Solved Black screen while booting up Vista.

S

squall23

Posts: 43   +0
Usually, when a virus hits my computer, I tend to know how to search for solutions because the virus usually attacks something specific or leaves a trail of sorts. For this one, I have no idea what it's doing on/to my computer or where I got it from. In fact, I got it when I was AFK so I definitely don't know how I got it. All I know of it are 2 things:



1. It got rid of my System Restore option. It doesn't just turn off System Restore, it literally got rid of the tab in System Properties.



2. When I boot up Windows normally, it gives me a black screen. I'm not sure if it's freezing or doing something to my graphics, I don't know. However, I can load up Safe Mode (with networking) perfectly fine. Albeit with a much longer than usual load time.



Anyway, here are my logs:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.09.11.04

Windows Vista Service Pack 2 x64 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
Bernard :: BERNARD-PC [administrator]

11/09/2013 6:10:42 AM
mbam-log-2013-09-11 (06-10-42).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 286972
Time elapsed: 26 minute(s), 15 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 37
HKLM\SYSTEM\CurrentControlSet\Services\WajamUpdater (PUP.Optional.Wajam.A) -> No action taken.
HKCR\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2} (PUP.Optional.Wajam.A) -> No action taken.
HKCR\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2} (PUP.Optional.Wajam.A) -> No action taken.
HKCR\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D} (PUP.Optional.Wajam.A) -> No action taken.
HKCR\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} (PUP.Optional.Wajam.A) -> No action taken.
HKCR\wajam.WajamBHO.1 (PUP.Optional.Wajam.A) -> No action taken.
HKCR\wajam.WajamBHO (PUP.Optional.Wajam.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} (PUP.Optional.Wajam.A) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} (PUP.Optional.Wajam.A) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} (PUP.Optional.Wajam.A) -> No action taken.
HKCR\AppID\{1DD31B76-C57E-49ba-94BC-BF53F0C82CD4} (PUP.Funshion) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1DD31B76-C57E-49ba-94BC-BF53F0C82CD4} (PUP.Funshion) -> No action taken.
HKCR\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634} (PUP.Optional.Wajam.A) -> No action taken.
HKCR\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17} (PUP.Optional.Wajam.A) -> No action taken.
HKCR\CLSID\{11CC93E4-0BE6-4f8f-82AA-D577FB955B05} (PUP.Funshion) -> No action taken.
HKCR\TypeLib\{F9BC0421-BB5C-447d-8547-BB45AFA80A4D} (PUP.Funshion) -> No action taken.
HKCR\Interface\{4D89001B-5B5B-4E76-A1F5-638E49DB7A58} (PUP.Funshion) -> No action taken.
HKCR\AddressSearch.JsObject.1 (PUP.Funshion) -> No action taken.
HKCR\AddressSearch.JsObject (PUP.Funshion) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11CC93E4-0BE6-4F8F-82AA-D577FB955B05} (PUP.Funshion) -> No action taken.
HKCR\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5} (PUP.Optional.Wajam.A) -> No action taken.
HKCR\wajam.WajamDownloader.1 (PUP.Optional.Wajam.A) -> No action taken.
HKCR\wajam.WajamDownloader (PUP.Optional.Wajam.A) -> No action taken.
HKCR\CLSID\{91878E42-FC03-4785-B513-1F9E613D1027} (PUP.Funshion) -> No action taken.
HKCR\TypeLib\{D02E3AB9-7796-40cb-BDFC-20D834FE1F75} (PUP.Funshion) -> No action taken.
HKCR\Interface\{FCB380C4-D350-44BE-8791-50216F4747AC} (PUP.Funshion) -> No action taken.
HKCR\ASBarBroker.BDBroker.1 (PUP.Funshion) -> No action taken.
HKCR\ASBarBroker.BDBroker (PUP.Funshion) -> No action taken.
HKCR\CLSID\{FBEDBA6C-44A2-43b9-BD49-20EB6E0C4E86} (PUP.Funshion) -> No action taken.
HKCR\AddressSearch.SnavHttpProtocol.1 (PUP.Funshion) -> No action taken.
HKCR\AddressSearch.SnavHttpProtocol (PUP.Funshion) -> No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\CltMngSvc (PUP.Optional.SearchProtect.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect (PUP.Optional.SearchProtect.A) -> No action taken.
HKCR\AppID\priam_bho.DLL (PUP.Optional.Wajam.A) -> No action taken.
HKCU\SOFTWARE\WAJAM (PUP.Optional.Wajam.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wajam (PUP.Optional.Wajam.A) -> No action taken.
HKCR\thunder (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Detected: 3
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|SearchProtectAll (PUP.Optional.SearchProtect.A) -> Data: "C:\Program Files (x86)\SearchProtect\bin\cltmng.exe" -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|SearchProtect (PUP.Optional.SearchProtect.A) -> Data: C:\Users\Bernard\AppData\Roaming\SearchProtect\bin\cltmng.exe -> No action taken.
HKCU\Software\Wajam|affiliate_id (PUP.Optional.Wajam.A) -> Data: 5921 -> No action taken.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 19
C:\Program Files (x86)\SEARCHPROTECT\bin (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SEARCHPROTECT\Dialogs (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SEARCHPROTECT\Dialogs\lib (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SEARCHPROTECT\Dialogs\spbd (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SEARCHPROTECT\Dialogs\spbd\images (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SEARCHPROTECT\Dialogs\spsd (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SEARCHPROTECT\Dialogs\spsd\images (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Bernard\AppData\Roaming\SEARCHPROTECT\bin (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Bernard\AppData\Roaming\SEARCHPROTECT\Dialogs (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Bernard\AppData\Roaming\SEARCHPROTECT\Dialogs\lib (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Bernard\AppData\Roaming\SEARCHPROTECT\Dialogs\spbd (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Bernard\AppData\Roaming\SEARCHPROTECT\Dialogs\spbd\images (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Bernard\AppData\Roaming\SEARCHPROTECT\Dialogs\spsd (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Bernard\AppData\Roaming\SEARCHPROTECT\Dialogs\spsd\images (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\Wajam (PUP.Optional.Wajam.A) -> No action taken.
C:\Program Files (x86)\Wajam\Firefox (PUP.Optional.Wajam.A) -> No action taken.
C:\Program Files (x86)\Wajam\IE (PUP.Optional.Wajam.A) -> No action taken.
C:\Program Files (x86)\Wajam\Updater (PUP.Optional.Wajam.A) -> No action taken.
C:\Recycle.Bin (Trojan.Spyeyes) -> Quarantined and deleted successfully.

Files Detected: 77
C:\Program Files (x86)\Wajam\Updater\WAJAMUPDATER.EXE (PUP.Optional.Wajam.A) -> No action taken.
C:\Program Files (x86)\Wajam\IE\PRIAM_BHO.DLL (PUP.Optional.Wajam.A) -> No action taken.
C:\Users\Bernard\AppData\Roaming\SearchProtect\Res\SPSetup.exe (PUP.Optional.Conduit) -> No action taken.
C:\Users\Bernard\AppData\Local\Temp\0YudRA7T.exe.part (PUP.Optional.SweetIM) -> No action taken.
C:\Users\Bernard\AppData\Local\Temp\MyBabylonTB.exe (PUP.Optional.Babylon.A) -> No action taken.
C:\Users\Bernard\AppData\Local\Temp\OptimizerPro.exe (PUP.Optional.OptimizePro.A) -> No action taken.
C:\Users\Bernard\AppData\Local\Temp\QuickShare1.exe (PUP.Optional.QuickShare.A) -> No action taken.
C:\Users\Bernard\AppData\Local\Temp\SPStub.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Bernard\AppData\Local\Temp\wajam_install.exe (PUP.Optional.Wajam.A) -> No action taken.
C:\Users\Bernard\AppData\Local\Temp\ct2737658\ffLogic.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Bernard\AppData\Local\Temp\ct2737658\ieLogic.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Bernard\AppData\Local\Temp\ct2737658\spff.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Bernard\AppData\Local\Temp\ct2737658\statisticsStub.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Program Files (x86)\SEARCHPROTECT\bin\FIREFOXMODULE.DLL (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SEARCHPROTECT\bin\ChromeModule.dll (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SEARCHPROTECT\bin\cltmng.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SEARCHPROTECT\bin\CltMngSvc.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SEARCHPROTECT\bin\InternetExplorerModule.dll (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SEARCHPROTECT\bin\msvcp100.dll (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SEARCHPROTECT\bin\msvcr100.dll (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SEARCHPROTECT\bin\SPHook32.dll (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SEARCHPROTECT\bin\uninstall.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SEARCHPROTECT\Dialogs\DIALOGSAPI.JS (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SEARCHPROTECT\Dialogs\lib\jquery.min.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SEARCHPROTECT\Dialogs\lib\json2.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SEARCHPROTECT\Dialogs\spbd\bubble.css (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SEARCHPROTECT\Dialogs\spbd\bubble.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SEARCHPROTECT\Dialogs\spbd\main.html (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SEARCHPROTECT\Dialogs\spbd\images\information.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SEARCHPROTECT\Dialogs\spbd\images\x-default-LTR.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SEARCHPROTECT\Dialogs\spbd\images\x-default-RTL.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SEARCHPROTECT\Dialogs\spbd\images\x-mouseover-LTR.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SEARCHPROTECT\Dialogs\spbd\images\x-mouseover-RTL.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SEARCHPROTECT\Dialogs\spsd\main.html (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SEARCHPROTECT\Dialogs\spsd\SearchProtector.css (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SEARCHPROTECT\Dialogs\spsd\settings.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SEARCHPROTECT\Dialogs\spsd\images\ok-button.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SEARCHPROTECT\Dialogs\spsd\images\separation-line.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SEARCHPROTECT\Dialogs\spsd\images\warning.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Bernard\AppData\Roaming\SEARCHPROTECT\bin\FIREFOXMODULE.DLL (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Bernard\AppData\Roaming\SEARCHPROTECT\bin\ChromeModule.dll (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Bernard\AppData\Roaming\SEARCHPROTECT\bin\cltmng.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Bernard\AppData\Roaming\SEARCHPROTECT\bin\CltMngSvc.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Bernard\AppData\Roaming\SEARCHPROTECT\bin\InternetExplorerModule.dll (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Bernard\AppData\Roaming\SEARCHPROTECT\bin\msvcp100.dll (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Bernard\AppData\Roaming\SEARCHPROTECT\bin\msvcr100.dll (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Bernard\AppData\Roaming\SEARCHPROTECT\bin\rep.dat (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Bernard\AppData\Roaming\SEARCHPROTECT\bin\SPHook32.dll (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Bernard\AppData\Roaming\SEARCHPROTECT\Dialogs\DIALOGSAPI.JS (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Bernard\AppData\Roaming\SEARCHPROTECT\Dialogs\lib\jquery.min.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Bernard\AppData\Roaming\SEARCHPROTECT\Dialogs\lib\json2.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Bernard\AppData\Roaming\SEARCHPROTECT\Dialogs\spbd\bubble.css (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Bernard\AppData\Roaming\SEARCHPROTECT\Dialogs\spbd\bubble.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Bernard\AppData\Roaming\SEARCHPROTECT\Dialogs\spbd\main.html (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Bernard\AppData\Roaming\SEARCHPROTECT\Dialogs\spbd\images\information.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Bernard\AppData\Roaming\SEARCHPROTECT\Dialogs\spbd\images\x-default-LTR.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Bernard\AppData\Roaming\SEARCHPROTECT\Dialogs\spbd\images\x-default-RTL.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Bernard\AppData\Roaming\SEARCHPROTECT\Dialogs\spbd\images\x-mouseover-LTR.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Bernard\AppData\Roaming\SEARCHPROTECT\Dialogs\spbd\images\x-mouseover-RTL.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Bernard\AppData\Roaming\SEARCHPROTECT\Dialogs\spsd\main.html (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Bernard\AppData\Roaming\SEARCHPROTECT\Dialogs\spsd\SearchProtector.css (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Bernard\AppData\Roaming\SEARCHPROTECT\Dialogs\spsd\settings.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Bernard\AppData\Roaming\SEARCHPROTECT\Dialogs\spsd\images\ok-button.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Bernard\AppData\Roaming\SEARCHPROTECT\Dialogs\spsd\images\separation-line.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Bernard\AppData\Roaming\SEARCHPROTECT\Dialogs\spsd\images\warning.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\Wajam\uninstall.exe (PUP.Optional.Wajam.A) -> No action taken.
C:\Program Files (x86)\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi (PUP.Optional.Wajam.A) -> No action taken.
C:\Program Files (x86)\Wajam\IE\favicon.ico (PUP.Optional.Wajam.A) -> No action taken.
C:\Program Files (x86)\Wajam\IE\wajamLogo.bmp (PUP.Optional.Wajam.A) -> No action taken.
C:\Program Files (x86)\Wajam\Updater\update.exe (PUP.Optional.Wajam.A) -> No action taken.
C:\Users\Bernard\AppData\Roaming\Microsoft\6884\9396.tmp (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.
C:\Users\Bernard\AppData\Local\Temp\C164.tmp (Trojan.Phex.THAGen6) -> Quarantined and deleted successfully.
C:\Users\Bernard\AppData\Local\Temp\D67E.tmp (Spyware.Agent) -> Quarantined and deleted successfully.
C:\Users\Bernard\AppData\Local\Temp\FAA3.tmp (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.
C:\Users\Bernard\AppData\Local\Temp\pricepeep_130001_1001.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\ProgramData\lsass.exe (Trojan.Delf) -> Quarantined and deleted successfully.
C:\Users\Bernard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Quarantined and deleted successfully.

(end)
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 9.0.8112.16506 BrowserJavaVersion: 10.13.2
Run by Bernard at 7:01:16 on 2013-09-11
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=83&bd=Pavilion&pf=cndt
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=83&bd=Pavilion&pf=cndt
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=83&bd=Pavilion&pf=cndt
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=83&bd=Pavilion&pf=cndt
uProxyServer = hxxp=183.181.25.248:80
uProxyOverride = 127.0.0.1:9421;*.local;<local>
uURLSearchHooks: FreeOnlineRadioPlayerRecorder Toolbar: {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFree.dll
mURLSearchHooks: FreeOnlineRadioPlayerRecorder Toolbar: {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFree.dll
mWinlogon: Userinit = userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO: FGCatchUrl: {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\FlashGet\jccatch.dll
BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\AVG\AVG2012\avgdtiex.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\AVG\AVG2012\avgssie.dll
BHO: 3F2D81A2-AB9C-DA82-039C-33E7BC2362D3 Class: {3F2D81A2-AB9C-DA82-039C-33E7BC2362D3} -
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Spybot - Search & Destroy\SDHelper.dll
BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: {889D2FEB-5411-4565-8998-1DD2C5261283} - <orphaned>
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Wajam: {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll
BHO: IeMonitorBho Class: {bf00e119-21a3-4fd1-b178-3b8537e75c92} -
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: FlashGet GetFlash Class: {F156768E-81EF-470C-9057-481BA8380DBA} - C:\FlashGet\getflash.dll
BHO: FreeOnlineRadioPlayerRecorder Toolbar: {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFree.dll
BHO: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - <orphaned>
TB: &RoboForm Toolbar: {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB: FreeOnlineRadioPlayerRecorder Toolbar: {F999A48B-1950-4D81-9971-79018F807B4B} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFree.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB: FreeOnlineRadioPlayerRecorder Toolbar: {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFree.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [igndlm.exe] C:\Download Manager\dlm.exe /windowsstart /startifwork
uRun: [PlayNC Launcher] <no file>
uRunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil64_11_7_700_169_Plugin.exe -update plugin
uRunOnce: [Application Restart #0] C:\WINDOWS\ehome\ehtray.exe
uRunOnce: [Application Restart #1] C:\Program Files\Windows Sidebar\sidebar.exe
uRunOnce: [Application Restart #2] C:\WINDOWS\SysWOW64\conime.exe C:\Windows\System32\conime.exe
mRun: [AVG_TRAY] "C:\AVG\AVG2012\avgtray.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [SearchProtectAll] "C:\Program Files (x86)\SearchProtect\bin\cltmng.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\iTunes\iTunesHelper.exe"
mRunOnce: [Malwarebytes Anti-Malware] C:\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
StartupFolder: C:\Users\Bernard\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\KUMA_T~1.LNK - C:\Program Files (x86)\Kuma Games\kgsystray\Kuma_tray.exe
StartupFolder: C:\Users\Bernard\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\VIIKII~1.LNK - C:\Program Files (x86)\ViiKiiDesktopPlugin\ViiKiiDesktopPlugin.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AWMOUS~1.LNK - C:\Program Files\Alienware\Alienware TactX Mouse CI\AWMouseCI.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\GAMERS~1.LNK - C:\Program Files (x86)\GamersFirst\LIVE!\Live.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: &?????? - <no file>
IE: &?????????? - <no file>
IE: &Download All with FlashGet - C:\FlashGet\jc_all.htm
IE: &Download with FlashGet - C:\FlashGet\jc_link.htm
IE: &E1OAOAƒÊ‹IAOO - <no file>
IE: &E1OAOAƒÊ‹IAOOEá2?AL?O - <no file>
IE: &U????????? - <no file>
IE: &U?????????????????? - <no file>
IE: &UE1OAA~EEIAOO2‘EO2O - <no file>
IE: &UE1OAA~EEIAOO2‘EO2O - <no file>
IE: &UŽg—p•Äl‰º?›ó¾åU - <no file>
IE: &UŽg—p•Äl‰º?›ó¾åU - <no file>
IE: &E1OAOAƒÊ‹IAOO - <no file>
IE: &E1OAOAƒÊ‹IAOOEá2?AL?O - <no file>
IE: &Žg—p115?’`‰º? - <no file>
IE: &Žg—p115?’`‰º?‘S•”?Ú - <no file>
IE: &Žg—p?’`‰º? - <no file>
IE: &Žg—p?’`‰º?‘S•”?Ú - <no file>
IE: &ѸÀ×ÏÂÔص½ÊÖ» - <no file>
IE: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Download with Xilisoft Download YouTube Video - C:\Xilisoft\Download YouTube Video\upod_link.HTM
IE: Download with Xilisoft YouTube Video Converter - C:\Xilisoft\YouTube Video Converter\upod_link.HTM
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Show RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\AVG\AVG2012\avgdtiex.dll
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\FlashGet\FlashGet.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Spybot - Search & Destroy\SDHelper.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files%20(x86)/UNO%20-%20Undercover/Images/stg_drm.ocx
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files%20(x86)/UNO%20-%20Undercover/Images/armhelper.ocx
TCP: Interfaces\{081F9EF9-9B38-4560-8DE5-BCF5512DA67E} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{1E2774A5-2766-4D2A-9844-B884397420A9} : NameServer = 208.67.222.222,208.67.220.220
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\AVG\AVG2012\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\MP3 Skype Recorder\Skype4COM.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
x64-mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=83&bd=Pavilion&pf=cndt
x64-mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=83&bd=Pavilion&pf=cndt
x64-BHO: {004B0726-A010-4ABF-8556-FCDB7F1FCA1E} - <orphaned>
x64-BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\AVG\AVG2012\avgdtiea.dll
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\AVG\AVG2012\avgssiea.dll
x64-BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - <orphaned>
x64-TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-Run: [Windows Defender] C:\Program Files (x86)\Windows Defender\MSASCui.exe -hide
x64-Run: [RtHDVCpl] RAVCpl64.exe
x64-Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\System32\NvCpl.dll,NvStartup
x64-Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\System32\NvMcTray.dll,NvTaskbarInit
x64-Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
x64-Run: [IAAnotif] "C:\Program Files (X86)\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
x64-Run: [AlienFX Controller] "C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe"
x64-Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
x64-mPolicies-Explorer: NoActiveDesktop = dword:1
x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
x64-IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\AVG\AVG2012\avgdtiea.dll
x64-IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\AVG\AVG2012\avgppa.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\pwuuhfhm.default\
FF - prefs.js: network.proxy.type - 2
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Users\Bernard\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\pwuuhfhm.default\extensions\CSWebLauncher@cyberstep.com\plugins\npCsWebLauncher.dll
FF - plugin: C:\Windows\System32\Macromed\Flash\NPSWF64_11_7_700_169.dll
FF - ExtSQL: 2013-08-09 17:08; firefox@mega.co.nz; C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\pwuuhfhm.default\extensions\firefox@mega.co.nz.xpi
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-4-19 28480]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-1-31 36944]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-4-11 384800]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2011-2-23 254528]
R1 HssDRV6;Hotspot Shield Routing Driver 6;C:\Windows\System32\drivers\hssdrv6.sys [2012-7-24 41704]
R3 AmdLLD64;AMD Low Level Device Driver;C:\Windows\System32\drivers\AmdLLD64.sys [2011-6-15 39424]
R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;C:\Windows\System32\drivers\netr28x.sys [2008-5-12 405504]
S1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-11-8 307040]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2011-12-23 47696]
S2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2008-1-20 27648]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-10-26 239616]
S2 AVGIDSAgent;AVGIDSAgent;C:\AVG\AVG2012\avgidsagent.exe [2012-11-2 5174392]
S2 avgwd;AVG WatchDog;C:\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 CltMngSvc;Search Protect by Conduit Updater;C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe [2013-3-6 93984]
S2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-7-14 8704]
S2 HOSTNT;Hostnt;C:\Windows\System32\drivers\hostnt.sys [2012-5-13 13864]
S2 HPBtnSrv;HP Chasis Button Service;C:\hp\HPEZBTN\HPBtnSrv.exe [2008-5-12 198240]
S2 hshld;Hotspot Shield Service;C:\Hotspot Shield\bin\openvpnas.exe [2012-7-24 474992]
S2 HssWd;Hotspot Shield Monitoring Service;C:\Hotspot Shield\bin\hsswd.exe [2012-7-24 387440]
S2 RadeonPro Support Service;RadeonPro Support Service;C:\RadeonPro\RadeonProSupport.exe [2012-3-8 12800]
S2 SBSDWSCService;SBSD Security Center Service;C:\Spybot - Search & Destroy\SDWinSec.exe [2010-2-17 1153368]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]
S2 WajamUpdater;WajamUpdater;C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe [2012-7-26 109064]
S2 YLMFVDISK;YLMF Virtual Diskette V1;C:\Windows\System32\drivers\VirtDisk64.sys [2012-4-14 23896]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdLH6.sys [2012-2-23 92176]
S3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-12-10 127328]
S3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\avgidsfiltera.sys [2011-12-23 29776]
S3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;C:\BitComet\tools\BitCometService.exe -service --> C:\BitComet\tools\BitCometService.exe -service [?]
S3 CAXHWBS2;CAXHWBS2;C:\Windows\System32\drivers\CAXHWBS2.sys [2008-5-8 411136]
S3 HCW85BDA;Hauppauge WinTV 885 Video Capture;C:\Windows\System32\drivers\HCW85BDA.sys [2008-5-12 1379584]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\System32\drivers\MijXfilt.sys [2011-12-18 121416]
S3 ncvet.dll;ncvet.dll;C:\WINDOWS\Temp\ncvet.dll [2011-9-14 24144]
S3 nmwcdcx64;Nokia USB Generic;C:\Windows\System32\drivers\ccdcmbox64.sys [2009-10-6 25088]
S3 nmwcdx64;Nokia USB Phone Parent;C:\Windows\System32\drivers\ccdcmbx64.sys [2009-10-6 18944]
S3 NPF;NetGroup Packet Filter Driver;C:\Windows\System32\drivers\npf.sys [2010-6-25 35344]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?]
S3 PerfHost;Performance Counter DLL Host;C:\WINDOWS\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-4-19 1022632]
S3 X6va006;X6va006;C:\Users\Bernard\AppData\Local\Temp\006955E.tmp [2012-3-17 17192]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2010-9-22 89920]
.
=============== File Associations ===============
.
FileExt: .js: JSFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2013-08-08 02:03:11 2775552 ----a-w- C:\Windows\System32\win32k.sys
2013-08-02 14:06:01 1706496 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-08-02 04:09:35 1548288 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-31 14:17:31 17833472 ----a-w- C:\Windows\System32\mshtml.dll
2013-07-31 13:42:12 10926080 ----a-w- C:\Windows\System32\ieframe.dll
2013-07-31 13:29:19 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2013-07-31 13:20:02 1346560 ----a-w- C:\Windows\System32\urlmon.dll
2013-07-31 13:19:03 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-07-31 13:18:24 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-07-31 13:17:24 237056 ----a-w- C:\Windows\System32\url.dll
2013-07-31 13:16:12 85504 ----a-w- C:\Windows\System32\jsproxy.dll
2013-07-31 13:14:29 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-07-31 13:13:07 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-07-31 13:13:05 816640 ----a-w- C:\Windows\System32\jscript.dll
2013-07-31 13:11:46 2147840 ----a-w- C:\Windows\System32\iertutil.dll
2013-07-31 13:11:41 729088 ----a-w- C:\Windows\System32\msfeeds.dll
2013-07-31 13:09:35 96768 ----a-w- C:\Windows\System32\mshtmled.dll
2013-07-31 13:08:44 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-07-31 13:05:14 248320 ----a-w- C:\Windows\System32\ieui.dll
2013-07-31 10:30:56 12335104 ----a-w- C:\Windows\SysWow64\mshtml.dll
2013-07-31 10:05:18 9738752 ----a-w- C:\Windows\SysWow64\ieframe.dll
2013-07-31 10:00:20 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-07-31 09:53:17 1104896 ----a-w- C:\Windows\SysWow64\urlmon.dll
2013-07-31 09:52:44 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-07-31 09:52:34 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-07-31 09:51:29 231936 ----a-w- C:\Windows\SysWow64\url.dll
2013-07-31 09:49:58 65024 ----a-w- C:\Windows\SysWow64\jsproxy.dll
2013-07-31 09:48:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-07-31 09:48:28 717824 ----a-w- C:\Windows\SysWow64\jscript.dll
2013-07-31 09:48:09 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-07-31 09:47:20 607744 ----a-w- C:\Windows\SysWow64\msfeeds.dll
2013-07-31 09:46:37 1796096 ----a-w- C:\Windows\SysWow64\iertutil.dll
2013-07-31 09:45:59 73216 ----a-w- C:\Windows\SysWow64\mshtmled.dll
2013-07-31 09:45:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-07-31 09:42:36 176640 ----a-w- C:\Windows\SysWow64\ieui.dll
2013-07-17 20:01:51 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-07-17 19:41:34 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-07-16 09:25:53 689152 ----a-w- C:\Windows\System32\themeui.dll
2013-07-16 04:35:16 615936 ----a-w- C:\Windows\SysWow64\themeui.dll
2013-07-10 09:47:49 677888 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2013-07-10 09:42:55 1303552 ----a-w- C:\Windows\System32\rpcrt4.dll
2013-07-09 12:04:30 1585256 ----a-w- C:\Windows\System32\ntdll.dll
2013-07-09 12:04:30 1168088 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-07-08 04:51:57 4691904 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-07-08 04:20:17 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-07-08 04:20:04 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2013-07-08 04:18:51 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-07-08 04:16:55 98304 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-07-08 04:16:55 133120 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-07-08 04:16:54 992768 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-07-08 04:16:33 43008 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-07-08 04:15:39 234496 ----a-w- C:\Windows\System32\wow64.dll
2013-07-08 04:15:25 218624 ----a-w- C:\Windows\System32\wintrust.dll
2013-07-08 04:14:21 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2013-07-08 04:12:34 174592 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-07-08 04:12:34 132096 ----a-w- C:\Windows\System32\cryptnet.dll
2013-07-08 04:12:34 1276416 ----a-w- C:\Windows\System32\crypt32.dll
2013-07-08 01:39:04 26112 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-07-08 01:39:03 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-07-08 01:39:02 2560 ----a-w- C:\Windows\SysWow64\user.exe
2013-07-05 04:45:27 1423808 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-06-15 13:27:51 20480 ----a-w- C:\Windows\System32\icaapi.dll
2013-06-15 11:38:39 29184 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys
2010-08-03 17:11:16 819200 --sha-w- C:\Windows\SysWOW64\xvidcore.dll
2010-08-03 17:11:16 180224 --sha-w- C:\Windows\SysWOW64\xvidvfw.dll
.
============= FINISH: 7:05:00.82 ===============
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
.
Motherboard: PEGATRON CORPORATION | | Benicia
Processor: Intel(R) Core(TM)2 Quad CPU Q6700 @ 2.66GHz | CPU 1 | 2666/267mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 687 GiB total, 2.154 GiB free.
D: is FIXED (NTFS) - 11 GiB total, 1.504 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
J: is Removable
K: is CDROM ()
L: is CDROM ()
M: is CDROM ()
O: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {36fc9e60-c465-11cf-8056-444553540000}
Description: eHome Infrared Receiver (USBCIR)
Device ID: USB\VID_147A&PID_E018&MI_00\7&314A0B6A&3&0000
Manufacturer: Microsoft
Name: eHome Infrared Receiver (USBCIR)
PNP Device ID: USB\VID_147A&PID_E018&MI_00\7&314A0B6A&3&0000
Service: usbcir
.
Class GUID: {4D36E97B-E325-11CE-BFC1-08002BE10318}
Description: A2IW4ESM IDE Controller
Device ID: ACPI\PNPA000\4&5D18F2DF&0
Manufacturer: (Standard mass storage controllers)
Name: A2IW4ESM IDE Controller
PNP Device ID: ACPI\PNPA000\4&5D18F2DF&0
Service: akqkhlxh
.
Class GUID: {4d36e97d-e325-11ce-bfc1-08002be10318}
Description: Consumer IR Devices
Device ID: ROOT\SYSTEM\0001
Manufacturer: Microsoft
Name: Consumer IR Devices
PNP Device ID: ROOT\SYSTEM\0001
Service: circlass
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
115UDown
7-Zip 4.65 (x64 edition)
7-Zip 9.20
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 8.1.2
Adobe Shockwave Player 11.5
Age of Empires III: Complete Collection
Aion
AirMech
Akamai NetSession Interface
Akamai NetSession Interface Service
Alienware TactX(TM) Mouse CI 1.00
AMD APP SDK Runtime
AMD Catalyst Install Manager
Any Video Converter 5 5.0.3
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Assassin's Creed Revelations
Audacity 1.2.6
Audiosurf
AVG 2012
Bandisoft MPEG-1 Decoder
Battlelog Web Plugins
Beat Hazard
BIT.TRIP RUNNER (remove only)
BitComet 1.14
BitComet 1.31 64-bit
Bonjour
Call of Juarez The Cartel
Capsule
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Cheat Engine 5.5
Cheat Engine 5.6.1
Cheat Engine 6.2
CloneDVD2
Combined Community Codec Pack 2011-07-30
Command Center
Compatibility Pack for the 2007 Office system
Counter-Strike: Source
Cucusoft YouTube Mate 7.18
CyberLink DVD Suite Deluxe
CyberLink PowerDirector
D3DX10
DAEMON Tools Lite
Dark Souls Prepare to Die Edition
Dark Souls Prepare To Die Edition version 5.1
Dell Voice
DH Mobility Modder.NET
Diner Dash 2
DiskAid 4.11
Divinity: Dragon Commander
Download Manager 2.3.6
Driver San Francisco
Driver Sweeper version 3.2.0
Dual-Core Optimizer
Enhanced Multimedia Keyboard Solution
ESN Sonar
Fable III
Far Cry 3
FlashGet 1.9.6.1073
Free AVI MPEG WMV MP4 FLV Video Joiner 5.0.2
Free Video Joiner 1.1
FreeArc 0.666
FreeOnlineRadioPlayerRecorder Toolbar
Freez FLV to MP3 Converter
Game Dev Tycoon DEMO version 1.0.1
Game Dev Tycoon v1.3.2 (c) Greenheart Games version 1
GamersFirst LIVE!
GenesisAD_Setup
GOM Player
GOMTV Streamer
Google Earth Plug-in
Google Update Helper
GrandDog Run Time System V1.0.35
Hamachi 1.0.3.0
Hardware Diagnostic Tools
Hewlett-Packard Active Check for Health Check
Hewlett-Packard Asset Agent for Health Check
Hex Workshop v6
HF pAppLoc version 1.0
Hi-Rez Studios Authenticate and Update Service
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotspot Shield 2.65
HP Active Support Library
HP Customer Experience Enhancements
HP Customer Feedback
HP Easy Setup - Frontend
HP Picasso Media Center Add-In
HP Total Care Advisor
HP Update
HuxleyTheDystopia
iFunbox (v2.6.2375.747), iFunbox DevTeam
ijji Auto Installer
ILLUSION@ƒWƒ“ƒRƒEƒKƒNƒGƒ“ ‚«‚á‚ç‚ß‚¢‚
ImgBurn
Intel(R) Matrix Storage Manager
iPhone Explorer 2.102
iTunes
Java 7 Update 13
Java Auto Updater
Java(TM) 6 Update 23
Java(TM) SE Runtime Environment 6 Update 1
JDownloader 2
LabelPrint
League of Legends
Left 4 Dead 2 Add-on Support
LightScribe System Software 1.12.37.1
LightScribeTemplateLabeler
Malwarebytes Anti-Malware version 1.75.0.1300
Max Payne 3
MD5 Checker version 4.0.0
Mega Manager
MegaTrainer eXperience V1.1.1.1
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170)
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office Home and Student 60 day trial
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30411
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
Microsoft Windows Application Compatibility Database
Microsoft Works
Microsoft WSE 3.0 Runtime
Microsoft XNA Framework Redistributable 3.1
Microsoft XNA Framework Redistributable 4.0
MIKSOFT Mobile AMR converter
MKVtoolnix 4.7.0
MotioninJoy Gamepad tool 0.7.1001
Mozilla Firefox 7.0.1 (x86 en-GB)
MP3 Skype Recorder
Mp3tag v2.49
MSVC80_x64_v2
MSVC80_x86_v2
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 6.1
My HP Games
Natural Selection 2
NCsoft Launcher
Neffy 1,2,4,0
Nexon Game Manager
Nitronic Rush (2011-11-11) version 20111111.0
Nokia Connectivity Cable Driver
Notepad++
NVIDIA Drivers
NVIDIA PhysX
OGPlanet Game Launcher
OpenAL
Origin
Paint.NET v3.5.6
Pando Media Booster
PC Connectivity Solution
PCSX2 - Playstation 2 Emulator
Pcsx2 0.9.6
Pcsx2 Cheat converter
piaip AppLocale
PlanetSide 2
plist Editor Pro 2.0.0
PlugLink 9650 Utility
Poker Night 2
Power2Go
PS3 Cheats Editor
PunkBuster Services
Python 2.5
QuickTime
RadeonPro 1.0 (Build 1.1.0.6)
RapidLinkConverter
RaySource 2.1.10.8366
REACTOR
Real Alternative 2.0.0
Realtek High Definition Audio Driver
Recettear: An Item Shop's Tale
Recettear: An Item Shop's Tale - Demo
redist
RoboForm 7-7-4 (All Users)
Rockstar Games Social Club
SD Gundam Capsule Fighter
Search Protect by conduit
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760588) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760823) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2760583) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office Outlook 2007 (KB2825999) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2767773) 32-Bit Edition
Segoe UI
Skype Toolbars
Skype? 6.3
Soft Data Fax Modem with SmartCP
Sonic and All Stars Racing Transformed (c) SEGA version 1
Sony Ericsson DRM Packager 1.35
Source SDK Base 2007
Spybot - Search & Destroy
StarCraft II
Steam
Super Street Fighter IV: Arcade Edition
SWF Opener
Team Fortress 2
The Sims? 3
The Sims? 3 Late Night
The Sims? 3 Master Suite Stuff
The Witcher 2
Tom Clancy's Ghost Recon Future Soldier
Ubisoft Game Launcher
Ultimate Knight ƒEƒBƒ“ƒ_ƒ€XP
Unity Web Player
Universal Document Converter (Demo)
UnLock Root 3.1.1
UnLock Root Pro 3.41
UNO - Undercover
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB2836940)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2825641) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Uplay
URL Snooper v2.29.01
Ventrilo Client for Windows x64
VirtualCloneDrive
Visual C++ 8.0 Runtime Setup Package (x64)
Visual Studio 2008 x64 Redistributables
VLC media player 1.0.5
VueScan
Wajam
Warcraft III
Warcraft III: All Products
Waterfox
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
WinPcap 4.1.2
WinRAR archiver
WinSCP 4.3.2
WMPTagSupportExtender
Xilisoft Download YouTube Video
Xilisoft YouTube Video Converter
Xiph.Org Open Codecs 0.85.17777
Yahoo! Messenger
Yahoo! Toolbar
ƒcƒSƒEƒmƒCƒC”ޏ—ƒ^ƒ`
‰Š‚Ì›s‚Ü‚¹‚¨‚Á‚Ï‚¢“û“¯‹‰¶
.
==== Event Viewer Messages From Past Week ========
.
11/09/2013 6:46:06 AM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
11/09/2013 6:45:13 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx64 Avgmfx64 ElbyCDIO spldr Wanarpv6
11/09/2013 6:45:13 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
11/09/2013 6:44:49 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
11/09/2013 6:44:17 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/09/2013 6:44:05 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
11/09/2013 6:43:45 AM, Error: sptd [4] - Driver detected an internal error in its data structures for .
11/09/2013 6:42:21 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume HP.
11/09/2013 6:10:01 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
11/09/2013 5:13:09 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
11/09/2013 5:09:46 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
11/09/2013 5:09:45 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgldx64 Avgmfx64 Avgtdia DfsC ElbyCDIO HssDRV6 NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr tdx Wanarpv6
11/09/2013 5:09:45 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
11/09/2013 5:09:45 AM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
11/09/2013 5:09:45 AM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
11/09/2013 5:09:45 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
11/09/2013 5:09:45 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
11/09/2013 5:09:45 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
11/09/2013 5:09:45 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
11/09/2013 5:09:45 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
11/09/2013 5:09:45 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
11/09/2013 5:09:45 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
11/09/2013 5:09:45 AM, Error: Service Control Manager [7001] - The Hotspot Shield Service service depends on the DHCP Client service which failed to start because of the following error: The dependency service or group failed to start.
11/09/2013 5:09:45 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/09/2013 5:09:45 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
11/09/2013 5:08:59 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
11/09/2013 5:08:59 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
11/09/2013 5:08:59 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
11/09/2013 3:06:46 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
11/09/2013 3:06:46 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/09/2013 3:01:47 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
10/09/2013 6:05:11 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
10/09/2013 6:05:11 PM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/09/2013 4:17:50 PM, Error: Microsoft-Windows-LanguagePackSetup [1001] - Application initialization failed. Last error: 0x80070032
10/09/2013 4:14:21 PM, Error: Service Control Manager [7001] - The NVIDIA Display Driver Service service depends on the nvlddmkm service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
10/09/2013 4:13:24 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
08/09/2013 5:28:56 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgwd service.
07/09/2013 3:59:43 PM, Error: Microsoft-Windows-LanguagePackSetup [1001] - Application initialization failed. Last error: 0x80004005
07/09/2013 3:59:34 PM, Error: Service Control Manager [7000] - The Windows Modules Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
07/09/2013 3:59:32 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Modules Installer service to connect.
07/09/2013 3:59:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service TrustedInstaller with arguments "" in order to run the server: {752073A1-23F2-4396-85F0-8FDB879ED0ED}
07/09/2013 3:58:28 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect.
07/09/2013 3:58:28 PM, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================
Thank you in advance for your time.
 
Welcome aboard

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

===============================

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-09-2013 02
Ran by Bernard (administrator) on BERNARD-PC on 11-09-2013 18:09:55
Running from O:\anti virus
Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Safe Mode (minimal)

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\AVG\AVG2012\avgmfapx.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RAVCpl64.exe [6150656 2008-03-26] (Realtek Semiconductor)
HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] - RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [HP Health Check Scheduler] - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
HKLM\...\Run: [IAAnotif] - C:\Program Files (X86)\Intel\Intel Matrix Storage Manager\Iaanotif.exe [178712 2007-07-12] (Intel Corporation)
HKLM\...\Run: [AlienFX Controller] - C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe [57672 2009-05-20] (Alienware Corporation)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] - C:\Windows\KHALMNPR.EXE [130576 2009-04-22] (Logitech, Inc.)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] - C:\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] - rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1127496 2013-04-04] (Malwarebytes Corporation)
HKCU\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKCU\...\Run: [igndlm.exe] - C:\Download Manager\dlm.exe [1103216 2009-05-14] (IGN Entertainment)
HKCU\...\Run: [PlayNC Launcher] - [x]
HKCU\...\Run: [KiesHelper] - C:\Samsung\Kies\KiesHelper.exe /s
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\Bernard\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKCU\...\Run: [RoboForm] - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [108136 2012-03-15] (Siber Systems)
HKCU\...\Run: [DAEMON Tools Lite] - "C:\DAEMON Tools Lite\DTLite.exe" -autorun
HKCU\...\Run: [SearchProtect] - C:\Users\Bernard\AppData\Roaming\SearchProtect\bin\cltmng.exe [2731296 2013-03-06] (Conduit)
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKCU\...\Run: [Messenger (Yahoo!)] - C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
MountPoints2: {442fb762-9425-11de-aae1-001fc65f3688} - K:\Autorun.exe
MountPoints2: {5447d0ef-c663-11de-9e46-001fc65f3688} - F:\Seagate\Installer\InstallSeagateManager.exe
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [AVG_TRAY] - C:\AVG\AVG2012\avgtray.exe [2598520 2012-11-19] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642728 2012-09-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [SearchProtectAll] - C:\Program Files (x86)\SearchProtect\bin\cltmng.exe [2731296 2013-03-06] (Conduit)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [972128 2008-04-14] (Hewlett-Packard)
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [972128 2008-04-14] (Hewlett-Packard)
Startup: C:\Users\Bernard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Kuma_Tray.lnk
ShortcutTarget: Kuma_Tray.lnk -> C:\Program Files (x86)\Kuma Games\kgsystray\Kuma_tray.exe ()
Startup: C:\Users\Bernard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ViiKiiDesktopPlugin.lnk
ShortcutTarget: ViiKiiDesktopPlugin.lnk -> C:\Program Files (x86)\ViiKiiDesktopPlugin\ViiKiiDesktopPlugin.exe (No File)
BootExecute: autocheck autochk * C:\AVG\AVG2012\avgrsa.exe /sync /restart

==================== Internet (Whitelisted) ====================

ProxyServer: http=183.181.25.248:80
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=83&bd=Pavilion&pf=cndt
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=83&bd=Pavilion&pf=cndt
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=83&bd=Pavilion&pf=cndt
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=83&bd=Pavilion&pf=cndt
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=83&bd=Pavilion&pf=cndt
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=83&bd=Pavilion&pf=cndt
URLSearchHook: (No Name) - {f999a48b-1950-4d81-9971-79018f807b4b} - No File
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope {6CD3D5FB-C4DE-499F-AD18-4E33B56F2D10} URL = http://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
SearchScopes: HKLM - {57392D2C-8F82-478C-994D-0C0D9FB35D6C} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=cahpd
SearchScopes: HKLM - {6CD3D5FB-C4DE-499F-AD18-4E33B56F2D10} URL = http://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
SearchScopes: HKLM-x32 - DefaultScope {6CD3D5FB-C4DE-499F-AD18-4E33B56F2D10} URL = http://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
SearchScopes: HKLM-x32 - {57392D2C-8F82-478C-994D-0C0D9FB35D6C} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=cahpd
SearchScopes: HKLM-x32 - {6CD3D5FB-C4DE-499F-AD18-4E33B56F2D10} URL = http://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
SearchScopes: HKCU - DefaultScope {6CD3D5FB-C4DE-499F-AD18-4E33B56F2D10} URL = http://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL =
SearchScopes: HKCU - {4BA2EC92-8370-4335-A0BB-F13F0820BEFC} URL = http://flvdirect.iamwired.net/websearch.php?src=tops&search={SearchTerms}
SearchScopes: HKCU - {57392D2C-8F82-478C-994D-0C0D9FB35D6C} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=cahpd
SearchScopes: HKCU - {6CD3D5FB-C4DE-499F-AD18-4E33B56F2D10} URL = http://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
SearchScopes: HKCU - {6E156CB0-82F2-47D1-A6D2-471A6EF0DB3B} URL = http://search.conduit.com/ResultsEx...4&ctid=CT2737658&CUI=UN14051505662315168&UM=2
BHO: No Name - {004B0726-A010-4ABF-8556-FCDB7F1FCA1E} - No File
BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
BHO: RoboForm Toolbar Helper - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: No Name - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - No File
BHO-x32: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
BHO-x32: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO-x32: FGCatchUrl - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\FlashGet\jccatch.dll (www.flashget.com)
BHO-x32: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
BHO-x32: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
BHO-x32: 3F2D81A2-AB9C-DA82-039C-33E7BC2362D3 Class - {3F2D81A2-AB9C-DA82-039C-33E7BC2362D3} - C:\Thunder Network\Thunder\BBInside\{3F2D81A2-AB9C-DA82-039C-33E7BC2362D3}\AddressBar.dll No File
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: RoboForm Toolbar Helper - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: No Name - {889D2FEB-5411-4565-8998-1DD2C5261283} - No File
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Wajam - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll (Wajam)
BHO-x32: IeMonitorBho Class - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Megaupload\Mega Manager\MegaIEMn.dll No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\FlashGet\getflash.dll (www.flashget.com)
BHO-x32: FreeOnlineRadioPlayerRecorder Toolbar - {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFree.dll (Conduit Ltd.)
BHO-x32: No Name - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - No File
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
Toolbar: HKLM-x32 - FreeOnlineRadioPlayerRecorder Toolbar - {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFree.dll (Conduit Ltd.)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKCU - &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
Toolbar: HKCU - No Name - {F999A48B-1950-4D81-9971-79018F807B4B} - No File
DPF: HKLM-x32 {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files%20(x86)/UNO%20-%20Undercover/Images/stg_drm.ocx
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files%20(x86)/UNO%20-%20Undercover/Images/armhelper.ocx
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\MP3 Skype Recorder\Skype4COM.dll (Skype Technologies)

Hosts: Hosts file not detected in the default directory
Tcpip\..\Interfaces\{1E2774A5-2766-4D2A-9844-B884397420A9}: [NameServer]208.67.222.222,208.67.220.220

FireFox:
========
FF ProfilePath: C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\pwuuhfhm.default
FF user.js: detected! => C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\pwuuhfhm.default\user.js
FF NetworkProxy: "autoconfig_url", "https://mediahint.com/default.pac"
FF NetworkProxy: "type", 2
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.0 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=0.80.0 - C:\Program Files (x86)\Battlelog Web Plugins\0.80.0\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @fileplanet.com/fpdlm - C:\Download Manager\npfpdlm.dll (IGN Entertainment)
FF Plugin-x32: @gamersfirst.com/LiveLauncher - C:\Program Files (x86)\GamersFirst\LIVE!\nplivelauncher.dll No File
FF Plugin-x32: google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.13.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.13.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: Nexon.net/NxGame - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin-x32: @ogplanet.com/npOGPPlugin - C:\Windows\system32\npOGPPlugin.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @real.com/nppl3260;version=6.0.12.448 - C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.448 - C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @xunlei.com/npxluser - C:\Thunder Network\Thunder\BHO\xluser\npxluser.dll No File
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Bernard\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: @xunlei.com/npxluser - C:\Thunder Network\Thunder\BHO\xluser\npxluser.dll No File
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\pwuuhfhm.default\searchplugins\anime-news-network.xml
FF SearchPlugin: C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\pwuuhfhm.default\searchplugins\dictionarycom.xml
FF SearchPlugin: C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\pwuuhfhm.default\searchplugins\youtube-video-search.xml
FF Extension: No Name - C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\pwuuhfhm.default\Extensions\CSWebLauncher@cyberstep.com
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\pwuuhfhm.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF Extension: NeffyPlugin Launcher - C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\pwuuhfhm.default\Extensions\{5601B994-0E9B-4ce2-8AB9-AD1155F2ABBD}
FF Extension: GameFOX - C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\pwuuhfhm.default\Extensions\{6dd0bdba-0a02-429e-b595-87a7dfdca7a1}
FF Extension: BitComet 视频下载器 - C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\pwuuhfhm.default\Extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
FF Extension: Cookies Manager+ - C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\pwuuhfhm.default\Extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d}
FF Extension: firefox - C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\pwuuhfhm.default\Extensions\firefox@mega.co.nz.xpi
FF Extension: mediahint - C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\pwuuhfhm.default\Extensions\mediahint@jetpack.xpi
FF Extension: SQLiteManager - C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\pwuuhfhm.default\Extensions\SQLiteManager@mrinalkant.blogspot.com.xpi
FF Extension: uriloader - C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\pwuuhfhm.default\Extensions\uriloader@pdf.js.xpi
FF Extension: No Name - C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\pwuuhfhm.default\Extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}.xpi
FF Extension: No Name - C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\pwuuhfhm.default\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi
FF Extension: No Name - C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\pwuuhfhm.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\pwuuhfhm.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
FF Extension: No Name - C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\pwuuhfhm.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM-x32\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\AVG\AVG2012\Firefox4\
FF Extension: AVG Safe Search - C:\AVG\AVG2012\Firefox4\
FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox
FF Extension: RoboForm Toolbar for Firefox - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{F53C93F1-07D5-430c-86D4-C9531B27DFAF}] - C:\AVG\AVG2012\Firefox\DoNotTrack\
FF Extension: AVG Do Not Track - C:\AVG\AVG2012\Firefox\DoNotTrack\
FF HKCU\...\Firefox\Extensions: [{6FACD0C3-EF9B-4F52-94DB-6E745D1116A0}] - C:\Users\Bernard\AppData\Local\{6FACD0C3-EF9B-4F52-94DB-6E745D1116A0}
FF Extension: XULRunner - C:\Users\Bernard\AppData\Local\{6FACD0C3-EF9B-4F52-94DB-6E745D1116A0}
FF HKCU\...\Firefox\Extensions: [{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}] - C:\Program Files (x86)\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi
FF Extension: No Name - C:\Program Files (x86)\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi
FF HKCU\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Bernard\AppData\Roaming\IDM\idmmzcc5
FF StartMenuInternet: FIREFOX.EXE - firefox.exe

==================== Services (Whitelisted) =================

S2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.)
S2 AVGIDSAgent; C:\AVG\AVG2012\AVGIDSAgent.exe [5174392 2012-11-02] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\AVG\AVG2012\avgwdsvc.exe [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
S3 BITCOMET_HELPER_SERVICE; C:\BitComet\tools\BitCometService.exe [1296728 2010-12-28] (www.BitComet.com)
S2 CltMngSvc; C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe [93984 2013-03-06] (Conduit)
S2 HPBtnSrv; c:\hp\HPEZBTN\HPBtnSrv.exe [198240 2007-05-29] ()
S2 hshld; C:\Hotspot Shield\bin\openvpnas.exe [474992 2012-07-24] ()
S2 HssSrv; C:\Hotspot Shield\HssWPR\hsssrv.exe [404848 2012-07-24] (AnchorFree Inc.)
S3 HssTrayService; C:\Hotspot Shield\bin\HssTrayService.EXE [78072 2012-07-24] ()
S2 HssWd; C:\Hotspot Shield\bin\hsswd.exe [387440 2012-07-24] ()
S3 npggsvc; C:\Windows\SysWow64\GameMon.des [3549696 2010-05-25] (INCA Internet Co., Ltd.)
S2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-02-04] ()
S2 RadeonPro Support Service; C:\RadeonPro\RadeonProSupport.exe [12800 2011-02-10] (Mr. John aka japamd)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.)
S2 SBSDWSCService; C:\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S2 WajamUpdater; C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe [109064 2012-07-26] (Wajam)

==================== Drivers (Whitelisted) ====================

S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2009-10-02] ()
S3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [127328 2012-12-10] (AVG Technologies CZ, s.r.o. )
S3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [28480 2012-04-19] (AVG Technologies CZ, s.r.o. )
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [307040 2012-11-08] (AVG Technologies CZ, s.r.o.)
S1 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [36944 2012-01-31] (AVG Technologies CZ, s.r.o.)
S1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [384800 2013-04-11] (AVG Technologies CZ, s.r.o.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [254528 2011-02-23] (DT Soft Ltd)
S2 HOSTNT; C:\Windows\system32\drivers\hostnt.sys [13864 2012-05-13] (SafeNet, Inc.)
S2 HOSTNT; C:\Windows\system32\drivers\hostnt.sys [13864 2012-05-13] (SafeNet, Inc.)
S3 HSF_DP; C:\Windows\System32\DRIVERS\CAX_DP.sys [1487872 2008-05-08] (Conexant Systems, Inc.)
S1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [41704 2012-07-24] (AnchorFree Inc.)
S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2009-10-01] ()
S3 ncvet.dll; C:\Windows\Temp\ncvet.dll [24144 2011-09-14] (Beijing Joychina Network Technologies Co., Ltd.)
S3 ncvet.dll; C:\Windows\Temp\ncvet.dll [24144 2011-09-14] (Beijing Joychina Network Technologies Co., Ltd.)
S3 nmwcdcx64; C:\Windows\System32\drivers\ccdcmbox64.sys [25088 2009-10-06] (Nokia)
S3 nmwcdx64; C:\Windows\System32\drivers\ccdcmbx64.sys [18944 2009-10-06] (Nokia)
S3 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.)
S3 NPPTNT2; C:\Windows\SysWow64\npptNT2.sys [4682 2005-01-01] (INCA Internet Co., Ltd.)
S3 PLCNDIS5; C:\Windows\SysWow64\PLCNDIS5.SYS [17280 2004-04-26] (Intellon, Inc.)
R3 Ps2; C:\Windows\System32\DRIVERS\PS2.sys [21504 2006-09-07] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [871408 2009-08-28] ()
S3 UsbserFilt; C:\Windows\System32\DRIVERS\usbser_lowerfltx64j.sys [8704 2009-10-06] (Nokia)
S3 X6va006; C:\Users\Bernard\AppData\Local\Temp\006955E.tmp [17192 2012-03-17] ()
S3 X6va006; C:\Users\Bernard\AppData\Local\Temp\006955E.tmp [17192 2012-03-17] ()
S2 YLMFVDISK; C:\Windows\System32\drivers\VirtDisk64.sys [23896 2011-12-08] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-20] (Microsoft Corporation)
S3 dump_wmimmc; \??\C:\ijji\ENGLISH\AVA\Binaries\GameGuard\dump_wmimmc.sys [x]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 PLCMPR5; \??\C:\Windows\system32\PLCMPR5.SYS [x]
S3 PLCNDIS5; \??\C:\Windows\system32\PLCNDIS5.SYS [x]
S3 X6va002; \??\C:\Users\Bernard\AppData\Local\Temp\002E129.tmp [x]
S3 X6va005; \??\C:\Users\Bernard\AppData\Local\Temp\005B0D0.tmp [x]
S3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [x]
U3 aswMBR; \??\C:\Users\Bernard\AppData\Local\Temp\aswMBR.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-11 18:08 - 2013-09-11 18:08 - 00000758 _____ C:\Users\Bernard\Desktop\avgremover.log
2013-09-11 18:08 - 2013-09-11 18:08 - 00000000 ____D C:\FRST
2013-09-11 18:02 - 2013-09-11 18:03 - 00000000 ___SD C:\ComboFix
2013-09-11 17:57 - 2011-06-26 00:45 - 00256000 _____ C:\Windows\PEV.exe
2013-09-11 17:57 - 2010-11-07 11:20 - 00208896 _____ C:\Windows\MBR.exe
2013-09-11 17:57 - 2009-04-19 22:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-09-11 17:57 - 2000-08-30 18:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-09-11 17:57 - 2000-08-30 18:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-09-11 17:57 - 2000-08-30 18:00 - 00098816 _____ C:\Windows\sed.exe
2013-09-11 17:57 - 2000-08-30 18:00 - 00080412 _____ C:\Windows\grep.exe
2013-09-11 17:57 - 2000-08-30 18:00 - 00068096 _____ C:\Windows\zip.exe
2013-09-11 17:49 - 2013-09-11 17:57 - 00000000 ____D C:\Qoobox
2013-09-11 17:48 - 2013-09-11 17:48 - 00000000 ____D C:\Windows\erdnt
2013-09-11 17:42 - 2013-09-11 19:28 - 05124599 ____R (Swearware) C:\Users\Bernard\Desktop\ComboFix.exe
2013-09-11 07:05 - 2013-09-11 07:05 - 00026004 _____ C:\Users\Bernard\Desktop\attach.txt
2013-09-11 07:05 - 2013-09-11 07:05 - 00024352 _____ C:\Users\Bernard\Desktop\dds.txt
2013-09-11 07:00 - 2013-09-11 17:48 - 00000000 ____D C:\anti virus
2013-09-11 06:10 - 2013-09-11 06:10 - 00000000 ____D C:\Users\Bernard\AppData\Roaming\Malwarebytes
2013-09-11 06:09 - 2013-09-11 06:09 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-11 06:09 - 2013-09-11 06:09 - 00000000 ____D C:\Malwarebytes' Anti-Malware
2013-09-11 06:09 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-09-11 05:33 - 2013-09-11 05:33 - 00000000 ____D C:\Users\Bernard\Documents\HTST - Copy
2013-09-11 03:04 - 2013-07-31 08:17 - 17833472 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-11 03:04 - 2013-07-31 07:42 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-11 03:04 - 2013-07-31 07:29 - 02312704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-11 03:04 - 2013-07-31 07:20 - 01346560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-11 03:04 - 2013-07-31 07:19 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-11 03:04 - 2013-07-31 07:18 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-09-11 03:04 - 2013-07-31 07:17 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-09-11 03:04 - 2013-07-31 07:16 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-11 03:04 - 2013-07-31 07:14 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-09-11 03:04 - 2013-07-31 07:13 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-11 03:04 - 2013-07-31 07:13 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-09-11 03:04 - 2013-07-31 07:11 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-11 03:04 - 2013-07-31 07:11 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-11 03:04 - 2013-07-31 07:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-09-11 03:04 - 2013-07-31 07:08 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-11 03:04 - 2013-07-31 07:05 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-11 03:04 - 2013-07-31 04:30 - 12335104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-11 03:04 - 2013-07-31 04:05 - 09738752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-11 03:04 - 2013-07-31 04:00 - 01800704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-11 03:04 - 2013-07-31 03:53 - 01104896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-11 03:04 - 2013-07-31 03:52 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-09-11 03:04 - 2013-07-31 03:52 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-11 03:04 - 2013-07-31 03:51 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-09-11 03:04 - 2013-07-31 03:49 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-11 03:04 - 2013-07-31 03:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-11 03:04 - 2013-07-31 03:48 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-09-11 03:04 - 2013-07-31 03:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-09-11 03:04 - 2013-07-31 03:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-11 03:04 - 2013-07-31 03:46 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-11 03:04 - 2013-07-31 03:45 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-11 03:04 - 2013-07-31 03:45 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-09-11 03:04 - 2013-07-31 03:42 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-10 21:55 - 2013-08-07 20:03 - 02775552 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-10 21:55 - 2013-07-16 03:25 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll
2013-09-10 21:55 - 2013-07-15 22:35 - 00615936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\themeui.dll
2013-09-08 23:56 - 2013-09-08 23:56 - 00000000 ____D C:\Users\Bernard\Documents\Larian Studios
2013-09-08 23:48 - 2013-09-08 23:48 - 00372488 _____ C:\Users\Bernard\AppData\Local\dd_vcredistMSI3AEB.txt
2013-09-08 23:48 - 2013-09-08 23:48 - 00011462 _____ C:\Users\Bernard\AppData\Local\dd_vcredistUI3AEB.txt
2013-09-08 23:29 - 2013-09-09 17:10 - 00000000 ____D C:\Divinity Dragon Commander
2013-08-27 19:29 - 2013-08-02 08:06 - 01706496 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-27 19:29 - 2013-08-01 22:09 - 01548288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-13 23:30 - 2013-07-17 14:01 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-13 23:30 - 2013-07-17 13:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-13 23:30 - 2013-07-10 03:47 - 00677888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-13 23:30 - 2013-07-10 03:42 - 01303552 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-13 23:30 - 2013-07-09 06:04 - 01585256 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-13 23:30 - 2013-07-09 06:04 - 01168088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-13 23:30 - 2013-07-07 22:51 - 04691904 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-13 23:30 - 2013-07-07 22:20 - 00172544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-13 23:30 - 2013-07-07 22:20 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-13 23:30 - 2013-07-07 22:18 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-13 23:30 - 2013-07-07 22:16 - 00992768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-13 23:30 - 2013-07-07 22:16 - 00133120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-13 23:30 - 2013-07-07 22:16 - 00098304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-13 23:30 - 2013-07-07 22:15 - 00234496 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-13 23:30 - 2013-07-07 22:15 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-13 23:30 - 2013-07-07 22:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-08-13 23:30 - 2013-07-07 22:12 - 01276416 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-13 23:30 - 2013-07-07 22:12 - 00174592 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-13 23:30 - 2013-07-07 22:12 - 00132096 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-13 23:30 - 2013-07-07 19:39 - 00026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-13 23:30 - 2013-07-07 19:39 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-13 23:30 - 2013-07-07 19:39 - 00002560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-13 23:30 - 2013-07-04 22:45 - 01423808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-13 23:30 - 2013-06-15 07:27 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
2013-08-13 23:30 - 2013-06-15 05:38 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys

==================== One Month Modified Files and Folders =======

2013-09-11 19:28 - 2013-09-11 17:42 - 05124599 ____R (Swearware) C:\Users\Bernard\Desktop\ComboFix.exe
2013-09-11 18:08 - 2013-09-11 18:08 - 00000758 _____ C:\Users\Bernard\Desktop\avgremover.log
2013-09-11 18:08 - 2013-09-11 18:08 - 00000000 ____D C:\FRST
2013-09-11 18:03 - 2013-09-11 18:02 - 00000000 ___SD C:\ComboFix
2013-09-11 17:57 - 2013-09-11 17:49 - 00000000 ____D C:\Qoobox
2013-09-11 17:48 - 2013-09-11 17:48 - 00000000 ____D C:\Windows\erdnt
2013-09-11 17:48 - 2013-09-11 07:00 - 00000000 ____D C:\anti virus
2013-09-11 08:06 - 2009-08-10 21:25 - 00000732 _____ C:\Users\Bernard\AppData\Local\d3d9caps64.dat
2013-09-11 07:23 - 2010-11-13 15:33 - 00002032 _____ C:\Users\Bernard\AppData\Local\d3d9caps.dat
2013-09-11 07:23 - 2010-06-19 04:31 - 00000000 ____D C:\Users\Bernard\AppData\Roaming\vlc
2013-09-11 07:05 - 2013-09-11 07:05 - 00026004 _____ C:\Users\Bernard\Desktop\attach.txt
2013-09-11 07:05 - 2013-09-11 07:05 - 00024352 _____ C:\Users\Bernard\Desktop\dds.txt
2013-09-11 06:41 - 2008-01-20 21:26 - 00246110 _____ C:\Windows\PFRO.log
2013-09-11 06:37 - 2009-08-10 21:31 - 00000000 ___RD C:\Users\Bernard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-11 06:10 - 2013-09-11 06:10 - 00000000 ____D C:\Users\Bernard\AppData\Roaming\Malwarebytes
2013-09-11 06:09 - 2013-09-11 06:09 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-11 06:09 - 2013-09-11 06:09 - 00000000 ____D C:\Malwarebytes' Anti-Malware
2013-09-11 06:02 - 2009-08-10 23:31 - 00000000 ____D C:\Program Installers
2013-09-11 05:33 - 2013-09-11 05:33 - 00000000 ____D C:\Users\Bernard\Documents\HTST - Copy
2013-09-11 05:13 - 2009-08-10 21:18 - 01245360 _____ C:\Windows\WindowsUpdate.log
2013-09-11 05:08 - 2006-11-02 09:21 - 00411064 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-11 03:23 - 2006-11-02 09:42 - 00032584 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-11 03:23 - 2006-11-02 09:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-11 03:23 - 2006-11-02 09:22 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-11 03:23 - 2006-11-02 09:22 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-11 03:20 - 2009-08-11 01:31 - 00000000 ____D C:\BitComet
2013-09-11 03:06 - 2009-09-13 20:57 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-11 02:52 - 2010-05-27 04:06 - 00000900 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-11 02:38 - 2011-07-29 02:21 - 00000342 _____ C:\Windows\Tasks\At3.job
2013-09-11 01:37 - 2011-07-29 02:21 - 00000342 _____ C:\Windows\Tasks\At2.job
2013-09-11 00:38 - 2011-07-29 02:21 - 00000342 _____ C:\Windows\Tasks\At1.job
2013-09-10 23:46 - 2009-08-12 02:00 - 00000000 ____D C:\Clips
2013-09-10 23:37 - 2011-07-29 02:21 - 00000342 _____ C:\Windows\Tasks\At24.job
2013-09-10 22:38 - 2011-07-29 02:21 - 00000342 _____ C:\Windows\Tasks\At23.job
2013-09-10 21:37 - 2011-07-29 02:21 - 00000342 _____ C:\Windows\Tasks\At22.job
2013-09-10 20:37 - 2011-07-29 02:21 - 00000342 _____ C:\Windows\Tasks\At21.job
2013-09-10 19:37 - 2011-07-29 02:21 - 00000342 _____ C:\Windows\Tasks\At20.job
2013-09-10 18:37 - 2011-07-29 02:21 - 00000342 _____ C:\Windows\Tasks\At19.job
2013-09-10 18:27 - 2012-02-25 00:32 - 00000000 ____D C:\Windows\system32\Drivers\AVG
2013-09-10 18:05 - 2009-08-11 23:22 - 00000000 ____D C:\Steam
2013-09-10 17:38 - 2011-07-29 02:21 - 00000342 _____ C:\Windows\Tasks\At18.job
2013-09-10 16:38 - 2011-07-29 02:21 - 00000342 _____ C:\Windows\Tasks\At17.job
2013-09-10 16:12 - 2011-07-29 02:21 - 00000310 ___SH C:\Windows\Tasks\Tkjhljntu.job
2013-09-10 16:12 - 2010-05-27 04:06 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-10 06:37 - 2011-07-29 02:21 - 00000342 _____ C:\Windows\Tasks\At7.job
2013-09-10 05:38 - 2011-07-29 02:21 - 00000342 _____ C:\Windows\Tasks\At6.job
2013-09-10 04:37 - 2011-07-29 02:21 - 00000342 _____ C:\Windows\Tasks\At5.job
2013-09-10 03:37 - 2011-07-29 02:21 - 00000342 _____ C:\Windows\Tasks\At4.job
2013-09-09 17:10 - 2013-09-08 23:29 - 00000000 ____D C:\Divinity Dragon Commander
2013-09-09 04:52 - 2009-12-21 02:47 - 00000000 ____D C:\Movies
2013-09-09 02:36 - 2006-11-02 06:46 - 00777444 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-09 02:28 - 2009-08-11 01:32 - 00000000 ____D C:\Torrents
2013-09-09 00:55 - 2009-08-10 23:32 - 00000000 ____D C:\Mozilla Firefox
2013-09-08 23:56 - 2013-09-08 23:56 - 00000000 ____D C:\Users\Bernard\Documents\Larian Studios
2013-09-08 23:48 - 2013-09-08 23:48 - 00372488 _____ C:\Users\Bernard\AppData\Local\dd_vcredistMSI3AEB.txt
2013-09-08 23:48 - 2013-09-08 23:48 - 00011462 _____ C:\Users\Bernard\AppData\Local\dd_vcredistUI3AEB.txt
2013-09-08 23:47 - 2009-08-11 19:07 - 01084497 _____ C:\Windows\DirectX.log
2013-09-08 23:01 - 2009-08-11 15:21 - 00000000 ____D C:\Games
2013-09-08 07:37 - 2011-07-29 02:21 - 00000342 _____ C:\Windows\Tasks\At8.job
2013-09-07 19:35 - 2013-02-16 02:13 - 00000000 ____D C:\Strike Suit Zero
2013-09-07 19:32 - 2008-05-12 12:56 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-09-07 18:55 - 2009-08-12 02:01 - 00022016 _____ C:\Users\Bernard\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-09-07 18:51 - 2011-07-18 01:32 - 00000000 ____D C:\Users\Bernard\AppData\Roaming\dvdcss
2013-09-06 17:47 - 2010-12-05 18:47 - 00000000 ____D C:\Users\Bernard\AppData\Local\Paint.NET
2013-09-03 15:38 - 2011-07-29 02:21 - 00000342 _____ C:\Windows\Tasks\At16.job
2013-09-03 14:38 - 2011-07-29 02:21 - 00000342 _____ C:\Windows\Tasks\At15.job
2013-08-31 01:18 - 2010-03-03 01:14 - 00000000 ____D C:\Users\Bernard\AppData\Roaming\Skype
2013-08-30 14:45 - 2006-11-02 09:27 - 00156805 _____ C:\Windows\setupact.log
2013-08-30 02:00 - 2009-08-11 04:48 - 00000000 ____D C:\Anime
2013-08-22 23:11 - 2013-03-12 22:40 - 00000000 _____ C:\END
2013-08-19 07:11 - 2010-10-21 01:05 - 00000000 ____D C:\ipad
2013-08-17 18:42 - 2013-03-27 19:27 - 00002359 _____ C:\Users\Bernard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MP3 Skype Recorder.lnk
2013-08-14 03:47 - 2006-11-02 07:33 - 00000000 ____D C:\Windows\rescache

ZeroAccess:
C:\Users\Bernard\AppData\Local\89531bfe
C:\Users\Bernard\AppData\Local\89531bfe\@

ZeroAccess:
C:\Users\Bernard\AppData\Local\{f74fa4d3-0d07-b6d5-95c8-76b6bf7abf7e}
C:\Users\Bernard\AppData\Local\{f74fa4d3-0d07-b6d5-95c8-76b6bf7abf7e}\@
C:\Users\Bernard\AppData\Local\{f74fa4d3-0d07-b6d5-95c8-76b6bf7abf7e}\U\00000001.@
C:\Users\Bernard\AppData\Local\{f74fa4d3-0d07-b6d5-95c8-76b6bf7abf7e}\U\80000000.@
C:\Users\Bernard\AppData\Local\{f74fa4d3-0d07-b6d5-95c8-76b6bf7abf7e}\U\800000cb.@

Files to move or delete:
====================
C:\ProgramData\0tbpw.pad
C:\ProgramData\hash.dat
C:\Users\Bernard\AppData\Local\Temp\12-6-legacy_vista_win7_64_dd_ccc.exe
C:\Users\Bernard\AppData\Local\Temp\539E36B.exe
C:\Users\Bernard\AppData\Local\Temp\715D609.exe
C:\Users\Bernard\AppData\Local\Temp\7za.exe
C:\Users\Bernard\AppData\Local\Temp\AdbWinApi.dll
C:\Users\Bernard\AppData\Local\Temp\AdbWinUsbApi.dll
C:\Users\Bernard\AppData\Local\Temp\AskInstallChecker-1.4.0.0.exe
C:\Users\Bernard\AppData\Local\Temp\AskPIP_FF_.exe
C:\Users\Bernard\AppData\Local\Temp\askToolbarInstaller.exe
C:\Users\Bernard\AppData\Local\Temp\bdfilters.dll
C:\Users\Bernard\AppData\Local\Temp\Bit1D1D.tmp.exe
C:\Users\Bernard\AppData\Local\Temp\Bit2059.tmp.exe
C:\Users\Bernard\AppData\Local\Temp\Bit20B4.tmp.exe
C:\Users\Bernard\AppData\Local\Temp\Bit2ECA.tmp.exe
C:\Users\Bernard\AppData\Local\Temp\Bit377E.tmp.exe
C:\Users\Bernard\AppData\Local\Temp\Bit4BB6.tmp.exe
C:\Users\Bernard\AppData\Local\Temp\Bit5690.tmp.exe
C:\Users\Bernard\AppData\Local\Temp\Bit5D5B.tmp.exe
C:\Users\Bernard\AppData\Local\Temp\Bit6322.tmp.exe
C:\Users\Bernard\AppData\Local\Temp\Bit8E64.tmp.exe
C:\Users\Bernard\AppData\Local\Temp\BitA2B1.tmp.exe
C:\Users\Bernard\AppData\Local\Temp\BitB328.tmp.exe
C:\Users\Bernard\AppData\Local\Temp\BitC938.tmp.exe
C:\Users\Bernard\AppData\Local\Temp\BitCDA7.tmp.exe
C:\Users\Bernard\AppData\Local\Temp\BitD38.tmp.exe
C:\Users\Bernard\AppData\Local\Temp\BitD70A.tmp.exe
C:\Users\Bernard\AppData\Local\Temp\CH.dll
C:\Users\Bernard\AppData\Local\Temp\conduitinstaller.exe
C:\Users\Bernard\AppData\Local\Temp\Copy.dll
C:\Users\Bernard\AppData\Local\Temp\Coupon-Caddy-ppi-MULTI.exe
C:\Users\Bernard\AppData\Local\Temp\DLBT.dll
C:\Users\Bernard\AppData\Local\Temp\dl_peer_id.dll
C:\Users\Bernard\AppData\Local\Temp\Dragons Dogma - Editor.exe
C:\Users\Bernard\AppData\Local\Temp\Execute2App.exe
C:\Users\Bernard\AppData\Local\Temp\Fault_inst.exe
C:\Users\Bernard\AppData\Local\Temp\FJ_Downloader.exe
C:\Users\Bernard\AppData\Local\Temp\FP_PL_PFS_INSTALLER.exe
C:\Users\Bernard\AppData\Local\Temp\GomEncDnInstaller.exe
C:\Users\Bernard\AppData\Local\Temp\gtapi.dll
C:\Users\Bernard\AppData\Local\Temp\HiPatchSelfUpdateWindow.exe
C:\Users\Bernard\AppData\Local\Temp\HiRezLauncherControls.dll
C:\Users\Bernard\AppData\Local\Temp\HOMEFRONT(1).exe
C:\Users\Bernard\AppData\Local\Temp\Hotspot_Shield.exe
C:\Users\Bernard\AppData\Local\Temp\inst.exe
C:\Users\Bernard\AppData\Local\Temp\installerdll34682579.dll
C:\Users\Bernard\AppData\Local\Temp\installerdll34684903.dll
C:\Users\Bernard\AppData\Local\Temp\installerdll34691861.dll
C:\Users\Bernard\AppData\Local\Temp\installerdll6410205.dll
C:\Users\Bernard\AppData\Local\Temp\installerdll6423091.dll
C:\Users\Bernard\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\Bernard\AppData\Local\Temp\InstStub.exe
C:\Users\Bernard\AppData\Local\Temp\jshortcut-1610750577578842815.dll
C:\Users\Bernard\AppData\Local\Temp\Kies2RemoveAll.exe
C:\Users\Bernard\AppData\Local\Temp\KWI62F0.exe
C:\Users\Bernard\AppData\Local\Temp\Lng.Dll
C:\Users\Bernard\AppData\Local\Temp\msvcp90.dll
C:\Users\Bernard\AppData\Local\Temp\msvcr90.dll
C:\Users\Bernard\AppData\Local\Temp\MyBabylonTB.exe
C:\Users\Bernard\AppData\Local\Temp\NEventMessages.dll
C:\Users\Bernard\AppData\Local\Temp\NGMDll.dll
C:\Users\Bernard\AppData\Local\Temp\NGMResource.dll
C:\Users\Bernard\AppData\Local\Temp\NGMSetup.exe
C:\Users\Bernard\AppData\Local\Temp\nsisdt.dll
C:\Users\Bernard\AppData\Local\Temp\nsk364D.exe
C:\Users\Bernard\AppData\Local\Temp\nsp1278.exe
C:\Users\Bernard\AppData\Local\Temp\nsu2E4B.exe
C:\Users\Bernard\AppData\Local\Temp\nsuB777.exe
C:\Users\Bernard\AppData\Local\Temp\Ochibo_DLSetup.exe
C:\Users\Bernard\AppData\Local\Temp\OneClickRoot_Installer.exe
C:\Users\Bernard\AppData\Local\Temp\OptimizerPro.exe
C:\Users\Bernard\AppData\Local\Temp\OriginLauncher34682579.exe
C:\Users\Bernard\AppData\Local\Temp\ose00000.exe
C:\Users\Bernard\AppData\Local\Temp\OWE1FEE.exe
C:\Users\Bernard\AppData\Local\Temp\proxy_vole3838149727586769226.dll
C:\Users\Bernard\AppData\Local\Temp\PurpleBean.exe
C:\Users\Bernard\AppData\Local\Temp\QuickShare1.exe
C:\Users\Bernard\AppData\Local\Temp\rootsupd.exe
C:\Users\Bernard\AppData\Local\Temp\setup.exe
C:\Users\Bernard\AppData\Local\Temp\SicheatsTrainer.dll
C:\Users\Bernard\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Bernard\AppData\Local\Temp\sonarinst.exe
C:\Users\Bernard\AppData\Local\Temp\SPStub.exe
C:\Users\Bernard\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Bernard\AppData\Local\Temp\tmp24BA.exe
C:\Users\Bernard\AppData\Local\Temp\tmp3889.exe
C:\Users\Bernard\AppData\Local\Temp\tmp4690.exe
C:\Users\Bernard\AppData\Local\Temp\tmp53E9.exe
C:\Users\Bernard\AppData\Local\Temp\tmp6A09.exe
C:\Users\Bernard\AppData\Local\Temp\tmp6B7F.exe
C:\Users\Bernard\AppData\Local\Temp\tmp6EE8.exe
C:\Users\Bernard\AppData\Local\Temp\tmp848B.exe
C:\Users\Bernard\AppData\Local\Temp\tmp8508.exe
C:\Users\Bernard\AppData\Local\Temp\tmp979F.exe
C:\Users\Bernard\AppData\Local\Temp\tmp9D88.exe
C:\Users\Bernard\AppData\Local\Temp\tmpF826.exe
C:\Users\Bernard\AppData\Local\Temp\tmpFF10.exe
C:\Users\Bernard\AppData\Local\Temp\ubiBAE0.tmp.exe
C:\Users\Bernard\AppData\Local\Temp\unicows.dll
C:\Users\Bernard\AppData\Local\Temp\Uninstall.exe
C:\Users\Bernard\AppData\Local\Temp\unlockrootsetup.exe
C:\Users\Bernard\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Bernard\AppData\Local\Temp\wajam_install.exe
C:\Users\Bernard\AppData\Local\Temp\war3_Install.exe
C:\Users\Bernard\AppData\Local\Temp\WindowsInstaller-KB893803-v2-x86.exe
C:\Users\Bernard\AppData\Local\Temp\wlsetup-cvr.exe
C:\Users\Bernard\AppData\Local\Temp\WMQ37D1.exe
C:\Users\Bernard\AppData\Local\Temp\woavfvtd.dll
C:\Users\Bernard\AppData\Local\Temp\xmlUpdater.exe
C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At10.job
C:\Windows\Tasks\At11.job
C:\Windows\Tasks\At12.job
C:\Windows\Tasks\At13.job
C:\Windows\Tasks\At14.job
C:\Windows\Tasks\At15.job
C:\Windows\Tasks\At16.job
C:\Windows\Tasks\At17.job
C:\Windows\Tasks\At18.job
C:\Windows\Tasks\At19.job
C:\Windows\Tasks\At2.job
C:\Windows\Tasks\At20.job
C:\Windows\Tasks\At21.job
C:\Windows\Tasks\At22.job
C:\Windows\Tasks\At23.job
C:\Windows\Tasks\At24.job
C:\Windows\Tasks\At3.job
C:\Windows\Tasks\At4.job
C:\Windows\Tasks\At5.job
C:\Windows\Tasks\At6.job
C:\Windows\Tasks\At7.job
C:\Windows\Tasks\At8.job
C:\Windows\Tasks\At9.job

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-11 17:43

==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-09-2013 02
Ran by Bernard at 2013-09-11 18:10:54
Running from O:\anti virus
Boot Mode: Safe Mode (minimal)
==========================================================


==================== Installed Programs =======================

Update for Microsoft Office 2007 (KB2508958) (x32)
115UDown (HKCU Version: 2.4.5.136)
7-Zip 4.65 (x64 edition) (Version: 4.65.00.0)
7-Zip 9.20 (x32)
Adobe AIR (x32 Version: 1.5.2.8900)
Adobe Flash Player 11 ActiveX (x32 Version: 11.5.502.149)
Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.169)
Adobe Reader 8.1.2 (x32 Version: 8.1.2)
Adobe Shockwave Player 11.5 (x32 Version: 11.5.2.602)
Age of Empires III: Complete Collection (x32 Version: 1.0.0000.1)
Aion (HKCU)
AirMech (x32)
Akamai NetSession Interface (HKCU)
Akamai NetSession Interface Service (x32)
Alienware TactX(TM) Mouse CI 1.00 (Version: 1.00)
AMD APP SDK Runtime (Version: 10.0.938.1)
AMD Catalyst Install Manager (Version: 8.0.891.0)
Any Video Converter 5 5.0.3 (x32)
Apple Application Support (x32 Version: 2.3.3)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
Assassin's Creed Revelations (x32 Version: 1.00)
Audacity 1.2.6 (x32)
Audiosurf (x32)
AVG 2012 (Version: 12.0.3222)
AVG 2012 (Version: 12.1.2242)
AVG 2012 (Version: 2012.1.2242)
Bandisoft MPEG-1 Decoder (x32)
Battlelog Web Plugins (x32 Version: 0.80.0)
Beat Hazard (x32)
BIT.TRIP RUNNER (remove only) (x32 Version: 1.0)
BitComet 1.14 (x32 Version: 1.14)
BitComet 1.31 64-bit (x32 Version: 1.31)
Bonjour (Version: 3.0.0.10)
Call of Juarez The Cartel (x32)
Capsule (x32 Version: 1.0.000)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center (x32 Version: 2012.0928.1532.26058)
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0928.1532.26058)
Catalyst Control Center InstallProxy (x32 Version: 2012.0928.1532.26058)
Catalyst Control Center Localization All (x32 Version: 2012.0928.1532.26058)
CCC Help Chinese Standard (x32 Version: 2012.0928.1531.26058)
CCC Help Chinese Traditional (x32 Version: 2012.0928.1531.26058)
CCC Help Czech (x32 Version: 2012.0928.1531.26058)
CCC Help Danish (x32 Version: 2012.0928.1531.26058)
CCC Help Dutch (x32 Version: 2012.0928.1531.26058)
CCC Help English (x32 Version: 2012.0928.1531.26058)
CCC Help Finnish (x32 Version: 2012.0928.1531.26058)
CCC Help French (x32 Version: 2012.0928.1531.26058)
CCC Help German (x32 Version: 2012.0928.1531.26058)
CCC Help Greek (x32 Version: 2012.0928.1531.26058)
CCC Help Hungarian (x32 Version: 2012.0928.1531.26058)
CCC Help Italian (x32 Version: 2012.0928.1531.26058)
CCC Help Japanese (x32 Version: 2012.0928.1531.26058)
CCC Help Korean (x32 Version: 2012.0928.1531.26058)
CCC Help Norwegian (x32 Version: 2012.0928.1531.26058)
CCC Help Polish (x32 Version: 2012.0928.1531.26058)
CCC Help Portuguese (x32 Version: 2012.0928.1531.26058)
CCC Help Russian (x32 Version: 2012.0928.1531.26058)
CCC Help Spanish (x32 Version: 2012.0928.1531.26058)
CCC Help Swedish (x32 Version: 2012.0928.1531.26058)
CCC Help Thai (x32 Version: 2012.0928.1531.26058)
CCC Help Turkish (x32 Version: 2012.0928.1531.26058)
ccc-utility64 (Version: 2012.0928.1532.26058)
CCleaner (Version: 3.09)
Cheat Engine 5.5 (x32)
Cheat Engine 5.6.1 (x32)
Cheat Engine 6.2 (x32)
CloneDVD2 (x32 Version: 2.9.2.8)
Combined Community Codec Pack 2011-07-30 (x32 Version: 2011.07.30.0)
Command Center (Version: 2.0.7.0)
Command Center (x32)
Compatibility Pack for the 2007 Office system (x32 Version: 12.0.6612.1000)
Counter-Strike: Source (x32)
Cucusoft YouTube Mate 7.18 (x32)
CyberLink DVD Suite Deluxe (x32 Version: 5.5.1329)
CyberLink PowerDirector (x32 Version: 6.5.2726)
D3DX10 (x32 Version: 15.4.2368.0902)
DAEMON Tools Lite (x32 Version: 4.40.2.0131)
Dark Souls Prepare to Die Edition (x32 Version: 1.0.0000.130)
Dark Souls Prepare To Die Edition version 5.1 (x32 Version: 5.1)
Dell Voice (x32 Version: 1.1.1)
DH Mobility Modder.NET (x32 Version: 1.2.1.0)
Diner Dash 2 (x32)
DiskAid 4.11 (x32 Version: 4.11)
Divinity: Dragon Commander (x32)
Download Manager 2.3.6 (x32 Version: 2.3.6)
Driver San Francisco (x32 Version: 1.1.0.0)
Driver Sweeper version 3.2.0 (x32 Version: 3.2.0)
Dual-Core Optimizer (x32 Version: 1.1.4.0169)
Enhanced Multimedia Keyboard Solution (x32)
ESN Sonar (x32 Version: 0.70.0)
Fable III (x32 Version: 1.0.0001.131)
Far Cry 3 (x32 Version: 1.01)
FlashGet 1.9.6.1073 (x32 Version: 1.9.6.1073)
Free AVI MPEG WMV MP4 FLV Video Joiner 5.0.2 (x32)
Free Video Joiner 1.1 (x32)
FreeArc 0.666 (x32 Version: 0.666)
FreeOnlineRadioPlayerRecorder Toolbar (x32 Version: 6.11.2.6)
Freez FLV to MP3 Converter (x32 Version: 1.5)
Game Dev Tycoon DEMO version 1.0.1 (x32 Version: 1.0.1)
Game Dev Tycoon v1.3.2 (c) Greenheart Games version 1 (x32 Version: 1)
GamersFirst LIVE! (x32)
GenesisAD_Setup (x32 Version: 1.00.0000)
GOM Player (x32 Version: 2.1.28.5039)
GOMTV Streamer (x32)
Google Earth Plug-in (x32 Version: 7.1.1.1888)
Google Update Helper (x32 Version: 1.3.21.153)
GrandDog Run Time System V1.0.35 (x32)
Hamachi 1.0.3.0 (x32)
Hardware Diagnostic Tools (x32 Version: 5.1.4748.24)
Hewlett-Packard Active Check for Health Check (x32 Version: 1.1.15.2)
Hewlett-Packard Asset Agent for Health Check (x32 Version: 2.0.63.2)
Hex Workshop v6 (Version: 6.0.1.4603)
HF pAppLoc version 1.0 (x32 Version: 1.0)
Hi-Rez Studios Authenticate and Update Service (x32 Version: 3.0.0.0)
Hotspot Shield 2.65 (x32 Version: 2.65)
HP Active Support Library (x32 Version: 3.1.0.6)
HP Customer Experience Enhancements (x32 Version: 5.6.0.2510)
HP Customer Feedback (x32 Version: 1.0.0)
HP Easy Setup - Frontend (x32 Version: 5.7.0.2611)
HP Picasso Media Center Add-In (x32 Version: 1.0.0)
HP Total Care Advisor (x32 Version: 2.1.3329.2629)
HP Update (x32 Version: 4.000.007.003)
HuxleyTheDystopia (x32 Version: 1.00.0000)
iFunbox (v2.6.2375.747), iFunbox DevTeam (x32 Version: v2.6.2375.747)
ijji Auto Installer (x32 Version: 1.00.0000)
ILLUSION ジンコウガクエン きゃらめいく (x32 Version: 1.00.0000)
ImgBurn (x32 Version: 2.5.1.0)
Intel(R) Matrix Storage Manager
iPhone Explorer 2.102 (x32)
iTunes (Version: 11.0.2.26)
Java 7 Update 13 (x32 Version: 7.0.130)
Java Auto Updater (x32 Version: 2.1.9.0)
Java(TM) 6 Update 23 (x32 Version: 6.0.230)
Java(TM) SE Runtime Environment 6 Update 1 (x32 Version: 1.6.0.10)
JDownloader 2 (Version: 2.0)
LabelPrint (x32 Version: 2.2.2529)
League of Legends (x32 Version: 1.25.000)
League of Legends (x32 Version: 1.3)
Left 4 Dead 2 Add-on Support (x32)
LightScribe System Software 1.12.37.1 (x32 Version: 1.12.37.1)
LightScribeTemplateLabeler (x32 Version: 1.10.23.1)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Max Payne 3 (x32 Version: 1.0.0.0)
MD5 Checker version 4.0.0 (x32)
Mega Manager (x32 Version: 3.3.04)
MegaTrainer eXperience V1.1.1.1 (x32)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (x32 Version: 3.5.30730.0)
Microsoft Games for Windows - LIVE Redistributable (x32 Version: 3.5.92.0)
Microsoft Games for Windows Marketplace (x32 Version: 3.5.50.0)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Home and Student 60 day trial
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Silverlight (x32 Version: 5.1.20513.0)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30411 (Version: 9.0.30411)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (x32 Version: 11.0.51106.1)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (x32 Version: 11.0.51106)
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (x32 Version: 11.0.51106)
Microsoft Windows Application Compatibility Database
Microsoft Works (x32 Version: 9.7.0621)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0)
Microsoft XNA Framework Redistributable 3.1 (x32 Version: 3.1.10527.0)
Microsoft XNA Framework Redistributable 4.0 (x32 Version: 4.0.20823.0)
MIKSOFT Mobile AMR converter (x32)
MKVtoolnix 4.7.0 (x32 Version: 4.7.0)
MotioninJoy Gamepad tool 0.7.1001 (Version: 0.7.1001)
Mozilla Firefox 7.0.1 (x86 en-GB) (x32 Version: 7.0.1)
MP3 Skype Recorder (x32 Version: 3.1.3)
Mp3tag v2.49 (x32 Version: v2.49)
MSVC80_x64_v2 (Version: 1.0.3.0)
MSVC80_x86_v2 (x32 Version: 1.0.3.0)
MSVCRT (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB927978) (x32 Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
muvee autoProducer 6.1 (x32 Version: 6.10.050)
My HP Games (x32 Version: 1.0.0.43)
Natural Selection 2 (x32)
NCsoft Launcher (x32 Version: 1.5.4.2)
Neffy 1,2,4,0 (x32 Version: 1,2,4,0)
Nexon Game Manager (x32)
Nitronic Rush (2011-11-11) version 20111111.0 (x32 Version: 20111111.0)
Nokia Connectivity Cable Driver (x32 Version: 7.1.22.0)
Notepad++ (x32 Version: 6.3.2)
NVIDIA Drivers
NVIDIA PhysX (x32 Version: 9.12.0613)
OGPlanet Game Launcher (x32 Version: 1.0.0)
OpenAL (x32)
Origin (x32 Version: 8.5.0.4554)
Paint.NET v3.5.6 (Version: 3.56.0)
Pando Media Booster (x32 Version: 2.6.0.6)
PC Connectivity Solution (x32 Version: 9.44.0.3)
PCSX2 - Playstation 2 Emulator (x32)
Pcsx2 0.9.6 (x32 Version: 1.0.0)
Pcsx2 Cheat converter (HKCU Version: 1.0.0.10)
piaip AppLocale (x32 Version: 1.0.0)
PlanetSide 2 (x32)
plist Editor Pro 2.0.0 (x32 Version: 2.0.0)
PlugLink 9650 Utility (x32 Version: 1.1.6)
Poker Night 2 (x32)
Power2Go (x32 Version: 5.6.3917)
PS3 Cheats Editor (x32)
PunkBuster Services (x32 Version: 0.992)
Python 2.5 (x32 Version: 2.5.150)
QuickTime (x32 Version: 7.68.75.0)
RadeonPro 1.0 (Build 1.1.0.6) (x32)
RapidLinkConverter (x32 Version: 3.1.0)
RaySource 2.1.10.8366 (x32 Version: 2.1.10.8366)
REACTOR (x32 Version: 1.00.0000)
Real Alternative 2.0.0 (x32 Version: 2.0.0)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.5591)
Recettear: An Item Shop's Tale - Demo (x32)
Recettear: An Item Shop's Tale (x32)
redist (x32 Version: 1.0.0.0)
RoboForm 7-7-4 (All Users) (x32 Version: 7-7-4)
Rockstar Games Social Club (x32 Version: 1.0.9.5)
SD Gundam Capsule Fighter (x32 Version: 1.0.0)
Search Protect by conduit (x32 Version: 1.4.1.12)
Segoe UI (x32 Version: 15.4.2271.0615)
Skype Toolbars (x32 Version: 1.0.4051)
Skype™ 6.3 (x32 Version: 6.3.107)
Soft Data Fax Modem with SmartCP (Version: 7.74.00)
Sonic and All Stars Racing Transformed (c) SEGA version 1 (x32 Version: 1)
Sony Ericsson DRM Packager 1.35 (x32 Version: 1.35)
Source SDK Base 2007 (x32)
Spybot - Search & Destroy (x32 Version: 1.6.2)
StarCraft II (x32 Version: 1.3.3.18574)
Steam (x32 Version: 1.0.0.0)
Super Street Fighter IV: Arcade Edition (x32 Version: 1.0.0000.129)
SUPER STREET FIGHTER IV: ARCADE EDITION (x32 Version: 1.0.0001.129)
SWF Opener (x32 Version: 1.3)
Team Fortress 2 (x32)
The Sims™ 3 (x32 Version: 1.33.2)
The Sims™ 3 Late Night (x32 Version: 6.0.81)
The Sims™ 3 Master Suite Stuff (x32 Version: 11.0.84)
The Witcher 2 (x32 Version: 1.00.0000)
Tom Clancy's Ghost Recon Future Soldier (x32 Version: 1.00)
Ubisoft Game Launcher (x32 Version: 1.0.0.0)
Ultimate Knight ウィンダムXP (x32)
Unity Web Player (HKCU Version: )
Universal Document Converter (Demo) (x32 Version: 5.2)
UnLock Root 3.1.1 (x32 Version: 3.1.1)
UnLock Root Pro 3.41 (x32 Version: 3.41)
UNO - Undercover (x32)
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft .NET Framework 3.5 SP1 (KB2836940) (x32 Version: 1)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (x32)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)
Update for Microsoft Office Access 2007 Help (KB963663) (x32)
Update for Microsoft Office Excel 2007 Help (KB963678) (x32)
Update for Microsoft Office Infopath 2007 Help (KB963662) (x32)
Update for Microsoft Office OneNote 2007 Help (KB963670) (x32)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 Help (KB963677) (x32)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2825641) 32-Bit Edition (x32)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
Update for Microsoft Office Publisher 2007 Help (KB963667) (x32)
Update for Microsoft Office Script Editor Help (KB963671) (x32)
Update for Microsoft Office Word 2007 Help (KB963665) (x32)
Uplay (x32 Version: 2.1)
URL Snooper v2.29.01 (x32)
Ventrilo Client for Windows x64 (Version: 3.0.5.0)
VirtualCloneDrive (x32)
Visual C++ 8.0 Runtime Setup Package (x64) (x32 Version: 9.0.0.623)
Visual Studio 2008 x64 Redistributables (x32 Version: 10.0.0.2)
VLC media player 1.0.5 (x32 Version: 1.0.5)
VueScan (x32)
Wajam (x32 Version: 1.67)
Warcraft III (x32)
Warcraft III: All Products (HKCU)
Waterfox (Version: 18.0.1)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0) (Version: 08/22/2008 7.0.0.0)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Messenger (x32 Version: 15.4.3538.0513)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
WinPcap 4.1.2 (x32 Version: 4.1.0.2001)
WinRAR archiver (x32)
WinSCP 4.3.2 (x32 Version: 4.3.2)
WMPTagSupportExtender (x32 Version: 1.4)
Xilisoft Download YouTube Video (x32 Version: 2.0.5.0108)
Xilisoft YouTube Video Converter (x32 Version: 2.0.5.0108)
Xiph.Org Open Codecs 0.85.17777 (x32 Version: 0.85.17777)
Yahoo! Messenger (x32)
Yahoo! Toolbar (x32)
ツゴウノイイ彼女タチ (x32 Version: 1.00.0000)
炎の孕ませおっぱい乳同級生 (x32)

==================== Restore Points =========================


==================== Scheduled Tasks (whitelisted) =============

Task: {015507FC-44DD-41EF-8237-CB71B392E53B} - System32\Tasks\At19 => C:\Windows\Fonts\iiJX8v5.com
Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {0BCF2280-6243-41E2-9E90-B35F4CCC415F} - System32\Tasks\Open URL by RoboForm => C:\Windows\System32\url.dll [2013-07-31] (Microsoft Corporation)
Task: {11F6ECA7-EEF2-42C2-8385-BFE4FFCD63B5} - System32\Tasks\{42A71F08-9AD8-4D36-9165-B069C07881A0} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2013-05-08] (Skype Technologies S.A.)
Task: {13BCD0D0-7063-4D01-8237-878135C4A7A5} - System32\Tasks\At5 => C:\Windows\Fonts\iiJX8v5.com
Task: {14D2CBEE-C23D-4251-90AB-40328A3E4896} - System32\Tasks\At11 => C:\Windows\Fonts\iiJX8v5.com
Task: {15BF8913-C79E-457B-8F9A-B3D10629718A} - System32\Tasks\At7 => C:\Windows\Fonts\iiJX8v5.com
Task: {192DDA2D-5815-47B8-983F-65744FEEC03A} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {1A8CF4B0-2E5A-49CE-9BEA-CEE9B65C0E78} - System32\Tasks\At3 => C:\Windows\Fonts\iiJX8v5.com
Task: {254095AE-FB97-48EA-94A5-D8BF2AB79714} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {27F720A2-756A-4CD2-B32A-1AACE7DF62BF} - System32\Tasks\At12 => C:\Windows\Fonts\iiJX8v5.com
Task: {2F2774E1-C7B9-4778-A2CB-C1E08DA4B5A2} - System32\Tasks\At2 => C:\Windows\Fonts\iiJX8v5.com
Task: {33758925-F1BA-484B-902D-ABB4CEC065E1} - System32\Tasks\At22 => C:\Windows\Fonts\iiJX8v5.com
Task: {3BF8CB04-0CDD-4984-89A8-B5FC5240423E} - System32\Tasks\At4 => C:\Windows\Fonts\iiJX8v5.com
Task: {4597A12C-E957-48D3-969B-6C8A4507DF33} - System32\Tasks\At21 => C:\Windows\Fonts\iiJX8v5.com
Task: {4A9B26AB-FB23-4F35-9429-7F3B09151C7A} - System32\Tasks\At17 => C:\Windows\Fonts\iiJX8v5.com
Task: {4D1952A1-76C6-4D4C-8030-19E75C8C3E84} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-20] (Microsoft Corporation)
Task: {50184864-45AE-4522-B068-B485F52C2020} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2012-03-15] (Siber Systems)
Task: {506D0DB8-EC04-4478-A0EF-E9C8BACD44C2} - System32\Tasks\At23 => C:\Windows\Fonts\iiJX8v5.com
Task: {575F91D7-41AA-4647-BDB0-3F2F07910B06} - System32\Tasks\PC-Doctor\Scheduled Maintenance => C:\Program Files (x86)\PC-Doctor 5 for Windows\RunProfiler.exe [2008-03-13] (PC-Doctor, Inc.)
Task: {59CC5B42-9DAA-49D5-814B-0FBB83AD7C68} - System32\Tasks\At8 => C:\Windows\Fonts\iiJX8v5.com
Task: {63369909-26CE-4ED8-AD96-78DF12356E04} - System32\Tasks\At14 => C:\Windows\Fonts\iiJX8v5.com
Task: {6ED7BBF4-30CB-4206-B294-9631CAF1805D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-05-27] (Google Inc.)
Task: {742E1018-82A7-417D-BC32-F02E7D6F358F} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2008-01-20] (Microsoft Corporation)
Task: {7858C2F3-2F77-4133-A3FD-29EDB616DE60} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2008-01-20] (Microsoft Corporation)
Task: {7AC685BE-879D-4AF6-AA94-D91A0AA72679} - System32\Tasks\At16 => C:\Windows\Fonts\iiJX8v5.com
Task: {7C0750E9-2D54-4782-BD64-8DFC676CEF69} - System32\Tasks\At13 => C:\Windows\Fonts\iiJX8v5.com
Task: {7C638E5B-ECE5-4424-A7E5-2C913CA682E9} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {8BE67D72-FDD0-412F-A2BF-36415806C5FD} - System32\Tasks\At24 => C:\Windows\Fonts\iiJX8v5.com
Task: {8F7A9C84-9B5F-42F6-B9BD-8D3238EFA606} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {A5B9D345-C11D-4E0A-9BE2-077B0C74BDD8} - System32\Tasks\At15 => C:\Windows\Fonts\iiJX8v5.com
Task: {A86F5C9D-2F48-412D-8806-DEA98B00923A} - System32\Tasks\PC-Doctor\Scheduled Maintenance Swap => C:\Program Files (x86)\PC-Doctor 5 for Windows\task_swap.exe [2008-03-13] (PC-Doctor, Inc.)
Task: {A9682324-32D9-45C9-908E-608EC6B80FBA} - System32\Tasks\At9 => C:\Windows\Fonts\iiJX8v5.com
Task: {A9683382-0125-42BE-A29E-E39819CD3AF7} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\OptinNotification => C:\Windows\System32\wsqmcons.exe [2008-01-20] (Microsoft Corporation)
Task: {B5E331A6-83A3-41B3-A9F2-59D66A490895} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-05-27] (Google Inc.)
Task: {B679335F-EC8A-40AC-876A-2AA675D1E7E5} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\schtasks.exe [2008-01-20] (Microsoft Corporation)
Task: {C946C484-5047-474F-93B5-73FF61280CDC} - System32\Tasks\At10 => C:\Windows\Fonts\iiJX8v5.com
Task: {E0220ABC-E002-4AC1-9046-CF7A5428086A} - System32\Tasks\At1 => C:\Windows\Fonts\iiJX8v5.com
Task: {E17FAD3F-420F-4CE9-A238-18BD8CEDDC7A} - System32\Tasks\At6 => C:\Windows\Fonts\iiJX8v5.com
Task: {E26BAF39-A7A6-46F1-9F9F-65CEA49E10BB} - System32\Tasks\At18 => C:\Windows\Fonts\iiJX8v5.com
Task: {E8E91512-0E90-4CB9-9F6E-27958E4B9098} - System32\Tasks\At20 => C:\Windows\Fonts\iiJX8v5.com
Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()
Task: {EA9FD485-0820-493B-B946-27E96C9C67A4} - System32\Tasks\RecoveryCD => C:\Program Files (x86)\Hewlett-Packard\SDP\RemEngine.exe [2008-03-17] ()
Task: {EEE6C8EE-F16D-4EBB-84AC-884EF3546770} - System32\Tasks\Tkjhljntu => C:\Windows\SysWOW64\cmlual.dll [2011-07-29] ()
Task: {F7125E69-228B-41BD-8539-4D993D764F44} - System32\Tasks\ROC_REG_JAN_DELETE => C:\ProgramData\AVG January 2013 Campaign\ROC.exe
Task: {FA3C2F20-AE74-4E34-BD52-77FA526453AF} - System32\Tasks\9b555190 => C:\Users\Bernard\AppData\Local\Temp\\setup3927994512.exe
Task: C:\Windows\Tasks\At1.job => ?
Task: C:\Windows\Tasks\At10.job => ?
Task: C:\Windows\Tasks\At11.job => ?
Task: C:\Windows\Tasks\At12.job => ?
Task: C:\Windows\Tasks\At13.job => ?
Task: C:\Windows\Tasks\At14.job => ?
Task: C:\Windows\Tasks\At15.job => ?
Task: C:\Windows\Tasks\At16.job => ?
Task: C:\Windows\Tasks\At17.job => ?
Task: C:\Windows\Tasks\At18.job => ?
Task: C:\Windows\Tasks\At19.job => ?
Task: C:\Windows\Tasks\At2.job => ?
Task: C:\Windows\Tasks\At20.job => ?
Task: C:\Windows\Tasks\At21.job => ?
Task: C:\Windows\Tasks\At22.job => ?
Task: C:\Windows\Tasks\At23.job => ?
Task: C:\Windows\Tasks\At24.job => ?
Task: C:\Windows\Tasks\At3.job => ?
Task: C:\Windows\Tasks\At4.job => ?
Task: C:\Windows\Tasks\At5.job => ?
Task: C:\Windows\Tasks\At6.job => ?
Task: C:\Windows\Tasks\At7.job => ?
Task: C:\Windows\Tasks\At8.job => ?
Task: C:\Windows\Tasks\At9.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ROC_REG_JAN_DELETE.job => C:\ProgramData\AVG January 2013 Campaign\ROC.exe
Task: C:\Windows\Tasks\Tkjhljntu.job => ?

==================== Loaded Modules (whitelisted) =============

2012-02-17 00:17 - 2012-02-17 00:17 - 00529200 _____ (广东雨林木风计算机科技有限公司) C:\Users\Bernard\AppData\Roaming\115\Box\Sync115Ext64.dll
2011-03-16 03:01 - 2011-02-23 11:44 - 00185856 _____ (Martin Prikryl) C:\WinSCP\DragExt64.dll
2011-08-05 23:11 - 2008-06-20 00:41 - 00062464 _____ () C:\WinRAR\rarext64.dll
2011-08-01 18:36 - 2011-08-01 18:36 - 00939008 _____ (Terra Informatica Software, Inc., British Columbia, Canada.) C:\AVG\AVG2012\HTMLayout.dll
2012-02-14 04:53 - 2012-02-14 04:53 - 00366432 _____ (AVG Technologies CZ, s.r.o.) C:\AVG\AVG2012\avgsysx.dll
2012-02-14 04:52 - 2012-02-14 04:52 - 00889696 _____ (AVG Technologies CZ, s.r.o.) C:\AVG\AVG2012\avgntopensslx.dll
2012-11-08 04:50 - 2012-11-08 04:50 - 01066104 _____ (AVG Technologies CZ, s.r.o.) C:\AVG\AVG2012\avgcfgx.dll
2012-06-13 03:48 - 2012-06-13 03:48 - 00286328 _____ (AVG Technologies CZ, s.r.o.) C:\AVG\AVG2012\avglogx.dll

==================== Alternate Data Streams (whitelisted) ==========

AlternateDataStreams: C:\ProgramData:$SS_DESCRIPTOR_LVVWVBGV0VFBTLX4D06YH7LVUTPXGJMBKE1R0WT1VH7E24F7PHCTVF4VMVFVVX4VM
AlternateDataStreams: C:\Users\All Users:$SS_DESCRIPTOR_LVVWVBGV0VFBTLX4D06YH7LVUTPXGJMBKE1R0WT1VH7E24F7PHCTVF4VMVFVVX4VM
AlternateDataStreams: C:\ProgramData\Application Data:$SS_DESCRIPTOR_LVVWVBGV0VFBTLX4D06YH7LVUTPXGJMBKE1R0WT1VH7E24F7PHCTVF4VMVFVVX4VM
AlternateDataStreams: C:\ProgramData\TEMP:720EA308
AlternateDataStreams: C:\ProgramData\TEMP:79F042EF
AlternateDataStreams: C:\ProgramData\TEMP:BEB15613


==================== Faulty Device Manager Devices =============

Name: eHome Infrared Receiver (USBCIR)
Description: eHome Infrared Receiver (USBCIR)
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Microsoft
Service: usbcir
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: A2IW4ESM IDE Controller
Description: A2IW4ESM IDE Controller
Class Guid: {4D36E97B-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard mass storage controllers)
Service: afspo1hx
Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.

Name: Consumer IR Devices
Description: Consumer IR Devices
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: circlass
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Event log errors: =========================

Application errors:
==================
Error: (09/11/2013 06:06:44 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

Error: (09/11/2013 06:06:44 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

Error: (09/11/2013 05:26:17 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

Error: (09/11/2013 05:25:55 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/11/2013 05:25:24 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

Error: (09/11/2013 05:25:24 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

Error: (09/11/2013 05:25:24 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

Error: (09/11/2013 05:25:03 PM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (09/11/2013 08:27:13 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

Error: (09/11/2013 08:27:13 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.


System errors:
=============
Error: (09/11/2013 05:26:45 PM) (Source: Service Control Manager) (User: )
Description: PnP-X IP Bus EnumeratorFunction Discovery Provider Host%%1068

Error: (09/11/2013 05:26:04 PM) (Source: Service Control Manager) (User: )
Description: Network List ServiceNetwork Location Awareness%%1068

Error: (09/11/2013 05:26:00 PM) (Source: DCOM) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (09/11/2013 05:25:56 PM) (Source: Service Control Manager) (User: )
Description: Network List ServiceNetwork Location Awareness%%1068

Error: (09/11/2013 05:25:56 PM) (Source: Service Control Manager) (User: )
Description: Network List ServiceNetwork Location Awareness%%1068

Error: (09/11/2013 05:25:56 PM) (Source: Service Control Manager) (User: )
Description: Network List ServiceNetwork Location Awareness%%1068

Error: (09/11/2013 05:25:56 PM) (Source: Service Control Manager) (User: )
Description: AFD
Avgldx64
Avgmfx64
Avgtdia
DfsC
ElbyCDIO
HssDRV6
NetBIOS
netbt
nsiproxy
PSched
RasAcd
rdbss
Smb
spldr
tdx
Wanarpv6

Error: (09/11/2013 05:25:56 PM) (Source: Service Control Manager) (User: )
Description: Network List ServiceNetwork Location Awareness%%1068

Error: (09/11/2013 05:25:56 PM) (Source: Service Control Manager) (User: )
Description: Network Location AwarenessNetwork Store Interface Service%%1068

Error: (09/11/2013 05:25:56 PM) (Source: Service Control Manager) (User: )
Description: IP HelperNetwork Store Interface Service%%1068


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
Date: 2013-09-11 18:10:02.727
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\avgidsha.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-09-11 18:10:02.602
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\avgidsha.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-09-11 18:10:02.462
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\avgidsha.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-09-11 18:10:02.337
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\avgidsha.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-09-11 18:10:02.197
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\avgidsdrivera.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-09-11 18:10:02.072
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\avgidsdrivera.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-09-11 18:10:01.931
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\avgidsdrivera.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-09-11 18:10:01.807
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\avgidsdrivera.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-09-11 07:09:59.734
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\avgidsha.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-09-11 07:09:59.593
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\avgidsha.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 14%
Total physical RAM: 6142.39 MB
Available physical RAM: 5229.85 MB
Total Pagefile: 12397.79 MB
Available Pagefile: 11713.25 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB

==================== Drives ================================

Drive c: (HP) (Fixed) (Total:687.32 GB) (Free:1.67 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (FACTORY_IMAGE) (Fixed) (Total:11.31 GB) (Free:1.5 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive o: (USB DISK) (Removable) (Total:57.58 GB) (Free:0.3 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 699 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=687 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=11 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 58 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=58 GB) - (Type=0C)

==================== End Of Log ============================
 
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
See if you can boot normally.
 

Attachments

  • fixlist.txt
    11.2 KB · Views: 1
Nope, still can't boot up normally. I do have one update. Safe mode doesn't seem to load 100% now. It takes multiple tries. It also seems to be stuck at avgidsha.sys

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-09-2013 02
Ran by Bernard at 2013-09-11 19:30:06 Run:1
Running from C:\Users\Bernard\Desktop
Boot Mode: Safe Mode (minimal)
==============================================

Content of fixlist:
*****************
HKCU\...\Run: [PlayNC Launcher] - [x]
HKCU\...\Run: [SearchProtect] - C:\Users\Bernard\AppData\Roaming\SearchProtect\bin\cltmng.exe [2731296 2013-03-06] (Conduit)
C:\Users\Bernard\AppData\Roaming\SearchProtect
MountPoints2: {442fb762-9425-11de-aae1-001fc65f3688} - K:\Autorun.exe
MountPoints2: {5447d0ef-c663-11de-9e46-001fc65f3688} - F:\Seagate\Installer\InstallSeagateManager.exe
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [SearchProtectAll] - C:\Program Files (x86)\SearchProtect\bin\cltmng.exe [2731296 2013-03-06] (Conduit)
C:\Program Files (x86)\SearchProtect
ShortcutTarget: ViiKiiDesktopPlugin.lnk -> C:\Program Files (x86)\ViiKiiDesktopPlugin\ViiKiiDesktopPlugin.exe (No File)
URLSearchHook: (No Name) - {f999a48b-1950-4d81-9971-79018f807b4b} - No File
SearchScopes: HKCU - {6E156CB0-82F2-47D1-A6D2-471A6EF0DB3B} URL = http://search.conduit.com/ResultsEx...4&ctid=CT2737658&CUI=UN14051505662315168&UM=2
BHO: No Name - {004B0726-A010-4ABF-8556-FCDB7F1FCA1E} - No File
BHO: No Name - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - No File
BHO-x32: No Name - {889D2FEB-5411-4565-8998-1DD2C5261283} - No File
BHO-x32: IeMonitorBho Class - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Megaupload\Mega Manager\MegaIEMn.dll No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKCU - No Name - {F999A48B-1950-4D81-9971-79018F807B4B} - No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Hosts:
S2 CltMngSvc; C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe [93984 2013-03-06] (Conduit)
C:\Users\Bernard\AppData\Local\89531bfe
C:\Users\Bernard\AppData\Local\{f74fa4d3-0d07-b6d5-95c8-76b6bf7abf7e}
C:\ProgramData\0tbpw.pad
C:\ProgramData\hash.dat
C:\Users\Bernard\AppData\Local\Temp\12-6-legacy_vista_win7_64_dd_ccc.exe
C:\Users\Bernard\AppData\Local\Temp\539E36B.exe
C:\Users\Bernard\AppData\Local\Temp\715D609.exe
C:\Users\Bernard\AppData\Local\Temp\7za.exe
C:\Users\Bernard\AppData\Local\Temp\AdbWinApi.dll
C:\Users\Bernard\AppData\Local\Temp\AdbWinUsbApi.dll
C:\Users\Bernard\AppData\Local\Temp\AskInstallChecker-1.4.0.0.exe
C:\Users\Bernard\AppData\Local\Temp\AskPIP_FF_.exe
C:\Users\Bernard\AppData\Local\Temp\askToolbarInstaller.exe
C:\Users\Bernard\AppData\Local\Temp\bdfilters.dll
C:\Users\Bernard\AppData\Local\Temp\Bit1D1D.tmp.exe
C:\Users\Bernard\AppData\Local\Temp\Bit2059.tmp.exe
C:\Users\Bernard\AppData\Local\Temp\Bit20B4.tmp.exe
C:\Users\Bernard\AppData\Local\Temp\Bit2ECA.tmp.exe
C:\Users\Bernard\AppData\Local\Temp\Bit377E.tmp.exe
C:\Users\Bernard\AppData\Local\Temp\Bit4BB6.tmp.exe
C:\Users\Bernard\AppData\Local\Temp\Bit5690.tmp.exe
C:\Users\Bernard\AppData\Local\Temp\Bit5D5B.tmp.exe
C:\Users\Bernard\AppData\Local\Temp\Bit6322.tmp.exe
C:\Users\Bernard\AppData\Local\Temp\Bit8E64.tmp.exe
C:\Users\Bernard\AppData\Local\Temp\BitA2B1.tmp.exe
C:\Users\Bernard\AppData\Local\Temp\BitB328.tmp.exe
C:\Users\Bernard\AppData\Local\Temp\BitC938.tmp.exe
C:\Users\Bernard\AppData\Local\Temp\BitCDA7.tmp.exe
C:\Users\Bernard\AppData\Local\Temp\BitD38.tmp.exe
C:\Users\Bernard\AppData\Local\Temp\BitD70A.tmp.exe
C:\Users\Bernard\AppData\Local\Temp\CH.dll
C:\Users\Bernard\AppData\Local\Temp\conduitinstaller.exe
C:\Users\Bernard\AppData\Local\Temp\Copy.dll
C:\Users\Bernard\AppData\Local\Temp\Coupon-Caddy-ppi-MULTI.exe
C:\Users\Bernard\AppData\Local\Temp\DLBT.dll
C:\Users\Bernard\AppData\Local\Temp\dl_peer_id.dll
C:\Users\Bernard\AppData\Local\Temp\Dragons Dogma - Editor.exe
C:\Users\Bernard\AppData\Local\Temp\Execute2App.exe
C:\Users\Bernard\AppData\Local\Temp\Fault_inst.exe
C:\Users\Bernard\AppData\Local\Temp\FJ_Downloader.exe
C:\Users\Bernard\AppData\Local\Temp\FP_PL_PFS_INSTALLER.exe
C:\Users\Bernard\AppData\Local\Temp\GomEncDnInstaller.exe
C:\Users\Bernard\AppData\Local\Temp\gtapi.dll
C:\Users\Bernard\AppData\Local\Temp\HiPatchSelfUpdateWindow.exe
C:\Users\Bernard\AppData\Local\Temp\HiRezLauncherControls.dll
C:\Users\Bernard\AppData\Local\Temp\HOMEFRONT(1).exe
C:\Users\Bernard\AppData\Local\Temp\Hotspot_Shield.exe
C:\Users\Bernard\AppData\Local\Temp\inst.exe
C:\Users\Bernard\AppData\Local\Temp\installerdll34682579.dll
C:\Users\Bernard\AppData\Local\Temp\installerdll34684903.dll
C:\Users\Bernard\AppData\Local\Temp\installerdll34691861.dll
C:\Users\Bernard\AppData\Local\Temp\installerdll6410205.dll
C:\Users\Bernard\AppData\Local\Temp\installerdll6423091.dll
C:\Users\Bernard\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\Bernard\AppData\Local\Temp\InstStub.exe
C:\Users\Bernard\AppData\Local\Temp\jshortcut-1610750577578842815.dll
C:\Users\Bernard\AppData\Local\Temp\Kies2RemoveAll.exe
C:\Users\Bernard\AppData\Local\Temp\KWI62F0.exe
C:\Users\Bernard\AppData\Local\Temp\Lng.Dll
C:\Users\Bernard\AppData\Local\Temp\msvcp90.dll
C:\Users\Bernard\AppData\Local\Temp\msvcr90.dll
C:\Users\Bernard\AppData\Local\Temp\MyBabylonTB.exe
C:\Users\Bernard\AppData\Local\Temp\NEventMessages.dll
C:\Users\Bernard\AppData\Local\Temp\NGMDll.dll
C:\Users\Bernard\AppData\Local\Temp\NGMResource.dll
C:\Users\Bernard\AppData\Local\Temp\NGMSetup.exe
C:\Users\Bernard\AppData\Local\Temp\nsisdt.dll
C:\Users\Bernard\AppData\Local\Temp\nsk364D.exe
C:\Users\Bernard\AppData\Local\Temp\nsp1278.exe
C:\Users\Bernard\AppData\Local\Temp\nsu2E4B.exe
C:\Users\Bernard\AppData\Local\Temp\nsuB777.exe
C:\Users\Bernard\AppData\Local\Temp\Ochibo_DLSetup.exe
C:\Users\Bernard\AppData\Local\Temp\OneClickRoot_Installer.exe
C:\Users\Bernard\AppData\Local\Temp\OptimizerPro.exe
C:\Users\Bernard\AppData\Local\Temp\OriginLauncher34682579.exe
C:\Users\Bernard\AppData\Local\Temp\ose00000.exe
C:\Users\Bernard\AppData\Local\Temp\OWE1FEE.exe
C:\Users\Bernard\AppData\Local\Temp\proxy_vole3838149727586769226.dll
C:\Users\Bernard\AppData\Local\Temp\PurpleBean.exe
C:\Users\Bernard\AppData\Local\Temp\QuickShare1.exe
C:\Users\Bernard\AppData\Local\Temp\rootsupd.exe
C:\Users\Bernard\AppData\Local\Temp\setup.exe
C:\Users\Bernard\AppData\Local\Temp\SicheatsTrainer.dll
C:\Users\Bernard\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Bernard\AppData\Local\Temp\sonarinst.exe
C:\Users\Bernard\AppData\Local\Temp\SPStub.exe
C:\Users\Bernard\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Bernard\AppData\Local\Temp\tmp24BA.exe
C:\Users\Bernard\AppData\Local\Temp\tmp3889.exe
C:\Users\Bernard\AppData\Local\Temp\tmp4690.exe
C:\Users\Bernard\AppData\Local\Temp\tmp53E9.exe
C:\Users\Bernard\AppData\Local\Temp\tmp6A09.exe
C:\Users\Bernard\AppData\Local\Temp\tmp6B7F.exe
C:\Users\Bernard\AppData\Local\Temp\tmp6EE8.exe
C:\Users\Bernard\AppData\Local\Temp\tmp848B.exe
C:\Users\Bernard\AppData\Local\Temp\tmp8508.exe
C:\Users\Bernard\AppData\Local\Temp\tmp979F.exe
C:\Users\Bernard\AppData\Local\Temp\tmp9D88.exe
C:\Users\Bernard\AppData\Local\Temp\tmpF826.exe
C:\Users\Bernard\AppData\Local\Temp\tmpFF10.exe
C:\Users\Bernard\AppData\Local\Temp\ubiBAE0.tmp.exe
C:\Users\Bernard\AppData\Local\Temp\unicows.dll
C:\Users\Bernard\AppData\Local\Temp\Uninstall.exe
C:\Users\Bernard\AppData\Local\Temp\unlockrootsetup.exe
C:\Users\Bernard\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Bernard\AppData\Local\Temp\wajam_install.exe
C:\Users\Bernard\AppData\Local\Temp\war3_Install.exe
C:\Users\Bernard\AppData\Local\Temp\WindowsInstaller-KB893803-v2-x86.exe
C:\Users\Bernard\AppData\Local\Temp\wlsetup-cvr.exe
C:\Users\Bernard\AppData\Local\Temp\WMQ37D1.exe
C:\Users\Bernard\AppData\Local\Temp\woavfvtd.dll
C:\Users\Bernard\AppData\Local\Temp\xmlUpdater.exe
C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At10.job
C:\Windows\Tasks\At11.job
C:\Windows\Tasks\At12.job
C:\Windows\Tasks\At13.job
C:\Windows\Tasks\At14.job
C:\Windows\Tasks\At15.job
C:\Windows\Tasks\At16.job
C:\Windows\Tasks\At17.job
C:\Windows\Tasks\At18.job
C:\Windows\Tasks\At19.job
C:\Windows\Tasks\At2.job
C:\Windows\Tasks\At20.job
C:\Windows\Tasks\At21.job
C:\Windows\Tasks\At22.job
C:\Windows\Tasks\At23.job
C:\Windows\Tasks\At24.job
C:\Windows\Tasks\At3.job
C:\Windows\Tasks\At4.job
C:\Windows\Tasks\At5.job
C:\Windows\Tasks\At6.job
C:\Windows\Tasks\At7.job
C:\Windows\Tasks\At8.job
C:\Windows\Tasks\At9.job
Task: {015507FC-44DD-41EF-8237-CB71B392E53B} - System32\Tasks\At19 => C:\Windows\Fonts\iiJX8v5.com
Task: {13BCD0D0-7063-4D01-8237-878135C4A7A5} - System32\Tasks\At5 => C:\Windows\Fonts\iiJX8v5.com
Task: {14D2CBEE-C23D-4251-90AB-40328A3E4896} - System32\Tasks\At11 => C:\Windows\Fonts\iiJX8v5.com
Task: {15BF8913-C79E-457B-8F9A-B3D10629718A} - System32\Tasks\At7 => C:\Windows\Fonts\iiJX8v5.com
Task: {1A8CF4B0-2E5A-49CE-9BEA-CEE9B65C0E78} - System32\Tasks\At3 => C:\Windows\Fonts\iiJX8v5.com
Task: {27F720A2-756A-4CD2-B32A-1AACE7DF62BF} - System32\Tasks\At12 => C:\Windows\Fonts\iiJX8v5.com
Task: {2F2774E1-C7B9-4778-A2CB-C1E08DA4B5A2} - System32\Tasks\At2 => C:\Windows\Fonts\iiJX8v5.com
Task: {33758925-F1BA-484B-902D-ABB4CEC065E1} - System32\Tasks\At22 => C:\Windows\Fonts\iiJX8v5.com
Task: {3BF8CB04-0CDD-4984-89A8-B5FC5240423E} - System32\Tasks\At4 => C:\Windows\Fonts\iiJX8v5.com
Task: {4597A12C-E957-48D3-969B-6C8A4507DF33} - System32\Tasks\At21 => C:\Windows\Fonts\iiJX8v5.com
Task: {4A9B26AB-FB23-4F35-9429-7F3B09151C7A} - System32\Tasks\At17 => C:\Windows\Fonts\iiJX8v5.com
Task: {506D0DB8-EC04-4478-A0EF-E9C8BACD44C2} - System32\Tasks\At23 => C:\Windows\Fonts\iiJX8v5.com
Task: {59CC5B42-9DAA-49D5-814B-0FBB83AD7C68} - System32\Tasks\At8 => C:\Windows\Fonts\iiJX8v5.com
Task: {63369909-26CE-4ED8-AD96-78DF12356E04} - System32\Tasks\At14 => C:\Windows\Fonts\iiJX8v5.com
Task: {7AC685BE-879D-4AF6-AA94-D91A0AA72679} - System32\Tasks\At16 => C:\Windows\Fonts\iiJX8v5.com
Task: {7C0750E9-2D54-4782-BD64-8DFC676CEF69} - System32\Tasks\At13 => C:\Windows\Fonts\iiJX8v5.com
Task: {8BE67D72-FDD0-412F-A2BF-36415806C5FD} - System32\Tasks\At24 => C:\Windows\Fonts\iiJX8v5.com
Task: {A5B9D345-C11D-4E0A-9BE2-077B0C74BDD8} - System32\Tasks\At15 => C:\Windows\Fonts\iiJX8v5.com
Task: {A9682324-32D9-45C9-908E-608EC6B80FBA} - System32\Tasks\At9 => C:\Windows\Fonts\iiJX8v5.com
Task: {C946C484-5047-474F-93B5-73FF61280CDC} - System32\Tasks\At10 => C:\Windows\Fonts\iiJX8v5.com
Task: {E0220ABC-E002-4AC1-9046-CF7A5428086A} - System32\Tasks\At1 => C:\Windows\Fonts\iiJX8v5.com
Task: {E17FAD3F-420F-4CE9-A238-18BD8CEDDC7A} - System32\Tasks\At6 => C:\Windows\Fonts\iiJX8v5.com
Task: {E26BAF39-A7A6-46F1-9F9F-65CEA49E10BB} - System32\Tasks\At18 => C:\Windows\Fonts\iiJX8v5.com
Task: {E8E91512-0E90-4CB9-9F6E-27958E4B9098} - System32\Tasks\At20 => C:\Windows\Fonts\iiJX8v5.com
Task: {EEE6C8EE-F16D-4EBB-84AC-884EF3546770} - System32\Tasks\Tkjhljntu => C:\Windows\SysWOW64\cmlual.dll [2011-07-29] ()
Task: C:\Windows\Tasks\Tkjhljntu.job => ?
AlternateDataStreams: C:\ProgramData:$SS_DESCRIPTOR_LVVWVBGV0VFBTLX4D06YH7LVUTPXGJMBKE1R0WT1VH7E24F7PHCTVF4VMVFVVX4VM
AlternateDataStreams: C:\Users\All Users:$SS_DESCRIPTOR_LVVWVBGV0VFBTLX4D06YH7LVUTPXGJMBKE1R0WT1VH7E24F7PHCTVF4VMVFVVX4VM
AlternateDataStreams: C:\ProgramData\Application Data:$SS_DESCRIPTOR_LVVWVBGV0VFBTLX4D06YH7LVUTPXGJMBKE1R0WT1VH7E24F7PHCTVF4VMVFVVX4VM
AlternateDataStreams: C:\ProgramData\TEMP:720EA308
AlternateDataStreams: C:\ProgramData\TEMP:79F042EF
AlternateDataStreams: C:\ProgramData\TEMP:BEB15613

*****************

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\PlayNC Launcher => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\SearchProtect => Value deleted successfully.
C:\Users\Bernard\AppData\Roaming\SearchProtect => Moved successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{442fb762-9425-11de-aae1-001fc65f3688} => Key deleted successfully.
HKCR\CLSID\{442fb762-9425-11de-aae1-001fc65f3688} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5447d0ef-c663-11de-9e46-001fc65f3688} => Key deleted successfully.
HKCR\CLSID\{5447d0ef-c663-11de-9e46-001fc65f3688} => Key not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SearchProtectAll => Value deleted successfully.
C:\Program Files (x86)\SearchProtect => Moved successfully.
C:\Program Files (x86)\ViiKiiDesktopPlugin\ViiKiiDesktopPlugin.exe not found.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\\{f999a48b-1950-4d81-9971-79018f807b4b} => Value deleted successfully.
HKCR\CLSID\{f999a48b-1950-4d81-9971-79018f807b4b} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6E156CB0-82F2-47D1-A6D2-471A6EF0DB3B} => Key deleted successfully.
HKCR\CLSID\{6E156CB0-82F2-47D1-A6D2-471A6EF0DB3B} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{004B0726-A010-4ABF-8556-FCDB7F1FCA1E} => Key deleted successfully.
HKCR\CLSID\{004B0726-A010-4ABF-8556-FCDB7F1FCA1E} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} => Key deleted successfully.
HKCR\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{889D2FEB-5411-4565-8998-1DD2C5261283} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{889D2FEB-5411-4565-8998-1DD2C5261283} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf00e119-21a3-4fd1-b178-3b8537e75c92} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{bf00e119-21a3-4fd1-b178-3b8537e75c92} => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} => Value deleted successfully.
HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{F999A48B-1950-4D81-9971-79018F807B4B} => Value deleted successfully.
HKCR\CLSID\{F999A48B-1950-4D81-9971-79018F807B4B} => Key not found.
HKCR\Wow6432Node\PROTOCOLS\Handler\livecall => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{828030A1-22C1-4009-854F-8E305202313F} => Key deleted successfully.
HKCR\Wow6432Node\PROTOCOLS\Handler\msnim => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{828030A1-22C1-4009-854F-8E305202313F} => Key not found.
Hosts was reset successfully.
CltMngSvc => Service deleted successfully.
C:\Users\Bernard\AppData\Local\89531bfe => Moved successfully.
C:\Users\Bernard\AppData\Local\{f74fa4d3-0d07-b6d5-95c8-76b6bf7abf7e} => Moved successfully.
C:\ProgramData\0tbpw.pad => Moved successfully.
C:\ProgramData\hash.dat => Moved successfully.
C:\Users\Bernard\AppData\Local\Temp\12-6-legacy_vista_win7_64_dd_ccc.exe => Moved successfully.
C:\Users\Bernard\AppData\Local\Temp\539E36B.exe => Moved successfully.
C:\Users\Bernard\AppData\Local\Temp\715D609.exe => Moved successfully.
C:\Users\Bernard\AppData\Local\Temp\7za.exe => Moved successfully.
C:\Users\Bernard\AppData\Local\Temp\AdbWinApi.dll => Moved successfully.
C:\Users\Bernard\AppData\Local\Temp\AdbWinUsbApi.dll => Moved successfully.
C:\Users\Bernard\AppData\Local\Temp\AskInstallChecker-1.4.0.0.exe => Moved successfully.
C:\Users\Bernard\AppData\Local\Temp\AskPIP_FF_.exe => Moved successfully.
C:\Users\Bernard\AppData\Local\Temp\askToolbarInstaller.exe => Moved successfully.
C:\Users\Bernard\AppData\Local\Temp\bdfilters.dll => Moved successfully.
C:\Users\Bernard\AppData\Local\Temp\Bit1D1D.tmp.exe => Moved successfully.
C:\Users\Bernard\AppData\Local\Temp\Bit2059.tmp.exe => Moved successfully.
C:\Users\Bernard\AppData\Local\Temp\Bit20B4.tmp.exe => Moved successfully.
C:\Users\Bernard\AppData\Local\Temp\Bit2ECA.tmp.exe => Moved successfully.
C:\Users\Bernard\AppData\Local\Temp\Bit377E.tmp.exe => Moved successfully.
C:\Users\Bernard\AppData\Local\Temp\Bit4BB6.tmp.exe => Moved successfully.
C:\Users\Bernard\AppData\Local\Temp\Bit5690.tmp.exe => Moved successfully.
C:\Users\Bernard\AppData\Local\Temp\Bit5D5B.tmp.exe => Moved successfully.
C:\Users\Bernard\AppData\Local\Temp\Bit6322.tmp.exe => Moved successfully.
C:\Users\Bernard\AppData\Local\Temp\Bit8E64.tmp.exe => Moved successfully.
C:\Users\Bernard\AppData\Local\Temp\BitA2B1.tmp.exe => Moved successfully.
C:\Users\Bernard\AppData\Local\Temp\BitB328.tmp.exe => Moved successfully.
C:\Users\Bernard\AppData\Local\Temp\BitC938.tmp.exe => Moved successfully.
C:\Users\Bernard\AppData\Local\Temp\BitCDA7.tmp.exe => Moved successfully.
C:\Users\Bernard\AppData\Local\Temp\BitD38.tmp.exe => Moved successfully.
C:\Users\Bernard\AppData\Local\Temp\BitD70A.tmp.exe => Moved successfully.
C:\Users\Bernard\AppData\Local\Temp\CH.dll => Moved successfully.
C:\Users\Bernard\AppData\Local\Temp\conduitinstaller.exe => Moved successfully.
C:\Users\Bernard\AppData\Local\Temp\Copy.dll => Moved successfully.
C:\Users\Bernard\AppData\Local\Temp\Coupon-Caddy-ppi-MULTI.exe => Moved successfully.
C:\Users\Bernard\AppData\Local\Temp\DLBT.dll => Moved successfully.
C:\Users\Bernard\AppData\Local\Temp\dl_peer_id.dll => Moved successfully.
C:\Users\Bernard\AppData\Local\Temp\Dragons Dogma - Editor.exe => Moved successfully.
C:\Users\Bernard\AppData\Local\Temp\Execute2App.exe => Moved successfully.
C:\Users\Bernard\AppData\Local\Temp\Fault_inst.exe => Moved successfully.
C:\Users\Bernard\AppData\Local\Temp\FJ_Downloader.exe => Moved successfully.
C:\Users\Bernard\AppData\Local\Temp\FP_PL_PFS_INSTALLER.exe => Moved successfully.
C:\Users\Bernard\AppData\Local\Temp\GomEncDnInstaller.exe => Moved successfully.
C:\Users\Bernard\AppData\Local\Temp\gtapi.dll => Moved successfully.
C:\Users\Bernard\AppData\Local\Temp\HiPatchSelfUpdateWindow.exe => Moved successfully.
C:\Users\Bernard\AppData\Local\Temp\HiRezLauncherControls.dll => Moved successfully.
C:\Users\Bernard\AppData\Local\Temp\HOMEFRONT(1).exe => Moved successfully.
C:\Users\Bernard\AppData\Local\Temp\Hotspot_Shield.exe => Moved successfully.
C:\Users\Bernard\AppData\Local\Temp\inst.exe => Moved successfully.
C:\Users\Bernard\AppData\Local\Temp\installerdll34682579.dll => Moved successfully.
C:\Users\Bernard\AppData\Local\Temp\installerdll34684903.dll => Moved successfully.
C:\Users\Bernard\AppData\Local\Temp\installerdll34691861.dll => Moved successfully.
C:\Users\Bernard\AppData\Local\Temp\installerdll6410205.dll => Moved successfully.
C:\Users\Bernard\AppData\Local\Temp\installerdll6423091.dll => Moved successfully.
C:\Users\Bernard\AppData\Local\Temp\InstallFlashPlayer.exe => Moved successfully.
C:\Users\Bernard\AppData\Local\Temp\InstStub.exe => Moved successfully.
C:\Users\Bernard\AppData\Local\Temp\jshortcut-1610750577578842815.dll => Moved successfully.
C:\Users\Bernard\AppData\Local\Temp\Kies2RemoveAll.exe => Moved successfully.
C:\Users\Bernard\AppData\Local\Temp\KWI62F0.exe => Moved successfully.
C:\Users\Bernard\AppData\Local\Temp\Lng.Dll => Moved successfully.
C:\Users\Bernard\AppData\Local\Temp\msvcp90.dll => Moved successfully.
C:\Users\Bernard\AppData\Local\Temp\msvcr90.dll => Moved successfully.
C:\Users\Bernard\AppData\Local\Temp\MyBabylonTB.exe => Moved successfully.
C:\Users\Bernard\AppData\Local\Temp\NEventMessages.dll => Moved successfully.
C:\Users\Bernard\AppData\Local\Temp\NGMDll.dll => Moved successfully.
C:\Users\Bernard\AppData\Local\Temp\NGMResource.dll => Moved successfully.
C:\Users\Bernard\AppData\Local\Temp\NGMSetup.exe => Moved successfully.
C:\Users\Bernard\AppData\Local\Temp\nsisdt.dll => Moved successfully.
C:\Users\Bernard\AppData\Local\Temp\nsk364D.exe => Moved successfully.
C:\Users\Bernard\AppData\Local\Temp\nsp1278.exe => Moved successfully.
C:\Users\Bernard\AppData\Local\Temp\nsu2E4B.exe => Moved successfully.
C:\Users\Bernard\AppData\Local\Temp\nsuB777.exe => Moved successfully.
C:\Users\Bernard\AppData\Local\Temp\Ochibo_DLSetup.exe => Moved successfully.
C:\Users\Bernard\AppData\Local\Temp\OneClickRoot_Installer.exe => Moved successfully.
C:\Users\Bernard\AppData\Local\Temp\OptimizerPro.exe => Moved successfully.
C:\Users\Bernard\AppData\Local\Temp\OriginLauncher34682579.exe => Moved successfully.
C:\Users\Bernard\AppData\Local\Temp\ose00000.exe => Moved successfully.
C:\Users\Bernard\AppData\Local\Temp\OWE1FEE.exe => Moved successfully.
C:\Users\Bernard\AppData\Local\Temp\proxy_vole3838149727586769226.dll => Moved successfully.
C:\Users\Bernard\AppData\Local\Temp\PurpleBean.exe => Moved successfully.
C:\Users\Bernard\AppData\Local\Temp\QuickShare1.exe => Moved successfully.
C:\Users\Bernard\AppData\Local\Temp\rootsupd.exe => Moved successfully.
C:\Users\Bernard\AppData\Local\Temp\setup.exe => Moved successfully.
C:\Users\Bernard\AppData\Local\Temp\SicheatsTrainer.dll => Moved successfully.
C:\Users\Bernard\AppData\Local\Temp\SkypeSetup.exe => Moved successfully.
C:\Users\Bernard\AppData\Local\Temp\sonarinst.exe => Moved successfully.
C:\Users\Bernard\AppData\Local\Temp\SPStub.exe => Moved successfully.
C:\Users\Bernard\AppData\Local\Temp\swt-win32-3349.dll => Moved successfully.
C:\Users\Bernard\AppData\Local\Temp\tmp24BA.exe => Moved successfully.
C:\Users\Bernard\AppData\Local\Temp\tmp3889.exe => Moved successfully.
C:\Users\Bernard\AppData\Local\Temp\tmp4690.exe => Moved successfully.
C:\Users\Bernard\AppData\Local\Temp\tmp53E9.exe => Moved successfully.
C:\Users\Bernard\AppData\Local\Temp\tmp6A09.exe => Moved successfully.
C:\Users\Bernard\AppData\Local\Temp\tmp6B7F.exe => Moved successfully.
C:\Users\Bernard\AppData\Local\Temp\tmp6EE8.exe => Moved successfully.
C:\Users\Bernard\AppData\Local\Temp\tmp848B.exe => Moved successfully.
C:\Users\Bernard\AppData\Local\Temp\tmp8508.exe => Moved successfully.
C:\Users\Bernard\AppData\Local\Temp\tmp979F.exe => Moved successfully.
C:\Users\Bernard\AppData\Local\Temp\tmp9D88.exe => Moved successfully.
C:\Users\Bernard\AppData\Local\Temp\tmpF826.exe => Moved successfully.
C:\Users\Bernard\AppData\Local\Temp\tmpFF10.exe => Moved successfully.
C:\Users\Bernard\AppData\Local\Temp\ubiBAE0.tmp.exe => Moved successfully.
C:\Users\Bernard\AppData\Local\Temp\unicows.dll => Moved successfully.
C:\Users\Bernard\AppData\Local\Temp\Uninstall.exe => Moved successfully.
C:\Users\Bernard\AppData\Local\Temp\unlockrootsetup.exe => Moved successfully.
C:\Users\Bernard\AppData\Local\Temp\vcredist_x64.exe => Moved successfully.
C:\Users\Bernard\AppData\Local\Temp\wajam_install.exe => Moved successfully.
C:\Users\Bernard\AppData\Local\Temp\war3_Install.exe => Moved successfully.
C:\Users\Bernard\AppData\Local\Temp\WindowsInstaller-KB893803-v2-x86.exe => Moved successfully.
C:\Users\Bernard\AppData\Local\Temp\wlsetup-cvr.exe => Moved successfully.
C:\Users\Bernard\AppData\Local\Temp\WMQ37D1.exe => Moved successfully.
C:\Users\Bernard\AppData\Local\Temp\woavfvtd.dll => Moved successfully.
C:\Users\Bernard\AppData\Local\Temp\xmlUpdater.exe => Moved successfully.
C:\Windows\Tasks\At1.job => Moved successfully.
C:\Windows\Tasks\At10.job => Moved successfully.
C:\Windows\Tasks\At11.job => Moved successfully.
C:\Windows\Tasks\At12.job => Moved successfully.
C:\Windows\Tasks\At13.job => Moved successfully.
C:\Windows\Tasks\At14.job => Moved successfully.
C:\Windows\Tasks\At15.job => Moved successfully.
C:\Windows\Tasks\At16.job => Moved successfully.
C:\Windows\Tasks\At17.job => Moved successfully.
C:\Windows\Tasks\At18.job => Moved successfully.
C:\Windows\Tasks\At19.job => Moved successfully.
C:\Windows\Tasks\At2.job => Moved successfully.
C:\Windows\Tasks\At20.job => Moved successfully.
C:\Windows\Tasks\At21.job => Moved successfully.
C:\Windows\Tasks\At22.job => Moved successfully.
C:\Windows\Tasks\At23.job => Moved successfully.
C:\Windows\Tasks\At24.job => Moved successfully.
C:\Windows\Tasks\At3.job => Moved successfully.
C:\Windows\Tasks\At4.job => Moved successfully.
C:\Windows\Tasks\At5.job => Moved successfully.
C:\Windows\Tasks\At6.job => Moved successfully.
C:\Windows\Tasks\At7.job => Moved successfully.
C:\Windows\Tasks\At8.job => Moved successfully.
C:\Windows\Tasks\At9.job => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{015507FC-44DD-41EF-8237-CB71B392E53B} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{015507FC-44DD-41EF-8237-CB71B392E53B} => Key deleted successfully.
C:\Windows\System32\Tasks\At19 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At19 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{13BCD0D0-7063-4D01-8237-878135C4A7A5} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{13BCD0D0-7063-4D01-8237-878135C4A7A5} => Key deleted successfully.
C:\Windows\System32\Tasks\At5 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At5 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{14D2CBEE-C23D-4251-90AB-40328A3E4896} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{14D2CBEE-C23D-4251-90AB-40328A3E4896} => Key deleted successfully.
C:\Windows\System32\Tasks\At11 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At11 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{15BF8913-C79E-457B-8F9A-B3D10629718A} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{15BF8913-C79E-457B-8F9A-B3D10629718A} => Key deleted successfully.
C:\Windows\System32\Tasks\At7 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At7 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1A8CF4B0-2E5A-49CE-9BEA-CEE9B65C0E78} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1A8CF4B0-2E5A-49CE-9BEA-CEE9B65C0E78} => Key deleted successfully.
C:\Windows\System32\Tasks\At3 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At3 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{27F720A2-756A-4CD2-B32A-1AACE7DF62BF} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{27F720A2-756A-4CD2-B32A-1AACE7DF62BF} => Key deleted successfully.
C:\Windows\System32\Tasks\At12 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At12 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2F2774E1-C7B9-4778-A2CB-C1E08DA4B5A2} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F2774E1-C7B9-4778-A2CB-C1E08DA4B5A2} => Key deleted successfully.
C:\Windows\System32\Tasks\At2 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At2 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{33758925-F1BA-484B-902D-ABB4CEC065E1} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{33758925-F1BA-484B-902D-ABB4CEC065E1} => Key deleted successfully.
C:\Windows\System32\Tasks\At22 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At22 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3BF8CB04-0CDD-4984-89A8-B5FC5240423E} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3BF8CB04-0CDD-4984-89A8-B5FC5240423E} => Key deleted successfully.
C:\Windows\System32\Tasks\At4 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At4 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4597A12C-E957-48D3-969B-6C8A4507DF33} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4597A12C-E957-48D3-969B-6C8A4507DF33} => Key deleted successfully.
C:\Windows\System32\Tasks\At21 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At21 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4A9B26AB-FB23-4F35-9429-7F3B09151C7A} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4A9B26AB-FB23-4F35-9429-7F3B09151C7A} => Key deleted successfully.
C:\Windows\System32\Tasks\At17 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At17 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{506D0DB8-EC04-4478-A0EF-E9C8BACD44C2} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{506D0DB8-EC04-4478-A0EF-E9C8BACD44C2} => Key deleted successfully.
C:\Windows\System32\Tasks\At23 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At23 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{59CC5B42-9DAA-49D5-814B-0FBB83AD7C68} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{59CC5B42-9DAA-49D5-814B-0FBB83AD7C68} => Key deleted successfully.
C:\Windows\System32\Tasks\At8 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At8 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{63369909-26CE-4ED8-AD96-78DF12356E04} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{63369909-26CE-4ED8-AD96-78DF12356E04} => Key deleted successfully.
C:\Windows\System32\Tasks\At14 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At14 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7AC685BE-879D-4AF6-AA94-D91A0AA72679} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7AC685BE-879D-4AF6-AA94-D91A0AA72679} => Key deleted successfully.
C:\Windows\System32\Tasks\At16 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At16 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7C0750E9-2D54-4782-BD64-8DFC676CEF69} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7C0750E9-2D54-4782-BD64-8DFC676CEF69} => Key deleted successfully.
C:\Windows\System32\Tasks\At13 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At13 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8BE67D72-FDD0-412F-A2BF-36415806C5FD} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8BE67D72-FDD0-412F-A2BF-36415806C5FD} => Key deleted successfully.
C:\Windows\System32\Tasks\At24 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At24 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A5B9D345-C11D-4E0A-9BE2-077B0C74BDD8} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A5B9D345-C11D-4E0A-9BE2-077B0C74BDD8} => Key deleted successfully.
C:\Windows\System32\Tasks\At15 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At15 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A9682324-32D9-45C9-908E-608EC6B80FBA} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A9682324-32D9-45C9-908E-608EC6B80FBA} => Key deleted successfully.
C:\Windows\System32\Tasks\At9 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At9 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C946C484-5047-474F-93B5-73FF61280CDC} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C946C484-5047-474F-93B5-73FF61280CDC} => Key deleted successfully.
C:\Windows\System32\Tasks\At10 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At10 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E0220ABC-E002-4AC1-9046-CF7A5428086A} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E0220ABC-E002-4AC1-9046-CF7A5428086A} => Key deleted successfully.
C:\Windows\System32\Tasks\At1 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At1 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E17FAD3F-420F-4CE9-A238-18BD8CEDDC7A} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E17FAD3F-420F-4CE9-A238-18BD8CEDDC7A} => Key deleted successfully.
C:\Windows\System32\Tasks\At6 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At6 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E26BAF39-A7A6-46F1-9F9F-65CEA49E10BB} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E26BAF39-A7A6-46F1-9F9F-65CEA49E10BB} => Key deleted successfully.
C:\Windows\System32\Tasks\At18 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At18 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E8E91512-0E90-4CB9-9F6E-27958E4B9098} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E8E91512-0E90-4CB9-9F6E-27958E4B9098} => Key deleted successfully.
C:\Windows\System32\Tasks\At20 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At20 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{EEE6C8EE-F16D-4EBB-84AC-884EF3546770} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EEE6C8EE-F16D-4EBB-84AC-884EF3546770} => Key deleted successfully.
C:\Windows\System32\Tasks\Tkjhljntu => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Tkjhljntu => Key deleted successfully.
C:\Windows\Tasks\Tkjhljntu.job => Moved successfully.
C:\ProgramData => ":$SS_DESCRIPTOR_LVVWVBGV0VFBTLX4D06YH7LVUTPXGJMBKE1R0WT1VH7E24F7PHCTVF4VMVFVVX4VM" ADS removed successfully.
"C:\Users\All Users" => ":$SS_DESCRIPTOR_LVVWVBGV0VFBTLX4D06YH7LVUTPXGJMBKE1R0WT1VH7E24F7PHCTVF4VMVFVVX4VM" ADS not found.
"C:\ProgramData\Application Data" => ":$SS_DESCRIPTOR_LVVWVBGV0VFBTLX4D06YH7LVUTPXGJMBKE1R0WT1VH7E24F7PHCTVF4VMVFVVX4VM" ADS not found.
C:\ProgramData\TEMP => ":720EA308" ADS removed successfully.
C:\ProgramData\TEMP => ":79F042EF" ADS removed successfully.
C:\ProgramData\TEMP => ":BEB15613" ADS removed successfully.

==== End of Fixlog ====
 
For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.

If you are using Vista or Windows 7 enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

  • Startup Repair
  • System Restore
  • Windows Complete PC Restore
  • Windows Memory Diagnostic Tool
  • Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-09-2013 02
Ran by SYSTEM on MINWINPC on 11-09-2013 21:54:37
Running from F:\
Windows Vista (TM) Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RAVCpl64.exe [6150656 2008-03-26] (Realtek Semiconductor)
HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] - RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [HP Health Check Scheduler] - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
HKLM\...\Run: [IAAnotif] - C:\Program Files (X86)\Intel\Intel Matrix Storage Manager\Iaanotif.exe [178712 2007-07-12] (Intel Corporation)
HKLM\...\Run: [AlienFX Controller] - C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe [57672 2009-05-20] (Alienware Corporation)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] - C:\Windows\KHALMNPR.EXE [130576 2009-04-22] (Logitech, Inc.)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] - C:\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] - rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1127496 2013-04-04] (Malwarebytes Corporation)
HKLM-x32\...\Run: [AVG_TRAY] - C:\AVG\AVG2012\avgtray.exe [2598520 2012-11-19] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642728 2012-09-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)
HKU\Bernard\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Bernard\...\Run: [igndlm.exe] - C:\Download Manager\dlm.exe [1103216 2009-05-14] (IGN Entertainment)
HKU\Bernard\...\Run: [KiesHelper] - C:\Samsung\Kies\KiesHelper.exe /s
HKU\Bernard\...\Run: [Akamai NetSession Interface] - C:\Users\Bernard\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-04] (Akamai Technologies, Inc.)
HKU\Bernard\...\Run: [RoboForm] - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [108136 2012-03-15] (Siber Systems)
HKU\Bernard\...\Run: [DAEMON Tools Lite] - "C:\DAEMON Tools Lite\DTLite.exe" -autorun
HKU\Bernard\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\Bernard\...\Run: [Messenger (Yahoo!)] - C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [972128 2008-04-14] (Hewlett-Packard)
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [972128 2008-04-14] (Hewlett-Packard)
Startup: C:\Users\Bernard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Kuma_Tray.lnk
ShortcutTarget: Kuma_Tray.lnk -> C:\Program Files (x86)\Kuma Games\kgsystray\Kuma_tray.exe ()
Startup: C:\Users\Bernard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ViiKiiDesktopPlugin.lnk
ShortcutTarget: ViiKiiDesktopPlugin.lnk -> C:\Program Files (x86)\ViiKiiDesktopPlugin\ViiKiiDesktopPlugin.exe (No File)
BootExecute: autocheck autochk * C:\AVG\AVG2012\avgrsa.exe /sync /restart

==================== Services (Whitelisted) =================

S2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.)
S2 AVGIDSAgent; C:\AVG\AVG2012\AVGIDSAgent.exe [5174392 2012-11-02] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\AVG\AVG2012\avgwdsvc.exe [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
S3 BITCOMET_HELPER_SERVICE; C:\BitComet\tools\BitCometService.exe [1296728 2010-12-28] (www.BitComet.com)
S2 HPBtnSrv; c:\hp\HPEZBTN\HPBtnSrv.exe [198240 2007-05-29] ()
S2 hshld; C:\Hotspot Shield\bin\openvpnas.exe [474992 2012-07-24] ()
S2 HssSrv; C:\Hotspot Shield\HssWPR\hsssrv.exe [404848 2012-07-24] (AnchorFree Inc.)
S3 HssTrayService; C:\Hotspot Shield\bin\HssTrayService.EXE [78072 2012-07-24] ()
S2 HssWd; C:\Hotspot Shield\bin\hsswd.exe [387440 2012-07-24] ()
S3 npggsvc; C:\Windows\SysWow64\GameMon.des [3549696 2010-05-25] (INCA Internet Co., Ltd.)
S2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-02-03] ()
S2 RadeonPro Support Service; C:\RadeonPro\RadeonProSupport.exe [12800 2011-02-10] (Mr. John aka japamd)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.)
S2 SBSDWSCService; C:\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S2 WajamUpdater; C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe [109064 2012-07-26] (Wajam)

==================== Drivers (Whitelisted) ====================

S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2009-10-02] ()
S3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [127328 2012-12-10] (AVG Technologies CZ, s.r.o. )
S3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )
S0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [28480 2012-04-19] (AVG Technologies CZ, s.r.o. )
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [307040 2012-11-08] (AVG Technologies CZ, s.r.o.)
S1 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)
S0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [36944 2012-01-31] (AVG Technologies CZ, s.r.o.)
S1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [384800 2013-04-11] (AVG Technologies CZ, s.r.o.)
S1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [254528 2011-02-23] (DT Soft Ltd)
S2 HOSTNT; C:\Windows\system32\drivers\hostnt.sys [13864 2012-05-13] (SafeNet, Inc.)
S2 HOSTNT; C:\Windows\system32\drivers\hostnt.sys [13864 2012-05-13] (SafeNet, Inc.)
S3 HSF_DP; C:\Windows\System32\DRIVERS\CAX_DP.sys [1487872 2008-05-08] (Conexant Systems, Inc.)
S1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [41704 2012-07-24] (AnchorFree Inc.)
S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2009-10-01] ()
S3 ncvet.dll; C:\Windows\Temp\ncvet.dll [24144 2011-09-14] (Beijing Joychina Network Technologies Co., Ltd.)
S3 ncvet.dll; C:\Windows\Temp\ncvet.dll [24144 2011-09-14] (Beijing Joychina Network Technologies Co., Ltd.)
S3 nmwcdcx64; C:\Windows\System32\drivers\ccdcmbox64.sys [25088 2009-10-06] (Nokia)
S3 nmwcdx64; C:\Windows\System32\drivers\ccdcmbx64.sys [18944 2009-10-06] (Nokia)
S3 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.)
S3 NPPTNT2; C:\Windows\SysWow64\npptNT2.sys [4682 2005-01-01] (INCA Internet Co., Ltd.)
S3 PLCNDIS5; C:\Windows\SysWow64\PLCNDIS5.SYS [17280 2004-04-26] (Intellon, Inc.)
S3 Ps2; C:\Windows\System32\DRIVERS\PS2.sys [21504 2006-09-07] ()
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [871408 2009-08-28] (Duplex Secure Ltd.)
S3 UsbserFilt; C:\Windows\System32\DRIVERS\usbser_lowerfltx64j.sys [8704 2009-10-06] (Nokia)
S3 X6va006; C:\Users\Bernard\AppData\Local\Temp\006955E.tmp [17192 2012-03-17] ()
S3 X6va006; C:\Users\Bernard\AppData\Local\Temp\006955E.tmp [17192 2012-03-17] ()
S2 YLMFVDISK; C:\Windows\System32\drivers\VirtDisk64.sys [23896 2011-12-08] ()
S5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-20] (Microsoft Corporation)
S3 dump_wmimmc; \??\C:\ijji\ENGLISH\AVA\Binaries\GameGuard\dump_wmimmc.sys [x]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 PLCMPR5; \??\C:\Windows\system32\PLCMPR5.SYS [x]
S3 PLCNDIS5; \??\C:\Windows\system32\PLCNDIS5.SYS [x]
S3 X6va002; \??\C:\Users\Bernard\AppData\Local\Temp\002E129.tmp [x]
S3 X6va005; \??\C:\Users\Bernard\AppData\Local\Temp\005B0D0.tmp [x]
S3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-11 17:29 - 2013-09-11 17:31 - 01949642 _____ (Farbar) C:\Users\Bernard\Desktop\FRST64.exe
2013-09-11 16:08 - 2013-09-11 18:06 - 02899344 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Bernard\Desktop\avg_remover_stf_x64_2012_2125.exe
2013-09-11 16:08 - 2013-09-11 16:08 - 00000758 _____ C:\Users\Bernard\Desktop\avgremover.log
2013-09-11 16:08 - 2013-09-11 16:08 - 00000000 ____D C:\FRST
2013-09-11 16:02 - 2013-09-11 16:03 - 00000000 ___SD C:\ComboFix
2013-09-11 15:57 - 2011-06-25 22:45 - 00256000 _____ C:\Windows\PEV.exe
2013-09-11 15:57 - 2010-11-07 09:20 - 00208896 _____ C:\Windows\MBR.exe
2013-09-11 15:57 - 2009-04-19 20:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-09-11 15:57 - 2000-08-30 16:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-09-11 15:57 - 2000-08-30 16:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-09-11 15:57 - 2000-08-30 16:00 - 00098816 _____ C:\Windows\sed.exe
2013-09-11 15:57 - 2000-08-30 16:00 - 00080412 _____ C:\Windows\grep.exe
2013-09-11 15:57 - 2000-08-30 16:00 - 00068096 _____ C:\Windows\zip.exe
2013-09-11 15:49 - 2013-09-11 15:57 - 00000000 ____D C:\Qoobox
2013-09-11 15:48 - 2013-09-11 15:48 - 00000000 ____D C:\Windows\erdnt
2013-09-11 15:42 - 2013-09-11 17:28 - 05124599 ____R (Swearware) C:\Users\Bernard\Desktop\ComboFix.exe
2013-09-11 05:05 - 2013-09-11 05:05 - 00024352 _____ C:\Users\Bernard\Desktop\dds.txt
2013-09-11 05:00 - 2013-09-11 15:48 - 00000000 ____D C:\anti virus
2013-09-11 04:10 - 2013-09-11 04:10 - 00000000 ____D C:\Users\Bernard\AppData\Roaming\Malwarebytes
2013-09-11 04:09 - 2013-09-11 04:09 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-11 04:09 - 2013-09-11 04:09 - 00000000 ____D C:\Malwarebytes' Anti-Malware
2013-09-11 04:09 - 2013-04-04 12:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-09-11 03:33 - 2013-09-11 03:33 - 00000000 ____D C:\Users\Bernard\Documents\HTST - Copy
2013-09-11 01:04 - 2013-07-31 06:17 - 17833472 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-09-11 01:04 - 2013-07-31 05:42 - 10926080 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-09-11 01:04 - 2013-07-31 05:29 - 02312704 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-09-11 01:04 - 2013-07-31 05:20 - 01346560 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-09-11 01:04 - 2013-07-31 05:19 - 01392128 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-09-11 01:04 - 2013-07-31 05:18 - 01494528 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-09-11 01:04 - 2013-07-31 05:17 - 00237056 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
2013-09-11 01:04 - 2013-07-31 05:16 - 00085504 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-09-11 01:04 - 2013-07-31 05:14 - 00173056 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-09-11 01:04 - 2013-07-31 05:13 - 00816640 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-09-11 01:04 - 2013-07-31 05:13 - 00599040 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-09-11 01:04 - 2013-07-31 05:11 - 02147840 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-09-11 01:04 - 2013-07-31 05:11 - 00729088 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-09-11 01:04 - 2013-07-31 05:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-09-11 01:04 - 2013-07-31 05:08 - 02382848 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-09-11 01:04 - 2013-07-31 05:05 - 00248320 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-09-11 01:04 - 2013-07-31 02:30 - 12335104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-11 01:04 - 2013-07-31 02:05 - 09738752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-11 01:04 - 2013-07-31 02:00 - 01800704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-11 01:04 - 2013-07-31 01:53 - 01104896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-11 01:04 - 2013-07-31 01:52 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-09-11 01:04 - 2013-07-31 01:52 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-11 01:04 - 2013-07-31 01:51 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-09-11 01:04 - 2013-07-31 01:49 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-11 01:04 - 2013-07-31 01:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-11 01:04 - 2013-07-31 01:48 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-09-11 01:04 - 2013-07-31 01:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-09-11 01:04 - 2013-07-31 01:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-11 01:04 - 2013-07-31 01:46 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-11 01:04 - 2013-07-31 01:45 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-11 01:04 - 2013-07-31 01:45 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-09-11 01:04 - 2013-07-31 01:42 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-10 19:55 - 2013-08-07 18:03 - 02775552 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-09-10 19:55 - 2013-07-16 01:25 - 00689152 _____ (Microsoft Corporation) C:\Windows\System32\themeui.dll
2013-09-10 19:55 - 2013-07-15 20:35 - 00615936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\themeui.dll
2013-09-08 21:56 - 2013-09-08 21:56 - 00000000 ____D C:\Users\Bernard\Documents\Larian Studios
2013-09-08 21:48 - 2013-09-08 21:48 - 00372488 _____ C:\Users\Bernard\AppData\Local\dd_vcredistMSI3AEB.txt
2013-09-08 21:48 - 2013-09-08 21:48 - 00011462 _____ C:\Users\Bernard\AppData\Local\dd_vcredistUI3AEB.txt
2013-09-08 21:29 - 2013-09-09 15:10 - 00000000 ____D C:\Divinity Dragon Commander
2013-08-27 17:29 - 2013-08-02 06:06 - 01706496 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2013-08-27 17:29 - 2013-08-01 20:09 - 01548288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-13 21:30 - 2013-07-17 12:01 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\tzres.dll
2013-08-13 21:30 - 2013-07-17 11:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-13 21:30 - 2013-07-10 01:47 - 00677888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-13 21:30 - 2013-07-10 01:42 - 01303552 _____ (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll
2013-08-13 21:30 - 2013-07-09 04:04 - 01585256 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2013-08-13 21:30 - 2013-07-09 04:04 - 01168088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-13 21:30 - 2013-07-07 20:51 - 04691904 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-08-13 21:30 - 2013-07-07 20:20 - 00172544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-13 21:30 - 2013-07-07 20:20 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-13 21:30 - 2013-07-07 20:18 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-13 21:30 - 2013-07-07 20:16 - 00992768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-13 21:30 - 2013-07-07 20:16 - 00133120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-13 21:30 - 2013-07-07 20:16 - 00098304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-13 21:30 - 2013-07-07 20:15 - 00234496 _____ (Microsoft Corporation) C:\Windows\System32\wow64.dll
2013-08-13 21:30 - 2013-07-07 20:15 - 00218624 _____ (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2013-08-13 21:30 - 2013-07-07 20:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2013-08-13 21:30 - 2013-07-07 20:12 - 01276416 _____ (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-08-13 21:30 - 2013-07-07 20:12 - 00174592 _____ (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-08-13 21:30 - 2013-07-07 20:12 - 00132096 _____ (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-08-13 21:30 - 2013-07-07 17:39 - 00026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-13 21:30 - 2013-07-07 17:39 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-13 21:30 - 2013-07-07 17:39 - 00002560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-13 21:30 - 2013-07-04 20:45 - 01423808 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-08-13 21:30 - 2013-06-15 05:27 - 00020480 _____ (Microsoft Corporation) C:\Windows\System32\icaapi.dll
2013-08-13 21:30 - 2013-06-15 03:38 - 00029184 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tssecsrv.sys

==================== One Month Modified Files and Folders =======

2013-09-11 18:06 - 2013-09-11 16:08 - 02899344 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Bernard\Desktop\avg_remover_stf_x64_2012_2125.exe
2013-09-11 17:31 - 2013-09-11 17:29 - 01949642 _____ (Farbar) C:\Users\Bernard\Desktop\FRST64.exe
2013-09-11 17:28 - 2013-09-11 15:42 - 05124599 ____R (Swearware) C:\Users\Bernard\Desktop\ComboFix.exe
2013-09-11 16:08 - 2013-09-11 16:08 - 00000758 _____ C:\Users\Bernard\Desktop\avgremover.log
2013-09-11 16:08 - 2013-09-11 16:08 - 00000000 ____D C:\FRST
2013-09-11 16:03 - 2013-09-11 16:02 - 00000000 ___SD C:\ComboFix
2013-09-11 15:57 - 2013-09-11 15:49 - 00000000 ____D C:\Qoobox
2013-09-11 15:48 - 2013-09-11 15:48 - 00000000 ____D C:\Windows\erdnt
2013-09-11 15:48 - 2013-09-11 05:00 - 00000000 ____D C:\anti virus
2013-09-11 06:06 - 2009-08-10 19:25 - 00000732 _____ C:\Users\Bernard\AppData\Local\d3d9caps64.dat
2013-09-11 05:23 - 2010-11-13 13:33 - 00002032 _____ C:\Users\Bernard\AppData\Local\d3d9caps.dat
2013-09-11 05:23 - 2010-06-19 02:31 - 00000000 ____D C:\Users\Bernard\AppData\Roaming\vlc
2013-09-11 05:05 - 2013-09-11 05:05 - 00024352 _____ C:\Users\Bernard\Desktop\dds.txt
2013-09-11 04:41 - 2008-01-20 19:26 - 00246110 _____ C:\Windows\PFRO.log
2013-09-11 04:10 - 2013-09-11 04:10 - 00000000 ____D C:\Users\Bernard\AppData\Roaming\Malwarebytes
2013-09-11 04:09 - 2013-09-11 04:09 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-11 04:09 - 2013-09-11 04:09 - 00000000 ____D C:\Malwarebytes' Anti-Malware
2013-09-11 04:02 - 2009-08-10 21:31 - 00000000 ____D C:\Program Installers
2013-09-11 03:33 - 2013-09-11 03:33 - 00000000 ____D C:\Users\Bernard\Documents\HTST - Copy
2013-09-11 03:13 - 2009-08-10 19:18 - 01245360 _____ C:\Windows\WindowsUpdate.log
2013-09-11 03:08 - 2006-11-02 07:21 - 00411064 _____ C:\Windows\System32\FNTCACHE.DAT
2013-09-11 01:23 - 2006-11-02 07:42 - 00032584 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-11 01:23 - 2006-11-02 07:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-11 01:23 - 2006-11-02 07:22 - 00003616 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-11 01:23 - 2006-11-02 07:22 - 00003616 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-11 01:20 - 2009-08-10 23:31 - 00000000 ____D C:\BitComet
2013-09-11 01:06 - 2009-09-13 18:57 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-11 00:52 - 2010-05-27 02:06 - 00000900 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-10 21:46 - 2009-08-12 00:00 - 00000000 ____D C:\Clips
2013-09-10 16:27 - 2012-02-24 22:32 - 00000000 ____D C:\Windows\System32\Drivers\AVG
2013-09-10 16:05 - 2009-08-11 21:22 - 00000000 ____D C:\Steam
2013-09-10 14:12 - 2010-05-27 02:06 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-09 15:10 - 2013-09-08 21:29 - 00000000 ____D C:\Divinity Dragon Commander
2013-09-09 02:52 - 2009-12-21 00:47 - 00000000 ____D C:\Movies
2013-09-09 00:36 - 2006-11-02 04:46 - 00777444 _____ C:\Windows\System32\PerfStringBackup.INI
2013-09-09 00:28 - 2009-08-10 23:32 - 00000000 ____D C:\Torrents
2013-09-08 22:55 - 2009-08-10 21:32 - 00000000 ____D C:\Mozilla Firefox
2013-09-08 21:56 - 2013-09-08 21:56 - 00000000 ____D C:\Users\Bernard\Documents\Larian Studios
2013-09-08 21:48 - 2013-09-08 21:48 - 00372488 _____ C:\Users\Bernard\AppData\Local\dd_vcredistMSI3AEB.txt
2013-09-08 21:48 - 2013-09-08 21:48 - 00011462 _____ C:\Users\Bernard\AppData\Local\dd_vcredistUI3AEB.txt
2013-09-08 21:47 - 2009-08-11 17:07 - 01084497 _____ C:\Windows\DirectX.log
2013-09-08 21:01 - 2009-08-11 13:21 - 00000000 ____D C:\Games
2013-09-07 17:35 - 2013-02-16 00:13 - 00000000 ____D C:\Strike Suit Zero
2013-09-07 17:32 - 2008-05-12 10:56 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-09-07 16:55 - 2009-08-12 00:01 - 00022016 _____ C:\Users\Bernard\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-09-07 16:51 - 2011-07-17 23:32 - 00000000 ____D C:\Users\Bernard\AppData\Roaming\dvdcss
2013-09-06 15:47 - 2010-12-05 16:47 - 00000000 ____D C:\Users\Bernard\AppData\Local\Paint.NET
2013-08-30 23:18 - 2010-03-02 23:14 - 00000000 ____D C:\Users\Bernard\AppData\Roaming\Skype
2013-08-30 12:45 - 2006-11-02 07:27 - 00156805 _____ C:\Windows\setupact.log
2013-08-30 00:00 - 2009-08-11 02:48 - 00000000 ____D C:\Anime
2013-08-22 21:11 - 2013-03-12 20:40 - 00000000 _____ C:\END
2013-08-19 05:11 - 2010-10-20 23:05 - 00000000 ____D C:\ipad
2013-08-14 01:47 - 2006-11-02 05:33 - 00000000 ____D C:\Windows\rescache

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================


==================== Memory info ===========================

Percentage of memory in use: 13%
Total physical RAM: 6142.39 MB
Available physical RAM: 5322.3 MB
Total Pagefile: 5721.81 MB
Available Pagefile: 5298.5 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Drives ================================

Drive c: (HP) (Fixed) (Total:687.32 GB) (Free:2.69 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (FACTORY_IMAGE) (Fixed) (Total:11.31 GB) (Free:1.5 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (USB DISK) (Removable) (Total:57.58 GB) (Free:0.3 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 699 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=687 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=11 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 58 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=58 GB) - (Type=0C)


LastRegBack: 2013-09-11 15:43

==================== End Of Log ============================
 
Looks clean now.

I need to know when was the last time (date) when you were able to boot normally.

You will need a USB flash drive.

Download GETxPUD.exe to the desktop of your clean computer
  • Run GETxPUD.exe
  • A new folder will appear on the desktop.
  • Open the GETxPUD folder and click on the get&burn.bat
  • The program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.
  • Click on Start and follow the prompts to burn the image to a CD.
  • Next download rst.sh to your USB flash drive
  • Remove the USB & CD and insert it in the sick computer
  • Boot the Sick computer with the CD you just burned
  • The computer must be set to boot from the CD
  • Gently tap F12 and choose to boot from the CD
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Confirm that you see rst.sh that you downloaded there
  • Press Tool at the top
  • Choose Open Terminal
  • Type bash rst.sh
  • Press Enter
  • After it has finished a report will be located on your USB drive named enum.log
  • Remove the USB drive and insert it back in your working computer and navigate to enum.log

    Please note - all text entries are case sensitive
Copy and paste the enum.log for my review
 
xPUD isn't working. Here's what I'm seeing:

Fatal server error:
no screens found

Please consult the The X.Org Foundation support at http://wiki.x.org for help.
Please also check the log file at "/var/log/Xorg.0.log" for additional information.

ddxSigGiveUp: Closing Log
[ 6.096902] sd 0:0:0:0: [sdb] Assuming drive cache: write through
[ 6.101146] sd 0:0:0:0: [sdb] Assuming drive cache: write through
[ 6.105648] sd 0:0:0:0: [sdb] Assuming drive cache: write through
giving up.
xinit: No such file or directory (errno 2): unable to connect to X server
xinit: No such process (errno 3): Server error.
xauth: (argv):1: bad display name "(none):0" in "remove" command
sh: no job control in this shell
sh-4.0#
 
At what point are you getting such error?

My bed time is coming so what you can also try is to boot back to safe mode and try some restore point prior to the issue.
 
Update: I can boot up Vista normally but it takes an extremely long time. My computer also slows down to a crawl once it's loaded up. So at least there's progress. I guess we'll continue this tomorrow, good night to you.
 
Very well :)

Re-run DDS and MBAM in normal mode and post fresh logs.
Make sure you update MBAM.
 
Sorry I got back to you so late, but my OS does load up and run and normal speed now. Also, may I know what was wrong with my computer and what you did to it to fix it? Because after the fix, I noticed that I could no longer mount images, and that uninstalling Daemon Tools would give me a BSOD. Anyway, here are the logs, MBAM first:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.09.16.01

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Bernard :: BERNARD-PC [administrator]

16/09/2013 1:15:31 AM
mbam-log-2013-09-16 (01-15-31).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 289187
Time elapsed: 26 minute(s), 3 second(s)

Memory Processes Detected: 1
C:\Program Files (x86)\Wajam\Updater\WAJAMUPDATER.EXE (PUP.Optional.Wajam.A) -> 2940 -> No action taken.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 35
HKLM\SYSTEM\CurrentControlSet\Services\WajamUpdater (PUP.Optional.Wajam.A) -> No action taken.
HKCR\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2} (PUP.Optional.Wajam.A) -> No action taken.
HKCR\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2} (PUP.Optional.Wajam.A) -> No action taken.
HKCR\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D} (PUP.Optional.Wajam.A) -> No action taken.
HKCR\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} (PUP.Optional.Wajam.A) -> No action taken.
HKCR\wajam.WajamBHO.1 (PUP.Optional.Wajam.A) -> No action taken.
HKCR\wajam.WajamBHO (PUP.Optional.Wajam.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} (PUP.Optional.Wajam.A) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} (PUP.Optional.Wajam.A) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} (PUP.Optional.Wajam.A) -> No action taken.
HKCR\AppID\{1DD31B76-C57E-49ba-94BC-BF53F0C82CD4} (PUP.Funshion) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1DD31B76-C57E-49ba-94BC-BF53F0C82CD4} (PUP.Funshion) -> No action taken.
HKCR\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634} (PUP.Optional.Wajam.A) -> No action taken.
HKCR\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17} (PUP.Optional.Wajam.A) -> No action taken.
HKCR\CLSID\{11CC93E4-0BE6-4f8f-82AA-D577FB955B05} (PUP.Funshion) -> No action taken.
HKCR\TypeLib\{F9BC0421-BB5C-447d-8547-BB45AFA80A4D} (PUP.Funshion) -> No action taken.
HKCR\Interface\{4D89001B-5B5B-4E76-A1F5-638E49DB7A58} (PUP.Funshion) -> No action taken.
HKCR\AddressSearch.JsObject.1 (PUP.Funshion) -> No action taken.
HKCR\AddressSearch.JsObject (PUP.Funshion) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11CC93E4-0BE6-4F8F-82AA-D577FB955B05} (PUP.Funshion) -> No action taken.
HKCR\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5} (PUP.Optional.Wajam.A) -> No action taken.
HKCR\wajam.WajamDownloader.1 (PUP.Optional.Wajam.A) -> No action taken.
HKCR\wajam.WajamDownloader (PUP.Optional.Wajam.A) -> No action taken.
HKCR\CLSID\{91878E42-FC03-4785-B513-1F9E613D1027} (PUP.Funshion) -> No action taken.
HKCR\TypeLib\{D02E3AB9-7796-40cb-BDFC-20D834FE1F75} (PUP.Funshion) -> No action taken.
HKCR\Interface\{FCB380C4-D350-44BE-8791-50216F4747AC} (PUP.Funshion) -> No action taken.
HKCR\ASBarBroker.BDBroker.1 (PUP.Funshion) -> No action taken.
HKCR\ASBarBroker.BDBroker (PUP.Funshion) -> No action taken.
HKCR\CLSID\{FBEDBA6C-44A2-43b9-BD49-20EB6E0C4E86} (PUP.Funshion) -> No action taken.
HKCR\AddressSearch.SnavHttpProtocol.1 (PUP.Funshion) -> No action taken.
HKCR\AddressSearch.SnavHttpProtocol (PUP.Funshion) -> No action taken.
HKCR\AppID\priam_bho.DLL (PUP.Optional.Wajam.A) -> No action taken.
HKCU\SOFTWARE\WAJAM (PUP.Optional.Wajam.A) -> No action taken.
HKLM\SOFTWARE\WAJAM (PUP.Optional.Wajam.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wajam (PUP.Optional.Wajam.A) -> No action taken.

Registry Values Detected: 2
HKCU\Software\Wajam|affiliate_id (PUP.Optional.Wajam.A) -> Data: 5921 -> No action taken.
HKLM\SOFTWARE\Wajam|red (PUP.Optional.Wajam.A) -> Data: 1 -> No action taken.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 4
C:\Program Files (x86)\Wajam (PUP.Optional.Wajam.A) -> No action taken.
C:\Program Files (x86)\Wajam\Firefox (PUP.Optional.Wajam.A) -> No action taken.
C:\Program Files (x86)\Wajam\IE (PUP.Optional.Wajam.A) -> No action taken.
C:\Program Files (x86)\Wajam\Updater (PUP.Optional.Wajam.A) -> No action taken.

Files Detected: 12
C:\Program Files (x86)\Wajam\Updater\WAJAMUPDATER.EXE (PUP.Optional.Wajam.A) -> No action taken.
C:\Program Files (x86)\Wajam\IE\PRIAM_BHO.DLL (PUP.Optional.Wajam.A) -> No action taken.
C:\Users\Bernard\AppData\Local\Temp\0YudRA7T.exe.part (PUP.Optional.SweetIM) -> No action taken.
C:\Users\Bernard\AppData\Local\Temp\ct2737658\ffLogic.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Bernard\AppData\Local\Temp\ct2737658\ieLogic.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Bernard\AppData\Local\Temp\ct2737658\spff.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Bernard\AppData\Local\Temp\ct2737658\statisticsStub.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Program Files (x86)\Wajam\uninstall.exe (PUP.Optional.Wajam.A) -> No action taken.
C:\Program Files (x86)\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi (PUP.Optional.Wajam.A) -> No action taken.
C:\Program Files (x86)\Wajam\IE\favicon.ico (PUP.Optional.Wajam.A) -> No action taken.
C:\Program Files (x86)\Wajam\IE\wajamLogo.bmp (PUP.Optional.Wajam.A) -> No action taken.
C:\Program Files (x86)\Wajam\Updater\update.exe (PUP.Optional.Wajam.A) -> No action taken.

(end)
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16506 BrowserJavaVersion: 10.13.2
Run by Bernard at 21:30:57 on 2013-09-15
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\AVG\AVG2012\avgrsa.exe
C:\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\AVG\AVG2012\avgnsa.exe
c:\hp\HPEZBTN\HPBtnSrv.exe
C:\Hotspot Shield\HssWPR\hsssrv.exe
C:\Hotspot Shield\bin\hsswd.exe
C:\Program Files (X86)\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\RadeonPro\RadeonProSupport.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Spybot - Search & Destroy\SDWinSec.exe
C:\AVG\AVG2012\AVGIDSAgent.exe
C:\WINDOWS\RAVCpl64.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Bernard\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Alienware\Alienware TactX Mouse CI\AWMouseCI.exe
C:\Program Files (x86)\Kuma Games\kgsystray\Kuma_tray.exe
C:\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\iTunes\iTunesHelper.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\Bernard\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
C:\Windows\SysWOW64\conime.exe
c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Alienware\Command Center\AlienFXHook32Mngr.exe
C:\Program Files\Alienware\Command Center\AlienFXHook64Mngr.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
C:\Windows\system32\wuauclt.exe
C:\Waterfox\waterfox.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=83&bd=Pavilion&pf=cndt
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=83&bd=Pavilion&pf=cndt
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=83&bd=Pavilion&pf=cndt
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=83&bd=Pavilion&pf=cndt
uProxyServer = hxxp=183.181.25.248:80
uProxyOverride = 127.0.0.1:9421;*.local;<local>
mURLSearchHooks: FreeOnlineRadioPlayerRecorder Toolbar: {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFree.dll
mWinlogon: Userinit = userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO: FGCatchUrl: {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\FlashGet\jccatch.dll
BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\AVG\AVG2012\avgdtiex.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\AVG\AVG2012\avgssie.dll
BHO: 3F2D81A2-AB9C-DA82-039C-33E7BC2362D3 Class: {3F2D81A2-AB9C-DA82-039C-33E7BC2362D3} -
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Spybot - Search & Destroy\SDHelper.dll
BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Wajam: {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: FlashGet GetFlash Class: {F156768E-81EF-470C-9057-481BA8380DBA} - C:\FlashGet\getflash.dll
BHO: FreeOnlineRadioPlayerRecorder Toolbar: {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFree.dll
BHO: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - <orphaned>
TB: &RoboForm Toolbar: {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB: FreeOnlineRadioPlayerRecorder Toolbar: {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFree.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [igndlm.exe] C:\Download Manager\dlm.exe /windowsstart /startifwork
uRun: [KiesHelper] C:\Samsung\Kies\KiesHelper.exe /s
uRun: [Akamai NetSession Interface] "C:\Users\Bernard\AppData\Local\Akamai\netsession_win.exe"
uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
uRun: [DAEMON Tools Lite] "C:\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
mRun: [AVG_TRAY] "C:\AVG\AVG2012\avgtray.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\Bernard\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\KUMA_T~1.LNK - C:\Program Files (x86)\Kuma Games\kgsystray\Kuma_tray.exe
StartupFolder: C:\Users\Bernard\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\VIIKII~1.LNK - C:\Program Files (x86)\ViiKiiDesktopPlugin\ViiKiiDesktopPlugin.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AWMOUS~1.LNK - C:\Program Files\Alienware\Alienware TactX Mouse CI\AWMouseCI.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\GAMERS~1.LNK - C:\Program Files (x86)\GamersFirst\LIVE!\Live.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: &?????? - <no file>
IE: &?????????? - <no file>
IE: &Download All with FlashGet - C:\FlashGet\jc_all.htm
IE: &Download with FlashGet - C:\FlashGet\jc_link.htm
IE: &E1OAOAƒÊ‹IAOO - <no file>
IE: &E1OAOAƒÊ‹IAOOEá2?AL?O - <no file>
IE: &U????????? - <no file>
IE: &U?????????????????? - <no file>
IE: &UE1OAA~EEIAOO2‘EO2O - <no file>
IE: &UE1OAA~EEIAOO2‘EO2O - <no file>
IE: &UŽg—p•Äl‰º?›ó¾åU - <no file>
IE: &UŽg—p•Äl‰º?›ó¾åU - <no file>
IE: &E1OAOAƒÊ‹IAOO - <no file>
IE: &E1OAOAƒÊ‹IAOOEá2?AL?O - <no file>
IE: &Žg—p115?’`‰º? - <no file>
IE: &Žg—p115?’`‰º?‘S•”?Ú - <no file>
IE: &Žg—p?’`‰º? - <no file>
IE: &Žg—p?’`‰º?‘S•”?Ú - <no file>
IE: &ѸÀ×ÏÂÔص½ÊÖ» - <no file>
IE: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Download with Xilisoft Download YouTube Video - C:\Xilisoft\Download YouTube Video\upod_link.HTM
IE: Download with Xilisoft YouTube Video Converter - C:\Xilisoft\YouTube Video Converter\upod_link.HTM
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Show RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\AVG\AVG2012\avgdtiex.dll
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\FlashGet\FlashGet.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Spybot - Search & Destroy\SDHelper.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files%20(x86)/UNO%20-%20Undercover/Images/stg_drm.ocx
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files%20(x86)/UNO%20-%20Undercover/Images/armhelper.ocx
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{081F9EF9-9B38-4560-8DE5-BCF5512DA67E} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{1E2774A5-2766-4D2A-9844-B884397420A9} : NameServer = 208.67.222.222,208.67.220.220
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\AVG\AVG2012\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\MP3 Skype Recorder\Skype4COM.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
x64-mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=83&bd=Pavilion&pf=cndt
x64-mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=83&bd=Pavilion&pf=cndt
x64-BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\AVG\AVG2012\avgdtiea.dll
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\AVG\AVG2012\avgssiea.dll
x64-BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-Run: [Windows Defender] C:\Program Files (x86)\Windows Defender\MSASCui.exe -hide
x64-Run: [RtHDVCpl] RAVCpl64.exe
x64-Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\System32\NvCpl.dll,NvStartup
x64-Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\System32\NvMcTray.dll,NvTaskbarInit
x64-Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
x64-Run: [IAAnotif] "C:\Program Files (X86)\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
x64-Run: [AlienFX Controller] "C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe"
x64-Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
x64-mPolicies-Explorer: NoActiveDesktop = dword:1
x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
x64-IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\AVG\AVG2012\avgdtiea.dll
x64-IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\AVG\AVG2012\avgppa.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\pwuuhfhm.default\
FF - prefs.js: network.proxy.type - 2
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Users\Bernard\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\pwuuhfhm.default\extensions\CSWebLauncher@cyberstep.com\plugins\npCsWebLauncher.dll
FF - plugin: C:\Windows\System32\Macromed\Flash\NPSWF64_11_7_700_169.dll
FF - ExtSQL: 2013-08-09 17:08; firefox@mega.co.nz; C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\pwuuhfhm.default\extensions\firefox@mega.co.nz.xpi
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
P2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-7-14 8704]
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-4-19 28480]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-1-31 36944]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-11-8 307040]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2011-12-23 47696]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-4-11 384800]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2011-2-23 254528]
R1 HssDRV6;Hotspot Shield Routing Driver 6;C:\Windows\System32\drivers\hssdrv6.sys [2012-7-24 41704]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2008-1-20 27648]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-10-26 239616]
R2 AVGIDSAgent;AVGIDSAgent;C:\AVG\AVG2012\avgidsagent.exe [2012-11-2 5174392]
R2 avgwd;AVG WatchDog;C:\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
R2 HOSTNT;Hostnt;C:\Windows\System32\drivers\hostnt.sys [2012-5-13 13864]
R2 HPBtnSrv;HP Chasis Button Service;C:\hp\HPEZBTN\HPBtnSrv.exe [2008-5-12 198240]
R2 HssWd;Hotspot Shield Monitoring Service;C:\Hotspot Shield\bin\hsswd.exe [2012-7-24 387440]
R2 RadeonPro Support Service;RadeonPro Support Service;C:\RadeonPro\RadeonProSupport.exe [2012-3-8 12800]
R2 SBSDWSCService;SBSD Security Center Service;C:\Spybot - Search & Destroy\SDWinSec.exe [2010-2-17 1153368]
R2 WajamUpdater;WajamUpdater;C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe [2012-7-26 109064]
R2 YLMFVDISK;YLMF Virtual Diskette V1;C:\Windows\System32\drivers\VirtDisk64.sys [2012-4-14 23896]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdLH6.sys [2012-2-23 92176]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-12-10 127328]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\avgidsfiltera.sys [2011-12-23 29776]
R3 CAXHWBS2;CAXHWBS2;C:\Windows\System32\drivers\CAXHWBS2.sys [2008-5-8 411136]
R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;C:\Windows\System32\drivers\netr28x.sys [2008-5-12 405504]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-4-19 1022632]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 hshld;Hotspot Shield Service;C:\Hotspot Shield\bin\openvpnas.exe [2012-7-24 474992]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]
S3 AmdLLD64;AMD Low Level Device Driver;C:\Windows\System32\drivers\AmdLLD64.sys [2011-6-15 39424]
S3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;C:\BitComet\tools\BitCometService.exe -service --> C:\BitComet\tools\BitCometService.exe -service [?]
S3 HCW85BDA;Hauppauge WinTV 885 Video Capture;C:\Windows\System32\drivers\HCW85BDA.sys [2008-5-12 1379584]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\System32\drivers\MijXfilt.sys [2011-12-18 121416]
S3 ncvet.dll;ncvet.dll;C:\WINDOWS\Temp\ncvet.dll [2011-9-14 24144]
S3 nmwcdcx64;Nokia USB Generic;C:\Windows\System32\drivers\ccdcmbox64.sys [2009-10-6 25088]
S3 nmwcdx64;Nokia USB Phone Parent;C:\Windows\System32\drivers\ccdcmbx64.sys [2009-10-6 18944]
S3 NPF;NetGroup Packet Filter Driver;C:\Windows\System32\drivers\npf.sys [2010-6-25 35344]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?]
S3 PerfHost;Performance Counter DLL Host;C:\WINDOWS\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 X6va006;X6va006;C:\Users\Bernard\AppData\Local\Temp\006955E.tmp [2012-3-17 17192]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2010-9-22 89920]
.
=============== File Associations ===============
.
FileExt: .js: JSFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2013-08-08 02:03:11 2775552 ----a-w- C:\Windows\System32\win32k.sys
2013-08-07 10:22:02 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-08-02 14:06:01 1706496 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-08-02 04:09:35 1548288 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-31 14:17:31 17833472 ----a-w- C:\Windows\System32\mshtml.dll
2013-07-31 13:42:12 10926080 ----a-w- C:\Windows\System32\ieframe.dll
2013-07-31 13:29:19 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2013-07-31 13:20:02 1346560 ----a-w- C:\Windows\System32\urlmon.dll
2013-07-31 13:19:03 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-07-31 13:18:24 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-07-31 13:17:24 237056 ----a-w- C:\Windows\System32\url.dll
2013-07-31 13:16:12 85504 ----a-w- C:\Windows\System32\jsproxy.dll
2013-07-31 13:14:29 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-07-31 13:13:07 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-07-31 13:13:05 816640 ----a-w- C:\Windows\System32\jscript.dll
2013-07-31 13:11:46 2147840 ----a-w- C:\Windows\System32\iertutil.dll
2013-07-31 13:11:41 729088 ----a-w- C:\Windows\System32\msfeeds.dll
2013-07-31 13:09:35 96768 ----a-w- C:\Windows\System32\mshtmled.dll
2013-07-31 13:08:44 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-07-31 13:05:14 248320 ----a-w- C:\Windows\System32\ieui.dll
2013-07-31 10:30:56 12335104 ----a-w- C:\Windows\SysWow64\mshtml.dll
2013-07-31 10:05:18 9738752 ----a-w- C:\Windows\SysWow64\ieframe.dll
2013-07-31 10:00:20 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-07-31 09:53:17 1104896 ----a-w- C:\Windows\SysWow64\urlmon.dll
2013-07-31 09:52:44 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-07-31 09:52:34 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-07-31 09:51:29 231936 ----a-w- C:\Windows\SysWow64\url.dll
2013-07-31 09:49:58 65024 ----a-w- C:\Windows\SysWow64\jsproxy.dll
2013-07-31 09:48:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-07-31 09:48:28 717824 ----a-w- C:\Windows\SysWow64\jscript.dll
2013-07-31 09:48:09 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-07-31 09:47:20 607744 ----a-w- C:\Windows\SysWow64\msfeeds.dll
2013-07-31 09:46:37 1796096 ----a-w- C:\Windows\SysWow64\iertutil.dll
2013-07-31 09:45:59 73216 ----a-w- C:\Windows\SysWow64\mshtmled.dll
2013-07-31 09:45:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-07-31 09:42:36 176640 ----a-w- C:\Windows\SysWow64\ieui.dll
2013-07-17 20:01:51 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-07-17 19:41:34 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-07-16 09:25:53 689152 ----a-w- C:\Windows\System32\themeui.dll
2013-07-16 04:35:16 615936 ----a-w- C:\Windows\SysWow64\themeui.dll
2013-07-10 09:47:49 677888 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2013-07-10 09:42:55 1303552 ----a-w- C:\Windows\System32\rpcrt4.dll
2013-07-09 12:04:30 1585256 ----a-w- C:\Windows\System32\ntdll.dll
2013-07-09 12:04:30 1168088 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-07-08 04:51:57 4691904 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-07-08 04:20:17 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-07-08 04:20:04 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2013-07-08 04:18:51 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-07-08 04:16:55 98304 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-07-08 04:16:55 133120 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-07-08 04:16:54 992768 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-07-08 04:16:33 43008 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-07-08 04:15:39 234496 ----a-w- C:\Windows\System32\wow64.dll
2013-07-08 04:15:25 218624 ----a-w- C:\Windows\System32\wintrust.dll
2013-07-08 04:14:21 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2013-07-08 04:12:34 174592 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-07-08 04:12:34 132096 ----a-w- C:\Windows\System32\cryptnet.dll
2013-07-08 04:12:34 1276416 ----a-w- C:\Windows\System32\crypt32.dll
2013-07-08 01:39:04 26112 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-07-08 01:39:03 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-07-08 01:39:02 2560 ----a-w- C:\Windows\SysWow64\user.exe
2013-07-05 04:45:27 1423808 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2010-08-03 17:11:16 819200 --sha-w- C:\Windows\SysWOW64\xvidcore.dll
2010-08-03 17:11:16 180224 --sha-w- C:\Windows\SysWOW64\xvidvfw.dll
.
============= FINISH: 21:32:38.05 ===============
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
.
Motherboard: PEGATRON CORPORATION | | Benicia
Processor: Intel(R) Core(TM)2 Quad CPU Q6700 @ 2.66GHz | CPU 1 | 2400/267mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 687 GiB total, 7.143 GiB free.
D: is FIXED (NTFS) - 11 GiB total, 1.504 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E97B-E325-11CE-BFC1-08002BE10318}
Description: A2IW4ESM IDE Controller
Device ID: ACPI\PNPA000\4&5D18F2DF&0
Manufacturer: (Standard mass storage controllers)
Name: A2IW4ESM IDE Controller
PNP Device ID: ACPI\PNPA000\4&5D18F2DF&0
Service: a03dcln8
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
115UDown
7-Zip 4.65 (x64 edition)
7-Zip 9.20
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 8.1.2
Adobe Shockwave Player 11.5
Age of Empires III: Complete Collection
Aion
AirMech
Akamai NetSession Interface
Akamai NetSession Interface Service
Alienware TactX(TM) Mouse CI 1.00
AMD APP SDK Runtime
AMD Catalyst Install Manager
Any Video Converter 5 5.0.3
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Assassin's Creed Revelations
Audacity 1.2.6
Audiosurf
AVG 2012
Bandisoft MPEG-1 Decoder
Battlelog Web Plugins
Beat Hazard
BIT.TRIP RUNNER (remove only)
BitComet 1.14
BitComet 1.31 64-bit
Bonjour
Call of Juarez The Cartel
Capsule
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Cheat Engine 5.5
Cheat Engine 5.6.1
Cheat Engine 6.2
CloneDVD2
Combined Community Codec Pack 2011-07-30
Command Center
Compatibility Pack for the 2007 Office system
Counter-Strike: Source
Cucusoft YouTube Mate 7.18
CyberLink DVD Suite Deluxe
CyberLink PowerDirector
D3DX10
DAEMON Tools Lite
Dark Souls Prepare to Die Edition
Dark Souls Prepare To Die Edition version 5.1
Dell Voice
DH Mobility Modder.NET
Diner Dash 2
DiskAid 4.11
Divinity: Dragon Commander
Download Manager 2.3.6
Driver San Francisco
Driver Sweeper version 3.2.0
Dual-Core Optimizer
Enhanced Multimedia Keyboard Solution
ESN Sonar
Fable III
Far Cry 3
FlashGet 1.9.6.1073
Free AVI MPEG WMV MP4 FLV Video Joiner 5.0.2
Free Video Joiner 1.1
FreeArc 0.666
FreeOnlineRadioPlayerRecorder Toolbar
Freez FLV to MP3 Converter
Game Dev Tycoon DEMO version 1.0.1
Game Dev Tycoon v1.3.2 (c) Greenheart Games version 1
GamersFirst LIVE!
GenesisAD_Setup
GOM Player
GOMTV Streamer
Google Earth Plug-in
Google Update Helper
GrandDog Run Time System V1.0.35
Hamachi 1.0.3.0
Hardware Diagnostic Tools
Hewlett-Packard Active Check for Health Check
Hewlett-Packard Asset Agent for Health Check
Hex Workshop v6
HF pAppLoc version 1.0
Hi-Rez Studios Authenticate and Update Service
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotspot Shield 2.65
HP Active Support Library
HP Customer Experience Enhancements
HP Customer Feedback
HP Easy Setup - Frontend
HP Picasso Media Center Add-In
HP Total Care Advisor
HP Update
HuxleyTheDystopia
iFunbox (v2.6.2375.747), iFunbox DevTeam
ijji Auto Installer
ILLUSION@ƒWƒ“ƒRƒEƒKƒNƒGƒ“ ‚«‚á‚ç‚ß‚¢‚
ImgBurn
Intel(R) Matrix Storage Manager
iPhone Explorer 2.102
iTunes
Java 7 Update 13
Java Auto Updater
Java(TM) 6 Update 23
Java(TM) SE Runtime Environment 6 Update 1
JDownloader 2
LabelPrint
League of Legends
Left 4 Dead 2 Add-on Support
LightScribe System Software 1.12.37.1
LightScribeTemplateLabeler
Malwarebytes Anti-Malware version 1.75.0.1300
Max Payne 3
MD5 Checker version 4.0.0
Mega Manager
MegaTrainer eXperience V1.1.1.1
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170)
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office Home and Student 60 day trial
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30411
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
Microsoft Windows Application Compatibility Database
Microsoft Works
Microsoft WSE 3.0 Runtime
Microsoft XNA Framework Redistributable 3.1
Microsoft XNA Framework Redistributable 4.0
MIKSOFT Mobile AMR converter
MKVtoolnix 4.7.0
MotioninJoy Gamepad tool 0.7.1001
Mozilla Firefox 7.0.1 (x86 en-GB)
MP3 Skype Recorder
Mp3tag v2.49
MSVC80_x64_v2
MSVC80_x86_v2
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 6.1
My HP Games
Natural Selection 2
NCsoft Launcher
Neffy 1,2,4,0
Nexon Game Manager
Nitronic Rush (2011-11-11) version 20111111.0
Nokia Connectivity Cable Driver
Notepad++
NVIDIA Drivers
NVIDIA PhysX
OGPlanet Game Launcher
OpenAL
Origin
Paint.NET v3.5.6
Pando Media Booster
PC Connectivity Solution
PCSX2 - Playstation 2 Emulator
Pcsx2 0.9.6
Pcsx2 Cheat converter
piaip AppLocale
PlanetSide 2
plist Editor Pro 2.0.0
PlugLink 9650 Utility
Poker Night 2
Power2Go
PS3 Cheats Editor
PunkBuster Services
Python 2.5
QuickTime
RadeonPro 1.0 (Build 1.1.0.6)
RapidLinkConverter
RaySource 2.1.10.8366
REACTOR
Real Alternative 2.0.0
Realtek High Definition Audio Driver
Recettear: An Item Shop's Tale
Recettear: An Item Shop's Tale - Demo
redist
RoboForm 7-7-4 (All Users)
Rockstar Games Social Club
SD Gundam Capsule Fighter
Search Protect by conduit
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760588) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760823) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2760583) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office Outlook 2007 (KB2825999) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2767773) 32-Bit Edition
Segoe UI
Skype Toolbars
Skype? 6.3
Soft Data Fax Modem with SmartCP
Sonic and All Stars Racing Transformed (c) SEGA version 1
Sony Ericsson DRM Packager 1.35
Source SDK Base 2007
Spybot - Search & Destroy
StarCraft II
Steam
Super Street Fighter IV: Arcade Edition
SWF Opener
Team Fortress 2
The Sims? 3
The Sims? 3 Late Night
The Sims? 3 Master Suite Stuff
The Witcher 2
Tom Clancy's Ghost Recon Future Soldier
Ubisoft Game Launcher
Ultimate Knight ƒEƒBƒ“ƒ_ƒ€XP
Unity Web Player
Universal Document Converter (Demo)
UnLock Root 3.1.1
UnLock Root Pro 3.41
UNO - Undercover
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB2836940)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2825641) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Uplay
URL Snooper v2.29.01
Ventrilo Client for Windows x64
VirtualCloneDrive
Visual C++ 8.0 Runtime Setup Package (x64)
Visual Studio 2008 x64 Redistributables
VLC media player 1.0.5
VueScan
Wajam
Warcraft III
Warcraft III: All Products
Waterfox
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
WinPcap 4.1.2
WinRAR archiver
WinSCP 4.3.2
WMPTagSupportExtender
Xilisoft Download YouTube Video
Xilisoft YouTube Video Converter
Xiph.Org Open Codecs 0.85.17777
Yahoo! Messenger
Yahoo! Toolbar
ƒcƒSƒEƒmƒCƒC”ޏ—ƒ^ƒ`
‰Š‚Ì›s‚Ü‚¹‚¨‚Á‚Ï‚¢“û“¯‹‰¶
.
==== Event Viewer Messages From Past Week ========
.
15/09/2013 9:28:48 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
15/09/2013 9:21:03 PM, Error: Service Control Manager [7023] - The Secure Socket Tunneling Protocol Service service terminated with the following error: The system cannot find the file specified.
15/09/2013 9:21:03 PM, Error: Service Control Manager [7001] - The Remote Access Connection Manager service depends on the Secure Socket Tunneling Protocol Service service which failed to start because of the following error: The system cannot find the file specified.
15/09/2013 9:04:02 PM, Error: Microsoft-Windows-LanguagePackSetup [1001] - Application initialization failed. Last error: 0x80070032
15/09/2013 9:01:00 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WPDBusEnum service.
15/09/2013 9:00:30 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.
15/09/2013 9:00:00 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the EMDMgmt service.
15/09/2013 8:59:30 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TrkWks service.
15/09/2013 8:59:11 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the XAudioService service to connect.
15/09/2013 8:59:11 PM, Error: Service Control Manager [7000] - The XAudioService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
15/09/2013 8:58:49 PM, Error: Service Control Manager [7001] - The NVIDIA Display Driver Service service depends on the nvlddmkm service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
15/09/2013 8:57:08 PM, Error: EventLog [6008] - The previous system shutdown at 20:53:10 on 2013/09/15 was unexpected.
15/09/2013 8:57:07 PM, Error: sptd [4] - Driver detected an internal error in its data structures for .
15/09/2013 8:39:27 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgwd service.
15/09/2013 4:49:35 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the RadeonPro Support Service service to connect.
15/09/2013 4:49:35 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Hi-Rez Studios Authenticate and Update Service service to connect.
15/09/2013 4:49:35 PM, Error: Service Control Manager [7000] - The RadeonPro Support Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
14/09/2013 4:11:51 PM, Error: Service Control Manager [7001] - The Remote Access Connection Manager service depends on the Secure Socket Tunneling Protocol Service service which failed to start because of the following error: The service has not been started.
13/09/2013 3:01:41 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
13/09/2013 3:01:41 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
13/09/2013 3:00:58 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
.
==== End Of File ===========================
 
Long story short we removed a lot of infections but we still have long way to go.

Your MBAM log says "No action taken".
Re-run MBAM fix all issues and post new log.

Next...

redtarget.gif
Download RogueKiller for 32bit or Roguekiller for 64bit to your Desktop.
  • Close all the running programs
  • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

redtarget.gif
Create new restore point before proceeding with the next step....
How to:
- Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
- Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
- Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
- XP: http://support.microsoft.com/kb/948247

Download Malwarebytes Anti-Rootkit (MBAR) from HERE
  • Unzip downloaded file.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
 
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.09.16.01

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Bernard :: BERNARD-PC [administrator]

16/09/2013 5:46:29 PM
mbam-log-2013-09-16 (17-46-29).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 289078
Time elapsed: 27 minute(s), 46 second(s)

Memory Processes Detected: 1
C:\Program Files (x86)\Wajam\Updater\WAJAMUPDATER.EXE (PUP.Optional.Wajam.A) -> 3624 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 35
HKLM\SYSTEM\CurrentControlSet\Services\WajamUpdater (PUP.Optional.Wajam.A) -> No action taken.
HKCR\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2} (PUP.Optional.Wajam.A) -> No action taken.
HKCR\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2} (PUP.Optional.Wajam.A) -> No action taken.
HKCR\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D} (PUP.Optional.Wajam.A) -> No action taken.
HKCR\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} (PUP.Optional.Wajam.A) -> No action taken.
HKCR\wajam.WajamBHO.1 (PUP.Optional.Wajam.A) -> No action taken.
HKCR\wajam.WajamBHO (PUP.Optional.Wajam.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} (PUP.Optional.Wajam.A) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} (PUP.Optional.Wajam.A) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} (PUP.Optional.Wajam.A) -> No action taken.
HKCR\AppID\{1DD31B76-C57E-49ba-94BC-BF53F0C82CD4} (PUP.Funshion) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1DD31B76-C57E-49ba-94BC-BF53F0C82CD4} (PUP.Funshion) -> No action taken.
HKCR\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634} (PUP.Optional.Wajam.A) -> No action taken.
HKCR\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17} (PUP.Optional.Wajam.A) -> No action taken.
HKCR\CLSID\{11CC93E4-0BE6-4f8f-82AA-D577FB955B05} (PUP.Funshion) -> No action taken.
HKCR\TypeLib\{F9BC0421-BB5C-447d-8547-BB45AFA80A4D} (PUP.Funshion) -> No action taken.
HKCR\Interface\{4D89001B-5B5B-4E76-A1F5-638E49DB7A58} (PUP.Funshion) -> No action taken.
HKCR\AddressSearch.JsObject.1 (PUP.Funshion) -> No action taken.
HKCR\AddressSearch.JsObject (PUP.Funshion) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11CC93E4-0BE6-4F8F-82AA-D577FB955B05} (PUP.Funshion) -> No action taken.
HKCR\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5} (PUP.Optional.Wajam.A) -> No action taken.
HKCR\wajam.WajamDownloader.1 (PUP.Optional.Wajam.A) -> No action taken.
HKCR\wajam.WajamDownloader (PUP.Optional.Wajam.A) -> No action taken.
HKCR\CLSID\{91878E42-FC03-4785-B513-1F9E613D1027} (PUP.Funshion) -> No action taken.
HKCR\TypeLib\{D02E3AB9-7796-40cb-BDFC-20D834FE1F75} (PUP.Funshion) -> No action taken.
HKCR\Interface\{FCB380C4-D350-44BE-8791-50216F4747AC} (PUP.Funshion) -> No action taken.
HKCR\ASBarBroker.BDBroker.1 (PUP.Funshion) -> No action taken.
HKCR\ASBarBroker.BDBroker (PUP.Funshion) -> No action taken.
HKCR\CLSID\{FBEDBA6C-44A2-43b9-BD49-20EB6E0C4E86} (PUP.Funshion) -> No action taken.
HKCR\AddressSearch.SnavHttpProtocol.1 (PUP.Funshion) -> No action taken.
HKCR\AddressSearch.SnavHttpProtocol (PUP.Funshion) -> No action taken.
HKCR\AppID\priam_bho.DLL (PUP.Optional.Wajam.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wajam (PUP.Optional.Wajam.A) -> No action taken.
HKCU\SOFTWARE\WAJAM (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\WAJAM (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.

Registry Values Detected: 2
HKCU\Software\Wajam|affiliate_id (PUP.Optional.Wajam.A) -> Data: 5921 -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Wajam|red (PUP.Optional.Wajam.A) -> Data: 1 -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 4
C:\Program Files (x86)\Wajam (PUP.Optional.Wajam.A) -> Delete on reboot.
C:\Program Files (x86)\Wajam\Firefox (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Wajam\IE (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Wajam\Updater (PUP.Optional.Wajam.A) -> Delete on reboot.

Files Detected: 12
C:\Users\Bernard\AppData\Local\Temp\0YudRA7T.exe.part (PUP.Optional.SweetIM) -> No action taken.
C:\Users\Bernard\AppData\Local\Temp\ct2737658\ffLogic.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Bernard\AppData\Local\Temp\ct2737658\ieLogic.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Bernard\AppData\Local\Temp\ct2737658\spff.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Bernard\AppData\Local\Temp\ct2737658\statisticsStub.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Program Files (x86)\Wajam\Updater\WAJAMUPDATER.EXE (PUP.Optional.Wajam.A) -> Delete on reboot.
C:\Program Files (x86)\Wajam\IE\PRIAM_BHO.DLL (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Wajam\uninstall.exe (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Wajam\IE\favicon.ico (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Wajam\IE\wajamLogo.bmp (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Wajam\Updater\update.exe (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.

(end)
 
RogueKiller V8.6.11 _x64_ [Sep 11 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User : Bernard [Admin rights]
Mode : Scan -- Date : 09/18/2013 01:00:54
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH][DLL] explorer.exe -- C:\Users\Bernard\AppData\Roaming\115\Box\Sync115Ext64.dll [x] -> UNLOADED

¤¤¤ Registry Entries : 11 ¤¤¤
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (hxxp=183.181.25.248:80) -> FOUND
[HJ POL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[WALLPAPER] HKCU\[...]\Desktop : WallPaper (C:\Users\Bernard\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg) -> FOUND

¤¤¤ Scheduled tasks : 2 ¤¤¤
[V1][SUSP PATH] ROC_REG_JAN_DELETE.job : C:\ProgramData\AVG January 2013 Campaign\ROC.exe - /DELETE_FROM_SYSTEM=1 [x] -> FOUND
[V2][SUSP PATH] ROC_REG_JAN_DELETE : C:\ProgramData\AVG January 2013 Campaign\ROC.exe - /DELETE_FROM_SYSTEM=1 [x] -> FOUND

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤
[Tr.Karagany][Folder] plugs : C:\Users\Bernard\AppData\Roaming\Adobe\plugs [-] --> FOUND
[Tr.Karagany][Folder] shed : C:\Users\Bernard\AppData\Roaming\Adobe\shed [-] --> FOUND

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3750640AS +++++
--- User ---
[MBR] 7d81043d3a5b3b68e62533f756bcbed1
[BSP] cbe1a3892920c024e3e7b9efc684338e : MBR Code unknown
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 703816 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1441416060 | Size: 11585 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: ST3750640AS +++++
--- User ---
[MBR] 86dee91c58569e06a35abbe4e32e8844
[BSP] d2cf106ef547eb0f1e1d898de4c244d8 : Empty MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953867 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive2: ST3750640AS +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive3: ST3750640AS +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive4: ST3750640AS +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[0]_S_09182013_010054.txt >>
 
RogueKiller V8.6.11 _x64_ [Sep 11 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User : Bernard [Admin rights]
Mode : Remove -- Date : 09/18/2013 03:24:05
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH][DLL] explorer.exe -- C:\Users\Bernard\AppData\Roaming\115\Box\Sync115Ext64.dll [x] -> UNLOADED

¤¤¤ Registry Entries : 10 ¤¤¤
[HJ POL] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[WALLPAPER] HKCU\[...]\Desktop : WallPaper (C:\Users\Bernard\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg) -> REPLACED (C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp)

¤¤¤ Scheduled tasks : 2 ¤¤¤
[V1][SUSP PATH] ROC_REG_JAN_DELETE.job : C:\ProgramData\AVG January 2013 Campaign\ROC.exe - /DELETE_FROM_SYSTEM=1 [x] -> DELETED
[V2][SUSP PATH] ROC_REG_JAN_DELETE : C:\ProgramData\AVG January 2013 Campaign\ROC.exe - /DELETE_FROM_SYSTEM=1 [x] -> DELETED

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤
[Tr.Karagany][Folder] plugs : C:\Users\Bernard\AppData\Roaming\Adobe\plugs [-] --> DELETED
[Tr.Karagany][Folder] shed : C:\Users\Bernard\AppData\Roaming\Adobe\shed [-] --> DELETED

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3750640AS +++++
--- User ---
[MBR] 7d81043d3a5b3b68e62533f756bcbed1
[BSP] cbe1a3892920c024e3e7b9efc684338e : MBR Code unknown
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 703816 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1441416060 | Size: 11585 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: ST3750640AS +++++
--- User ---
[MBR] 86dee91c58569e06a35abbe4e32e8844
[BSP] d2cf106ef547eb0f1e1d898de4c244d8 : Empty MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953867 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive2: ST3750640AS +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive3: ST3750640AS +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive4: ST3750640AS +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[0]_D_09182013_032405.txt >>
RKreport[0]_S_09182013_010054.txt
 
You must log in or register to reply here.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
796
uber_beetle
uber_beetle
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
E
Solved Svchost.exe launching multiple iexplore.exe - unknown cause
Replies
23
Views
3K
Broni
Broni

Latest posts

Back