Print Page - Please help! Malware

General Category => Tech Clinic => Topic started by: darko2021 on June 06, 2013, 09:31:42 PM

Title: Please help! Malware
Post by: darko2021 on June 06, 2013, 09:31:42 PM

Got some crazy malware on my computer the other day after a friend used it. I found out it is some sort of ransomware with other things mixed in.

Here is my hijackthis

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 8:10:11 PM, on 1/18/2009

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

Running processes:

C:\\Program Files\\ASUS Security Center\\ASUS Security Protect Manager\\Bin\\AsGHost.exe

C:\\Windows\\system32\\Dwm.exe

C:\\Windows\\Explorer.EXE

C:\\Windows\\system32\\taskeng.exe

C:\\Program Files\\ASUS\\ASUS Live Update\\ALU.exe

C:\\Program Files\\ASUS\\SmartLogon\\sensorsrv.exe

C:\\Windows\\system32\\conime.exe

C:\\Program Files\\Windows Defender\\MSASCui.exe

C:\\Program Files\\ATK Hotkey\\HControlUser.exe

C:\\Program Files\\ATKOSD2\\ATKOSD2.exe

C:\\Windows\\RtHDVCpl.exe

C:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\MOM.exe

C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe

C:\\Windows\\ASScrPro.exe

C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\reader_sl.exe

C:\\Windows\\system32\\wbem\\unsecapp.exe

C:\\Program Files\\iTunes\\iTunesHelper.exe

C:\\Program Files\\AVG\\AVG8\\avgtray.exe

C:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe

C:\\Program Files\\Java\\jre6\\bin\\jusched.exe

C:\\Program Files\\WIDCOMM\\Bluetooth Software\\BTTray.exe

C:\\Program Files\\WIDCOMM\\Bluetooth Software\\BtStackServer.exe

C:\\Program Files\\Synaptics\\SynTP\\SynTPHelper.exe

C:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\CCC.exe

C:\\Windows\\system32\\SearchFilterHost.exe

C:\\Program Files\\Trend Micro\\HijackThis\\HijackThis.exe

R1 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Default_Page_URL = http://www.asus.com

R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = http://www.asus.com

R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Page_URL = http://www.asus.com

R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Search,SearchAssistant =

R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Search,CustomizeSearch =

R1 - HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings,ProxyOverride = *.local

R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\\Program Files\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroIEHelper.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\\Program Files\\BitComet\\tools\\BitCometBHO_1.2.8.7.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\\Program Files\\AVG\\AVG8\\avgssie.dll

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\\Program Files\\Microsoft Office\\Office12\\GrooveShellExtensions.dll

O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\\Program Files\\Java\\jre6\\bin\\ssv.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\\Program Files\\Google\\GoogleToolbarNotifier\\4.1.805.4472\\swg.dll

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\\Program Files\\Java\\jre6\\bin\\jp2ssv.dll

O2 - BHO: ASUS Security Protect Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\\Program Files\\ASUS Security Center\\ASUS Security Protect Manager\\Bin\\ItIEAddIn.dll

O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)

O4 - HKLM\\..\\Run: [Windows Defender] %ProgramFiles%\\Windows Defender\\MSASCui.exe -hide

O4 - HKLM\\..\\Run: [Microsoft Pinyin IME Migration] C:\\PROGRA~1\\COMMON~1\\MICROS~1\\IME12\\IMESC\\IMSCMIG.EXE /INSTALL

O4 - HKLM\\..\\Run: [HControlUser] \"C:\\Program Files\\ATK Hotkey\\HcontrolUser.exe\"

O4 - HKLM\\..\\Run: [ATKOSD2] \"C:\\Program Files\\ATKOSD2\\ATKOSD2.exe\"

O4 - HKLM\\..\\Run: [StartCCC] \"C:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\CLIStart.exe\"

O4 - HKLM\\..\\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\\..\\Run: [CognizanceTS] rundll32.exe C:\\PROGRA~1\\ASUSSE~1\\ASUSSE~1\\Bin\\ASTSVCC.dll,RegisterModule

O4 - HKLM\\..\\Run: [SynTPEnh] C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe

O4 - HKLM\\..\\Run: [ASUS Camera ScreenSaver] C:\\Windows\\ASScrProlog.exe

O4 - HKLM\\..\\Run: [ASUS Screen Saver Protector] C:\\Windows\\ASScrPro.exe

O4 - HKLM\\..\\Run: [Adobe Reader Speed Launcher] \"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\"

O4 - HKLM\\..\\Run: [QuickTime Task] \"C:\\Program Files\\QuickTime\\QTTask.exe\" -atboottime

O4 - HKLM\\..\\Run: [iTunesHelper] \"C:\\Program Files\\iTunes\\iTunesHelper.exe\"

O4 - HKLM\\..\\Run: [AVG8_TRAY] C:\\PROGRA~1\\AVG\\AVG8\\avgtray.exe

O4 - HKLM\\..\\Run: [NBKeyScan] \"C:\\Program Files\\Nero\\Nero8\\Nero BackItUp\\NBKeyScan.exe\"

O4 - HKLM\\..\\Run: [GrooveMonitor] \"C:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe\"

O4 - HKLM\\..\\Run: [SunJavaUpdateSched] \"C:\\Program Files\\Java\\jre6\\bin\\jusched.exe\"

O4 - HKLM\\..\\Run: [OODefragTray] C:\\Windows\\system32\\oodtray.exe

O4 - HKUS\\S-1-5-19\\..\\Run: [Sidebar] %ProgramFiles%\\Windows Sidebar\\Sidebar.exe /detectMem (User \'LOCAL SERVICE\')

O4 - HKUS\\S-1-5-19\\..\\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User \'LOCAL SERVICE\')

O4 - HKUS\\S-1-5-20\\..\\Run: [Sidebar] %ProgramFiles%\\Windows Sidebar\\Sidebar.exe /detectMem (User \'NETWORK SERVICE\')

O4 - HKUS\\S-1-5-18\\..\\Run: [Sidebar] C:\\Program Files\\Windows Sidebar\\sidebar.exe /autoRun (User \'SYSTEM\')

O4 - HKUS\\.DEFAULT\\..\\Run: [Sidebar] C:\\Program Files\\Windows Sidebar\\sidebar.exe /autoRun (User \'Default user\')

O4 - Global Startup: Bluetooth.lnk = ?

O9 - Extra button: ASUS Security Protect Manager e-Wallet - {1009C944-97D5-44A9-9E32-DFF54F498968} - C:\\Program Files\\ASUS Security Center\\ASUS Security Protect Manager\\Bin\\ASWallet.dll

O9 - Extra \'Tools\' menuitem: ASUS Security Protect Manager e-&Wallet - {1009C944-97D5-44A9-9E32-DFF54F498968} - C:\\Program Files\\ASUS Security Center\\ASUS Security Protect Manager\\Bin\\ASWallet.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\\PROGRA~1\\MICROS~2\\Office12\\ONBttnIE.dll

O9 - Extra \'Tools\' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\\PROGRA~1\\MICROS~2\\Office12\\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\\PROGRA~1\\MICROS~2\\Office12\\REFIEBAR.DLL

O13 - Gopher Prefix:

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\\Program Files\\Microsoft Office\\Office12\\GrooveSystemServices.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\\Program Files\\AVG\\AVG8\\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\\PROGRA~1\\COMMON~1\\Skype\\SKYPE4~1.DLL

O20 - AppInit_DLLs: APSHook.dll,avgrsstx.dll

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\\Program Files\\Lavasoft\\Ad-Aware\\aawservice.exe

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\\Windows\\system32\\agrsmsvc.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe

O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\\Program Files\\ATK Hotkey\\ASLDRSrv.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\\Windows\\system32\\Ati2evxx.exe

O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\\Program Files\\ATKGFNEX\\GFNEXSrv.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\\Program Files\\Symantec\\LiveUpdate\\AluSchedulerSvc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\\PROGRA~1\\AVG\\AVG8\\avgwdsvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\\Program Files\\Bonjour\\mDNSResponder.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\\Program Files\\WIDCOMM\\Bluetooth Software\\bin\\btwdins.exe

O23 - Service: Diskeeper - Diskeeper Corporation - C:\\Program Files\\Diskeeper Corporation\\Diskeeper\\DkService.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\\Program Files\\Common Files\\Macrovision Shared\\FLEXnet Publisher\\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\\Program Files\\Google\\Common\\Google Updater\\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - C:\\Program Files\\iPod\\bin\\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\\Program Files\\Common Files\\LightScribe\\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\\Program Files\\Symantec\\LiveUpdate\\LuComServer_3_4.EXE

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\\Program Files\\Nero\\Nero8\\Nero BackItUp\\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\\Program Files\\Common Files\\Nero\\Lib\\NMIndexingService.exe

O23 - Service: O&O Defrag - O&O Software GmbH - C:\\Windows\\system32\\oodag.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\\Windows\\system32\\IoctlSvc.exe

O23 - Service: PnkBstrA - Unknown owner - C:\\Windows\\system32\\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\\Windows\\system32\\PnkBstrB.exe

O23 - Service: spmgr - Unknown owner - C:\\Program Files\\asus\\NB Probe\\SPM\\spmgr.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\\Program Files\\Common Files\\Steam\\SteamService.exe

End of file - 10428 bytes

Title: Please help! Malware
Post by: guestolo on June 07, 2013, 02:11:14 PM

Sorry for the delay

Can you do the following please

Download [color=\"#FF0000\"]OTL.exe[/color] (http://\"http://oldtimer.geekstogo.com/OTL.exe\")[/url] by OldTimer to your Desktop.

Close all windows and right click on OTL.exe and choose to \"Run as Administrator\"
Click Run Scan and let the program run uninterrupted.
It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.

Title: Please help! Malware
Post by: darko2021 on June 07, 2013, 09:03:59 PM

Here are both log files

OTL logfile created on: 6/7/2013 9:47:31 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\\Users\\jon\\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.22 Gb Available Physical Memory | 40.80% Memory free

9.76 Gb Paging File | 8.05 Gb Available in Paging File | 82.52% Paging File free

Paging file location(s): d:\\pagefile.sys 7000 7000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\\Windows | %ProgramFiles% = C:\\Program Files

Drive C: | 116.44 Gb Total Space | 20.20 Gb Free Space | 17.35% Space Free | Partition Type: NTFS

Drive D: | 106.68 Gb Total Space | 1.10 Gb Free Space | 1.03% Space Free | Partition Type: NTFS

Drive G: | 7.39 Gb Total Space | 6.99 Gb Free Space | 94.56% Space Free | Partition Type: FAT32

Computer Name: DARKO | User Name: jon | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/06/07 21:45:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\\Users\\jon\\Desktop\\OTL.exe

PRC - [2013/05/02 22:56:07 | 000,216,968 | ---- | M] (Google Inc.) -- C:\\Program Files\\Google\\Update\\1.3.21.145\\GoogleCrashHandler.exe

PRC - [2012/12/06 13:14:42 | 000,056,416 | ---- | M] (Apple Inc.) -- C:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\SyncServer.exe

PRC - [2012/08/01 04:48:54 | 002,345,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\\Program Files\\AVG\\AVG10\\avgtray.exe

PRC - [2012/01/31 16:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\\Program Files\\AVG\\AVG10\\Identity Protection\\Agent\\Bin\\AVGIDSAgent.exe

PRC - [2011/09/09 03:10:56 | 001,082,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\\Program Files\\AVG\\AVG10\\avgnsx.exe

PRC - [2011/08/18 01:33:26 | 000,659,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\\Program Files\\AVG\\AVG10\\avgrsx.exe

PRC - [2011/05/23 14:13:04 | 000,657,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\\Program Files\\AVG\\AVG10\\avgchsvx.exe

PRC - [2011/03/28 03:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\\Program Files\\AVG\\AVG10\\avgcsrvx.exe

PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\\Program Files\\AVG\\AVG10\\Identity Protection\\Agent\\Bin\\AVGIDSMonitor.exe

PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\\Program Files\\AVG\\AVG10\\avgwdsvc.exe

PRC - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\\Program Files\\Nero\\Update\\NASvc.exe

PRC - [2009/10/30 16:08:26 | 000,486,216 | ---- | M] (TuneUp Software) -- C:\\Program Files\\TuneUp Utilities 2010\\TuneUpUtilitiesApp32.exe

PRC - [2009/10/30 16:05:48 | 001,021,256 | ---- | M] (TuneUp Software) -- C:\\Program Files\\TuneUp Utilities 2010\\TuneUpUtilitiesService32.exe

PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\\Windows\\explorer.exe

PRC - [2009/04/11 02:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\\Windows\\System32\\conime.exe

PRC - [2008/08/05 02:03:04 | 000,033,136 | ---- | M] () -- C:\\Windows\\ASScrPro.exe

PRC - [2008/06/19 15:18:12 | 000,154,168 | ---- | M] (ASUS) -- C:\\Program Files\\asus\\ASUS CopyProtect\\ASPG.exe

PRC - [2008/06/18 01:10:24 | 000,297,528 | ---- | M] (ASUS) -- C:\\Program Files\\asus\\SmartLogon\\sensorsrv.exe

PRC - [2008/06/13 18:22:14 | 000,191,032 | ---- | M] (ATK) -- C:\\Program Files\\P4G\\BatteryLife.exe

PRC - [2008/06/03 20:29:08 | 000,851,968 | ---- | M] (ATK) -- C:\\Program Files\\asus\\Splendid\\ACMON.exe

PRC - [2008/04/24 13:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\\Program Files\\Comcast\\Desktop Doctor\\bin\\sprtsvc.exe

PRC - [2008/03/18 00:27:11 | 000,013,312 | ---- | M] (Agere Systems) -- C:\\Windows\\System32\\agrsmsvc.exe

PRC - [2008/02/13 01:52:09 | 004,915,200 | ---- | M] (Realtek Semiconductor) -- C:\\Windows\\RtHDVCpl.exe

PRC - [2008/02/01 18:17:26 | 000,233,472 | ---- | M] (ATK0100) -- C:\\Program Files\\ATK Hotkey\\HControl.exe

PRC - [2008/01/23 18:34:42 | 007,766,016 | ---- | M] () -- C:\\Program Files\\ATKOSD2\\ATKOSD2.exe

PRC - [2008/01/23 13:51:28 | 000,151,552 | ---- | M] () -- C:\\Program Files\\ATK Hotkey\\WDC.exe

PRC - [2008/01/12 01:40:10 | 000,098,304 | ---- | M] () -- C:\\Program Files\\ATK Hotkey\\HControlUser.exe

PRC - [2007/12/04 13:57:06 | 002,486,272 | ---- | M] () -- C:\\Program Files\\ATK Hotkey\\ATKOSD.exe

PRC - [2007/11/30 14:20:44 | 000,051,768 | ---- | M] () -- C:\\Program Files\\asus\\ASUS Live Update\\ALU.exe

PRC - [2007/11/04 22:48:06 | 000,106,496 | ---- | M] () -- C:\\Program Files\\ATK Hotkey\\MsgTranAgt.exe

PRC - [2007/10/03 00:53:00 | 000,094,208 | ---- | M] () -- C:\\Program Files\\ATK Hotkey\\AsLdrSrv.exe

PRC - [2007/08/31 14:49:50 | 000,243,064 | ---- | M] (Symantec Corporation) -- C:\\Program Files\\Symantec\\LiveUpdate\\AluSchedulerSvc.exe

PRC - [2007/08/15 14:20:16 | 000,106,496 | ---- | M] () -- C:\\Program Files\\ATK Hotkey\\KBFiltr.exe

PRC - [2007/08/08 03:08:40 | 000,094,208 | ---- | M] () -- C:\\Program Files\\ATKGFNEX\\GFNEXSrv.exe

PRC - [2007/08/03 15:24:54 | 000,125,496 | ---- | M] () -- C:\\Program Files\\asus\\NB Probe\\SPM\\spmgr.exe

PRC - [2007/07/05 19:53:44 | 001,040,384 | ---- | M] () -- C:\\Program Files\\Wireless Console 2\\wcourier.exe

PRC - [2007/02/06 13:29:59 | 000,065,536 | R--- | M] (Cognizance Corporation) -- C:\\Program Files\\ASUS Security Center\\ASUS Security Protect Manager\\Bin\\asghost.exe

PRC - [2005/07/06 18:43:42 | 000,155,648 | ---- | M] (ASUSTeK) -- C:\\Windows\\System32\\ACEngSvr.exe

========== Modules (No Company Name) ==========

MOD - [2013/05/23 19:16:15 | 000,971,264 | ---- | M] () -- C:\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Configuration\\3da65115bf9debbf564861f6b123a2e4\\System.Configuration.ni.dll

MOD - [2013/05/23 19:14:49 | 012,433,920 | ---- | M] () -- C:\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Windows.Forms\\44fb632fb043f5b251d29b0ea750d4f4\\System.Windows.Forms.ni.dll

MOD - [2013/02/26 20:04:02 | 011,820,544 | ---- | M] () -- C:\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Web\\421cb77e6a4c21f94e3c5ddf766de23b\\System.Web.ni.dll

MOD - [2013/01/14 14:46:06 | 000,025,600 | ---- | M] () -- C:\\Windows\\assembly\\NativeImages_v2.0.50727_32\\Accessibility\\9b2eef59d0cfc5aff182d0951de5f040\\Accessibility.ni.dll

MOD - [2013/01/14 14:46:02 | 000,771,584 | ---- | M] () -- C:\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Runtime.Remo#\\b5df40c22ab563a816103629e2ca99d4\\System.Runtime.Remoting.ni.dll

MOD - [2013/01/14 14:45:30 | 005,450,752 | ---- | M] () -- C:\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Xml\\b757806657fa5db2b1ed1a89b026b463\\System.Xml.ni.dll

MOD - [2013/01/14 14:45:13 | 001,593,856 | ---- | M] () -- C:\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Drawing\\78157a494dc9a7e52be8840decfcd9cc\\System.Drawing.ni.dll

MOD - [2013/01/14 14:43:55 | 007,977,984 | ---- | M] () -- C:\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System\\cc149d08e75f8c53cd28ac926b38c370\\System.ni.dll

MOD - [2013/01/14 14:43:48 | 011,492,352 | ---- | M] () -- C:\\Windows\\assembly\\NativeImages_v2.0.50727_32\\mscorlib\\2227d1559f87943255069398608d5c56\\mscorlib.ni.dll

MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\\Program Files\\Common Files\\Apple\\Apple Application Support\\zlib1.dll

MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\\Program Files\\Common Files\\Apple\\Apple Application Support\\libxml2.dll

MOD - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\\Program Files\\AVG\\AVG10\\Identity Protection\\Agent\\Bin\\AVGIDSMonitor.exe

MOD - [2010/08/03 21:24:04 | 000,270,336 | ---- | M] () -- C:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll

MOD - [2009/10/05 17:08:58 | 000,089,600 | ---- | M] () -- C:\\Program Files\\DepositFiles\\DF Manager\\dfexex.dll

MOD - [2008/09/16 21:18:06 | 000,132,608 | ---- | M] () -- C:\\Program Files\\WinRAR\\RarExt.dll

MOD - [2008/08/05 02:03:04 | 000,033,136 | ---- | M] () -- C:\\Windows\\ASScrPro.exe

MOD - [2008/06/03 03:35:18 | 000,159,744 | ---- | M] () -- C:\\Windows\\System32\\atitmmxx.dll

MOD - [2008/01/23 18:34:42 | 007,766,016 | ---- | M] () -- C:\\Program Files\\ATKOSD2\\ATKOSD2.exe

MOD - [2008/01/12 01:40:10 | 000,098,304 | ---- | M] () -- C:\\Program Files\\ATK Hotkey\\HControlUser.exe

MOD - [2007/11/30 14:20:44 | 000,051,768 | ---- | M] () -- C:\\Program Files\\asus\\ASUS Live Update\\ALU.exe

MOD - [2007/11/12 18:41:50 | 000,106,496 | ---- | M] () -- C:\\Program Files\\ATK Hotkey\\MsgTran.dll

========== Services (SafeList) ==========

SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\\Program Files\\Skype\\Updater\\Updater.exe -- (SkypeUpdate)

SRV - [2012/01/31 16:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\\Program Files\\AVG\\AVG10\\Identity Protection\\Agent\\Bin\\AVGIDSAgent.exe -- (AVGIDSAgent)

SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\\Program Files\\AVG\\AVG10\\avgwdsvc.exe -- (avgwd)

SRV - [2010/09/19 09:55:54 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\\Program Files\\Common Files\\Steam\\SteamService.exe -- (Steam Client Service)

SRV - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\\Program Files\\Nero\\Update\\NASvc.exe -- (NAUpdate)

SRV - [2010/01/29 22:48:59 | 000,435,016 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\\Program Files\\TuneUp Utilities 2010\\TuneUpDefragService.exe -- (TuneUp.Defrag)

SRV - [2009/10/30 16:05:48 | 001,021,256 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\\Program Files\\TuneUp Utilities 2010\\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)

SRV - [2009/10/30 16:01:00 | 000,030,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\\Windows\\System32\\uxtuneup.dll -- (UxTuneUp)

SRV - [2008/11/11 13:07:16 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\\Program Files\\Common Files\\Macrovision Shared\\FLEXnet Publisher\\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2008/04/24 13:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\\Program Files\\Comcast\\Desktop Doctor\\bin\\sprtsvc.exe -- (sprtsvc_ddoctorv2)

SRV - [2008/03/18 00:27:11 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\\Windows\\System32\\agrsmsvc.exe -- (AgereModemAudio)

SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\\Program Files\\Windows Defender\\MpSvc.dll -- (WinDefend)

SRV - [2007/10/03 00:53:00 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\\Program Files\\ATK Hotkey\\AsLdrSrv.exe -- (ASLDRService)

SRV - [2007/08/31 14:49:50 | 000,243,064 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\\Program Files\\Symantec\\LiveUpdate\\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)

SRV - [2007/08/23 08:34:59 | 003,192,184 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\\Program Files\\Symantec\\LiveUpdate\\LuComServer_3_4.EXE -- (LiveUpdate)

SRV - [2007/08/08 03:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\\Program Files\\ATKGFNEX\\GFNEXSrv.exe -- (ATKGFNEXSrv)

SRV - [2007/08/03 15:24:54 | 000,125,496 | ---- | M] () [Auto | Running] -- C:\\Program Files\\asus\\NB Probe\\SPM\\spmgr.exe -- (spmgr)

SRV - [2007/02/06 13:29:59 | 000,074,240 | R--- | M] (Cognizance Corporation) [Auto | Running] -- C:\\Program Files\\ASUS Security Center\\ASUS Security Protect Manager\\Bin\\ASWLNPkg.dll -- (ASBroker)

SRV - [2006/06/21 06:13:59 | 000,131,584 | R--- | M] (Cognizance Corporation) [Auto | Running] -- C:\\Program Files\\ASUS Security Center\\ASUS Security Protect Manager\\Bin\\ASChnl.dll -- (ASChannel)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\\DRIVERS\\SymIM.sys -- (SymIMMP)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\\DRIVERS\\SymIM.sys -- (SymIM)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\\Program Files\\PeerGuardian2\\pgfilter.sys -- (pgfilter)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\\DRIVERS\\nwlnkfwd.sys -- (NwlnkFwd)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\\DRIVERS\\nwlnkflt.sys -- (NwlnkFlt)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\\Windows\\system32\\NSNDIS5.SYS -- (NSNDIS5)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\\DRIVERS\\ipinip.sys -- (IpInIp)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\\drivers\\AtiHdmi.sys -- (AtiHdmiService)

DRV - File not found [Kernel | On_Demand | Unknown] -- -- (alak362o)

DRV - [2013/02/11 21:57:27 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\\Windows\\System32\\drivers\\usb8023.sys -- (USB_RNDIS_XP)

DRV - [2012/11/12 05:47:48 | 000,255,968 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\\Windows\\System32\\drivers\\avgldx86.sys -- (Avgldx86)

DRV - [2011/07/29 13:54:56 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\\Windows\\System32\\epmntdrv.sys -- (epmntdrv)

DRV - [2011/07/29 13:54:56 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\\Windows\\System32\\EuGdiDrv.sys -- (EuGdiDrv)

DRV - [2011/05/27 19:05:18 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\\Windows\\System32\\drivers\\AVGIDSDriver.sys -- (AVGIDSDriver)

DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\\Windows\\System32\\drivers\\avgtdix.sys -- (Avgtdix)

DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\\Windows\\System32\\drivers\\avgrkx86.sys -- (Avgrkx86)

DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\\Windows\\System32\\drivers\\avgmfx86.sys -- (Avgmfx86)

DRV - [2011/02/22 08:12:38 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\\Windows\\System32\\drivers\\AVGIDSEH.sys -- (AVGIDSEH)

DRV - [2011/02/10 07:53:30 | 000,028,624 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\\Windows\\System32\\drivers\\AVGIDSShim.sys -- (AVGIDSShim)

DRV - [2011/02/10 07:53:28 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\\Windows\\System32\\drivers\\AVGIDSFilter.sys -- (AVGIDSFilter)

DRV - [2010/09/30 17:59:11 | 000,099,344 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\\Windows\\System32\\drivers\\AtihdLH3.sys -- (AtiHDAudioService)

DRV - [2009/10/14 08:24:44 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\\Program Files\\TuneUp Utilities 2010\\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)

DRV - [2009/06/11 19:34:34 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\\Windows\\System32\\drivers\\BVRPMPR5.SYS -- (BVRPMPR5)

DRV - [2009/04/11 00:43:07 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\System32\\drivers\\BTHPRINT.SYS -- (BTHprint)

DRV - [2008/11/06 16:59:33 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\\Windows\\System32\\drivers\\sptd.sys -- (sptd)

DRV - [2008/10/07 20:26:48 | 000,165,376 | ---- | M] () [Kernel | Auto | Running] -- C:\\Windows\\System32\\drivers\\atksgt.sys -- (atksgt)

DRV - [2008/10/07 20:26:42 | 000,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\\Windows\\System32\\drivers\\lirsgt.sys -- (lirsgt)

DRV - [2008/09/17 14:02:48 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\\Program Files\\Common Files\\Symantec Shared\\EENGINE\\eeCtrl.sys -- (eeCtrl)

DRV - [2008/06/03 06:22:56 | 003,695,104 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\\Windows\\System32\\drivers\\atikmdag.sys -- (atikmdag)

DRV - [2008/06/03 02:41:51 | 000,015,928 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\\Windows\\System32\\drivers\\kbfiltr.sys -- (kbfiltr)

DRV - [2008/05/29 13:21:02 | 000,015,416 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [File_System | Boot | Running] -- C:\\Windows\\System32\\drivers\\lullaby.sys -- (lullaby)

DRV - [2008/05/06 16:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\\Windows\\System32\\drivers\\wdcsam.sys -- (WDC_SAM)

DRV - [2008/05/02 01:59:39 | 000,122,368 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\\Windows\\System32\\drivers\\Rtlh86.sys -- (RTL8169)

DRV - [2008/04/05 21:56:08 | 000,908,800 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\\Windows\\System32\\drivers\\athr.sys -- (athr)

DRV - [2008/03/21 00:12:59 | 001,203,776 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\\Windows\\System32\\drivers\\AGRSM.sys -- (AgereSoftModem)

DRV - [2008/02/15 20:42:42 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\\Windows\\System32\\drivers\\rimmptsk.sys -- (rimmptsk)

DRV - [2008/02/05 03:52:23 | 000,206,464 | ---- | M] (eMPIA Technology Inc.) [Kernel | On_Demand | Running] -- C:\\Windows\\System32\\drivers\\etFilter.sys -- (FiltUSBET)

DRV - [2008/01/31 07:18:57 | 000,006,528 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Running] -- C:\\Windows\\System32\\drivers\\etScan.sys -- (ScanUSBET)

DRV - [2008/01/20 22:23:21 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\System32\\drivers\\WSDPrint.sys -- (WSDPrintDevice)

DRV - [2007/12/18 20:12:12 | 000,054,784 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\\Windows\\System32\\drivers\\itecir.sys -- (itecir)

DRV - [2007/09/06 04:43:49 | 000,474,624 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Running] -- C:\\Windows\\System32\\drivers\\etDevice.sys -- (DCamUSBET)

DRV - [2007/08/03 00:26:21 | 000,020,936 | ---- | M] () [Kernel | Auto | Running] -- C:\\Program Files\\asus\\NB Probe\\SPM\\ghaio.sys -- (ghaio)

DRV - [2007/07/30 14:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\\Windows\\System32\\drivers\\rixdptsk.sys -- (rismxdp)

DRV - [2007/07/30 13:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\\Windows\\System32\\drivers\\rimsptsk.sys -- (rimsptsk)

DRV - [2007/07/24 14:09:04 | 000,013,880 | ---- | M] () [Kernel | Auto | Running] -- C:\\Program Files\\ATKGFNEX\\ASMMAP.sys -- (ASMMAP)

DRV - [2007/06/17 00:29:08 | 000,146,824 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\\Windows\\System32\\drivers\\atswpdrv.sys -- (ATSWPDRV)

DRV - [2006/12/14 03:11:57 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\\Windows\\System32\\drivers\\ATKACPI.sys -- (MTsensor)

DRV - [2006/11/02 03:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\\Windows\\System32\\drivers\\smserial.sys -- (smserial)

DRV - [2006/09/24 09:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\\Windows\\System32\\speedfan.sys -- (speedfan)

DRV - [2001/07/13 13:56:14 | 000,014,976 | ---- | M] () [Kernel | Auto | Running] -- C:\\Windows\\System32\\drivers\\SBKUPNT.SYS -- (SBKUPNT)

DRV - [1996/04/03 15:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\\Windows\\System32\\giveio.sys -- (giveio)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Default_Page_URL = http://www.asus.com

IE - HKLM\\..\\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\\..\\SearchScopes\\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: \"URL\" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\\..\\SearchScopes\\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: \"URL\" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678

IE - HKCU\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Default_Page_URL = http://www.asus.com

IE - HKCU\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Default_Search_URL = http://www.google.com/ie

IE - HKCU\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Search Bar = http://www.google.com/ie

IE - HKCU\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Search Page = http://www.google.com

IE - HKCU\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Start Page = about:blank

IE - HKCU\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Start Page Restore = http://www.asus.com

IE - HKCU\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,StartPageCache = 1

IE - HKCU\\SOFTWARE\\Microsoft\\Internet Explorer\\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\\SOFTWARE\\Microsoft\\Internet Explorer\\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\\..\\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found

IE - HKCU\\..\\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}

IE - HKCU\\..\\SearchScopes\\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: \"URL\" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKCU\\..\\SearchScopes\\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: \"URL\" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}

IE - HKCU\\..\\SearchScopes\\{8E45FEA0-1C81-ECCA-B6C9-370EF2C40746}: \"URL\" = http://www.bing.com/search?q={searchTerms}&pc=Z001&form=ZGAIDF

IE - HKCU\\..\\SearchScopes\\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB9}: \"URL\" = http://www.daemon-search.com/search/web?q={searchTerms}

IE - HKCU\\..\\SearchScopes\\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: \"URL\" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678

IE - HKCU\\..\\SearchScopes\\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: \"URL\" = http://search.yahoo.com/search?p={searchTerms}&fr=chr-iobit

IE - HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings: \"ProxyEnable\" = 0

IE - HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings: \"ProxyOverride\" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: \"Search the web (Babylon)\"

FF - prefs.js..browser.search.order.1: \"Search the web (Babylon)\"

FF - prefs.js..browser.search.selectedEngine: \"\"

FF - prefs.js..browser.startup.homepage: \"http://google.com\"

FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.9

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.5.0.12

FF - prefs.js..keyword.URL: \"http://www.bing.com/search?pc=Z001&form=ZGAADF&q=\"

FF - HKLM\\Software\\MozillaPlugins\\@adobe.com/FlashPlayer: C:\\Windows\\system32\\Macromed\\Flash\\NPSWF32.dll ()

FF - HKLM\\Software\\MozillaPlugins\\@Apple.com/iTunes,version=: File not found

FF - HKLM\\Software\\MozillaPlugins\\@Apple.com/iTunes,version=1.0: C:\\Program Files\\iTunes\\Mozilla Plugins\\npitunes.dll ()

FF - HKLM\\Software\\MozillaPlugins\\@fileplanet.com/fpdlm: C:\\Program Files\\Download Manager\\npfpdlm.dll (IGN Entertainment)

FF - HKLM\\Software\\MozillaPlugins\\@Google.com/GoogleEarthPlugin: C:\\Program Files\\Google\\Google Earth\\plugin\\npgeplugin.dll (Google)

FF - HKLM\\Software\\MozillaPlugins\\@google.com/npPicasa3,version=3.0.0: C:\\Program Files\\Google\\Picasa3\\npPicasa3.dll (Google, Inc.)

FF - HKLM\\Software\\MozillaPlugins\\@Microsoft.com/NpCtrl,version=1.0: c:\\Program Files\\Microsoft Silverlight\\5.1.20125.0\\npctrl.dll ( Microsoft Corporation)

FF - HKLM\\Software\\MozillaPlugins\\@microsoft.com/Photosynth,version=2.0: C:\\Program Files\\Photosynth\\npPhotosynthMozilla.dll ()

FF - HKLM\\Software\\MozillaPlugins\\@microsoft.com/WPF,version=3.5: c:\\Windows\\Microsoft.NET\\Framework\\v3.5\\Windows Presentation Foundation\\NPWPF.dll (Microsoft Corporation)

FF - HKLM\\Software\\MozillaPlugins\\@pack.google.com/Google Updater;version=14: C:\\Program Files\\Google\\Google Updater\\2.4.2432.1652\\npCIDetect14.dll (Google)

FF - HKLM\\Software\\MozillaPlugins\\@tools.google.com/Google Update;version=3: C:\\Program Files\\Google\\Update\\1.3.21.145\\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\\Software\\MozillaPlugins\\@tools.google.com/Google Update;version=9: C:\\Program Files\\Google\\Update\\1.3.21.145\\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\\Software\\MozillaPlugins\\@facebook.com/FBPlugin,version=1.0.3: C:\\Users\\jon\\AppData\\Roaming\\Facebook\\npfbplugin_1_0_3.dll ( )

FF - HKCU\\Software\\MozillaPlugins\\@tools.google.com/Google Update;version=3: C:\\Users\\jon\\AppData\\Local\\Google\\Update\\1.3.21.145\\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\\Software\\MozillaPlugins\\@tools.google.com/Google Update;version=9: C:\\Users\\jon\\AppData\\Local\\Google\\Update\\1.3.21.145\\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\\software\\mozilla\\Firefox\\Extensions\\\\[email protected]: C:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\MozillaAddOn3 [2010/03/08 21:15:10 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\\software\\mozilla\\Firefox\\Extensions\\\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\\Program Files\\AVG\\AVG10\\Firefox\\ [2012/02/02 15:05:43 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\\software\\mozilla\\Firefox\\Extensions\\\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\\Program Files\\AVG\\AVG10\\Firefox4\\ [2013/04/13 09:04:51 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\\software\\mozilla\\Firefox\\Extensions\\\\[email protected]: C:\\Users\\jon\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\hj43tfiy.default\\extensions\\[email protected]

FF - HKEY_LOCAL_MACHINE\\software\\mozilla\\Mozilla Firefox 3.5.9\\extensions\\\\Components: C:\\Program Files\\Mozilla Firefox\\components [2013/02/16 11:34:22 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\\software\\mozilla\\Mozilla Firefox 3.5.9\\extensions\\\\Plugins: C:\\Program Files\\Mozilla Firefox\\plugins [2013/02/16 11:34:22 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\\software\\mozilla\\Firefox\\Extensions\\\\[email protected]: C:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\MozillaAddOn3 [2010/03/08 21:15:10 | 000,000,000 | ---D | M]

[2011/01/02 11:46:51 | 000,000,000 | ---D | M] (No name found) -- C:\\Users\\jon\\AppData\\Roaming\\Mozilla\\Extensions

[2011/01/02 11:46:51 | 000,000,000 | ---D | M] (No name found) -- C:\\Users\\jon\\AppData\\Roaming\\Mozilla\\Extensions\\[email protected]

[2013/05/23 14:11:20 | 000,000,000 | ---D | M] (No name found) -- C:\\Users\\jon\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\hj43tfiy.default\\extensions

[2009/09/11 12:14:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\\Users\\jon\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\hj43tfiy.default\\extensions\\{20a82645-c095-46ed-80e3-08825760534b}

[2012/08/08 17:30:59 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\\Users\\jon\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\hj43tfiy.default\\extensions\\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2011/07/19 11:15:01 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\\Users\\jon\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\hj43tfiy.default\\extensions\\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}

[2013/01/05 15:38:47 | 000,000,000 | ---D | M] (\"Coupon Companion Plugin\") -- C:\\Users\\jon\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\hj43tfiy.default\\extensions\\[email protected]

[2011/07/19 11:15:01 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\\Users\\jon\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\hj43tfiy.default\\extensions\\[email protected]

[2010/09/30 20:20:47 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\\Users\\jon\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\hj43tfiy.default\\extensions\\[email protected]

[2013/01/05 15:38:47 | 000,000,000 | ---D | M] (No name found) -- C:\\Users\\jon\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\hj43tfiy.default\\extensions\\[email protected]\\chrome\\content\\extensionCode

[2010/09/30 20:20:47 | 000,001,919 | ---- | M] () -- C:\\Users\\jon\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\hj43tfiy.default\\searchplugins\\bing-zugo.xml

[2008/11/06 17:03:17 | 000,000,523 | ---- | M] () -- C:\\Users\\jon\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\hj43tfiy.default\\searchplugins\\daemon-search.xml

[2011/07/21 16:16:52 | 000,000,000 | ---D | M] (No name found) -- C:\\Program Files\\Mozilla Firefox\\extensions

[2010/08/18 08:20:26 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\\Program Files\\Mozilla Firefox\\extensions\\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

[2010/05/27 18:18:34 | 000,000,000 | ---D | M] (Java Console) -- C:\\Program Files\\Mozilla Firefox\\extensions\\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2008/10/09 08:41:59 | 000,024,683 | ---- | M] (Ask.com) -- C:\\Program Files\\mozilla firefox\\plugins\\NPAskSBr.dll

[2010/05/27 18:18:26 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\\Program Files\\mozilla firefox\\plugins\\npdeployJava1.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}

CHR - homepage: http://www.google.com/

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\\Users\\jon\\AppData\\Local\\Google\\Chrome\\Application\\27.0.1453.94\\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\\Users\\jon\\AppData\\Local\\Google\\Chrome\\Application\\27.0.1453.94\\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\\Users\\jon\\AppData\\Local\\Google\\Chrome\\Application\\27.0.1453.94\\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\\Windows\\system32\\Macromed\\Flash\\NPSWF32.dll

CHR - plugin: AVG Internet Security (Enabled) = C:\\Users\\jon\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\jmfkcklnlgedgbglfkkgedjfmejoahla\\10.0.0.1409_0\\plugins/avgnpss.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Browser\\nppdf32.dll

CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\\Program Files\\Java\\jre6\\bin\\new_plugin\\npdeployJava1.dll

CHR - plugin: Java(TM) Platform SE 6 U20 (Enabled) = C:\\Program Files\\Java\\jre6\\bin\\new_plugin\\npjp2.dll

CHR - plugin: Ask Toolbar Plugin Stub (Enabled) = C:\\Program Files\\Mozilla Firefox\\plugins\\NPAskSBr.dll

CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\\Program Files\\Mozilla Firefox\\plugins\\NPOFF12.DLL

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\\Program Files\\Mozilla Firefox\\plugins\\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\\Program Files\\Mozilla Firefox\\plugins\\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\\Program Files\\Mozilla Firefox\\plugins\\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\\Program Files\\Mozilla Firefox\\plugins\\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\\Program Files\\Mozilla Firefox\\plugins\\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\\Program Files\\Mozilla Firefox\\plugins\\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\\Program Files\\Mozilla Firefox\\plugins\\npqtplugin7.dll

CHR - plugin: IGN Download Manager Plug-in (Enabled) = C:\\Program Files\\Download Manager\\npfpdlm.dll

CHR - plugin: Google Earth Plugin (Enabled) = C:\\Program Files\\Google\\Google Earth\\plugin\\npgeplugin.dll

CHR - plugin: Google Updater (Enabled) = C:\\Program Files\\Google\\Google Updater\\2.4.2432.1652\\npCIDetect14.dll

CHR - plugin: Picasa (Enabled) = C:\\Program Files\\Google\\Picasa3\\npPicasa3.dll

CHR - plugin: Google Update (Enabled) = C:\\Program Files\\Google\\Update\\1.3.21.111\\npGoogleUpdate3.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\\Program Files\\iTunes\\Mozilla Plugins\\npitunes.dll

CHR - plugin: Facebook Plugin (Enabled) = C:\\Users\\jon\\AppData\\Roaming\\Facebook\\npfbplugin_1_0_3.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\\Program Files\\Microsoft Silverlight\\4.1.10329.0\\npctrl.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = c:\\Windows\\Microsoft.NET\\Framework\\v3.5\\Windows Presentation Foundation\\NPWPF.dll

CHR - Extension: BIODIGITAL HUMAN = C:\\Users\\jon\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\agoenciogemlojlhccbcpcfflicgnaak\\0.9.5_0\\

CHR - Extension: Angry Birds = C:\\Users\\jon\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aknpkdffaafgjchaibgeefbgmgeghloj\\1.5.0.7_0\\

CHR - Extension: AVG Safe Search = C:\\Users\\jon\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\jmfkcklnlgedgbglfkkgedjfmejoahla\\10.0.0.1409_0\\

CHR - Extension: Plants vs Zombies = C:\\Users\\jon\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\mmcegpfdgcoclcdfkjahiimlikdpnina\\1.0.5_0\\

CHR - Extension: Google Play Books = C:\\Users\\jon\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\mmimngoggfoobjdlefbcabngfnmieonb\\1.1.8_0\\

O1 HOSTS File: ([2010/10/11 10:37:10 | 000,000,875 | R--- | M]) - C:\\Windows\\System32\\drivers\\etc\\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\\Program Files\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Coupon Companion Plugin) - {11111111-1111-1111-1111-110211181104} - C:\\Program Files\\Coupon Companion Plugin\\Coupon Companion Plugin.dll (215 Apps)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\\Program Files\\AVG\\AVG10\\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\\Program Files\\Search Toolbar\\SearchToolbar.dll ()

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\\Program Files\\Google\\GoogleToolbarNotifier\\5.2.4204.1700\\swg.dll (Google Inc.)

O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\\Program Files\\Megaupload\\Mega Manager\\MegaIEMn.dll (Megaupload Limited)

O2 - BHO: (ASUS Security Protect Manager) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\\Program Files\\ASUS Security Center\\ASUS Security Protect Manager\\Bin\\ItIEAddIn.dll (Bioscrypt Inc.)

O3 - HKLM\\..\\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.

O3 - HKLM\\..\\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\\Program Files\\Search Toolbar\\SearchToolbar.dll ()

O3 - HKLM\\..\\Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No CLSID value found.

O3 - HKCU\\..\\Toolbar\\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.

O3 - HKCU\\..\\Toolbar\\WebBrowser: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\\Program Files\\Search Toolbar\\SearchToolbar.dll ()

O4 - HKLM..\\Run: [] File not found

O4 - HKLM..\\Run: [APSDaemon] C:\\Program Files\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\\Run: [ASUS Screen Saver Protector] C:\\Windows\\ASScrPro.exe ()

O4 - HKLM..\\Run: [ATKOSD2] C:\\Program Files\\ATKOSD2\\ATKOSD2.exe ()

O4 - HKLM..\\Run: [AVG_TRAY] C:\\Program Files\\AVG\\AVG10\\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\\Run: [CognizanceTS] C:\\Program Files\\ASUS Security Center\\ASUS Security Protect Manager\\Bin\\ASTSVCC.dll (Cognizance Corporation)

O4 - HKLM..\\Run: [HControlUser] C:\\Program Files\\ATK Hotkey\\HcontrolUser.exe ()

O4 - HKLM..\\Run: [RtHDVCpl] C:\\Windows\\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\\Run: [StartCCC] C:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKCU..\\Run: [ApplePhotoStreams] C:\\Program Files\\Common Files\\Apple\\Internet Services\\ApplePhotoStreams.exe (Apple Inc.)

O4 - HKCU..\\Run: [MobileDocuments] C:\\Program Files\\Common Files\\Apple\\Internet Services\\ubd.exe File not found

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\\Windows\\System32\\GPhotos.scr (Google Inc.)

O10 - NameSpace_Catalog5\\Catalog_Entries\\000000000008 [] - C:\\Program Files\\Bonjour\\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O17 - HKLM\\System\\CCS\\Services\\Tcpip\\Parameters: DhcpNameServer = 184.63.0.68 184.63.0.69

O17 - HKLM\\System\\CCS\\Services\\Tcpip\\Parameters\\Interfaces\\{E2ADB75B-0B68-4CB7-828E-712F16D03929}: DhcpNameServer = 184.63.0.68 184.63.0.69

O18 - Protocol\\Handler\\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\\Program Files\\AVG\\AVG10\\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\\Handler\\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\\Program Files\\Common Files\\Skype\\Skype4COM.dll (Skype Technologies)

O20 - AppInit_DLLs: (APSHook.dll) - C:\\Windows\\System32\\APSHook.dll (Cognizance Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\\Windows\\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\\Windows\\system32\\userinit.exe) - C:\\Windows\\System32\\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\\Users\\jon\\Desktop\\MISC\\bear.jpg

O24 - Desktop BackupWallPaper: C:\\Users\\jon\\Desktop\\MISC\\bear.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\\{6ee29fcd-fdee-11dd-96c7-0015aff7be25}\\Shell\\AutoRun\\command - \"\" = winampxml/winxml.exe

O33 - MountPoints2\\{6ee29fcd-fdee-11dd-96c7-0015aff7be25}\\Shell\\explore\\command - \"\" = winampxml/winxml.exe

O33 - MountPoints2\\{6ee29fcd-fdee-11dd-96c7-0015aff7be25}\\Shell\\open\\command - \"\" = winampxml/winxml.exe

O33 - MountPoints2\\{945815f3-97b1-11e0-9ce9-0015aff7be25}\\Shell - \"\" = AutoRun

O33 - MountPoints2\\{945815f3-97b1-11e0-9ce9-0015aff7be25}\\Shell\\AutoRun\\command - \"\" = \"I:\\WD SmartWare.exe\" autoplay=true

O33 - MountPoints2\\{f7f41516-ac45-11dd-8684-0015aff7be25}\\Shell - \"\" = AutoRun

O33 - MountPoints2\\{f7f41516-ac45-11dd-8684-0015aff7be25}\\Shell\\AutoRun\\command - \"\" = F:\\FarCryAutoCD.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (C:\\PROGRA~1\\AVG\\AVG10\\avgchsvx.exe /sync)

O34 - HKLM BootExecute: (C:\\PROGRA~1\\AVG\\AVG10\\avgrsx.exe /sync /restart)

O35 - HKLM\\..comfile [open] -- \"%1\" %*

O35 - HKLM\\..exefile [open] -- \"%1\" %*

O37 - HKLM\\...com [@ = comfile] -- \"%1\" %*

O37 - HKLM\\...exe [@ = exefile] -- \"%1\" %*

O38 - SubSystems\\\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/06/07 21:45:42 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\\Users\\jon\\Desktop\\OTL.exe

[2013/05/28 14:26:57 | 000,000,000 | ---D | C] -- C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\iTunes

[2013/05/28 14:26:08 | 000,000,000 | ---D | C] -- C:\\Program Files\\iPod

[2013/05/28 14:26:05 | 000,000,000 | ---D | C] -- C:\\Program Files\\iTunes

[2013/05/28 14:26:05 | 000,000,000 | ---D | C] -- C:\\ProgramData\\188F1432-103A-4ffb-80F1-36B633C5C9E1

[2013/05/23 18:41:51 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\System32\\mshtml.tlb

[2013/05/23 18:34:31 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\System32\\msfeeds.dll

[2013/05/23 18:34:31 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\System32\\ieui.dll

[2013/05/23 18:34:31 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\System32\\ieUnatt.exe

[2013/05/23 18:34:31 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\System32\\jsproxy.dll

[2013/05/23 18:34:30 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\System32\\jscript9.dll

[2013/05/23 18:34:30 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\System32\\url.dll

[2013/05/23 18:34:29 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\System32\\inetcpl.cpl

[2013/05/22 16:13:18 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\System32\\cdd.dll

[2013/05/22 16:13:15 | 002,049,024 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\System32\\win32k.sys

[2008/10/06 17:31:52 | 000,047,360 | ---- | C] (VSO Software) -- C:\\Users\\jon\\AppData\\Roaming\\pcouffin.sys

[2 C:\\Windows\\*.tmp files -> C:\\Windows\\*.tmp -> ]

[1 C:\\Windows\\System32\\*.tmp files -> C:\\Windows\\System32\\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/06/07 21:45:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\\Users\\jon\\Desktop\\OTL.exe

[2013/06/07 21:15:17 | 000,000,900 | ---- | M] () -- C:\\Windows\\tasks\\GoogleUpdateTaskUserS-1-5-21-786761826-326466964-904364766-1000UA.job

[2013/06/07 21:01:33 | 000,000,880 | ---- | M] () -- C:\\Windows\\tasks\\GoogleUpdateTaskMachineUA.job

[2013/06/07 20:22:35 | 000,003,616 | -H-- | M] () -- C:\\Windows\\System32\\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2013/06/07 20:22:35 | 000,003,616 | -H-- | M] () -- C:\\Windows\\System32\\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2013/06/07 19:15:00 | 000,000,848 | ---- | M] () -- C:\\Windows\\tasks\\GoogleUpdateTaskUserS-1-5-21-786761826-326466964-904364766-1000Core.job

[2013/06/07 13:35:00 | 000,000,868 | ---- | M] () -- C:\\Windows\\tasks\\Google Software Updater.job

[2013/06/06 23:01:00 | 000,000,876 | ---- | M] () -- C:\\Windows\\tasks\\GoogleUpdateTaskMachineCore.job

[2013/06/06 17:45:12 | 000,646,060 | ---- | M] () -- C:\\Windows\\System32\\perfh009.dat

[2013/06/06 17:45:12 | 000,121,158 | ---- | M] () -- C:\\Windows\\System32\\perfc009.dat

[2013/06/04 12:24:04 | 000,045,056 | ---- | M] () -- C:\\Windows\\System32\\acovcnt.exe

[2013/06/04 12:24:01 | 000,000,308 | ---- | M] () -- C:\\Windows\\tasks\\GlaryInitialize.job

[2013/06/04 12:22:52 | 000,067,584 | --S- | M] () -- C:\\Windows\\bootstat.dat

[2013/06/01 21:54:06 | 000,007,728 | ---- | M] () -- C:\\Users\\jon\\AppData\\Local\\d3d9caps.dat

[2013/06/01 21:08:51 | 000,001,025 | ---- | M] () -- C:\\Windows\\wininit.ini

[2013/05/28 21:33:53 | 000,002,140 | ---- | M] () -- C:\\Windows\\bthservsdp.dat

[2013/05/28 14:26:58 | 000,001,671 | ---- | M] () -- C:\\Users\\Public\\Desktop\\iTunes.lnk

[2013/05/28 13:19:44 | 121,061,402 | ---- | M] () -- C:\\Windows\\System32\\drivers\\AVG\\incavi.avm

[2013/05/23 19:11:59 | 001,817,728 | ---- | M] () -- C:\\Windows\\System32\\FNTCACHE.DAT

[2 C:\\Windows\\*.tmp files -> C:\\Windows\\*.tmp -> ]

[1 C:\\Windows\\System32\\*.tmp files -> C:\\Windows\\System32\\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/05/28 14:26:58 | 000,001,671 | ---- | C] () -- C:\\Users\\Public\\Desktop\\iTunes.lnk

[2013/01/05 15:38:46 | 000,000,064 | ---- | C] () -- C:\\Windows\\GPlrLanc.dat

[2012/06/23 13:59:13 | 000,000,014 | ---- | C] () -- C:\\Windows\\System32\\systeminfo3.dll

[2012/06/23 13:58:52 | 000,081,920 | ---- | C] () -- C:\\Users\\jon\\AppData\\Roaming\\ezpinst.exe

[2012/03/19 17:15:35 | 002,469,760 | ---- | C] () -- C:\\Windows\\System32\\BootMan.exe

[2012/03/19 17:15:35 | 000,086,408 | ---- | C] () -- C:\\Windows\\System32\\setupempdrv03.exe

[2012/03/19 17:15:35 | 000,019,840 | ---- | C] () -- C:\\Windows\\System32\\EuEpmGdi.dll

[2012/03/19 17:15:35 | 000,014,216 | ---- | C] () -- C:\\Windows\\System32\\epmntdrv.sys

[2012/03/19 17:15:35 | 000,008,456 | ---- | C] () -- C:\\Windows\\System32\\EuGdiDrv.sys

[2012/03/13 18:56:15 | 000,014,976 | ---- | C] () -- C:\\Windows\\System32\\drivers\\SBKUPNT.SYS

[2012/03/13 18:56:15 | 000,013,312 | ---- | C] () -- C:\\Windows\\System32\\DEVLOAD.EXE

[2012/03/13 18:56:14 | 000,000,543 | ---- | C] () -- C:\\Windows\\SWISV3.INI

[2012/03/13 18:56:12 | 000,000,287 | ---- | C] () -- C:\\Windows\\SKNIFE.INI

[2012/03/13 17:46:10 | 000,002,799 | ---- | C] () -- C:\\Windows\\SKLANG.INI

[2011/06/16 19:26:26 | 000,000,131 | ---- | C] () -- C:\\ProgramData\\Microsoft.SqlServer.Compact.351.32.bc

[2008/12/09 09:13:19 | 000,007,728 | ---- | C] () -- C:\\Users\\jon\\AppData\\Local\\d3d9caps.dat

[2008/11/16 20:49:17 | 000,000,087 | ---- | C] () -- C:\\Users\\jon\\AppData\\Roaming\\default.pls

[2008/10/16 16:38:42 | 000,001,024 | ---- | C] () -- C:\\Users\\jon\\.rnd

[2008/10/13 16:44:40 | 000,138,056 | ---- | C] () -- C:\\Users\\jon\\AppData\\Roaming\\PnkBstrK.sys

[2008/10/10 14:57:43 | 000,027,503 | ---- | C] () -- C:\\Users\\jon\\AppData\\Roaming\\UserTile.png

[2008/10/08 01:24:50 | 000,061,678 | ---- | C] () -- C:\\Users\\jon\\AppData\\Roaming\\PFP100JPR.{PB

[2008/10/08 01:24:50 | 000,012,358 | ---- | C] () -- C:\\Users\\jon\\AppData\\Roaming\\PFP100JCM.{PB

[2008/10/07 00:10:25 | 000,213,504 | ---- | C] () -- C:\\Users\\jon\\AppData\\Local\\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/10/06 17:31:52 | 000,087,608 | ---- | C] () -- C:\\Users\\jon\\AppData\\Roaming\\inst.exe

[2008/10/06 17:31:52 | 000,007,887 | ---- | C] () -- C:\\Users\\jon\\AppData\\Roaming\\pcouffin.cat

[2008/10/06 17:31:52 | 000,001,144 | ---- | C] () -- C:\\Users\\jon\\AppData\\Roaming\\pcouffin.inf

[2008/07/01 22:28:38 | 000,061,440 | ---- | C] () -- C:\\Program Files\\Common Files\\CPInstallAction.dll

[2008/05/22 12:35:54 | 000,051,962 | ---- | C] () -- C:\\Program Files\\Common Files\\banner.jpg

========== ZeroAccess Check ==========

[2006/11/02 08:54:22 | 000,000,227 | RHS- | M] () -- C:\\Windows\\assembly\\Desktop.ini

[HKEY_CURRENT_USER\\Software\\Classes\\clsid\\{42aedc87-2188-41fd-b9a3-0c966feabec1}\\InProcServer32]

[HKEY_CURRENT_USER\\Software\\Classes\\clsid\\{fbeb8a05-beee-4442-804e-409d6c4515e9}\\InProcServer32]

[HKEY_LOCAL_MACHINE\\Software\\Classes\\clsid\\{42aedc87-2188-41fd-b9a3-0c966feabec1}\\InProcServer32]

\"\" = %SystemRoot%\\system32\\shell32.dll -- [2012/06/08 13:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)

\"ThreadingModel\" = Apartment

[HKEY_LOCAL_MACHINE\\Software\\Classes\\clsid\\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\\InProcServer32]

\"\" = %systemroot%\\system32\\wbem\\fastprox.dll -- [2009/04/11 02:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)

\"ThreadingModel\" = Free

[HKEY_LOCAL_MACHINE\\Software\\Classes\\clsid\\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\\InProcServer32]

\"\" = %systemroot%\\system32\\wbem\\wbemess.dll -- [2009/04/11 02:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)

\"ThreadingModel\" = Both

========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\\ProgramData\\TEMP:430C6D84

@Alternate Data Stream - 109 bytes -> C:\\ProgramData\\TEMP:DFC5A2B2

< End of report >

OTL Extras logfile created on: 6/7/2013 9:47:31 PM - Run 1