Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
Win32.Downloader.gen removal help
Message
<blockquote data-quote="ha08336" data-source="post: 124388" data-attributes="member: 8778"><p>OTL logfile created on: 11/06/2013 10:06:31 - Run 4</p><p>OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jo\Desktop</p><p>64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation</p><p>Internet Explorer (Version = 9.0.8112.16421)</p><p>Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy</p><p> </p><p>5.79 Gb Total Physical Memory | 3.86 Gb Available Physical Memory | 66.71% Memory free</p><p>11.57 Gb Paging File | 9.55 Gb Available in Paging File | 82.56% Paging File free</p><p>Paging file location(s): ?:\pagefile.sys [binary data]</p><p> </p><p>%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)</p><p>Drive C: | 442.40 Gb Total Space | 342.30 Gb Free Space | 77.37% Space Free | Partition Type: NTFS</p><p> </p><p>Computer Name: JO-PC | User Name: Jo | Logged in as Administrator.</p><p>Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans</p><p>Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days</p><p> </p><p><span style="color: #E56717">========== Processes (SafeList) ==========</span></p><p> </p><p>PRC - C:\Users\Jo\Desktop\OTL.exe (OldTimer Tools)</p><p>PRC - C:\Users\Jo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)</p><p>PRC - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)</p><p>PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)</p><p>PRC - C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)</p><p>PRC - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)</p><p>PRC - C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe (Motorola Mobility LLC)</p><p>PRC - C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe (Motorola Mobility LLC)</p><p>PRC - C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe (Samsung Electronics CO., LTD.)</p><p>PRC - C:\Program Files (x86)\Unified Remote\RemoteServer.exe (Unified Intents AB)</p><p>PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()</p><p>PRC - C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe (SEC)</p><p>PRC - C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe (Nero AG)</p><p>PRC - C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe (Samsung Electronics Co., Ltd.)</p><p>PRC - C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe (Samsung Electronics Co., Ltd.)</p><p>PRC - C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe (Samsung Electronics Co., Ltd.)</p><p>PRC - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation)</p><p>PRC - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation)</p><p>PRC - C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink)</p><p>PRC - C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe ()</p><p>PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)</p><p>PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe ()</p><p>PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)</p><p>PRC - C:\Windows\SysWOW64\irstrtsv.exe (Intel Corporation)</p><p>PRC - C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe (Samsung Electronics)</p><p>PRC - C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe (Samsung Electronics Co., Ltd.)</p><p>PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)</p><p>PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)</p><p>PRC - C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe (Motorola)</p><p>PRC - C:\Program Files (x86)\PharosSystems\Core\CTskMstr.exe (Pharos Systems International)</p><p>PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)</p><p>PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)</p><p> </p><p> </p><p><span style="color: #E56717">========== Modules (No Company Name) ==========</span></p><p> </p><p>MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\3faed55b37496df511efda735b0c87c5\System.ServiceModel.ni.dll ()</p><p>MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\42aa20b2531d16f7043f380d0d7ef647\System.Runtime.Serialization.ni.dll ()</p><p>MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\e37f711a6059275ef8d4e60103436b74\System.Xml.Linq.ni.dll ()</p><p>MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Data\f56f1276c940a8320595b2973abe3f3b\System.Data.ni.dll ()</p><p>MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\4ad81d13ef6282ca68c7298e3e9128e9\System.Windows.Forms.ni.dll ()</p><p>MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\c206c0d5425bc25640b647ac986fc236\System.Core.ni.dll ()</p><p>MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\e9784f6667e92cb4d3bc01731c8a3310\System.Configuration.ni.dll ()</p><p>MOD - C:\Users\Jo\AppData\Roaming\Dropbox\bin\libcef.dll ()</p><p>MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()</p><p>MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()</p><p>MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\353fd535963fff2f9086c2f655a47ace\System.Xml.ni.dll ()</p><p>MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\293b5e60e01e652ae1bf4096bc6e9f9e\System.Drawing.ni.dll ()</p><p>MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System\73507c607e4c46f5e04122de0cc5f3fd\System.ni.dll ()</p><p>MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3ef97e67e8d2c09fd2495ed952e1afbc\mscorlib.ni.dll ()</p><p>MOD - C:\Users\Jo\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll ()</p><p>MOD - C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll ()</p><p>MOD - C:\Program Files (x86)\Samsung\Easy Settings\WinCRT.dll ()</p><p>MOD - C:\Program Files (x86)\Samsung\Easy Settings\HookDllPS2.dll ()</p><p> </p><p> </p><p><span style="color: #E56717">========== Services (SafeList) ==========</span></p><p> </p><p>SRV:<strong>64bit:</strong> - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe File not found</p><p>SRV:<strong>64bit:</strong> - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe File not found</p><p>SRV:<strong>64bit:</strong> - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe File not found</p><p>SRV:<strong>64bit:</strong> - (ExpressCache) -- C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe (Diskeeper Corporation)</p><p>SRV:<strong>64bit:</strong> - (Intel(R) -- C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation)</p><p>SRV:<strong>64bit:</strong> - (AMPPALR3) -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel Corporation)</p><p>SRV:<strong>64bit:</strong> - (BTHSSecurityMgr) -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel(R) Corporation)</p><p>SRV:<strong>64bit:</strong> - (Samsung UPD Service2) -- C:\Windows\SysNative\SUPDSvc2.exe (Samsung Electronics)</p><p>SRV:<strong>64bit:</strong> - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)</p><p>SRV:<strong>64bit:</strong> - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)</p><p>SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)</p><p>SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)</p><p>SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)</p><p>SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)</p><p>SRV - (Motorola Device Manager) -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe (Motorola Mobility LLC)</p><p>SRV - (SWUpdateService) -- C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe (Samsung Electronics CO., LTD.)</p><p>SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)</p><p>SRV - (DeviceMonitorService) -- C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe (Nero AG)</p><p>SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)</p><p>SRV - (SimpleSlideShowServer) -- C:\Program Files (x86)\Samsung\AllShare\AllShareSlideShowService.exe (Samsung Electronics Co., Ltd.)</p><p>SRV - (Bluetooth OBEX Service) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation)</p><p>SRV - (Bluetooth Media Service) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation)</p><p>SRV - (Bluetooth Device Monitor) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation)</p><p>SRV - (SamsungDeviceConfigurationWinService) -- C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe ()</p><p>SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)</p><p>SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)</p><p>SRV - (Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe ()</p><p>SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)</p><p>SRV - (irstrtsv) -- C:\Windows\SysWOW64\irstrtsv.exe (Intel Corporation)</p><p>SRV - (SamsungAllShareV2.0) -- C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe (Samsung Electronics Co., Ltd.)</p><p>SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)</p><p>SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)</p><p>SRV - (PST Service) -- C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe (Motorola)</p><p>SRV - (Pharos Systems ComTaskMaster) -- C:\Program Files (x86)\PharosSystems\Core\CTskMstr.exe (Pharos Systems International)</p><p>SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)</p><p>SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)</p><p>SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)</p><p> </p><p> </p><p><span style="color: #E56717">========== Driver Services (SafeList) ==========</span></p><p> </p><p>DRV:<strong>64bit:</strong> - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o.)</p><p>DRV:<strong>64bit:</strong> - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)</p><p>DRV:<strong>64bit:</strong> - (uvhid) -- C:\Windows\SysNative\drivers\uvhid.sys (Windows (R) Win 7 DDK provider)</p><p>DRV:<strong>64bit:</strong> - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)</p><p>DRV:<strong>64bit:</strong> - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)</p><p>DRV:<strong>64bit:</strong> - (Avgloga) -- C:\Windows\SysNative\drivers\avgloga.sys (AVG Technologies CZ, s.r.o.)</p><p>DRV:<strong>64bit:</strong> - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o.)</p><p>DRV:<strong>64bit:</strong> - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)</p><p>DRV:<strong>64bit:</strong> - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)</p><p>DRV:<strong>64bit:</strong> - (NETwNs64) -- C:\Windows\SysNative\drivers\Netwsw00.sys (Intel Corporation)</p><p>DRV:<strong>64bit:</strong> - (intaud_WaveExtensible) -- C:\Windows\SysNative\drivers\intelaud.sys (Intel Corporation)</p><p>DRV:<strong>64bit:</strong> - (iwdbus) -- C:\Windows\SysNative\drivers\iwdbus.sys (Intel Corporation)</p><p>DRV:<strong>64bit:</strong> - (XHCIPort) -- C:\Windows\SysNative\drivers\xHCIPort.sys (Windows (R) Win 7 DDK provider)</p><p>DRV:<strong>64bit:</strong> - (usb3Hub) -- C:\Windows\SysNative\drivers\usb3Hub.sys (Windows (R) Win 7 DDK provider)</p><p>DRV:<strong>64bit:</strong> - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)</p><p>DRV:<strong>64bit:</strong> - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)</p><p>DRV:<strong>64bit:</strong> - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)</p><p>DRV:<strong>64bit:</strong> - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)</p><p>DRV:<strong>64bit:</strong> - (excsd) -- C:\Windows\SysNative\drivers\excsd.sys (Diskeeper Corporation)</p><p>DRV:<strong>64bit:</strong> - (excfs) -- C:\Windows\SysNative\drivers\excfs.sys (Diskeeper Corporation)</p><p>DRV:<strong>64bit:</strong> - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)</p><p>DRV:<strong>64bit:</strong> - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronics Corp.)</p><p>DRV:<strong>64bit:</strong> - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)</p><p>DRV:<strong>64bit:</strong> - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation)</p><p>DRV:<strong>64bit:</strong> - (ibtfltcoex) -- C:\Windows\SysNative\drivers\iBtFltCoex.sys (Intel Corporation)</p><p>DRV:<strong>64bit:</strong> - (irstrtdv) -- C:\Windows\SysNative\drivers\irstrtdv.sys (Intel Corporation)</p><p>DRV:<strong>64bit:</strong> - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation)</p><p>DRV:<strong>64bit:</strong> - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation)</p><p>DRV:<strong>64bit:</strong> - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation)</p><p>DRV:<strong>64bit:</strong> - (wdkmd) -- C:\Windows\SysNative\drivers\WDKMD.sys (Intel Corporation)</p><p>DRV:<strong>64bit:</strong> - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)</p><p>DRV:<strong>64bit:</strong> - (AMPPALP) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider)</p><p>DRV:<strong>64bit:</strong> - (AMPPAL) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider)</p><p>DRV:<strong>64bit:</strong> - (btmhsf) -- C:\Windows\SysNative\drivers\btmhsf.sys (Intel Corporation)</p><p>DRV:<strong>64bit:</strong> - (btmaux) -- C:\Windows\SysNative\drivers\btmaux.sys (Intel Corporation)</p><p>DRV:<strong>64bit:</strong> - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)</p><p>DRV:<strong>64bit:</strong> - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )</p><p>DRV:<strong>64bit:</strong> - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)</p><p>DRV:<strong>64bit:</strong> - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)</p><p>DRV:<strong>64bit:</strong> - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)</p><p>DRV:<strong>64bit:</strong> - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)</p><p>DRV:<strong>64bit:</strong> - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)</p><p>DRV:<strong>64bit:</strong> - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)</p><p>DRV:<strong>64bit:</strong> - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)</p><p>DRV:<strong>64bit:</strong> - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)</p><p>DRV:<strong>64bit:</strong> - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)</p><p>DRV:<strong>64bit:</strong> - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)</p><p>DRV:<strong>64bit:</strong> - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)</p><p>DRV:<strong>64bit:</strong> - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)</p><p>DRV:<strong>64bit:</strong> - (motandroidusb) -- C:\Windows\SysNative\drivers\motoandroid.sys (Motorola)</p><p>DRV:<strong>64bit:</strong> - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)</p><p>DRV:<strong>64bit:</strong> - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)</p><p>DRV:<strong>64bit:</strong> - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)</p><p>DRV:<strong>64bit:</strong> - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)</p><p>DRV:<strong>64bit:</strong> - (SABI) -- C:\Windows\SysNative\drivers\SABI.sys (SAMSUNG ELECTRONICS)</p><p>DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)</p><p> </p><p> </p><p><span style="color: #E56717">========== Standard Registry (SafeList) ==========</span></p><p> </p><p> </p><p><span style="color: #E56717">========== Internet Explorer ==========</span></p><p> </p><p>IE:<strong>64bit:</strong> - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}</p><p>IE:<strong>64bit:</strong> - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC</p><p>IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm</p><p>IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://samsung.msn.com</p><p>IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}</p><p>IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox</p><p> </p><p>IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung.msn.com</p><p>IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://samsung.msn.com</p><p>IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}</p><p>IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0</p><p> </p><p> </p><p><span style="color: #E56717">========== FireFox ==========</span></p><p> </p><p>FF:<strong>64bit:</strong> - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)</p><p>FF:<strong>64bit:</strong> - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation)</p><p>FF:<strong>64bit:</strong> - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found</p><p>FF:<strong>64bit:</strong> - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)</p><p>FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)</p><p>FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Plus Web Player Plug-In,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)</p><p>FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)</p><p>FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)</p><p>FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)</p><p>FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)</p><p>FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found</p><p>FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)</p><p>FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)</p><p>FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)</p><p>FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)</p><p>FF - HKLM\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)</p><p>FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()</p><p>FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)</p><p>FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Jo\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found</p><p>FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Jo\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)</p><p>FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Jo\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)</p><p>FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Jo\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)</p><p> </p><p>FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013/05/28 01:13:25 | 000,000,000 | ---D | M]</p><p> </p><p> </p><p><span style="color: #E56717">========== Chrome ==========</span></p><p> </p><p>CHR - default_search_provider: Google (Enabled)</p><p>CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google<img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite117" alt=":eek:" title="Eek! :eek:" loading="lazy" data-shortname=":eek:" />riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}</p><p>CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},</p><p>CHR - homepage: http://www.google.com</p><p>CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Jo\AppData\Local\Google\Chrome\Application\21.0.1180.79\PepperFlash\pepflashplayer.dll</p><p>CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Jo\AppData\Local\Google\Chrome\Application\27.0.1453.110\gcswf32.dll</p><p>CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer</p><p>CHR - plugin: Native Client (Enabled) = C:\Users\Jo\AppData\Local\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll</p><p>CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Jo\AppData\Local\Google\Chrome\Application\27.0.1453.110\pdf.dll</p><p>CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL</p><p>CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll</p><p>CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll</p><p>CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll</p><p>CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll</p><p>CHR - plugin: RocketLife Secure Plug-In Layer (Enabled) = C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll</p><p>CHR - plugin: Google Update (Enabled) = C:\Users\Jo\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll</p><p>CHR - Extension: Prezi = C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\acoonfmhnndodekhecidldfdjgooefpg\1.3_0\</p><p>CHR - Extension: BIODIGITAL HUMAN = C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\agoenciogemlojlhccbcpcfflicgnaak\0.9.5_0\</p><p>CHR - Extension: Google Drive = C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\</p><p>CHR - Extension: Snooker = C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjohiacoelemalmancnccjggomjnkfod\1.0.2_0\</p><p>CHR - Extension: Screen Capture (by Google) = C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpngackimfmofbokmjmljamhdncknpmg\5.0.6_0\</p><p>CHR - Extension: Google Calendar = C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0\</p><p>CHR - Extension: Tesco Food = C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffibhmnkceoelgabpnpaaojflglampjb\1.2_0\</p><p>CHR - Extension: PicMonkey = C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgdgokchhicmaiacmgegjnppjkgogdhm\1.5_0\</p><p>CHR - Extension: Tube Status = C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\fobnclpgpemlkfbdimgcnfnmenjkbald\0.0.4_0\</p><p>CHR - Extension: AdBlock = C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.63_0\</p><p>CHR - Extension: Google Calendar (by Google) = C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbgaklkmjakoegficnlkhebmhkjfich\1.3.1_0\</p><p>CHR - Extension: Next Bus London = C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\golhdmegajbopkkhfbjbilfecnjaobod\1.0.1_0\</p><p>CHR - Extension: Google Play Music = C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg\5.1_0\</p><p>CHR - Extension: Forecastfox = C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihffmkcfkejomlfnilnmkokcpgclhfeg\2.0.10_0\</p><p>CHR - Extension: Google Play = C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi\3.0_0\</p><p>CHR - Extension: FVD Video Downloader = C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp\5.1.6_0\</p><p>CHR - Extension: Google Maps = C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.7_0\</p><p>CHR - Extension: BeGone = C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndfpieflbjbdpgklkeolbmbdkfdiicfk\1.7.2_0\</p><p>CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.172_0\</p><p>CHR - Extension: Battlefield Play4Free = C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiokahphinmbmakkehgelkmpolmnbkdh\1.0.96.0_0\</p><p>CHR - Extension: Outlook.com = C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfpeapihoiogbcmdmnibeplnikfnhoge\1.0.2_0\</p><p> </p><p>O1 HOSTS File: ([2012/08/16 19:28:48 | 000,444,105 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts</p><p>O1 - Hosts: 127.0.0.1 www.007guard.com</p><p>O1 - Hosts: 127.0.0.1 007guard.com</p><p>O1 - Hosts: 127.0.0.1 008i.com</p><p>O1 - Hosts: 127.0.0.1 www.008k.com</p><p>O1 - Hosts: 127.0.0.1 008k.com</p><p>O1 - Hosts: 127.0.0.1 www.00hq.com</p><p>O1 - Hosts: 127.0.0.1 00hq.com</p><p>O1 - Hosts: 127.0.0.1 010402.com</p><p>O1 - Hosts: 127.0.0.1 www.032439.com</p><p>O1 - Hosts: 127.0.0.1 032439.com</p><p>O1 - Hosts: 127.0.0.1 www.0scan.com</p><p>O1 - Hosts: 127.0.0.1 0scan.com</p><p>O1 - Hosts: 127.0.0.1 www.1000gratisproben.com</p><p>O1 - Hosts: 127.0.0.1 1000gratisproben.com</p><p>O1 - Hosts: 127.0.0.1 1001namen.com</p><p>O1 - Hosts: 127.0.0.1 www.1001namen.com</p><p>O1 - Hosts: 127.0.0.1 100888290cs.com</p><p>O1 - Hosts: 127.0.0.1 www.100888290cs.com</p><p>O1 - Hosts: 127.0.0.1 www.100sexlinks.com</p><p>O1 - Hosts: 127.0.0.1 100sexlinks.com</p><p>O1 - Hosts: 127.0.0.1 www.10sek.com</p><p>O1 - Hosts: 127.0.0.1 10sek.com</p><p>O1 - Hosts: 127.0.0.1 www.1-2005-search.com</p><p>O1 - Hosts: 127.0.0.1 1-2005-search.com</p><p>O1 - Hosts: 127.0.0.1 www.123fporn.info</p><p>O1 - Hosts: 15252 more lines...</p><p>O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)</p><p>O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)</p><p>O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)</p><p>O2 - BHO: (Samsung BHO Class) - {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll ()</p><p>O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)</p><p>O3:<strong>64bit:</strong> - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.</p><p>O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.</p><p>O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)</p><p>O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe (DivX, LLC)</p><p>O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()</p><p>O4 - HKCU..\Run: [Unified Remote v2] C:\Program Files (x86)\Unified Remote\RemoteServer.exe (Unified Intents AB)</p><p>O4 - Startup: C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Box Sync.lnk = File not found</p><p>O4 - Startup: C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Jo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)</p><p>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1</p><p>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1</p><p>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5</p><p>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3</p><p>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DelayedDesktopSwitchTimeout = 0</p><p>O9 - Extra Button: Samsung AnyWeb Print - {328ECD19-C167-40eb-A0C7-16FE7634105E} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll ()</p><p>O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)</p><p>O13<strong>64bit:</strong> - gopher Prefix: missing</p><p>O13 - gopher Prefix: missing</p><p>O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 138.37.6.1 138.37.7.1</p><p>O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{08747189-44EB-41C1-8FF4-8F33F1EFDC83}: DhcpNameServer = 138.37.6.1 138.37.7.1</p><p>O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{210B7167-8D5F-4EF1-805A-4E50E5BD1009}: DhcpNameServer = 192.168.42.129</p><p>O18:<strong>64bit:</strong> - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found</p><p>O18:<strong>64bit:</strong> - Protocol\Handler\livecall - No CLSID value found</p><p>O18:<strong>64bit:</strong> - Protocol\Handler\msnim - No CLSID value found</p><p>O18:<strong>64bit:</strong> - Protocol\Handler\skype4com - No CLSID value found</p><p>O18:<strong>64bit:</strong> - Protocol\Handler\wlmailhtml - No CLSID value found</p><p>O18:<strong>64bit:</strong> - Protocol\Handler\wlpg - No CLSID value found</p><p>O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found</p><p>O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)</p><p>O20:<strong>64bit:</strong> - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)</p><p>O20:<strong>64bit:</strong> - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)</p><p>O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)</p><p>O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)</p><p>O20:<strong>64bit:</strong> - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)</p><p>O21:<strong>64bit:</strong> - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.</p><p>O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.</p><p>O32 - HKLM CDRom: AutoRun - 1</p><p>O33 - MountPoints2\{9bf8bf54-55d7-11e2-940c-c4850835ba28}\Shell - "" = AutoRun</p><p>O33 - MountPoints2\{9bf8bf54-55d7-11e2-940c-c4850835ba28}\Shell\AutoRun\command - "" = D:\MotoCastSetup.exe -a</p><p>O34 - HKLM BootExecute: (autocheck autochk *)</p><p>O35:<strong>64bit:</strong> - HKLM\..comfile [open] -- "%1" %*</p><p>O35:<strong>64bit:</strong> - HKLM\..exefile [open] -- "%1" %*</p><p>O35 - HKLM\..comfile [open] -- "%1" %*</p><p>O35 - HKLM\..exefile [open] -- "%1" %*</p><p>O37:<strong>64bit:</strong> - HKLM\...com [@ = comfile] -- "%1" %*</p><p>O37:<strong>64bit:</strong> - HKLM\...exe [@ = exefile] -- "%1" %*</p><p>O37 - HKLM\...com [@ = comfile] -- "%1" %*</p><p>O37 - HKLM\...exe [@ = exefile] -- "%1" %*</p><p>O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)</p><p>O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)</p><p>O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)</p><p> </p><p><span style="color: #E56717">========== Files/Folders - Created Within 30 Days ==========</span></p><p> </p><p>[2013/06/11 09:52:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG</p><p>[2013/06/09 20:52:42 | 000,000,000 | ---D | C] -- C:\_OTL</p><p>[2013/06/06 15:59:02 | 000,000,000 | ---D | C] -- C:\Users\Jo\Desktop\EmsisoftEmergencyKit</p><p>[2013/06/06 15:55:13 | 000,000,000 | ---D | C] -- C:\Users\Jo\AppData\Local\{19AD19E5-B33A-4024-9884-B20850C35844}</p><p>[2013/06/06 15:33:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro</p><p>[2013/06/06 15:33:03 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro</p><p>[2013/06/06 15:32:38 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro</p><p>[2013/06/06 15:31:01 | 009,833,328 | ---- | C] (SurfRight B.V.) -- C:\Users\Jo\Desktop\HitmanPro_x64.exe</p><p>[2013/06/06 15:28:26 | 000,000,000 | ---D | C] -- C:\Users\Jo\Desktop\RK_Quarantine</p><p>[2013/06/06 15:17:29 | 000,000,000 | ---D | C] -- C:\Users\Jo\AppData\Roaming\Malwarebytes</p><p>[2013/06/06 15:17:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware</p><p>[2013/06/06 15:17:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes</p><p>[2013/06/06 15:17:25 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys</p><p>[2013/06/06 15:17:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware</p><p>[2013/06/06 15:15:45 | 000,000,000 | ---D | C] -- C:\Users\Jo\Desktop\mbam-chameleon-1.62.1.1000</p><p>[2013/06/05 23:47:36 | 000,000,000 | ---D | C] -- C:\Users\Jo\AppData\Local\{D765B2DB-29CA-4410-9661-355C7B32D395}</p><p>[2013/06/05 16:04:59 | 000,000,000 | ---D | C] -- C:\Users\Jo\AppData\Local\{C9AB850D-0747-4441-A0C6-19857D487B60}</p><p>[2013/06/05 14:15:49 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jo\Desktop\OTL.exe</p><p>[2013/06/04 20:16:51 | 000,000,000 | ---D | C] -- C:\Users\Jo\AppData\Local\{757611B0-61CD-4F72-8285-8FCEE9D76D59}</p><p>[2013/06/04 20:02:59 | 000,000,000 | ---D | C] -- C:\Users\Jo\AppData\Local\{85E5C1EA-8318-435B-9B39-B0C55AD8CCAE}</p><p>[2013/06/04 20:00:32 | 000,000,000 | ---D | C] -- C:\Users\Jo\AppData\Local\{3F472B80-ABB8-46E7-8793-5A76A5535206}</p><p>[2013/06/04 14:04:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyPC Backup</p><p>[2013/06/04 13:57:39 | 000,000,000 | ---D | C] -- C:\Users\Jo\AppData\Local\Wondershare</p><p>[2013/06/04 13:57:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wondershare</p><p>[2013/06/04 13:57:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wondershare</p><p>[2013/06/03 19:20:01 | 000,000,000 | ---D | C] -- C:\Users\Jo\AppData\Local\{F3519928-A0FF-4A5B-819B-20D6092A501D}</p><p>[2013/06/01 15:16:14 | 000,000,000 | ---D | C] -- C:\Users\Jo\AppData\Local\{D9CB20FE-7B8E-46E0-B47D-467B8217EED4}</p><p>[2013/05/31 16:43:40 | 000,000,000 | ---D | C] -- C:\Users\Jo\AppData\Local\{CF752608-6B9D-438A-8658-7B754FB775B8}</p><p>[2013/05/30 17:44:24 | 000,000,000 | ---D | C] -- C:\Users\Jo\AppData\Local\{7101AC9C-D9BD-4F0B-B5D1-9805E513E799}</p><p>[2013/05/30 03:44:06 | 000,000,000 | ---D | C] -- C:\Users\Jo\AppData\Local\{56B00B1B-65B5-413F-9120-98C6790E5BA6}</p><p>[2013/05/28 01:14:37 | 000,000,000 | ---D | C] -- C:\Users\Jo\AppData\Local\DDMSettings</p><p>[2013/05/28 01:12:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus</p><p>[2013/05/28 01:12:48 | 000,000,000 | ---D | C] -- C:\Program Files\DivX</p><p>[2013/05/28 01:12:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared</p><p>[2013/05/28 00:53:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DivX</p><p>[2013/05/28 00:51:36 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX</p><p>[2013/05/26 14:11:47 | 000,000,000 | ---D | C] -- C:\Users\Jo\AppData\Local\{A78C4DF8-FFF9-46E2-82F6-E37BF13BD2F4}</p><p>[2013/05/26 14:01:34 | 000,000,000 | ---D | C] -- C:\Users\Jo\AppData\Local\{F6FA2E21-2BDF-4B49-9153-A0AA50BAD106}</p><p>[2013/05/26 13:51:24 | 000,000,000 | ---D | C] -- C:\Users\Jo\AppData\Local\{8C5FE1EA-028A-4902-B292-528F35343D53}</p><p>[2013/05/25 23:27:10 | 000,000,000 | ---D | C] -- C:\Users\Jo\AppData\Local\{4A37DC3D-C389-452A-85E5-7DDCE6A8123A}</p><p>[2013/05/17 22:39:05 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll</p><p>[2013/05/17 22:39:05 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll</p><p>[2013/05/17 22:39:00 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll</p><p>[2013/05/17 22:38:59 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll</p><p>[2013/05/17 22:38:59 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll</p><p>[2013/05/17 22:38:59 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll</p><p>[2013/05/17 22:38:59 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe</p><p>[2013/05/17 22:38:59 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe</p><p>[2013/05/17 22:38:57 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll</p><p>[2013/05/17 22:38:57 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl</p><p>[2013/05/17 22:38:57 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl</p><p>[2013/05/17 22:38:56 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll</p><p>[2013/05/17 22:38:52 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll</p><p>[2013/05/17 22:38:52 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll</p><p>[2013/05/17 22:38:52 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll</p><p>[2013/05/16 02:59:50 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\authui.dll</p><p>[2013/05/16 02:59:50 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\shdocvw.dll</p><p>[2013/05/16 02:59:49 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\authui.dll</p><p>[2013/05/16 02:59:49 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\consent.exe</p><p>[2013/05/16 02:57:05 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\dxgmms1.sys</p><p>[2013/05/16 02:57:05 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cdd.dll</p><p>[2013/05/16 02:56:03 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wwanprotdim.dll</p><p> </p><p><span style="color: #E56717">========== Files - Modified Within 30 Days ==========</span></p><p> </p><p>[2013/06/11 10:14:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job</p><p>[2013/06/11 10:12:15 | 000,021,200 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0</p><p>[2013/06/11 10:12:15 | 000,021,200 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0</p><p>[2013/06/11 10:10:45 | 000,727,374 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI</p><p>[2013/06/11 10:10:45 | 000,629,318 | ---- | M] () -- C:\windows\SysNative\perfh009.dat</p><p>[2013/06/11 10:10:45 | 000,111,212 | ---- | M] () -- C:\windows\SysNative\perfc009.dat</p><p>[2013/06/11 10:03:42 | 000,000,828 | ---- | M] () -- C:\windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job</p><p>[2013/06/11 10:03:11 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat</p><p>[2013/06/11 09:54:02 | 000,000,896 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1365210169-2043555165-912279061-1000UA.job</p><p>[2013/06/09 20:28:25 | 000,000,916 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-1365210169-2043555165-912279061-1000UA.job</p><p>[2013/06/09 20:28:25 | 000,000,830 | ---- | M] () -- C:\windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job</p><p>[2013/06/09 14:29:22 | 000,001,043 | ---- | M] () -- C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk</p><p>[2013/06/07 13:12:42 | 000,000,844 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1365210169-2043555165-912279061-1000Core.job</p><p>[2013/06/07 13:07:21 | 000,000,894 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-1365210169-2043555165-912279061-1000Core.job</p><p>[2013/06/06 15:58:38 | 186,305,826 | ---- | M] () -- C:\Users\Jo\Desktop\EmsisoftEmergencyKit.zip</p><p>[2013/06/06 15:33:03 | 000,001,893 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk</p><p>[2013/06/06 15:32:15 | 009,833,328 | ---- | M] (SurfRight B.V.) -- C:\Users\Jo\Desktop\HitmanPro_x64.exe</p><p>[2013/06/06 15:28:15 | 000,816,128 | ---- | M] () -- C:\Users\Jo\Desktop\RogueKiller.exe</p><p>[2013/06/06 15:17:27 | 000,000,916 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk</p><p>[2013/06/06 15:14:44 | 001,440,846 | ---- | M] () -- C:\Users\Jo\Desktop\mbam-chameleon-1.62.1.1000.zip</p><p>[2013/06/05 14:15:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jo\Desktop\OTL.exe</p><p>[2013/06/04 14:00:22 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_Kernel_motoandroid_01007.Wdf</p><p>[2013/05/30 03:00:08 | 000,279,488 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT</p><p>[2013/05/28 00:53:03 | 000,000,000 | ---- | M] () -- C:\END</p><p>[2013/05/15 01:29:46 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe</p><p>[2013/05/15 01:29:46 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl</p><p> </p><p><span style="color: #E56717">========== Files Created - No Company Name ==========</span></p><p> </p><p>[2013/06/06 15:38:10 | 186,305,826 | ---- | C] () -- C:\Users\Jo\Desktop\EmsisoftEmergencyKit.zip</p><p>[2013/06/06 15:33:03 | 000,001,893 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk</p><p>[2013/06/06 15:28:06 | 000,816,128 | ---- | C] () -- C:\Users\Jo\Desktop\RogueKiller.exe</p><p>[2013/06/06 15:17:27 | 000,000,916 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk</p><p>[2013/06/06 15:14:34 | 001,440,846 | ---- | C] () -- C:\Users\Jo\Desktop\mbam-chameleon-1.62.1.1000.zip</p><p>[2013/06/04 14:00:22 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_Kernel_motoandroid_01007.Wdf</p><p>[2013/05/28 00:53:03 | 000,000,000 | ---- | C] () -- C:\END</p><p>[2012/11/15 21:07:54 | 000,022,044 | ---- | C] () -- C:\windows\SysWow64\0x0809.ini</p><p>[2012/11/15 20:49:09 | 000,149,880 | ---- | C] () -- C:\windows\wiainst64.exe</p><p>[2012/10/01 23:54:09 | 000,178,688 | ---- | C] () -- C:\windows\SysWow64\unrar.dll</p><p>[2012/08/16 14:49:21 | 003,120,452 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI</p><p>[2012/04/12 10:52:42 | 000,307,200 | ---- | C] () -- C:\windows\SetDisplayResolution.exe</p><p>[2012/04/12 09:57:45 | 000,020,310 | ---- | C] () -- C:\windows\HotFixList.ini</p><p>[2012/03/26 19:19:10 | 000,755,188 | ---- | C] () -- C:\windows\SysWow64\igkrng700.bin</p><p>[2012/03/26 19:19:08 | 000,561,508 | ---- | C] () -- C:\windows\SysWow64\igfcg700m.bin</p><p>[2012/03/26 19:03:46 | 000,058,880 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll</p><p>[2012/03/26 17:53:42 | 013,024,768 | ---- | C] () -- C:\windows\SysWow64\ig7icd32.dll</p><p>[2012/03/26 17:47:54 | 013,212,672 | ---- | C] () -- C:\windows\SysWow64\ig4icd32.dll</p><p>[2012/03/13 03:59:22 | 000,963,912 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin</p><p>[2012/03/13 03:59:19 | 000,261,208 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin</p><p>[2012/03/13 03:59:14 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin</p><p>[2012/02/02 14:08:26 | 000,001,536 | ---- | C] () -- C:\windows\SysWow64\IusEventLog.dll</p><p>[2011/12/02 13:12:10 | 000,260,688 | ---- | C] () -- C:\windows\SUPDRun.exe</p><p> </p><p><span style="color: #E56717">========== ZeroAccess Check ==========</span></p><p> </p><p>[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini</p><p> </p><p>[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64</p><p> </p><p>[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]</p><p> </p><p>[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64</p><p> </p><p>[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]</p><p> </p><p>[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64</p><p>"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 06:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)</p><p>"ThreadingModel" = Apartment</p><p> </p><p>[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]</p><p>"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 05:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)</p><p>"ThreadingModel" = Apartment</p><p> </p><p>[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64</p><p>"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)</p><p>"ThreadingModel" = Free</p><p> </p><p>[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]</p><p>"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)</p><p>"ThreadingModel" = Free</p><p> </p><p>[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64</p><p>"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)</p><p>"ThreadingModel" = Both</p><p> </p><p>[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]</p><p> </p><p><span style="color: #E56717">========== LOP Check ==========</span></p><p> </p><p>[2012/09/15 21:22:38 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\Amazon</p><p>[2012/09/23 19:53:18 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\AnvSoft</p><p>[2013/03/11 22:28:19 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\Audacity</p><p>[2012/10/05 18:48:52 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\AVG2013</p><p>[2012/08/16 15:50:59 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\Box Desktop</p><p>[2013/06/11 10:08:51 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\Box Sync</p><p>[2012/09/21 16:21:39 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\com.amazon.music.uploader</p><p>[2013/06/11 10:06:14 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\Dropbox</p><p>[2012/08/16 15:11:57 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\Easy File Share</p><p>[2013/02/02 22:44:46 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\Gmote</p><p>[2013/02/03 20:14:03 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\MotoCast</p><p>[2013/01/07 19:34:18 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\Motorola</p><p>[2013/01/07 19:35:30 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\Motorola Mobility</p><p>[2013/01/10 08:54:41 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\Samsung</p><p>[2013/06/09 20:52:47 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\SoftGrid Client</p><p>[2012/08/16 14:50:06 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\TP</p><p>[2012/10/05 17:38:13 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\TuneUp Software</p><p>[2013/02/03 00:48:44 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\Unified Remote</p><p>[2012/08/19 21:22:02 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\Unity</p><p>[2012/08/16 14:05:57 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\Visan</p><p>[2012/08/16 23:44:34 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\WildTangent</p><p> </p><p><span style="color: #E56717">========== Purity Check ==========</span></p><p> </p><p> </p><p> </p><p><span style="color: #E56717">========== Alternate Data Streams ==========</span></p><p> </p><p>@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:5C321E34</p><p></p><p>< End of report ></p></blockquote><p></p>
[QUOTE="ha08336, post: 124388, member: 8778"] OTL logfile created on: 11/06/2013 10:06:31 - Run 4 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jo\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 5.79 Gb Total Physical Memory | 3.86 Gb Available Physical Memory | 66.71% Memory free 11.57 Gb Paging File | 9.55 Gb Available in Paging File | 82.56% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 442.40 Gb Total Space | 342.30 Gb Free Space | 77.37% Space Free | Partition Type: NTFS Computer Name: JO-PC | User Name: Jo | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - C:\Users\Jo\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Users\Jo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe (Motorola Mobility LLC) PRC - C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe (Motorola Mobility LLC) PRC - C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe (Samsung Electronics CO., LTD.) PRC - C:\Program Files (x86)\Unified Remote\RemoteServer.exe (Unified Intents AB) PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe (SEC) PRC - C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe (Nero AG) PRC - C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation) PRC - C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink) PRC - C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe () PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe () PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation) PRC - C:\Windows\SysWOW64\irstrtsv.exe (Intel Corporation) PRC - C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe (Samsung Electronics) PRC - C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe (Motorola) PRC - C:\Program Files (x86)\PharosSystems\Core\CTskMstr.exe (Pharos Systems International) PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\3faed55b37496df511efda735b0c87c5\System.ServiceModel.ni.dll () MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\42aa20b2531d16f7043f380d0d7ef647\System.Runtime.Serialization.ni.dll () MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\e37f711a6059275ef8d4e60103436b74\System.Xml.Linq.ni.dll () MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Data\f56f1276c940a8320595b2973abe3f3b\System.Data.ni.dll () MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\4ad81d13ef6282ca68c7298e3e9128e9\System.Windows.Forms.ni.dll () MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\c206c0d5425bc25640b647ac986fc236\System.Core.ni.dll () MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\e9784f6667e92cb4d3bc01731c8a3310\System.Configuration.ni.dll () MOD - C:\Users\Jo\AppData\Roaming\Dropbox\bin\libcef.dll () MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll () MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\353fd535963fff2f9086c2f655a47ace\System.Xml.ni.dll () MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\293b5e60e01e652ae1bf4096bc6e9f9e\System.Drawing.ni.dll () MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System\73507c607e4c46f5e04122de0cc5f3fd\System.ni.dll () MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3ef97e67e8d2c09fd2495ed952e1afbc\mscorlib.ni.dll () MOD - C:\Users\Jo\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll () MOD - C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll () MOD - C:\Program Files (x86)\Samsung\Easy Settings\WinCRT.dll () MOD - C:\Program Files (x86)\Samsung\Easy Settings\HookDllPS2.dll () [color=#E56717]========== Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe File not found SRV:[b]64bit:[/b] - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe File not found SRV:[b]64bit:[/b] - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe File not found SRV:[b]64bit:[/b] - (ExpressCache) -- C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe (Diskeeper Corporation) SRV:[b]64bit:[/b] - (Intel(R) -- C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation) SRV:[b]64bit:[/b] - (AMPPALR3) -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel Corporation) SRV:[b]64bit:[/b] - (BTHSSecurityMgr) -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel(R) Corporation) SRV:[b]64bit:[/b] - (Samsung UPD Service2) -- C:\Windows\SysNative\SUPDSvc2.exe (Samsung Electronics) SRV:[b]64bit:[/b] - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV:[b]64bit:[/b] - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (Motorola Device Manager) -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe (Motorola Mobility LLC) SRV - (SWUpdateService) -- C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe (Samsung Electronics CO., LTD.) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (DeviceMonitorService) -- C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe (Nero AG) SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation) SRV - (SimpleSlideShowServer) -- C:\Program Files (x86)\Samsung\AllShare\AllShareSlideShowService.exe (Samsung Electronics Co., Ltd.) SRV - (Bluetooth OBEX Service) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation) SRV - (Bluetooth Media Service) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation) SRV - (Bluetooth Device Monitor) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation) SRV - (SamsungDeviceConfigurationWinService) -- C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe () SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe () SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation) SRV - (irstrtsv) -- C:\Windows\SysWOW64\irstrtsv.exe (Intel Corporation) SRV - (SamsungAllShareV2.0) -- C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe (Samsung Electronics Co., Ltd.) SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (PST Service) -- C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe (Motorola) SRV - (Pharos Systems ComTaskMaster) -- C:\Program Files (x86)\PharosSystems\Core\CTskMstr.exe (Pharos Systems International) SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o.) DRV:[b]64bit:[/b] - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.) DRV:[b]64bit:[/b] - (uvhid) -- C:\Windows\SysNative\drivers\uvhid.sys (Windows (R) Win 7 DDK provider) DRV:[b]64bit:[/b] - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.) DRV:[b]64bit:[/b] - (Avgloga) -- C:\Windows\SysNative\drivers\avgloga.sys (AVG Technologies CZ, s.r.o.) DRV:[b]64bit:[/b] - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o.) DRV:[b]64bit:[/b] - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.) DRV:[b]64bit:[/b] - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.) DRV:[b]64bit:[/b] - (NETwNs64) -- C:\Windows\SysNative\drivers\Netwsw00.sys (Intel Corporation) DRV:[b]64bit:[/b] - (intaud_WaveExtensible) -- C:\Windows\SysNative\drivers\intelaud.sys (Intel Corporation) DRV:[b]64bit:[/b] - (iwdbus) -- C:\Windows\SysNative\drivers\iwdbus.sys (Intel Corporation) DRV:[b]64bit:[/b] - (XHCIPort) -- C:\Windows\SysNative\drivers\xHCIPort.sys (Windows (R) Win 7 DDK provider) DRV:[b]64bit:[/b] - (usb3Hub) -- C:\Windows\SysNative\drivers\usb3Hub.sys (Windows (R) Win 7 DDK provider) DRV:[b]64bit:[/b] - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:[b]64bit:[/b] - (excsd) -- C:\Windows\SysNative\drivers\excsd.sys (Diskeeper Corporation) DRV:[b]64bit:[/b] - (excfs) -- C:\Windows\SysNative\drivers\excfs.sys (Diskeeper Corporation) DRV:[b]64bit:[/b] - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:[b]64bit:[/b] - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronics Corp.) DRV:[b]64bit:[/b] - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation) DRV:[b]64bit:[/b] - (ibtfltcoex) -- C:\Windows\SysNative\drivers\iBtFltCoex.sys (Intel Corporation) DRV:[b]64bit:[/b] - (irstrtdv) -- C:\Windows\SysNative\drivers\irstrtdv.sys (Intel Corporation) DRV:[b]64bit:[/b] - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation) DRV:[b]64bit:[/b] - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation) DRV:[b]64bit:[/b] - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation) DRV:[b]64bit:[/b] - (wdkmd) -- C:\Windows\SysNative\drivers\WDKMD.sys (Intel Corporation) DRV:[b]64bit:[/b] - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation) DRV:[b]64bit:[/b] - (AMPPALP) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider) DRV:[b]64bit:[/b] - (AMPPAL) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider) DRV:[b]64bit:[/b] - (btmhsf) -- C:\Windows\SysNative\drivers\btmhsf.sys (Intel Corporation) DRV:[b]64bit:[/b] - (btmaux) -- C:\Windows\SysNative\drivers\btmaux.sys (Intel Corporation) DRV:[b]64bit:[/b] - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:[b]64bit:[/b] - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:[b]64bit:[/b] - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:[b]64bit:[/b] - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:[b]64bit:[/b] - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:[b]64bit:[/b] - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:[b]64bit:[/b] - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:[b]64bit:[/b] - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:[b]64bit:[/b] - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (motandroidusb) -- C:\Windows\SysNative\drivers\motoandroid.sys (Motorola) DRV:[b]64bit:[/b] - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:[b]64bit:[/b] - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:[b]64bit:[/b] - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:[b]64bit:[/b] - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:[b]64bit:[/b] - (SABI) -- C:\Windows\SysNative\drivers\SABI.sys (SAMSUNG ELECTRONICS) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://samsung.msn.com IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://samsung.msn.com IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation) FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Plus Web Player Plug-In,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Jo\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Jo\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Jo\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Jo\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013/05/28 01:13:25 | 000,000,000 | ---D | M] [color=#E56717]========== Chrome ==========[/color] CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}, CHR - homepage: http://www.google.com CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Jo\AppData\Local\Google\Chrome\Application\21.0.1180.79\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Jo\AppData\Local\Google\Chrome\Application\27.0.1453.110\gcswf32.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Jo\AppData\Local\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Jo\AppData\Local\Google\Chrome\Application\27.0.1453.110\pdf.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: RocketLife Secure Plug-In Layer (Enabled) = C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll CHR - plugin: Google Update (Enabled) = C:\Users\Jo\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - Extension: Prezi = C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\acoonfmhnndodekhecidldfdjgooefpg\1.3_0\ CHR - Extension: BIODIGITAL HUMAN = C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\agoenciogemlojlhccbcpcfflicgnaak\0.9.5_0\ CHR - Extension: Google Drive = C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: Snooker = C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjohiacoelemalmancnccjggomjnkfod\1.0.2_0\ CHR - Extension: Screen Capture (by Google) = C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpngackimfmofbokmjmljamhdncknpmg\5.0.6_0\ CHR - Extension: Google Calendar = C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0\ CHR - Extension: Tesco Food = C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffibhmnkceoelgabpnpaaojflglampjb\1.2_0\ CHR - Extension: PicMonkey = C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgdgokchhicmaiacmgegjnppjkgogdhm\1.5_0\ CHR - Extension: Tube Status = C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\fobnclpgpemlkfbdimgcnfnmenjkbald\0.0.4_0\ CHR - Extension: AdBlock = C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.63_0\ CHR - Extension: Google Calendar (by Google) = C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbgaklkmjakoegficnlkhebmhkjfich\1.3.1_0\ CHR - Extension: Next Bus London = C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\golhdmegajbopkkhfbjbilfecnjaobod\1.0.1_0\ CHR - Extension: Google Play Music = C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg\5.1_0\ CHR - Extension: Forecastfox = C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihffmkcfkejomlfnilnmkokcpgclhfeg\2.0.10_0\ CHR - Extension: Google Play = C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi\3.0_0\ CHR - Extension: FVD Video Downloader = C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp\5.1.6_0\ CHR - Extension: Google Maps = C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.7_0\ CHR - Extension: BeGone = C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndfpieflbjbdpgklkeolbmbdkfdiicfk\1.7.2_0\ CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.172_0\ CHR - Extension: Battlefield Play4Free = C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiokahphinmbmakkehgelkmpolmnbkdh\1.0.96.0_0\ CHR - Extension: Outlook.com = C:\Users\Jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfpeapihoiogbcmdmnibeplnikfnhoge\1.0.2_0\ O1 HOSTS File: ([2012/08/16 19:28:48 | 000,444,105 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 127.0.0.1 www.123fporn.info O1 - Hosts: 15252 more lines... O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Samsung BHO Class) - {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll () O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe (DivX, LLC) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKCU..\Run: [Unified Remote v2] C:\Program Files (x86)\Unified Remote\RemoteServer.exe (Unified Intents AB) O4 - Startup: C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Box Sync.lnk = File not found O4 - Startup: C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Jo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DelayedDesktopSwitchTimeout = 0 O9 - Extra Button: Samsung AnyWeb Print - {328ECD19-C167-40eb-A0C7-16FE7634105E} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll () O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O13[b]64bit:[/b] - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 138.37.6.1 138.37.7.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{08747189-44EB-41C1-8FF4-8F33F1EFDC83}: DhcpNameServer = 138.37.6.1 138.37.7.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{210B7167-8D5F-4EF1-805A-4E50E5BD1009}: DhcpNameServer = 192.168.42.129 O18:[b]64bit:[/b] - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found O18:[b]64bit:[/b] - Protocol\Handler\livecall - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\msnim - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation) O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation) O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{9bf8bf54-55d7-11e2-940c-c4850835ba28}\Shell - "" = AutoRun O33 - MountPoints2\{9bf8bf54-55d7-11e2-940c-c4850835ba28}\Shell\AutoRun\command - "" = D:\MotoCastSetup.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2013/06/11 09:52:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG [2013/06/09 20:52:42 | 000,000,000 | ---D | C] -- C:\_OTL [2013/06/06 15:59:02 | 000,000,000 | ---D | C] -- C:\Users\Jo\Desktop\EmsisoftEmergencyKit [2013/06/06 15:55:13 | 000,000,000 | ---D | C] -- C:\Users\Jo\AppData\Local\{19AD19E5-B33A-4024-9884-B20850C35844} [2013/06/06 15:33:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro [2013/06/06 15:33:03 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro [2013/06/06 15:32:38 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro [2013/06/06 15:31:01 | 009,833,328 | ---- | C] (SurfRight B.V.) -- C:\Users\Jo\Desktop\HitmanPro_x64.exe [2013/06/06 15:28:26 | 000,000,000 | ---D | C] -- C:\Users\Jo\Desktop\RK_Quarantine [2013/06/06 15:17:29 | 000,000,000 | ---D | C] -- C:\Users\Jo\AppData\Roaming\Malwarebytes [2013/06/06 15:17:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013/06/06 15:17:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013/06/06 15:17:25 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys [2013/06/06 15:17:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013/06/06 15:15:45 | 000,000,000 | ---D | C] -- C:\Users\Jo\Desktop\mbam-chameleon-1.62.1.1000 [2013/06/05 23:47:36 | 000,000,000 | ---D | C] -- C:\Users\Jo\AppData\Local\{D765B2DB-29CA-4410-9661-355C7B32D395} [2013/06/05 16:04:59 | 000,000,000 | ---D | C] -- C:\Users\Jo\AppData\Local\{C9AB850D-0747-4441-A0C6-19857D487B60} [2013/06/05 14:15:49 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jo\Desktop\OTL.exe [2013/06/04 20:16:51 | 000,000,000 | ---D | C] -- C:\Users\Jo\AppData\Local\{757611B0-61CD-4F72-8285-8FCEE9D76D59} [2013/06/04 20:02:59 | 000,000,000 | ---D | C] -- C:\Users\Jo\AppData\Local\{85E5C1EA-8318-435B-9B39-B0C55AD8CCAE} [2013/06/04 20:00:32 | 000,000,000 | ---D | C] -- C:\Users\Jo\AppData\Local\{3F472B80-ABB8-46E7-8793-5A76A5535206} [2013/06/04 14:04:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyPC Backup [2013/06/04 13:57:39 | 000,000,000 | ---D | C] -- C:\Users\Jo\AppData\Local\Wondershare [2013/06/04 13:57:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wondershare [2013/06/04 13:57:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wondershare [2013/06/03 19:20:01 | 000,000,000 | ---D | C] -- C:\Users\Jo\AppData\Local\{F3519928-A0FF-4A5B-819B-20D6092A501D} [2013/06/01 15:16:14 | 000,000,000 | ---D | C] -- C:\Users\Jo\AppData\Local\{D9CB20FE-7B8E-46E0-B47D-467B8217EED4} [2013/05/31 16:43:40 | 000,000,000 | ---D | C] -- C:\Users\Jo\AppData\Local\{CF752608-6B9D-438A-8658-7B754FB775B8} [2013/05/30 17:44:24 | 000,000,000 | ---D | C] -- C:\Users\Jo\AppData\Local\{7101AC9C-D9BD-4F0B-B5D1-9805E513E799} [2013/05/30 03:44:06 | 000,000,000 | ---D | C] -- C:\Users\Jo\AppData\Local\{56B00B1B-65B5-413F-9120-98C6790E5BA6} [2013/05/28 01:14:37 | 000,000,000 | ---D | C] -- C:\Users\Jo\AppData\Local\DDMSettings [2013/05/28 01:12:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus [2013/05/28 01:12:48 | 000,000,000 | ---D | C] -- C:\Program Files\DivX [2013/05/28 01:12:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared [2013/05/28 00:53:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DivX [2013/05/28 00:51:36 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX [2013/05/26 14:11:47 | 000,000,000 | ---D | C] -- C:\Users\Jo\AppData\Local\{A78C4DF8-FFF9-46E2-82F6-E37BF13BD2F4} [2013/05/26 14:01:34 | 000,000,000 | ---D | C] -- C:\Users\Jo\AppData\Local\{F6FA2E21-2BDF-4B49-9153-A0AA50BAD106} [2013/05/26 13:51:24 | 000,000,000 | ---D | C] -- C:\Users\Jo\AppData\Local\{8C5FE1EA-028A-4902-B292-528F35343D53} [2013/05/25 23:27:10 | 000,000,000 | ---D | C] -- C:\Users\Jo\AppData\Local\{4A37DC3D-C389-452A-85E5-7DDCE6A8123A} [2013/05/17 22:39:05 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll [2013/05/17 22:39:05 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll [2013/05/17 22:39:00 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll [2013/05/17 22:38:59 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll [2013/05/17 22:38:59 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll [2013/05/17 22:38:59 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll [2013/05/17 22:38:59 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe [2013/05/17 22:38:59 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe [2013/05/17 22:38:57 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll [2013/05/17 22:38:57 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl [2013/05/17 22:38:57 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl [2013/05/17 22:38:56 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll [2013/05/17 22:38:52 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll [2013/05/17 22:38:52 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll [2013/05/17 22:38:52 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll [2013/05/16 02:59:50 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\authui.dll [2013/05/16 02:59:50 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\shdocvw.dll [2013/05/16 02:59:49 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\authui.dll [2013/05/16 02:59:49 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\consent.exe [2013/05/16 02:57:05 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\dxgmms1.sys [2013/05/16 02:57:05 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cdd.dll [2013/05/16 02:56:03 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wwanprotdim.dll [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2013/06/11 10:14:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2013/06/11 10:12:15 | 000,021,200 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/06/11 10:12:15 | 000,021,200 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/06/11 10:10:45 | 000,727,374 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2013/06/11 10:10:45 | 000,629,318 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2013/06/11 10:10:45 | 000,111,212 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2013/06/11 10:03:42 | 000,000,828 | ---- | M] () -- C:\windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job [2013/06/11 10:03:11 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2013/06/11 09:54:02 | 000,000,896 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1365210169-2043555165-912279061-1000UA.job [2013/06/09 20:28:25 | 000,000,916 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-1365210169-2043555165-912279061-1000UA.job [2013/06/09 20:28:25 | 000,000,830 | ---- | M] () -- C:\windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job [2013/06/09 14:29:22 | 000,001,043 | ---- | M] () -- C:\Users\Jo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013/06/07 13:12:42 | 000,000,844 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1365210169-2043555165-912279061-1000Core.job [2013/06/07 13:07:21 | 000,000,894 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-1365210169-2043555165-912279061-1000Core.job [2013/06/06 15:58:38 | 186,305,826 | ---- | M] () -- C:\Users\Jo\Desktop\EmsisoftEmergencyKit.zip [2013/06/06 15:33:03 | 000,001,893 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk [2013/06/06 15:32:15 | 009,833,328 | ---- | M] (SurfRight B.V.) -- C:\Users\Jo\Desktop\HitmanPro_x64.exe [2013/06/06 15:28:15 | 000,816,128 | ---- | M] () -- C:\Users\Jo\Desktop\RogueKiller.exe [2013/06/06 15:17:27 | 000,000,916 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013/06/06 15:14:44 | 001,440,846 | ---- | M] () -- C:\Users\Jo\Desktop\mbam-chameleon-1.62.1.1000.zip [2013/06/05 14:15:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jo\Desktop\OTL.exe [2013/06/04 14:00:22 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_Kernel_motoandroid_01007.Wdf [2013/05/30 03:00:08 | 000,279,488 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT [2013/05/28 00:53:03 | 000,000,000 | ---- | M] () -- C:\END [2013/05/15 01:29:46 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe [2013/05/15 01:29:46 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl [color=#E56717]========== Files Created - No Company Name ==========[/color] [2013/06/06 15:38:10 | 186,305,826 | ---- | C] () -- C:\Users\Jo\Desktop\EmsisoftEmergencyKit.zip [2013/06/06 15:33:03 | 000,001,893 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk [2013/06/06 15:28:06 | 000,816,128 | ---- | C] () -- C:\Users\Jo\Desktop\RogueKiller.exe [2013/06/06 15:17:27 | 000,000,916 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013/06/06 15:14:34 | 001,440,846 | ---- | C] () -- C:\Users\Jo\Desktop\mbam-chameleon-1.62.1.1000.zip [2013/06/04 14:00:22 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_Kernel_motoandroid_01007.Wdf [2013/05/28 00:53:03 | 000,000,000 | ---- | C] () -- C:\END [2012/11/15 21:07:54 | 000,022,044 | ---- | C] () -- C:\windows\SysWow64\0x0809.ini [2012/11/15 20:49:09 | 000,149,880 | ---- | C] () -- C:\windows\wiainst64.exe [2012/10/01 23:54:09 | 000,178,688 | ---- | C] () -- C:\windows\SysWow64\unrar.dll [2012/08/16 14:49:21 | 003,120,452 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI [2012/04/12 10:52:42 | 000,307,200 | ---- | C] () -- C:\windows\SetDisplayResolution.exe [2012/04/12 09:57:45 | 000,020,310 | ---- | C] () -- C:\windows\HotFixList.ini [2012/03/26 19:19:10 | 000,755,188 | ---- | C] () -- C:\windows\SysWow64\igkrng700.bin [2012/03/26 19:19:08 | 000,561,508 | ---- | C] () -- C:\windows\SysWow64\igfcg700m.bin [2012/03/26 19:03:46 | 000,058,880 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll [2012/03/26 17:53:42 | 013,024,768 | ---- | C] () -- C:\windows\SysWow64\ig7icd32.dll [2012/03/26 17:47:54 | 013,212,672 | ---- | C] () -- C:\windows\SysWow64\ig4icd32.dll [2012/03/13 03:59:22 | 000,963,912 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin [2012/03/13 03:59:19 | 000,261,208 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin [2012/03/13 03:59:14 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin [2012/02/02 14:08:26 | 000,001,536 | ---- | C] () -- C:\windows\SysWow64\IusEventLog.dll [2011/12/02 13:12:10 | 000,260,688 | ---- | C] () -- C:\windows\SUPDRun.exe [color=#E56717]========== ZeroAccess Check ==========[/color] [2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 06:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 05:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] [color=#E56717]========== LOP Check ==========[/color] [2012/09/15 21:22:38 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\Amazon [2012/09/23 19:53:18 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\AnvSoft [2013/03/11 22:28:19 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\Audacity [2012/10/05 18:48:52 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\AVG2013 [2012/08/16 15:50:59 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\Box Desktop [2013/06/11 10:08:51 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\Box Sync [2012/09/21 16:21:39 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\com.amazon.music.uploader [2013/06/11 10:06:14 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\Dropbox [2012/08/16 15:11:57 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\Easy File Share [2013/02/02 22:44:46 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\Gmote [2013/02/03 20:14:03 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\MotoCast [2013/01/07 19:34:18 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\Motorola [2013/01/07 19:35:30 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\Motorola Mobility [2013/01/10 08:54:41 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\Samsung [2013/06/09 20:52:47 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\SoftGrid Client [2012/08/16 14:50:06 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\TP [2012/10/05 17:38:13 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\TuneUp Software [2013/02/03 00:48:44 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\Unified Remote [2012/08/19 21:22:02 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\Unity [2012/08/16 14:05:57 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\Visan [2012/08/16 23:44:34 | 000,000,000 | ---D | M] -- C:\Users\Jo\AppData\Roaming\WildTangent [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:5C321E34 < End of report > [/QUOTE]
Insert quotes…
Verification
Post reply
Top
