[Inactive-A] Google tells me Sirefef.gen!c

Printable View

Show 40 post(s) from this thread on one page

May 8th, 2013, 07:57 PM
Broni

Try to use restore point to before AVG installation: 07-05-2013
May 11th, 2013, 12:01 PM
Broni

Still with me?
May 13th, 2013, 02:52 PM
Obsession

Ok back in the saddle,

it worked Internet working again. il report back tommorrow with the scans re-done.

thanks!
May 13th, 2013, 07:02 PM
Broni

https://discussions.virtualdr.com/
May 14th, 2013, 06:07 PM
Obsession

New OTL log

OTL logfile created on: 14-5-2013 23:52:31 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Meo\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

3.22 Gb Total Physical Memory | 1.78 Gb Available Physical Memory | 55.39% Memory free
6.66 Gb Paging File | 5.15 Gb Available in Paging File | 77.31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 143.04 Gb Total Space | 8.21 Gb Free Space | 5.74% Space Free | Partition Type: NTFS
Drive D: | 139.50 Gb Total Space | 2.34 Gb Free Space | 1.68% Space Free | Partition Type: NTFS
Drive G: | 931.51 Gb Total Space | 131.08 Gb Free Space | 14.07% Space Free | Partition Type: NTFS

Computer Name: PC_VAN_MEO | User Name: Meo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013-05-14 23:41:03 | 001,226,928 | ---- | M] (AVG Secure Search) -- C:\Program Files\AVG SafeGuard toolbar\vprot.exe
PRC - [2013-05-14 23:41:03 | 001,015,984 | ---- | M] (AVG Secure Search) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe
PRC - [2013-05-04 12:19:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Meo\Desktop\OTL.exe
PRC - [2013-05-04 02:07:19 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Meo\AppData\Local\Temp\RtkBtMnt.exe
PRC - [2013-04-29 00:58:42 | 004,408,368 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe
PRC - [2013-04-25 13:41:34 | 004,936,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe
PRC - [2013-04-18 04:34:38 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe
PRC - [2013-04-12 00:14:10 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013-04-04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013-04-04 03:15:08 | 001,117,232 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgnsx.exe
PRC - [2013-03-28 02:48:36 | 000,763,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgrsx.exe
PRC - [2013-03-18 02:38:48 | 000,799,280 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgemcx.exe
PRC - [2013-02-19 04:00:58 | 000,448,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcsrvx.exe
PRC - [2012-12-04 11:54:14 | 000,095,232 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2011-12-12 19:21:54 | 022,459,984 | ---- | M] (ooVoo LLC) -- C:\Program Files\ooVoo\ooVoo.exe
PRC - [2011-04-10 21:39:02 | 000,224,000 | ---- | M] () -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2011-03-21 23:10:00 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010-06-28 16:31:26 | 000,339,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows NT\Accessories\wordpad.exe
PRC - [2009-12-02 23:23:52 | 000,209,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2009-12-02 23:23:46 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2008-11-28 11:56:06 | 000,024,576 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
PRC - [2008-11-28 11:56:02 | 000,380,928 | ---- | M] (acer) -- C:\Program Files\Acer\Empowering Technology\NotificationCenter\Framework.NotificationCenter.exe
PRC - [2008-11-28 11:08:46 | 000,417,792 | ---- | M] (Acer Inc.) -- C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2008-10-29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008-10-17 14:54:38 | 000,167,936 | ---- | M] (Acer Corp.) -- C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
PRC - [2008-10-08 21:49:20 | 000,167,936 | ---- | M] (CyberLink) -- C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
PRC - [2008-10-08 21:49:12 | 000,147,456 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
PRC - [2008-10-04 04:09:02 | 000,069,632 | ---- | M] () -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
PRC - [2008-09-18 13:00:10 | 006,294,048 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008-09-11 23:46:38 | 000,544,768 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
PRC - [2008-07-29 18:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2008-07-29 18:52:50 | 000,526,896 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
PRC - [2008-06-30 17:56:32 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2008-06-17 06:23:24 | 000,817,672 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\QtZgAcer.EXE
PRC - [2008-03-18 06:27:12 | 000,013,312 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2008-01-21 04:24:13 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2007-12-06 17:15:28 | 000,110,592 | ---- | M] () -- C:\ACER\Mobility Center\MobilityService.exe

========== Modules (No Company Name) ==========

MOD - [2013-05-14 23:41:04 | 000,158,384 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.2.0\SiteSafety.dll
MOD - [2013-04-12 00:14:10 | 003,133,336 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011-04-14 16:34:18 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\764e4a8bba4cee63ccd677c623eb50a0\System.ServiceProcess.ni.dll
MOD - [2011-04-14 16:34:11 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\95b780b82a20fb7c463b78f034329df5\System.Runtime.Remoting.ni.dll
MOD - [2011-04-14 16:34:04 | 011,800,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\b307fcf27673a18c3660e4f3438a454c\System.Web.ni.dll
MOD - [2011-04-14 16:33:23 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\fb9f4da6dd18b147baca425a0f5fe3b5\System.Configuration.ni.dll
MOD - [2011-04-14 16:33:19 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\8a9c5b28b8dad1f360de1380ba72446a\Accessibility.ni.dll
MOD - [2011-04-14 03:28:38 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\7b1cc9a5490437cd5c0d5fb5ea3c0e34\System.Xml.ni.dll
MOD - [2011-04-14 03:28:13 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\bd2b1592d28bd0eed480f40d5f63b86c\System.Windows.Forms.ni.dll
MOD - [2011-04-14 03:28:00 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\e9f88677c9a7357c3ce76cdaae8d4654\System.Drawing.ni.dll
MOD - [2011-04-14 03:26:28 | 007,949,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\d55579c9c2c8ca58c6379eda52a97c9e\System.ni.dll
MOD - [2011-04-14 03:25:09 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\70df10917822b8ef1379b9820e7281c1\mscorlib.ni.dll
MOD - [2011-04-10 22:13:38 | 000,034,816 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\gzlib.dll
MOD - [2011-04-10 21:39:02 | 000,224,000 | ---- | M] () -- C:\Program Files\uTorrent\uTorrent.exe
MOD - [2011-04-10 02:40:12 | 001,691,648 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3266.29383__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2011-04-10 02:40:12 | 000,278,528 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3266.29368__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2011-04-10 02:40:12 | 000,204,800 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3266.29384__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2011-04-10 02:40:12 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3266.29438__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2011-04-10 02:40:12 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3266.29380__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2011-04-10 02:40:12 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3266.29405__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2011-04-10 02:40:12 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3266.29375__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2011-04-10 02:40:11 | 000,466,944 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3266.29459__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2011-04-10 02:40:11 | 000,344,064 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3266.29424__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2011-04-10 02:40:11 | 000,147,456 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3266.29459__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll
MOD - [2011-04-10 02:40:11 | 000,135,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3266.29460__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2011-04-10 02:40:11 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3266.29424__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2011-04-10 02:40:11 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3266.29374__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2011-04-10 02:40:11 | 000,069,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3266.29418__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2011-04-10 02:40:11 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3266.29423__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2011-04-10 02:40:11 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3266.29458__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll
MOD - [2011-04-10 02:40:10 | 000,811,008 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3266.29408__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2011-04-10 02:40:10 | 000,716,800 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3266.29376__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2011-04-10 02:40:10 | 000,589,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3266.29385__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2011-04-10 02:40:10 | 000,450,560 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3266.29403__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2011-04-10 02:40:10 | 000,438,272 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3266.29406__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2011-04-10 02:40:10 | 000,405,504 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3266.29433__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2011-04-10 02:40:10 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3266.29417__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll
MOD - [2011-04-10 02:40:10 | 000,307,200 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3266.29388__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll
MOD - [2011-04-10 02:40:10 | 000,225,280 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3266.29385__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2011-04-10 02:40:10 | 000,122,880 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3266.29416__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2011-04-10 02:40:10 | 000,081,920 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3266.29407__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2011-04-10 02:40:10 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3266.29406__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2011-04-10 02:40:10 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3266.29388__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2011-04-10 02:40:10 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3266.29407__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2011-04-10 02:40:10 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3266.29415__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2011-04-10 02:40:10 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3266.29417__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2011-04-10 02:40:10 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3218.28677__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2011-04-10 02:40:10 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3218.28672__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2011-04-10 02:40:10 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3218.28683__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
MOD - [2011-04-10 02:40:10 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3218.28705__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2011-04-10 02:40:10 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3218.28685__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2011-04-10 02:40:10 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3218.28705__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2011-04-10 02:40:09 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3218.28666__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2011-04-10 02:40:09 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3218.28694__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2011-04-10 02:40:09 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3218.28678__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2011-04-10 02:40:09 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3218.28693__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2011-04-10 02:40:09 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3218.28692__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2011-04-10 02:40:09 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3218.28694__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2011-04-10 02:40:09 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3218.28692__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2011-04-10 02:40:09 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2011-04-10 02:40:09 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3218.28702__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2011-04-10 02:40:09 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3218.28694__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2011-04-10 02:40:09 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3218.28664__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2011-04-10 02:40:09 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3218.28685__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2011-04-10 02:40:09 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3218.28665__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2011-04-10 02:40:09 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3218.28727__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2011-04-10 02:40:09 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3218.28701__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll
MOD - [2011-04-10 02:40:09 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3218.28690__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2011-04-10 02:40:09 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3218.28688__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2011-04-10 02:40:09 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3218.28686__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2011-04-10 02:40:09 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3218.28693__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2011-04-10 02:40:09 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3218.28687__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2011-04-10 02:40:09 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3218.28681__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2011-04-10 02:40:09 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3218.28678__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2011-04-10 02:40:09 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3218.28672__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2011-04-10 02:40:09 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3218.28689__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2011-04-10 02:40:09 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3218.28685__90ba9c70f846762e\APM.Foundation.dll
MOD - [2011-04-10 02:40:09 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3218.28686__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2011-04-10 02:40:09 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.3218.28687__90ba9c70f846762e\DEM.OS.dll
MOD - [2011-04-10 02:40:09 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2011-04-10 02:40:09 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3218.28688__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2011-04-10 02:40:09 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2011-04-10 02:40:09 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3218.28676__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2011-04-10 02:40:09 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3218.28690__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2011-04-10 02:40:09 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3218.28688__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2011-04-10 02:40:09 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2011-04-10 02:40:08 | 001,073,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3266.29372__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2011-04-10 02:40:08 | 000,532,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3266.29447__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2011-04-10 02:40:08 | 000,393,216 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3266.29379__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2011-04-10 02:40:08 | 000,106,496 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3266.29453__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2011-04-10 02:40:08 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3266.29367__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2011-04-10 02:40:08 | 000,069,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3266.29366__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2011-04-10 02:40:08 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3266.29451__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2011-04-10 02:40:08 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3266.29365__90ba9c70f846762e\APM.Server.dll
MOD - [2011-04-10 02:40:08 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3266.29368__90ba9c70f846762e\CLI.Component.SkinFactory.dll
MOD - [2011-04-10 02:40:08 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3218.28682__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2011-04-10 02:40:08 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3266.29366__90ba9c70f846762e\AEM.Server.dll
MOD - [2011-04-10 02:40:08 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3266.29468__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2011-04-10 02:40:08 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3218.28670__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2011-04-10 02:40:08 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3218.28675__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2011-04-10 02:40:08 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3218.28672__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2011-04-10 02:40:08 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2011-04-10 02:40:08 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3266.29452__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2011-04-10 02:40:08 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3218.28681__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2011-04-10 02:40:08 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2011-04-10 02:40:08 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3218.28686__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2011-04-10 02:40:08 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3218.28682__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2011-04-10 02:40:08 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3218.28695__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2011-04-10 02:40:08 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.3218.28670__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll
MOD - [2011-04-10 02:40:08 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3218.28678__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2011-04-10 02:40:08 | 000,014,848 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
MOD - [2011-04-10 02:40:08 | 000,013,312 | ---- | M] () -- C:\Windows\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll
MOD - [2011-04-10 02:40:08 | 000,011,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.3266.29476__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll
MOD - [2011-04-10 02:40:08 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3266.29366__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2011-03-21 23:10:36 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011-03-21 23:10:00 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2009-01-15 17:07:53 | 000,573,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.UIComponent\3.0.3013.0__739b31b1908c49e5\Framework.UIComponent.dll
MOD - [2009-01-15 17:07:53 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3013.0__3036420f80dd6947\Framework.Library.dll
MOD - [2009-01-15 17:07:53 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Utility\3.0.3013.0__4df5dcab8860d239\Framework.Utility.dll
MOD - [2009-01-15 17:07:53 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.3013.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll
MOD - [2009-01-07 05:15:38 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
MOD - [2008-10-30 14:20:38 | 000,016,384 | R--- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
MOD - [2008-10-08 21:49:24 | 000,835,584 | ---- | M] () -- C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMediaLibrary.dll
MOD - [2008-10-08 21:49:18 | 000,007,680 | ---- | M] () -- C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvcPS.dll
MOD - [2008-09-16 00:24:41 | 000,446,464 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_nl_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2008-09-16 00:24:41 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_nl_b77a5c561934e089\mscorlib.resources.dll
MOD - [2008-09-16 00:24:41 | 000,208,896 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_nl_b77a5c561934e089\System.resources.dll
MOD - [2008-07-29 18:52:38 | 000,227,888 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll
MOD - [2008-06-30 17:56:32 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe

========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2013-05-14 23:41:03 | 001,015,984 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe -- (vToolbarUpdater15.2.0)
SRV - [2013-05-14 23:00:07 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013-04-25 13:41:34 | 004,936,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013-04-18 04:34:38 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2013-04-12 00:14:10 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013-04-04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013-04-04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012-12-04 11:54:14 | 000,095,232 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2009-12-02 23:23:52 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2009-12-02 23:23:46 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2008-11-28 11:56:06 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008-10-04 04:09:02 | 000,069,632 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService)
SRV - [2008-07-29 18:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008-03-18 06:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008-01-21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007-12-06 17:15:28 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\ACER\Mobility Center\MobilityService.exe -- (MobilityService)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2013-05-14 23:41:04 | 000,037,664 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2013-04-04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013-03-29 02:53:48 | 000,208,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2013-03-21 03:08:24 | 000,182,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2013-03-01 10:32:20 | 000,022,328 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2013-02-08 04:37:58 | 000,096,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2013-02-08 04:37:56 | 000,245,048 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avglogx.sys -- (Avglogx)
DRV - [2013-02-08 04:37:52 | 000,060,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2013-02-08 04:37:44 | 000,170,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2013-02-08 04:37:40 | 000,039,224 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011-06-26 02:56:44 | 000,028,256 | ---- | M] (Applian Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\appliand.sys -- (appliandMP)
DRV - [2011-06-26 02:56:44 | 000,028,256 | ---- | M] (Applian Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\appliand.sys -- (appliand)
DRV - [2009-12-02 23:23:52 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2009-12-02 23:23:50 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2009-12-02 23:23:48 | 000,195,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2009-12-02 23:23:46 | 000,550,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2009-01-07 05:18:46 | 000,183,312 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ahcix86s.sys -- (ahcix86s)
DRV - [2009-01-07 05:18:08 | 000,014,352 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie)
DRV - [2009-01-07 05:17:14 | 004,172,288 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008-12-25 11:30:22 | 000,155,808 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)
DRV - [2008-10-01 11:04:16 | 000,012,832 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2008-07-28 09:53:48 | 000,919,552 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008-07-22 13:58:00 | 000,047,616 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1E60x86.sys -- (L1E)
DRV - [2008-05-28 18:54:20 | 000,022,072 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter)
DRV - [2008-03-21 06:13:00 | 001,203,776 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008-01-21 04:24:59 | 000,184,320 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\netbt.sys -- (netbt)
DRV - [2007-03-28 08:51:40 | 000,043,008 | ---- | M] (Winbond Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winbondcir.sys -- (winbondcir)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=...m=aspire_6530g
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=...m=aspire_6530g
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {4C0E39F5-ADB1-483E-BB80-1CE1A447A6F7}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{4C0E39F5-ADB1-483E-BB80-1CE1A447A6F7}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACAW_nl
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rlz=1I7ACAW_nl&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8442
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1390
FF - prefs.js..extensions.enabledItems: avg@toolbar:10.0.0.7
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011-04-11 04:11:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011-04-11 04:12:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2013-02-08 23:39:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.2.0.5 [2013-05-14 23:41:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013-04-12 00:14:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013-04-12 00:14:02 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013-04-12 00:14:10 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013-04-12 00:14:02 | 000,000,000 | ---D | M]

[2011-04-10 21:36:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Meo\AppData\Roaming\mozilla\Extensions
[2012-11-23 23:21:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Meo\AppData\Roaming\mozilla\Firefox\Profiles\8ehtkf2i.default\extensions
[2012-11-23 23:21:55 | 000,020,591 | ---- | M] () (No name found) -- C:\Users\Meo\AppData\Roaming\mozilla\firefox\profiles\8ehtkf2i.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
[2013-04-12 00:14:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013-04-12 00:14:01 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013-04-12 00:14:10 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011-04-10 21:41:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012-12-17 20:08:20 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012-12-17 20:08:20 | 000,002,616 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bolcom-nl.xml
[2012-12-17 20:08:20 | 000,004,771 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\marktplaats-nl.xml
[2013-05-14 23:41:48 | 000,003,723 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\safeguard-secure-search.xml
[2012-05-30 23:32:45 | 000,001,111 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\vandale-nl.xml
[2012-12-17 20:08:20 | 000,001,262 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-nl.xml
[2012-05-30 23:32:45 | 000,001,106 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-nl.xml

========== Chrome ==========

CHR - default_search_provider: AVG Secure Search (Enabled)
CHR - default_search_provider: search_url = http://isearch.avg.com/search?cid={DF5570F4-F975-4E56-BA74-D25803B7E433}&mid=db4477f097ef47d1976bd16acd100928-bae3ed9ff537164695a82ca2a0aa4b5d0ae193fa&lang=nl&ds=AVG&pr=pa&d=2011-12-16 13:13:03&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms}
CHR - default_search_provider: suggest_url = http://toolbar.avg.com/acp?q={searchTerms}&o=1
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: SiteAdvisor = C:\Users\Meo\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.60.126.1_0\
CHR - Extension: DivX HiQ = C:\Users\Meo\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\
CHR - Extension: Skype Click to Call = C:\Users\Meo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
CHR - Extension: Di
May 14th, 2013, 06:08 PM
Obsession

CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Meo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\

O1 HOSTS File: ([2013-05-03 12:03:31 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [eAudio] C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG SafeGuard toolbar\vprot.exe (AVG Secure Search)
O4 - HKCU..\Run: [ooVoo.exe] C:\Program Files\ooVoo\oovoo.exe (ooVoo LLC)
O4 - HKCU..\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe (Acer)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe ()
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O15 - HKCU\..Trusted Domains: localhost ([]http in )
O15 - HKCU\..Trusted Ranges: GD ([http] in )
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{757B1AE9-CE4A-4113-BE9A-A34A6066654C}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\15.2.0\ViProtocol.dll (AVG Secure Search)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\Acer01.JPG
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\Acer01.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006-09-18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010-05-06 04:47:26 | 000,000,000 | RH-D | M] - G:\autorun -- [ NTFS ]
O32 - AutoRun File - [2002-10-16 19:56:50 | 000,000,036 | RH-- | M] () - G:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013-05-14 23:44:32 | 000,000,000 | ---D | C] -- C:\Users\Meo\AppData\Roaming\AVG2013
[2013-05-14 23:41:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013-05-14 23:41:31 | 000,037,664 | ---- | C] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2013-05-14 23:41:23 | 000,000,000 | ---D | C] -- C:\Program Files\AVG SafeGuard toolbar
[2013-05-08 14:12:37 | 000,000,000 | ---D | C] -- C:\_OTL
[2013-05-08 01:06:26 | 000,000,000 | ---D | C] -- C:\Users\Meo\AppData\Local\AVG SafeGuard toolbar
[2013-05-08 01:05:50 | 000,000,000 | ---D | C] -- C:\Users\Meo\AppData\Roaming\TuneUp Software
[2013-05-08 01:05:43 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG SafeGuard toolbar
[2013-05-08 01:05:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2013-05-08 01:03:33 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013
[2013-05-07 23:11:17 | 000,000,000 | ---D | C] -- C:\Users\Meo\AppData\Local\MFAData
[2013-05-07 23:11:17 | 000,000,000 | ---D | C] -- C:\Users\Meo\AppData\Local\Avg2013
[2013-05-04 12:19:51 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Meo\Desktop\OTL.exe
[2013-05-04 11:53:16 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013-05-04 11:53:01 | 000,000,000 | ---D | C] -- C:\JRT
[2013-05-04 11:46:43 | 000,545,926 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Meo\Desktop\JRT.exe
[2013-05-03 12:08:27 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013-05-03 12:03:36 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013-05-03 11:49:04 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013-05-03 11:49:04 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013-05-03 11:49:04 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013-05-03 11:48:54 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013-05-03 11:48:18 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013-05-03 11:45:25 | 005,064,153 | R--- | C] (Swearware) -- C:\Users\Meo\Desktop\ComboFix.exe
[2013-05-03 11:29:10 | 001,081,860 | ---- | C] (OPSWAT, Inc.) -- C:\Users\Meo\Desktop\AppRemover.exe
[2013-05-02 12:46:34 | 000,000,000 | ---D | C] -- C:\FRST
[2013-05-02 11:55:53 | 001,150,947 | ---- | C] (Farbar) -- C:\Users\Meo\Desktop\FRST.exe
[2013-05-02 11:55:35 | 001,712,230 | ---- | C] (Farbar) -- C:\Users\Meo\Desktop\FRST64.exe
[2013-05-01 11:54:45 | 000,000,000 | ---D | C] -- C:\Windows\snack
[2013-05-01 11:50:39 | 000,000,000 | ---D | C] -- C:\Users\Meo\Desktop\RK_Quarantine
[2013-05-01 11:50:26 | 000,000,000 | ---D | C] -- C:\Users\Meo\Desktop\mbar
[2013-04-30 13:40:00 | 000,000,000 | ---D | C] -- C:\Users\Meo\AppData\Roaming\Malwarebytes
[2013-04-30 13:39:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013-04-30 13:39:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013-04-30 13:39:50 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013-04-30 13:39:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013-04-30 13:39:17 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Meo\Desktop\dds.com
[2013-04-29 14:18:27 | 000,000,000 | ---D | C] -- C:\Users\Meo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mega Codec Pack
[2013-04-29 14:18:22 | 000,000,000 | ---D | C] -- C:\Program Files\Mega Codec Pack
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013-05-14 23:59:59 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013-05-14 23:44:36 | 000,201,728 | ---- | M] () -- C:\Users\Meo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013-05-14 23:41:53 | 000,000,856 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013-05-14 23:41:04 | 000,037,664 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2013-05-14 23:04:00 | 000,001,038 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013-05-14 23:04:00 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\WpsUpdateTask_Meo.job
[2013-05-14 22:01:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013-05-14 16:29:51 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013-05-14 16:29:51 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013-05-14 14:32:27 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2013-05-14 14:30:13 | 000,001,034 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013-05-12 01:18:33 | 000,667,796 | ---- | M] () -- C:\Windows\System32\perfh013.dat
[2013-05-12 01:18:33 | 000,587,622 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013-05-12 01:18:33 | 000,127,040 | ---- | M] () -- C:\Windows\System32\perfc013.dat
[2013-05-12 01:18:33 | 000,101,436 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013-05-04 12:19:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Meo\Desktop\OTL.exe
[2013-05-04 11:46:44 | 000,545,926 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Meo\Desktop\JRT.exe
[2013-05-04 11:45:53 | 000,628,743 | ---- | M] () -- C:\Users\Meo\Desktop\adwcleaner.exe
[2013-05-03 12:03:31 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013-05-03 11:45:44 | 005,064,153 | R--- | M] (Swearware) -- C:\Users\Meo\Desktop\ComboFix.exe
[2013-05-03 11:29:12 | 001,081,860 | ---- | M] (OPSWAT, Inc.) -- C:\Users\Meo\Desktop\AppRemover.exe
[2013-05-02 15:53:10 | 073,722,750 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm.old
[2013-05-02 11:55:56 | 001,150,947 | ---- | M] (Farbar) -- C:\Users\Meo\Desktop\FRST.exe
[2013-05-02 11:55:39 | 001,712,230 | ---- | M] (Farbar) -- C:\Users\Meo\Desktop\FRST64.exe
[2013-05-01 14:19:43 | 000,000,680 | ---- | M] () -- C:\Users\Meo\AppData\Local\d3d9caps.dat
[2013-05-01 11:57:04 | 000,184,320 | ---- | M] () -- C:\Windows\System32\drivers\netbt.sys.dump
[2013-05-01 11:41:35 | 012,917,756 | ---- | M] () -- C:\Users\Meo\Desktop\mbar-1.05.0.1001.zip
[2013-05-01 11:40:23 | 000,816,128 | ---- | M] () -- C:\Users\Meo\Desktop\RogueKiller.exe
[2013-04-30 13:39:52 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013-04-30 13:39:18 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Meo\Desktop\dds.com
[2013-04-17 19:09:41 | 000,001,561 | ---- | M] () -- C:\Users\Meo\Documents\Motivatie Kpn Save.rtf
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013-05-14 23:41:53 | 000,000,856 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013-05-04 11:45:52 | 000,628,743 | ---- | C] () -- C:\Users\Meo\Desktop\adwcleaner.exe
[2013-05-03 11:49:04 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013-05-03 11:49:04 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013-05-03 11:49:04 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013-05-03 11:49:04 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013-05-03 11:49:04 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013-05-01 11:54:45 | 000,184,320 | ---- | C] () -- C:\Windows\System32\drivers\netbt.sys.dump
[2013-05-01 11:41:29 | 012,917,756 | ---- | C] () -- C:\Users\Meo\Desktop\mbar-1.05.0.1001.zip
[2013-05-01 11:40:21 | 000,816,128 | ---- | C] () -- C:\Users\Meo\Desktop\RogueKiller.exe
[2013-04-30 13:39:52 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012-05-03 17:26:42 | 000,000,356 | ---- | C] () -- C:\Users\Meo\AppData\Roaming\wklnhst.dat
[2011-12-16 04:50:49 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2011-08-24 17:28:29 | 000,000,680 | ---- | C] () -- C:\Users\Meo\AppData\Local\d3d9caps.dat
[2011-04-27 19:38:36 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011-04-10 05:24:41 | 000,201,728 | ---- | C] () -- C:\Users\Meo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006-11-02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011-01-21 17:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009-03-03 06:36:24 | 000,615,424 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008-01-21 04:24:03 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2009-01-15 17:47:25 | 000,000,000 | ---D | M] -- C:\Users\Meo\AppData\Roaming\Acer GameZone Console
[2011-06-29 00:31:40 | 000,000,000 | ---D | M] -- C:\Users\Meo\AppData\Roaming\AVG10
[2011-12-13 22:52:13 | 000,000,000 | ---D | M] -- C:\Users\Meo\AppData\Roaming\AVG2012
[2013-05-14 23:44:32 | 000,000,000 | ---D | M] -- C:\Users\Meo\AppData\Roaming\AVG2013
[2013-03-10 15:52:03 | 000,000,000 | ---D | M] -- C:\Users\Meo\AppData\Roaming\Kingsoft
[2013-04-11 02:12:03 | 000,000,000 | ---D | M] -- C:\Users\Meo\AppData\Roaming\LibreOffice
[2012-01-15 01:26:57 | 000,000,000 | ---D | M] -- C:\Users\Meo\AppData\Roaming\ooVoo Details
[2011-05-19 02:26:44 | 000,000,000 | ---D | M] -- C:\Users\Meo\AppData\Roaming\PowerCinema
[2012-08-06 19:11:17 | 000,000,000 | ---D | M] -- C:\Users\Meo\AppData\Roaming\Replay Media Catcher 4
[2011-05-11 18:10:40 | 000,000,000 | ---D | M] -- C:\Users\Meo\AppData\Roaming\SoftDMA
[2013-04-16 21:59:59 | 000,000,000 | ---D | M] -- C:\Users\Meo\AppData\Roaming\SoftGrid Client
[2012-05-03 17:32:59 | 000,000,000 | ---D | M] -- C:\Users\Meo\AppData\Roaming\Template
[2012-03-16 03:19:41 | 000,000,000 | ---D | M] -- C:\Users\Meo\AppData\Roaming\TP
[2013-05-08 01:05:50 | 000,000,000 | ---D | M] -- C:\Users\Meo\AppData\Roaming\TuneUp Software
[2013-05-15 00:05:17 | 000,000,000 | ---D | M] -- C:\Users\Meo\AppData\Roaming\uTorrent
[2013-02-01 03:35:30 | 000,000,000 | ---D | M] -- C:\Users\Meo\AppData\Roaming\XMind
[2012-03-16 03:16:10 | 000,000,000 | ---D | M] -- C:\Users\Meo\AppData\Roaming\{90140011-0061-0413-0000-0000000FF1CE}

========== Purity Check ==========

< End of report >
May 14th, 2013, 06:13 PM
Obsession

Ok Be back with Farbar and the eset online scanner results
The security checks links are down though
May 14th, 2013, 08:33 PM
Broni
http://dev.discussions.virtualdr.forums.relay.cool/ Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
Code:

:OTL SRV - File not found [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme) FF - user.js - File not found O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found. O4 - HKCU..\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe (Acer) O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation) O15 - HKCU\..Trusted Domains: localhost ([]http in ) O15 - HKCU\..Trusted Ranges: GD ([http] in ) :Commands [purity] [emptytemp] [emptyjava] [emptyflash] [Reboot]
- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- You will get a log that shows the results of the fix. Please post it.
NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

Last scans....

http://dev.discussions.virtualdr.forums.relay.cool/ Download Security Check from here or here and save it to your Desktop.
- Double-click SecurityCheck.exe
- Follow the onscreen instructions inside of the black box.
- A Notepad document should open automatically called checkup.txt; please post the contents of that document.
NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.

http://dev.discussions.virtualdr.forums.relay.cool/ Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
- Make sure the following options are checked:
  - Internet Services
  - Windows Firewall
  - System Restore
  - Security Center
  - Windows Update
  - Windows Defender
  - Other Services
- Press "Scan".
- It will create a log (FSS.txt) in the same directory the tool is run.
- Please copy and paste the log to your reply.
http://dev.discussions.virtualdr.forums.relay.cool/ Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
- Double click on TFC.exe to run the program.
- Click on Start button to begin cleaning process.
- TFC will close all running programs, and it may ask you to restart computer.
http://dev.discussions.virtualdr.forums.relay.cool/ Please run a free online scan with the ESET Online Scanner
- Disable your antivirus program
- Tick the box next to YES, I accept the Terms of Use
- Click Start
- Accept any security warnings from your browser.
- Check Scan archives
- Click Start
- ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
- When the scan completes, click on List of found threats
- Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
- NOTE. If Eset won't find any threats, it won't produce any log.
May 14th, 2013, 08:34 PM
Broni

Security Check link works fine for me.
Uploaded it for you here: http://www.sendspace.com/file/2ds39s
May 15th, 2013, 01:37 PM
Obsession

I had to go back to the restore point before AVG and AVG removed again because it blocked my internet again that i couldnt find a solution to.

Below is OTL moving on to security check

All processes killed
========== OTL ==========
Error: No service named AVG Security Toolbar Service was found to stop!
Service\Driver key AVG Security Toolbar Service not found.
File C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe not found.
Error: No service named NwlnkFwd was found to stop!
Service\Driver key NwlnkFwd not found.
File system32\DRIVERS\nwlnkfwd.sys not found.
Error: No service named NwlnkFlt was found to stop!
Service\Driver key NwlnkFlt not found.
File system32\DRIVERS\nwlnkflt.sys not found.
Error: No service named IpInIp was found to stop!
Service\Driver key IpInIp not found.
File system32\DRIVERS\ipinip.sys not found.
Error: No service named catchme was found to stop!
Service\Driver key catchme not found.
File C:\ComboFix\catchme.sys not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{95B7759C-8C7F-4BF1-B163-73684A933233} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ProductReg not found.
File C:\Program Files\Acer\WR_PopUp\ProductReg.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\AvgUninstallURL not found.
File C:\Windows\System32\cmd.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\localhost\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\GD\\http not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Meo
->Temp folder emptied: 138551166 bytes
->Temporary Internet Files folder emptied: 56847293 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 9047458 bytes
->Google Chrome cache emptied: 594288 bytes
->Flash cache emptied: 4683 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 44355 bytes
RecycleBin emptied: 1705461700 bytes

Total Files Cleaned = 1

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Meo
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Meo
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 05152013_191741

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
May 15th, 2013, 01:40 PM
Obsession

securitycheck gives me an error it cant find securitycheck.bat

Moving on to farbar
May 15th, 2013, 01:44 PM
Obsession

Farbar Service Scanner Version: 14-04-2013
Ran by Meo (administrator) on 15-05-2013 at 19:43:36
Running from "C:\Users\Meo\Desktop"
Windows Vista (TM) Home Premium Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Attempt to access Yahoo IP returned error. Yahoo IP is offline
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.
Checking LEGACY_SDRSVC: ATTENTION!=====> Unable to open LEGACY_SDRSVC\0000 registry key. The key does not exist.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.

System Restore Disabled Policy:
========================

Security Center:
============

Windows Update:
============
BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Demand. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.
Checking LEGACY_BITS: ATTENTION!=====> Unable to open LEGACY_BITS\0000 registry key. The key does not exist.

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

RpcSs Service is not running. Checking service configuration:
The start type of RpcSs service is OK.
The ImagePath of RpcSs service is OK.

Other Services:
==============

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2011-04-10 21:56] - [2010-06-16 17:59] - 0898952 ____A (Microsoft Corporation) 782568AB6A43160A159B6215B70BCCE9

C:\Windows\system32\dnsrslvr.dll
[2011-04-14 00:45] - [2011-03-02 16:49] - 0086528 ____A (Microsoft Corporation) 4805D9A6D281C7A7DEFD9094DEC6AF7D

C:\Windows\system32\mpssvc.dll
[2008-01-21 04:24] - [2008-01-21 04:24] - 0393216 ____A (Microsoft Corporation) D1639BA315B0D79DEC49A4B0E1FB929B

C:\Windows\system32\bfe.dll
[2008-01-21 04:23] - [2008-01-21 04:23] - 0328704 ____A (Microsoft Corporation) 8582E233C346AEFE759833E8A30DD697

C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe
[2008-01-21 04:23] - [2008-01-21 04:23] - 1054720 ____A (Microsoft Corporation) D5FB73D19C46ADE183F968E13F186B23

C:\Windows\system32\wscsvc.dll
[2008-01-21 04:23] - [2008-01-21 04:23] - 0061440 ____A (Microsoft Corporation) 683DD16B590372F2C9661D277F35E49C

C:\Windows\system32\wbem\WMIsvc.dll
[2008-01-21 04:24] - [2008-01-21 04:24] - 0161792 ____A (Microsoft Corporation) 00B79A7C984678F24CF052E5BEB3A2F5

C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll
[2008-01-21 04:25] - [2008-01-21 04:25] - 0758272 ____A (Microsoft Corporation) 02ED7B4DBC2A3232A389106DA7515C3D

C:\Windows\system32\es.dll
[2009-01-15 15:44] - [2008-04-18 07:48] - 0269312 ____A (Microsoft Corporation) 3CB3343D720168B575133A0A20DC2465

C:\Windows\system32\cryptsvc.dll
[2008-01-21 04:24] - [2008-01-21 04:24] - 0128000 ____A (Microsoft Corporation) 6DE363F9F99334514C46AEC02D3E3678

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\iphlpsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll
[2011-04-10 22:00] - [2009-03-03 06:39] - 0551424 ____A (Microsoft Corporation) 301AE00E12408650BADDC04DBC832830

**** End of log ****
May 15th, 2013, 05:49 PM
Obsession

Ok just got done with worlds slowest virusscanner eset online scanner thing took hours.
It found something though where all the other scanners didnt find a thing.
see below.

C:\Windows\System32\drivers\netbt.sys Win32/Sirefef.DA trojan unable to clean
C:\Windows\System32\drivers\netbt.sys.dump Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6001.18000_none_6064c861f7442765\netbt.sys Win32/Sirefef.DA trojan cleaned by deleting - quarantined

Standing by.
May 15th, 2013, 06:32 PM
Broni

Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to Show hidden files, and folders, UN-check Hide protected operating system files.
NOTE. Make sure to reverse the above changes, when done with this step.
Upload following files to http://www.virustotal.com/ for security check:
- C:\Windows\System32\drivers\netbt.sys
If the file is listed as already analyzed, click on Reanalyse file now button.
Post scan results.
May 15th, 2013, 07:12 PM
Obsession

SHA256: f5e1e4528ca8545e5f7c74c958d7f64796fb729de5cae144e6c7f7cb4c0734a9
Bestandsnaam: netbt.sys
Detectieverhouding: 19 / 46
Datum van analyse: 2013-05-15 23:08:31 UTC (0 minuten geleden)
0
0
Meer gegevens

Analyse
Bestandsgegevens
Aanvullende informatie
Reacties
Stemmen

Virusscanner Resultaat Versie
Agnitum 20130515
AhnLab-V3 20130515
AntiVir TR/Patched.Gen 20130516
Antiy-AVL 20130515
Avast Win32:Sirefef-BEV [Rtk] 20130516
AVG 20130516
BitDefender Gen:Variant.Symmi.20259 20130516
ByteHero 20130513
CAT-QuickHeal 20130515
ClamAV 20130515
Commtouch 20130515
Comodo UnclassifiedMalware 20130515
DrWeb 20130516
Emsisoft Trojan.Win32.Sirefef.AMN (A) 20130516
eSafe 20130513
ESET-NOD32 Win32/Sirefef.DA 20130515
F-Prot 20130515
F-Secure Gen:Variant.Symmi.20259 20130515
Fortinet W32/Kryptik.AYHZ!tr 20130516
GData Gen:Variant.Symmi.20259 20130516
Ikarus Rootkit.Win32.ZAccess 20130515
Jiangmin 20130515
K7AntiVirus Virus 20130515
K7GW Virus 20130515
Kaspersky 20130516
Kingsoft 20130506
Malwarebytes 20130515
McAfee Artemis!CE8D311EAFB7 20130516
McAfee-GW-Edition Artemis!CE8D311EAFB7 20130515
Microsoft 20130516
MicroWorld-eScan Gen:Variant.Symmi.20259 20130516
NANO-Antivirus 20130515
Norman Kryptik.BDPT 20130515
nProtect 20130515
Panda Trj/CI.A 20130515
PCTools 20130515
Sophos 20130516
SUPERAntiSpyware 20130516
Symantec 20130516
TheHacker 20130514
TotalDefense 20130515
TrendMicro 20130516
TrendMicro-HouseCall TROJ_GEN.F47V0505 20130516
VBA32 20130515
VIPRE Lookslike.Win32.Sirefef.z (v) 20130516
ViRobot 20130515

Show 40 post(s) from this thread on one page