF7D21}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5903BF64-75BC-4C60-A4CD-91ECA5ECE3C1}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5BBCC786-EB79-4FF6-B9F2-9CAC10188181}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{68886F62-D4A5-4A85-986A-3CCCCF308847}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6FE07BAC-3C69-4149-B806-143A711831AA}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{702081AF-C78D-4BD5-9B05-223631459D4B}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{73FBBA72-2657-4D36-ACD8-19DC5368B267}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{776995CF-A3A3-4205-AF1D-2082B1EE773A}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
"{78C3C15E-2A0B-46ED-B77B-E25617CB57DD}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{7A3F8176-DC3A-48E5-9234-DF8A6734369A}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2737\agent.exe |
"{87780BFB-2A4E-4D4C-83E2-400CDA11C677}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2717\agent.exe |
"{878AD1B2-DD34-4F7B-98BA-5640D897D8A6}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{8793A6C0-D462-4EF2-9A04-DE14F38B2EFF}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2717\agent.exe |
"{8F495A55-7517-4C40-AD60-F48ED1D161AB}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{940E4215-8F1F-4F89-B004-8DFB17CB86B8}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{9530D582-D039-4102-9C48-8735E5AFAF8E}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe |
"{95E5AA83-6D8A-424C-81D2-63D7546CDC7C}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{9A506EF6-D08D-4A84-8511-05BC1F18979A}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{A27BCD74-62A8-4ED7-A69D-689F6A6B9F11}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{A8B3A8CA-8FA4-4680-8E05-60C6776401EE}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{AB50B738-E6F9-46DC-A19A-990FF77D1611}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B09F1D8C-CC7F-482D-A0F0-CFE1BC737AC9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B24BD279-B8C0-4840-BA0A-922977D36E61}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{C072C30A-4AA6-4C77-BCDF-1A6071117A7A}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{C73CA31A-19A0-4DBA-B16E-729109F0B665}" = protocol=6 | dir=out | app=system |
"{C9CB3696-1DC0-4BEB-A9B6-227ED5862A4E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{CAB3247F-E814-4840-9369-9A37F30496CD}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{D23BF926-6951-4499-B416-26AD9B0BE6D7}" = protocol=17 | dir=in | app=c:\users\locky\desktop\world of warcraft\wow-x.x.x.x-4.0.0.12911-downloader.exe |
"{D264F302-F50B-4D3A-960A-DB2ED609CB8E}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{D39B6105-783C-4BDC-9DB8-FED911765ACD}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
"{D7B26D28-248D-4A93-BC4E-C89C158C5970}" = protocol=6 | dir=in | app=c:\users\locky\appdata\roaming\utorrent\utorrent.exe |
"{DAF72993-2F78-4AF1-A845-B89859EECBF0}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{E187A93A-03C5-44E9-862F-5C57244A3E8B}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{E63394FB-7E18-4568-BFBC-A27FF0ED9D4C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E7CDC860-39A2-4406-96E8-777BFBCD7129}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E8B0DF51-E178-4125-ABB0-C3ACBE638659}" = protocol=17 | dir=in | app=c:\program files (x86)\battle.net\battle.net.exe |
"{E912572D-5E57-4826-A250-33E74959BB9E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EADE3C9D-04AF-480D-ACD8-80838A528E65}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{EF8C1C92-5D70-449D-BC35-7F37A1723DC6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F517C3C5-C157-4747-AD5E-5FF54999F2FD}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe |
"{F8F95A69-D865-4613-B7A5-99D281A3B992}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{FA29214E-E487-400D-AFDA-8F1ADFD5A2DA}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{FA619484-7959-489C-B262-14E507D96E54}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2737\agent.exe |
"{FBD2E479-36B6-4130-BF24-F66B1EEEA835}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"TCP Query User{1C049751-2E24-4EAF-8717-7915BA56E8B6}C:\program files (x86)\bitcoin\bitcoin-qt.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bitcoin\bitcoin-qt.exe |
"TCP Query User{505FB91B-8005-4000-9A77-32D551F600CE}C:\westwood\sun\game.exe" = protocol=6 | dir=in | app=c:\westwood\sun\game.exe |
"TCP Query User{5118AF79-E8D3-4652-AAB8-6D334421F011}C:\program files (x86)\ea games\battlefield 2\bf2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield 2\bf2.exe |
"TCP Query User{8044B874-E6D6-4284-AD19-75CAD37BB4C3}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{8119065E-E990-4E34-9E98-6DF791750F63}C:\westwood\sun\game.icd" = protocol=6 | dir=in | app=c:\westwood\sun\game.icd |
"TCP Query User{93D5E372-9CA4-425A-9472-D055F6CB03D2}C:\users\locky\downloads\utorrent.exe" = protocol=6 | dir=in | app=c:\users\locky\downloads\utorrent.exe |
"TCP Query User{AF7DAA94-6AB7-409D-8BC4-0A80827E0508}C:\program files (x86)\diablo iii\diablo iii.exe" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"TCP Query User{C48AB53B-7866-4DF0-BE42-49C38888C6EE}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe |
"UDP Query User{15EA4B2D-75F4-459F-9FC8-43F0BDD8313E}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe |
"UDP Query User{42D2ECE6-2D59-4948-B647-9F32A8E06DA7}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{5690E83F-014D-4FF1-B98F-4A6FD32304E6}C:\program files (x86)\ea games\battlefield 2\bf2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield 2\bf2.exe |
"UDP Query User{5D1D94CA-5532-4A25-81B3-15DD873D8E5C}C:\users\locky\downloads\utorrent.exe" = protocol=17 | dir=in | app=c:\users\locky\downloads\utorrent.exe |
"UDP Query User{638ADA19-8762-402A-8262-C83DBDCD49DE}C:\westwood\sun\game.icd" = protocol=17 | dir=in | app=c:\westwood\sun\game.icd |
"UDP Query User{9CDACDED-3D9F-4978-A720-7E534CBF81BB}C:\program files (x86)\bitcoin\bitcoin-qt.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bitcoin\bitcoin-qt.exe |
"UDP Query User{E26CE3F0-6EEC-4112-8B3D-20CCE85DB102}C:\program files (x86)\diablo iii\diablo iii.exe" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"UDP Query User{EE78A297-AF75-4E29-8C60-7345265C4E80}C:\westwood\sun\game.exe" = protocol=17 | dir=in | app=c:\westwood\sun\game.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
"{357A82F9-B5FF-46C8-ABA2-104695E0F1D1}" = Intel® Network Connections 16.6.126.0
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{787136D2-F0F8-4625-AA3F-72D7795AC842}" = Apple Mobile Device Support
"{81E20D41-C277-4526-934D-F2380AF91B78}" = iCloud
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 335.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 335.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 335.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 1.8.2.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 335.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.13.1220
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 11.10.13
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.LEDVisualizer" = NVIDIA LED Visualizer 1.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamC" = GeForce Experience NvStream Client Components
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = SHIELD Streaming
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.30.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Network.Service" = NVIDIA Network Service
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay" = NVIDIA ShadowPlay 11.10.13
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core" = NVIDIA Update Core
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 1.2.20
"{B8BA155B-1E75-405F-9CB4-8A99615D09DC}" = iTunes
"{EF13DB20-03BE-4EDD-9C48-05ED03E3E852}" = AVG 2013
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FA53ADCA-2638-4D3C-9021-D57219A9D792}" = AVG 2013
"AVG" = AVG 2013
"CCleaner" = CCleaner
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.68
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"PROSetDX" = Intel® Network Connections 16.6.126.0
"Recuva" = Recuva
"WinRAR archiver" = WinRAR 4.20 (64-bit)
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Bitcoin" = Bitcoin
"SwiftKit" = SwiftKit
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 18/04/2014 5:41:07 AM | Computer Name = Locky-PC | Source = WinMgmt | ID = 10
Description =
Error - 18/04/2014 5:47:03 AM | Computer Name = Locky-PC | Source = Bonjour Service | ID = 100
Description = Client application bug: DNSServiceResolve(dc:86:d8:24:51:a0@fe80::de86:d8ff:fe24:51a0._apple-mobdev2._tcp.local.)
active for over two minutes. This places considerable burden on the network.
Error - 18/04/2014 10:26:12 AM | Computer Name = Locky-PC | Source = Application Error | ID = 1000
Description = Faulting application name: update_checker.exe, version: 4.3.0.0, time
stamp: 0x525d9c67 Faulting module name: ntdll.dll, version: 6.1.7601.17514, time
stamp: 0x4ce7ba58 Exception code: 0xc0000005 Fault offset: 0x0003329d Faulting process
id: 0x1cd4 Faulting application start time: 0x01cf5af3a09a903b Faulting application
path: C:\Users\Locky\AppData\Local\FilesFrog Update Checker\update_checker.exe Faulting
module path: C:\Windows\SysWOW64\ntdll.dll Report Id: 63bf82a3-c705-11e3-8731-00268339c5a6
Error - 18/04/2014 10:33:28 AM | Computer Name = Locky-PC | Source = WinMgmt | ID = 10
Description =
Error - 18/04/2014 10:42:52 AM | Computer Name = Locky-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Explorer.EXE, version: 6.1.7601.17514,
time stamp: 0x4ce7a144 Faulting module name: SHLWAPI.dll, version: 6.1.7601.17514,
time stamp: 0x4ce7c9ab Exception code: 0xc0000005 Fault offset: 0x000000000000ae81
Faulting
process id: 0x2cc Faulting application start time: 0x01cf5b12f927ff09 Faulting application
path: C:\Windows\Explorer.EXE Faulting module path: C:\Windows\system32\SHLWAPI.dll
Report
Id: b79f9bd5-c707-11e3-a8c2-94620713b62f
Error - 18/04/2014 10:52:45 AM | Computer Name = Locky-PC | Source = WinMgmt | ID = 10
Description =
Error - 18/04/2014 11:14:28 AM | Computer Name = Locky-PC | Source = Bonjour Service | ID = 100
Description = Client application bug: DNSServiceResolve(dc:86:d8:24:51:a0@fe80::de86:d8ff:fe24:51a0._apple-mobdev2._tcp.local.)
active for over two minutes. This places considerable burden on the network.
Error - 18/04/2014 12:23:50 PM | Computer Name = Locky-PC | Source = Application Error | ID = 1000
Description = Faulting application name: update_checker.exe, version: 4.3.0.0, time
stamp: 0x525d9c67 Faulting module name: ntdll.dll, version: 6.1.7601.17514, time
stamp: 0x4ce7ba58 Exception code: 0xc0000005 Fault offset: 0x0003329d Faulting process
id: 0x18ec Faulting application start time: 0x01cf5b15eed57635 Faulting application
path: C:\Users\Locky\AppData\Local\FilesFrog Update Checker\update_checker.exe Faulting
module path: C:\Windows\SysWOW64\ntdll.dll Report Id: d2afa345-c715-11e3-894d-00268339c5a6
Error - 18/04/2014 3:05:30 PM | Computer Name = Locky-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7601.17514,
time stamp: 0x4ce79912 Faulting module name: unknown, version: 0.0.0.0, time stamp:
0x00000000 Exception code: 0xc0000005 Fault offset: 0x03084657 Faulting process id:
0x1cfc Faulting application start time: 0x01cf5b392697737f Faulting application path:
C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path: unknown
Report
Id: 6860aa91-c72c-11e3-894d-00268339c5a6
Error - 18/04/2014 3:08:21 PM | Computer Name = Locky-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7601.17514,
time stamp: 0x4ce79912 Faulting module name: unknown, version: 0.0.0.0, time stamp:
0x00000000 Exception code: 0xc0000005 Fault offset: 0x03084657 Faulting process id:
0x1cfc Faulting application start time: 0x01cf5b392697737f Faulting application path:
C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path: unknown
Report
Id: ce9297f4-c72c-11e3-894d-00268339c5a6
[ Spybot - Search and Destroy Events ]
Error - 20/05/2013 8:18:53 AM | Computer Name = Locky-PC | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
[ System Events ]
Error - 28/09/2013 7:22:30 AM | Computer Name = Locky-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 9:17:25 PM on ?9/?28/?2013 was unexpected.
Error - 28/09/2013 8:31:04 AM | Computer Name = Locky-PC | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5
Error - 28/09/2013 9:15:49 AM | Computer Name = Locky-PC | Source = Service Control Manager | ID = 7024
Description = The Windows Search service terminated with service-specific error
%%-1073473535.
Error - 28/09/2013 9:15:49 AM | Computer Name = Locky-PC | Source = Service Control Manager | ID = 7031
Description = The Windows Search service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 30000 milliseconds:
Restart the service.
Error - 29/09/2013 1:12:40 PM | Computer Name = Locky-PC | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.
Error - 29/09/2013 1:15:06 PM | Computer Name = Locky-PC | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5
Error - 11/10/2013 5:55:12 AM | Computer Name = Locky-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 5:33:57 PM on ?10/?4/?2013 was unexpected.
Error - 26/10/2013 11:26:26 AM | Computer Name = Locky-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 2:55:01 PM on ?10/?12/?2013 was unexpected.
Error - 3/11/2013 12:55:10 PM | Computer Name = Locky-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 4:30:12 PM on ?11/?1/?2013 was unexpected.
Error - 3/11/2013 12:55:19 PM | Computer Name = Locky-PC | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5
< End of report >
-------------
HJT LOG:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:21:23 PM, on 19/04/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Users\Locky\AppData\Roaming\uTorrent\uTorrent.exe
C:\Program Files (x86)\Codebox\BitMeter\BitMeter2.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorIcon.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Users\Locky\AppData\Local\LPT\srptm.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Hostless Modem\Telstra USB+Wi-Fi\CheckNDISPort_df.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\PROGRA~2\SearchProtect\SearchProtect\bin\cltmng.exe
C:\PROGRA~2\SearchProtect\UI\bin\cltmngui.exe
C:\Users\Locky\AppData\Local\Smartbar\Application\Lrcnta.exe
C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
C:\Users\Locky\Desktop\Anti V and MalwareSpyware\VirisMalware Removal\HiJackThis (1).exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: SmartbarInternetExplorerBHOEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - mscoree.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
O3 - Toolbar: Snap.Do - {ae07101b-46d4-4a98-af68-0333ea26e113} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorIcon.exe
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [CheckNDISPort_df] C:\Program Files (x86)\Hostless Modem\Telstra USB+Wi-Fi\CheckNDISPort_df.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
O4 - HKCU\..\Run: [uTorrent] "C:\Users\Locky\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe Run
O4 - HKCU\..\Run: [Browser Infrastructure Helper] C:\Users\Locky\AppData\Local\Smartbar\Application\SnapDo.exe startup
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1473036763-2020998618-169115810-1010\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'fbwuser')
O4 - HKUS\S-1-5-21-1473036763-2020998618-169115810-1010\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'fbwuser')
O4 - Global Startup: Bitmeter2.lnk = C:\Program Files (x86)\Codebox\BitMeter\BitMeter2.exe
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{63028132-73F8-41A4-8DEE-CFC364554ACD}: NameServer = 10.143.147.147 10.143.147.148
O17 - HKLM\System\CCS\Services\Tcpip\..\{AC5476FF-DF57-4E3B-BBE4-CF99AFE33995}: NameServer = 10.143.147.147 10.143.147.148
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.0.5\ViProtocol.dll
O20 - AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Search Protect by Conduit Service (CltMngSvc) - Conduit - C:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exe
O23 - Service: DTSAudioSvc - DTS, Inc - C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Hotspot Shield Service (hshld) - AnchorFree Inc. - C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: Hotspot Shield Monitoring Service (HssWd) - Unknown owner - C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe
O23 - Service: Intel® PROSet Monitoring Service - Unknown owner - C:\Windows\system32\IProsetMonitor.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LPT System Updater Service (LPTSystemUpdater) - Unknown owner - C:\Program Files (x86)\LPT\srpts.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater18.0.5 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 14599 bytes
Edited by Lochy, 18 April 2014 - 08:43 PM.