Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Bad Image problem (Virus)?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Bad Image problem (Virus)?

Unread postby mrsunnybones » December 9th, 2012, 6:43 pm

Hi, recently my computer has been unusuable because of a "Bad Image" problem that required me to install some sketchy things. The pop-up basically says : Bad Image and that I need to reinstall basically all of my program, followed by a C;\windows\system32\ .dll file. Because of this, I am also unable to access any programs including firefox and chrome. I also couldn't system restore.

Just to get on the net to post this, ihad to relaunch in safemode with networking. I ran the dds from the safemode so I'm not sure if it's as effective as if I ran it in the normal startup (Which i can't because all of my programs are blocked).

Edit*: Forgot to mention; windows 7 OS

Anyways, here are the DDS files:

DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 1.6.0_20
Run by EricShang at 17:32:02 on 2012-12-09
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6069.4317 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\helppane.exe
C:\Users\EricShang\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\EricShang\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\EricShang\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\EricShang\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\EricShang\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\EricShang\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://isearch.avg.com/?cid={6E33F971-9F2A-4C48-A8BB-050CDBA109EF}&mid=6dec3e0dc9d847d09aecf18676f4422f-0cee3f687ab7ac8ac07d095ae766127581a90cb0&lang=en&ds=AVG&pr=fr&d=2012-12-05 01:51:09&v=13.3.0.11&sap=hp
uDefault_Page_URL = hxxp://asus.msn.com
mWinlogon: Userinit = userinit.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.3.0.11\AVG Secure Search_toolbar.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.3.0.11\AVG Secure Search_toolbar.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Google Update] "C:\Users\EricShang\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Spotify Web Helper] "C:\Users\EricShang\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [F.lux] "C:\Users\EricShang\Local Settings\Apps\F.lux\flux.exe" /noshow
mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [VolPanel] "C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe" /r
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Razer Imperator Driver] C:\Program Files (x86)\Razer\Imperator\RazerImperatorTray.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1
mRun: [Razer Blackwidow Driver] C:\Program Files (x86)\Razer\BlackWidow Ultimate\BlackWidowUltimateTray.exe
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
StartupFolder: C:\Users\ERICSH~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\EricShang\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: Interfaces\{05BDF0D1-9718-447B-9539-4FFA1E2CE07F} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{05BDF0D1-9718-447B-9539-4FFA1E2CE07F}\4556E62556E64556164596D656 : DHCPNameServer = 68.87.73.246 68.87.71.230
TCP: Interfaces\{05BDF0D1-9718-447B-9539-4FFA1E2CE07F}\64E4A55543 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{05BDF0D1-9718-447B-9539-4FFA1E2CE07F}\86F6D656 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{05BDF0D1-9718-447B-9539-4FFA1E2CE07F}\A49616E676E4564777F627B6 : DHCPNameServer = 192.168.1.1 71.252.0.12
TCP: Interfaces\{05BDF0D1-9718-447B-9539-4FFA1E2CE07F}\A4A5940363 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{05BDF0D1-9718-447B-9539-4FFA1E2CE07F}\C696E6B6379737 : DHCPNameServer = 68.87.73.246 68.87.71.230
TCP: Interfaces\{93422096-8B22-4798-A1C3-B195BD476D83} : DHCPNameServer = 128.8.74.2 128.8.76.2
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.3.1\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= C:\ProgramData\dxmasf32.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [RunDLLEntry] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\AmbRunE.dll,RunDLLEntry
x64-Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\EricShang\AppData\Roaming\Mozilla\Firefox\Profiles\5ecazms3.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://isearch.avg.com/?cid={6E33F971-9F2A-4C48-A8BB-050CDBA109EF}&mid=6dec3e0dc9d847d09aecf18676f4422f-0cee3f687ab7ac8ac07d095ae766127581a90cb0&lang=en&ds=AVG&pr=fr&d=2012-12-05 01:51:09&v=13.3.0.11&sap=hp
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\kavlinkfilter.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\BF3 Alpha Trial Web Plugins\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\BF3 Alpha Trial Web Plugins\Sonar\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\13.3.1\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Users\EricShang\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Users\EricShang\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\EricShang\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - ExtSQL: 2012-12-05 01:51; avg@toolbar; C:\ProgramData\AVG Secure Search\FireFoxExt\13.3.0.11
FF - ExtSQL: !HIDDEN! 2010-08-29 23:30; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(yahoo.ytff.general.dontshowhpoffer, true);user_pref(network.protocol-handler.warn-external.dnupdate, false
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-10-15 63328]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2012-9-21 225120]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2012-10-5 111456]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-9-14 40800]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-9-21 200032]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-8-4 30568]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-11-19 2462128]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-7-7 56344]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\System32\drivers\L1C62x64.sys [2009-9-4 62464]
R3 RzSynapse;Razer Driver;C:\Windows\System32\drivers\RzSynapse.sys [2011-5-12 154624]
S1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464]
S1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-10-2 185696]
S2 AFBAgent;AFBAgent;C:\Windows\System32\FBAgent.exe [2010-7-7 379520]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-9-8 204288]
S2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-6 5814392]
S2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-5-28 8704]
S2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]
S2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2012-12-9 3463080]
S2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2009-8-6 13784]
S2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-7-7 2314240]
S2 vToolbarUpdater13.3.1;vToolbarUpdater13.3.1;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.3.1\ToolbarUpdater.exe [2012-12-5 894920]
S3 AmUStor;AM USB Stroage Driver;C:\Windows\System32\drivers\AmUStor.sys [2009-8-21 44032]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-7-7 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-7-7 79360]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-6-21 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\System32\drivers\ivusb.sys [2010-7-28 29720]
S3 SaiU0CCB;SaiU0CCB;C:\Windows\System32\drivers\SaiU0CCB.sys [2010-4-22 41096]
S3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
S3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
S3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
S3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
S3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-7 59392]
S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-8-6 118672]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2008-11-7 40448]
S3 VaneFltr;Lachesis Mouse Driver;C:\Windows\System32\drivers\Lachesis.sys [2007-8-17 30336]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-8-16 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
.
=============== Created Last 30 ================
.
2012-12-09 19:50:46 0 ----a-w- C:\ProgramData\DXMASF32.DLL
2012-12-09 16:53:22 -------- d-----w- C:\Users\EricShang\AppData\Local\Wizards_of_the_Coast
2012-12-09 16:15:52 -------- d-----w- C:\Users\EricShang\.maptool
2012-12-09 16:11:29 33856 ---ha-w- C:\Windows\System32\hamachi.sys
2012-12-09 16:11:26 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi
2012-12-09 16:11:06 -------- d-----w- C:\Users\EricShang\AppData\Local\LogMeIn Hamachi
2012-12-09 09:08:25 -------- d-----w- C:\Users\EricShang\AppData\Roaming\TeamViewer
2012-12-09 09:05:48 -------- d-----w- C:\Program Files (x86)\TeamViewer
2012-12-07 21:48:11 -------- d-----w- C:\Users\EricShang\AppData\Local\Apps
2012-12-07 21:36:12 -------- d-----w- C:\Users\EricShang\AppData\Roaming\TrueCrypt
2012-12-07 21:34:46 231376 ----a-w- C:\Windows\System32\drivers\truecrypt.sys
2012-12-07 21:34:25 -------- d-----w- C:\Program Files\TrueCrypt
2012-12-07 20:00:21 -------- d-----w- C:\Program Files\CCleaner
2012-12-07 10:32:07 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2012-12-07 10:32:03 588728 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
2012-12-07 10:32:03 43960 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
2012-12-07 10:32:03 157352 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-12-07 10:32:03 129976 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-12-07 09:11:26 -------- d-----w- C:\Users\EricShang\AppData\Local\{A6379699-95C3-46E7-B34C-95B3DA944426}
2012-12-07 09:06:42 -------- d-----w- C:\Users\EricShang\AppData\Local\{323E896F-4C6A-41E2-893A-21AFCC47ADD1}
2012-12-05 06:52:54 -------- d-----w- C:\Users\EricShang\AppData\Roaming\AVG2013
2012-12-05 06:51:23 -------- d-----w- C:\Users\EricShang\AppData\Roaming\TuneUp Software
2012-12-05 06:51:04 -------- d-----w- C:\Program Files (x86)\AVG Secure Search
2012-12-05 06:49:52 -------- d--h--w- C:\$AVG
2012-12-05 06:49:52 -------- d-----w- C:\ProgramData\AVG2013
2012-12-05 06:49:12 -------- d-----w- C:\Program Files (x86)\AVG
2012-12-05 06:32:09 -------- d-----w- C:\Users\EricShang\AppData\Local\MFAData
2012-12-05 06:32:09 -------- d-----w- C:\Users\EricShang\AppData\Local\Avg2013
2012-12-05 06:32:09 -------- d-----w- C:\ProgramData\MFAData
2012-12-02 21:06:23 -------- d-----w- C:\Users\EricShang\AppData\Local\{445C6220-2FA8-45A2-8030-F176F6A1039E}
2012-12-02 21:02:50 -------- d-----w- C:\Users\EricShang\AppData\Local\{526E55A4-9D91-4F9F-A603-5AA37AE9F817}
2012-11-30 22:14:26 -------- d-----w- C:\Users\EricShang\AppData\Local\{59CD971F-4ED4-421A-A299-433B568E3F2D}
2012-11-30 10:14:04 -------- d-----w- C:\Users\EricShang\AppData\Local\{BFBD79B7-F127-4519-B39E-4D121633279D}
2012-11-29 22:13:23 -------- d-----w- C:\Users\EricShang\AppData\Local\{036EEC04-D349-4236-B170-013359FB3A43}
2012-11-29 04:26:58 -------- d-----w- C:\Users\EricShang\AppData\Local\{BC555C01-53C0-4F01-BEEB-52A27E7D2150}
2012-11-28 16:26:48 -------- d-----w- C:\Users\EricShang\AppData\Local\{58DD7298-A2A4-4E6E-8F6F-7B874084FD4A}
2012-11-28 04:26:26 -------- d-----w- C:\Users\EricShang\AppData\Local\{A279A7C8-02C6-4683-8F8C-3D13079705A6}
2012-11-25 00:54:22 -------- d-----w- C:\Users\EricShang\AppData\Local\SCE
2012-11-25 00:54:04 -------- d-----w- C:\Crash
2012-11-25 00:54:03 -------- d-----w- C:\Users\EricShang\AppData\Local\Sony Online Entertainment
2012-11-24 19:43:41 -------- d-----w- C:\Users\EricShang\AppData\Local\{E8856C97-25BD-45D3-BD94-B96AAB1693AB}
2012-11-22 15:40:28 -------- d-----w- C:\Users\EricShang\AppData\Local\{D1251ED3-8E47-420C-A3E8-077A21E431F3}
2012-11-22 01:51:28 -------- d-----w- C:\Users\EricShang\AppData\Local\{35062583-6135-43C7-9F37-47E674986C61}
2012-11-17 21:16:14 -------- d-----w- C:\Users\EricShang\AppData\Local\{0FF3FB80-8131-4591-B3CB-F5746C487856}
2012-11-17 08:15:07 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2012-11-17 08:15:06 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2012-11-17 08:15:06 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2012-11-17 08:15:06 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2012-11-17 08:02:26 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2012-11-17 08:02:26 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2012-11-17 08:02:25 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2012-11-17 08:02:25 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2012-11-17 08:02:25 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2012-11-17 08:02:25 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2012-11-17 08:02:25 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2012-11-16 22:32:10 -------- d-----w- C:\Users\EricShang\AppData\Local\{16CEACBE-4D7C-41F2-82B5-9DBFD94ACB08}
2012-11-16 10:31:35 -------- d-----w- C:\Users\EricShang\AppData\Local\{A805FFAD-0FC7-46C7-837C-FD483E205EE6}
2012-11-15 22:31:13 -------- d-----w- C:\Users\EricShang\AppData\Local\{82E9628E-FBD1-4881-B669-75AA3EA0DF82}
2012-11-15 10:30:52 -------- d-----w- C:\Users\EricShang\AppData\Local\{429A351F-1157-40F6-BB5D-E125019C42F2}
2012-11-14 22:30:30 -------- d-----w- C:\Users\EricShang\AppData\Local\{4F5652BE-248D-4647-AAF6-64E3EF7770AD}
2012-11-14 10:30:09 -------- d-----w- C:\Users\EricShang\AppData\Local\{0B8885A9-5319-49E9-9076-571430548DE4}
2012-11-13 22:29:47 -------- d-----w- C:\Users\EricShang\AppData\Local\{8771C2CB-12CD-407A-B7FF-B173C2028198}
2012-11-13 10:29:26 -------- d-----w- C:\Users\EricShang\AppData\Local\{0A911C91-A086-4BA2-9E01-7CE337128323}
2012-11-12 22:29:04 -------- d-----w- C:\Users\EricShang\AppData\Local\{83F32C4D-D7A8-40B9-83B4-09EA83A49FD6}
2012-11-12 10:28:43 -------- d-----w- C:\Users\EricShang\AppData\Local\{27F3C9EB-D6F2-4559-9FCC-FB543C76A253}
2012-11-11 22:28:21 -------- d-----w- C:\Users\EricShang\AppData\Local\{9E9E83C9-EC46-4BB5-9ABB-97AE3260CDA0}
2012-11-11 10:28:00 -------- d-----w- C:\Users\EricShang\AppData\Local\{556732F9-3E3D-4DF9-8772-9018D6D2BFF3}
2012-11-10 22:27:38 -------- d-----w- C:\Users\EricShang\AppData\Local\{5DFDD60F-F747-47C0-9595-40661DEC06EC}
2012-11-10 10:27:27 -------- d-----w- C:\Users\EricShang\AppData\Local\{46246D4C-6E29-46E4-8239-8500043EB80F}
.
==================== Find3M ====================
.
2012-12-09 22:25:38 45056 ----a-w- C:\Windows\System32\acovcnt.exe
2012-12-05 06:50:56 30568 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2012-10-22 18:02:44 154464 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2012-10-21 19:42:55 0 ----a-w- C:\Windows\SysWow64\shoFC79.tmp
2012-10-18 18:25:58 3149824 ----a-w- C:\Windows\System32\win32k.sys
2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll
2012-10-15 08:48:50 63328 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
2012-10-08 11:31:03 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-10-08 11:23:52 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-10-08 11:22:55 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-10-08 11:18:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-10-08 11:17:35 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-10-08 11:13:33 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-10-08 07:56:24 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-10-08 07:48:03 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-10-08 07:47:44 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-10-08 07:44:05 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-10-08 07:43:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-10-08 07:40:56 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-10-07 07:02:55 281520 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-10-07 07:02:55 281520 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-10-07 07:02:35 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-10-05 08:32:50 111456 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll
2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll
2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll
2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll
2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll
2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll
2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll
2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll
2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys
2012-10-02 08:30:38 185696 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2012-09-25 22:47:43 78336 ----a-w- C:\Windows\SysWow64\synceng.dll
2012-09-25 22:46:17 95744 ----a-w- C:\Windows\System32\synceng.dll
2012-09-21 08:46:04 200032 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2012-09-21 08:46:00 225120 ----a-w- C:\Windows\System32\drivers\avgloga.sys
2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-09-14 08:05:18 40800 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
.
============= FINISH: 17:33:16.74 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 8/14/2010 8:20:38 AM
System Uptime: 12/9/2012 5:28:01 PM (0 hours ago)
.
Motherboard: ASUSTeK Computer Inc. | | G73Jh
Processor: Intel(R) Core(TM) i7 CPU Q 720 @ 1.60GHz | Socket 989 | 1708/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 446 GiB total, 119.446 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Security Processor Loader Driver
Device ID: ROOT\LEGACY_SPLDR\0000
Manufacturer:
Name: Security Processor Loader Driver
PNP Device ID: ROOT\LEGACY_SPLDR\0000
Service: spldr
.
==== System Restore Points ===================
.
RP246: 12/7/2012 4:34:27 PM - TrueCrypt installation
RP247: 12/9/2012 11:10:11 AM - Installed LogMeIn Hamachi
RP248: 12/9/2012 12:14:58 PM - Installed Character Builder Beta.
RP249: 12/9/2012 4:30:19 PM - Restore Operation
RP250: 12/9/2012 4:52:12 PM - Removed Character Builder Beta.
.
==== Installed Programs ======================
.
64 Bit HP CIO Components Installer
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader 9.1 MUI
AIM 7
Alcor Micro USB Card Reader
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Media Foundation Decoders
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Application Profiles
applicationupdater
ARMA 2 Operation Arrowhead Uninstall
ArmA 2 Uninstall
ASUS AI Recovery
ASUS FancyStart
ASUS LifeFrame3
ASUS Live Update
ASUS Power4Gear Hybrid
ASUS SmartLogon
ASUS Splendid Video Enhancement Technology
ASUS Virtual Camera
ASUS_Notebook_G73 Screen Saver
ATK Package
AutoHotkey 1.0.48.05
AVG 2013
Bandicam
Bandisoft MPEG-1 Decoder
Battlefield 2142
Battlefield 3™
Battlelog Web Plugins
BattlEye for OA Uninstall
BattlEye Uninstall
BufferChm
C4700
calibre
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help English
CCleaner
Click to Call with Skype
ControlDeck
Counter-Strike
Counter-Strike: Source
Coupon Printer for Windows
Creative MediaSource 5
CyberLink LabelPrint
CyberLink Power2Go
D3DX10
DayZ Commander
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Destinations
DeviceDiscovery
Diablo III
DivX Setup
Dota 2
Download Updater (AOL LLC)
DreamerRO's 10.11
DreamerRO 10.11
Driver Sweeper version 3.2.0
Dropbox
ESN Sonar
Express Gate
F.lux
Fast Boot
gamelauncher-ps2-live
GOM Player
GOMTV Streamer
Google Chrome
Google Talk Plugin
GPBaseService2
Guild Wars 2
Hi-Rez Studios Authenticate and Update Service
HP Customer Participation Program 14.0
HP Imaging Device Functions 14.0
HP Photo Creations
HP Photosmart C4700 All-in-One Driver Software 14.0 Rel. 6
HP Smart Web Printing 4.60
HP Solution Center 14.0
HP Update
HPPhotoGadget
HPProductAssistant
HPSSupply
Intel(R) Management Engine Components
Intel(R) Turbo Boost Technology Monitor
iTunes
Java Auto Updater
Java(TM) 6 Update 20
Junk Mail filter update
League of Legends
LogMeIn Hamachi
MarketResearch
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft PowerPoint Viewer
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB973685)
Mumble 1.2.3
Network64
Nexon Game Manager
Origin
Pando Media Booster
PlanetSide 2
Portal 2
PS_AIO_06_C4700_SW_Min
PunkBuster Services
QuickTime
QuickTransfer
Razer BlackWidow Ultimate
Razer Imperator
Realtek High Definition Audio Driver
RPTools MapTool
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2553488) 32-Bit Edition
Shop for HP Supplies
Six Updater
Skype™ 6.0
SmartWebPrinting
Smite
SolutionCenter
Sound Blaster Audigy HD
Spotify
StarCraft II
Status
Steam
Synaptics Pointing Device Driver
System Requirements Lab CYRI
TeamSpeak 3 Client
TeamViewer 8
Toolbox
TrayApp
Tribes Ascend
TrueCrypt
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
USB 2.0 1.3M UVC WebCam
VC80CRTRedist - 8.0.50727.6195
Ventrilo Client
Visual Studio 2010 x64 Redistributables
WebReg
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinFlash
WinRAR archiver
WinSCP 4.3.2
Wireless Console 3
XSplit
.
==== Event Viewer Messages From Past Week ========
.
12/9/2012 5:29:02 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
12/9/2012 5:28:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/9/2012 5:28:47 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
12/9/2012 5:28:43 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AVGIDSDriver Avgldx64 discache spldr truecrypt Wanarpv6
12/9/2012 5:28:43 PM, Error: NetBT [4321] - The name "ERICSHANG-PC :0" could not be registered on the interface with IP address 192.168.1.15. The computer with the IP address 192.168.1.13 did not allow the name to be claimed by this computer.
12/9/2012 5:28:41 PM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.
12/9/2012 5:28:40 PM, Error: Service Control Manager [7001] - The AVGIDSAgent service depends on the AVGIDSDriver service which failed to start because of the following error: A device attached to the system is not functioning.
12/9/2012 5:26:03 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{05BDF0D1-9718-447B-9539-4FFA1E2CE07F} because another computer on the network has the same name. The server could not start.
12/9/2012 5:26:03 PM, Error: NetBT [4321] - The name "ERICSHANG-PC :20" could not be registered on the interface with IP address 192.168.1.15. The computer with the IP address 192.168.1.13 did not allow the name to be claimed by this computer.
12/9/2012 5:25:27 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
12/9/2012 5:23:16 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
12/9/2012 5:04:48 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AVGIDSDriver Avgldx64 Avgtdia DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx truecrypt vwififlt Wanarpv6 WfpLwf
12/9/2012 5:04:48 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
12/9/2012 5:04:48 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
12/9/2012 5:04:48 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
12/9/2012 5:04:48 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
12/9/2012 5:04:48 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
12/9/2012 5:04:48 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
12/9/2012 5:04:48 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
12/9/2012 5:04:48 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
12/9/2012 5:04:48 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/9/2012 5:04:48 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
12/9/2012 3:08:04 PM, Error: Service Control Manager [7022] - The Server service hung on starting.
12/9/2012 3:06:42 PM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
12/9/2012 3:06:41 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Application Virtualization Client service to connect.
12/9/2012 3:06:41 PM, Error: Service Control Manager [7000] - The Application Virtualization Client service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/9/2012 3:03:15 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
12/9/2012 3:03:15 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
12/9/2012 2:56:11 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Live ID Sign-in Assistant service to connect.
12/9/2012 2:56:11 PM, Error: Service Control Manager [7000] - The Windows Live ID Sign-in Assistant service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/9/2012 11:11:29 AM, Error: Service Control Manager [7030] - The LogMeIn Hamachi Tunneling Engine service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
12/9/2012 11:11:29 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the LogMeIn Hamachi Tunneling Engine service to connect.
12/9/2012 11:11:29 AM, Error: Service Control Manager [7000] - The LogMeIn Hamachi Tunneling Engine service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================



P.S., I'm not sure how I'll install antivirus from the computer as I can't run any programs. I do have another computer however, so I was wondering if I could get a flashdrive or so and run it from there.

Thanks!
mrsunnybones
Regular Member
 
Posts: 20
Joined: July 2nd, 2011, 3:07 pm
Advertisement
Register to Remove

Re: Bad Image problem (Virus)?

Unread postby wannabeageek » December 10th, 2012, 10:56 pm

Hello mrsunnybones, and Welcome to MalWare Removal forums!

My name is wannabeageek and I'll be helping you with any malware problems.
I am a MRU Undergraduate trainee here, and as such my posts to you have to first be checked by a Teacher.
Because of this my replies to your posts may be slightly delayed. Please be patient and I'm sure we'll be able to resolve your problems.

Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. You must have Administrator rights, permissions for this computer.
  3. DO NOT run any other fix or removal tools unless instructed to do so!
  4. DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
  5. Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  6. Print each set of instructions if possible - your Internet connection will not be available during some fix processes.
  7. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  8. Only reply to this thread, do not start another one. Please, continue responding, until I give you the "All Clean!" :cheers:

    Absence of symptoms does not mean that everything is clear.

I am currently reviewing your logs and will return, as soon as possible, with additional instructions. In the meantime...

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.

Please read all instructions carefully before executing and perform the steps, in the order given.
lf you have any questions or problems executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Bad Image problem (Virus)?

Unread postby mrsunnybones » December 10th, 2012, 11:46 pm

Hello, wannabegeek. thanks for the quick reply!
I cannot actually backup my computer due to the fact that I can only run it in safe mode, so if there is a way to back up my files while in safemode, that'd be great to know. If there is not however, I do not actually have files on this computer of great importance, therefore it'd acceptable (if the computer is saved!) if I lost all the files/programs on this computer and had a complete factory reset.

Also, since posting, I have tried a few things to fix the errors that plague this computer. Using OTL scanner, i ran the command:
:processes
killallprocesses

:Files
C:\ProgramData\dxmasf32.dll

:Commands
[EMPTYTEMP]
[CREATERESTOREPOINT]
[Reboot]

Now, the "Bad Image" errors do not arise, however my computer Still does freeze within minutes of loading up (It did this before after i pressed Ok to all the errors)
I also ran MalwareBytes antivirus program and it killed 3 potential threats.

I am sorry if this complicates matters further, as I was in a fluster when my laptop did not work. If you require so, I can reset my computer using system recovery to return back to the date (yesterday) before I did those. I also have the new DDS logs which I will post under here.
Once again, sorry if this has created more problems for you, and once again, thanks for your reply.

Edit*: I forgot to attach the attach.txt

DDS log as if today:
DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 1.6.0_20
Run by EricShang at 22:44:01 on 2012-12-10
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6069.4319 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\notepad.exe
C:\Users\EricShang\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\EricShang\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\EricShang\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\EricShang\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\EricShang\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\EricShang\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\EricShang\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\EricShang\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\EricShang\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Users\EricShang\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\EricShang\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\EricShang\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\EricShang\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://isearch.avg.com/?cid={6E33F971-9F2A-4C48-A8BB-050CDBA109EF}&mid=6dec3e0dc9d847d09aecf18676f4422f-0cee3f687ab7ac8ac07d095ae766127581a90cb0&lang=en&ds=AVG&pr=fr&d=2012-12-05 01:51:09&v=13.3.0.11&sap=hp
uDefault_Page_URL = hxxp://asus.msn.com
mWinlogon: Userinit = userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.3.0.11\AVG Secure Search_toolbar.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.3.0.11\AVG Secure Search_toolbar.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Google Update] "C:\Users\EricShang\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Spotify Web Helper] "C:\Users\EricShang\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [F.lux] "C:\Users\EricShang\Local Settings\Apps\F.lux\flux.exe" /noshow
mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [VolPanel] "C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe" /r
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Razer Imperator Driver] C:\Program Files (x86)\Razer\Imperator\RazerImperatorTray.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1
mRun: [Razer Blackwidow Driver] C:\Program Files (x86)\Razer\BlackWidow Ultimate\BlackWidowUltimateTray.exe
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
StartupFolder: C:\Users\ERICSH~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\EricShang\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{05BDF0D1-9718-447B-9539-4FFA1E2CE07F} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{05BDF0D1-9718-447B-9539-4FFA1E2CE07F}\4556E62556E64556164596D656 : DHCPNameServer = 68.87.73.246 68.87.71.230
TCP: Interfaces\{05BDF0D1-9718-447B-9539-4FFA1E2CE07F}\64E4A55543 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{05BDF0D1-9718-447B-9539-4FFA1E2CE07F}\86F6D656 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{05BDF0D1-9718-447B-9539-4FFA1E2CE07F}\A49616E676E4564777F627B6 : DHCPNameServer = 192.168.1.1 71.252.0.12
TCP: Interfaces\{05BDF0D1-9718-447B-9539-4FFA1E2CE07F}\A4A5940363 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{05BDF0D1-9718-447B-9539-4FFA1E2CE07F}\C696E6B6379737 : DHCPNameServer = 68.87.73.246 68.87.71.230
TCP: Interfaces\{93422096-8B22-4798-A1C3-B195BD476D83} : DHCPNameServer = 128.8.74.2 128.8.76.2
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.3.1\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= C:\ProgramData\dxmasf32.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [RunDLLEntry] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\AmbRunE.dll,RunDLLEntry
x64-Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\EricShang\AppData\Roaming\Mozilla\Firefox\Profiles\5ecazms3.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://isearch.avg.com/?cid={6E33F971-9F2A-4C48-A8BB-050CDBA109EF}&mid=6dec3e0dc9d847d09aecf18676f4422f-0cee3f687ab7ac8ac07d095ae766127581a90cb0&lang=en&ds=AVG&pr=fr&d=2012-12-05 01:51:09&v=13.3.0.11&sap=hp
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\kavlinkfilter.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\BF3 Alpha Trial Web Plugins\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\BF3 Alpha Trial Web Plugins\Sonar\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\13.3.1\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Users\EricShang\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Users\EricShang\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\EricShang\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - ExtSQL: 2012-12-05 01:51; avg@toolbar; C:\ProgramData\AVG Secure Search\FireFoxExt\13.3.0.11
FF - ExtSQL: !HIDDEN! 2010-08-29 23:30; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(yahoo.ytff.general.dontshowhpoffer, true);user_pref(network.protocol-handler.warn-external.dnupdate, false
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-10-15 63328]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2012-9-21 225120]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2012-10-5 111456]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-9-14 40800]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-9-21 200032]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-8-4 30568]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-11-19 2462128]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-7-7 56344]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\System32\drivers\L1C62x64.sys [2009-9-4 62464]
R3 RzSynapse;Razer Driver;C:\Windows\System32\drivers\RzSynapse.sys [2011-5-12 154624]
S1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464]
S1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-10-2 185696]
S2 AFBAgent;AFBAgent;C:\Windows\System32\FBAgent.exe [2010-7-7 379520]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-9-8 204288]
S2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-6 5814392]
S2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-5-28 8704]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-10 399432]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-10 676936]
S2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]
S2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2012-12-9 3463080]
S2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2009-8-6 13784]
S2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-7-7 2314240]
S2 vToolbarUpdater13.3.1;vToolbarUpdater13.3.1;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.3.1\ToolbarUpdater.exe [2012-12-5 894920]
S3 AmUStor;AM USB Stroage Driver;C:\Windows\System32\drivers\AmUStor.sys [2009-8-21 44032]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-7-7 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-7-7 79360]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-6-21 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\System32\drivers\ivusb.sys [2010-7-28 29720]
S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-12-10 25928]
S3 SaiU0CCB;SaiU0CCB;C:\Windows\System32\drivers\SaiU0CCB.sys [2010-4-22 41096]
S3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
S3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
S3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
S3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
S3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-7 59392]
S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-8-6 118672]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2008-11-7 40448]
S3 VaneFltr;Lachesis Mouse Driver;C:\Windows\System32\drivers\Lachesis.sys [2007-8-17 30336]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-8-16 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
.
=============== Created Last 30 ================
.
2012-12-10 06:48:43 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-12-10 06:27:57 -------- d-----w- C:\Users\EricShang\AppData\Local\{43042D43-BA08-4B7B-81AA-4F31E45C221A}
2012-12-10 05:26:54 -------- d-----w- C:\Users\EricShang\AppData\Roaming\Process Hacker 2
2012-12-10 05:16:48 -------- d-----w- C:\Program Files\Process Hacker 2
2012-12-10 05:15:10 -------- d-----w- C:\Users\EricShang\AppData\Roaming\Malwarebytes
2012-12-10 05:15:04 -------- d-----w- C:\ProgramData\Malwarebytes
2012-12-10 05:15:03 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-12-10 05:10:37 -------- d-----w- C:\Users\EricShang\AppData\Local\{9C6DEC44-6FBD-4D90-A673-6175569E33BF}
2012-12-09 17:15:12 -------- d-----w- C:\Program Files (x86)\Wizards of the Coast
2012-12-09 16:53:22 -------- d-----w- C:\Users\EricShang\AppData\Local\Wizards_of_the_Coast
2012-12-09 16:15:52 -------- d-----w- C:\Users\EricShang\.maptool
2012-12-09 16:11:29 33856 ---ha-w- C:\Windows\System32\hamachi.sys
2012-12-09 16:11:26 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi
2012-12-09 16:11:06 -------- d-----w- C:\Users\EricShang\AppData\Local\LogMeIn Hamachi
2012-12-09 09:08:25 -------- d-----w- C:\Users\EricShang\AppData\Roaming\TeamViewer
2012-12-09 09:05:48 -------- d-----w- C:\Program Files (x86)\TeamViewer
2012-12-07 21:48:11 -------- d-----w- C:\Users\EricShang\AppData\Local\Apps
2012-12-07 21:36:12 -------- d-----w- C:\Users\EricShang\AppData\Roaming\TrueCrypt
2012-12-07 21:34:46 231376 ----a-w- C:\Windows\System32\drivers\truecrypt.sys
2012-12-07 21:34:25 -------- d-----w- C:\Program Files\TrueCrypt
2012-12-07 20:00:21 -------- d-----w- C:\Program Files\CCleaner
2012-12-07 10:32:07 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2012-12-07 10:32:03 588728 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
2012-12-07 10:32:03 43960 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
2012-12-07 10:32:03 157352 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-12-07 10:32:03 129976 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-12-07 09:11:26 -------- d-----w- C:\Users\EricShang\AppData\Local\{A6379699-95C3-46E7-B34C-95B3DA944426}
2012-12-07 09:06:42 -------- d-----w- C:\Users\EricShang\AppData\Local\{323E896F-4C6A-41E2-893A-21AFCC47ADD1}
2012-12-05 06:52:54 -------- d-----w- C:\Users\EricShang\AppData\Roaming\AVG2013
2012-12-05 06:51:23 -------- d-----w- C:\Users\EricShang\AppData\Roaming\TuneUp Software
2012-12-05 06:51:04 -------- d-----w- C:\Program Files (x86)\AVG Secure Search
2012-12-05 06:49:52 -------- d--h--w- C:\$AVG
2012-12-05 06:49:52 -------- d-----w- C:\ProgramData\AVG2013
2012-12-05 06:49:12 -------- d-----w- C:\Program Files (x86)\AVG
2012-12-05 06:32:09 -------- d-----w- C:\Users\EricShang\AppData\Local\MFAData
2012-12-05 06:32:09 -------- d-----w- C:\Users\EricShang\AppData\Local\Avg2013
2012-12-05 06:32:09 -------- d-----w- C:\ProgramData\MFAData
2012-12-02 21:06:23 -------- d-----w- C:\Users\EricShang\AppData\Local\{445C6220-2FA8-45A2-8030-F176F6A1039E}
2012-12-02 21:02:50 -------- d-----w- C:\Users\EricShang\AppData\Local\{526E55A4-9D91-4F9F-A603-5AA37AE9F817}
2012-11-30 22:14:26 -------- d-----w- C:\Users\EricShang\AppData\Local\{59CD971F-4ED4-421A-A299-433B568E3F2D}
2012-11-30 10:14:04 -------- d-----w- C:\Users\EricShang\AppData\Local\{BFBD79B7-F127-4519-B39E-4D121633279D}
2012-11-29 22:13:23 -------- d-----w- C:\Users\EricShang\AppData\Local\{036EEC04-D349-4236-B170-013359FB3A43}
2012-11-29 04:26:58 -------- d-----w- C:\Users\EricShang\AppData\Local\{BC555C01-53C0-4F01-BEEB-52A27E7D2150}
2012-11-28 16:26:48 -------- d-----w- C:\Users\EricShang\AppData\Local\{58DD7298-A2A4-4E6E-8F6F-7B874084FD4A}
2012-11-28 04:26:26 -------- d-----w- C:\Users\EricShang\AppData\Local\{A279A7C8-02C6-4683-8F8C-3D13079705A6}
2012-11-25 00:54:22 -------- d-----w- C:\Users\EricShang\AppData\Local\SCE
2012-11-25 00:54:04 -------- d-----w- C:\Crash
2012-11-25 00:54:03 -------- d-----w- C:\Users\EricShang\AppData\Local\Sony Online Entertainment
2012-11-24 19:43:41 -------- d-----w- C:\Users\EricShang\AppData\Local\{E8856C97-25BD-45D3-BD94-B96AAB1693AB}
2012-11-22 15:40:28 -------- d-----w- C:\Users\EricShang\AppData\Local\{D1251ED3-8E47-420C-A3E8-077A21E431F3}
2012-11-22 01:51:28 -------- d-----w- C:\Users\EricShang\AppData\Local\{35062583-6135-43C7-9F37-47E674986C61}
2012-11-17 21:16:14 -------- d-----w- C:\Users\EricShang\AppData\Local\{0FF3FB80-8131-4591-B3CB-F5746C487856}
2012-11-17 08:15:07 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2012-11-17 08:15:06 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2012-11-17 08:15:06 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2012-11-17 08:15:06 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2012-11-17 08:02:26 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2012-11-17 08:02:26 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2012-11-17 08:02:25 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2012-11-17 08:02:25 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2012-11-17 08:02:25 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2012-11-17 08:02:25 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2012-11-17 08:02:25 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2012-11-16 22:32:10 -------- d-----w- C:\Users\EricShang\AppData\Local\{16CEACBE-4D7C-41F2-82B5-9DBFD94ACB08}
2012-11-16 10:31:35 -------- d-----w- C:\Users\EricShang\AppData\Local\{A805FFAD-0FC7-46C7-837C-FD483E205EE6}
2012-11-15 22:31:13 -------- d-----w- C:\Users\EricShang\AppData\Local\{82E9628E-FBD1-4881-B669-75AA3EA0DF82}
2012-11-15 10:30:52 -------- d-----w- C:\Users\EricShang\AppData\Local\{429A351F-1157-40F6-BB5D-E125019C42F2}
2012-11-14 22:30:30 -------- d-----w- C:\Users\EricShang\AppData\Local\{4F5652BE-248D-4647-AAF6-64E3EF7770AD}
2012-11-14 10:30:09 -------- d-----w- C:\Users\EricShang\AppData\Local\{0B8885A9-5319-49E9-9076-571430548DE4}
2012-11-13 22:29:47 -------- d-----w- C:\Users\EricShang\AppData\Local\{8771C2CB-12CD-407A-B7FF-B173C2028198}
2012-11-13 10:29:26 -------- d-----w- C:\Users\EricShang\AppData\Local\{0A911C91-A086-4BA2-9E01-7CE337128323}
2012-11-12 22:29:04 -------- d-----w- C:\Users\EricShang\AppData\Local\{83F32C4D-D7A8-40B9-83B4-09EA83A49FD6}
2012-11-12 10:28:43 -------- d-----w- C:\Users\EricShang\AppData\Local\{27F3C9EB-D6F2-4559-9FCC-FB543C76A253}
2012-11-11 22:28:21 -------- d-----w- C:\Users\EricShang\AppData\Local\{9E9E83C9-EC46-4BB5-9ABB-97AE3260CDA0}
2012-11-11 10:28:00 -------- d-----w- C:\Users\EricShang\AppData\Local\{556732F9-3E3D-4DF9-8772-9018D6D2BFF3}
.
==================== Find3M ====================
.
2012-12-10 06:26:48 45056 ----a-w- C:\Windows\System32\acovcnt.exe
2012-12-05 06:50:56 30568 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2012-10-22 18:02:44 154464 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2012-10-18 18:25:58 3149824 ----a-w- C:\Windows\System32\win32k.sys
2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll
2012-10-15 08:48:50 63328 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
2012-10-08 11:31:03 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-10-08 11:23:52 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-10-08 11:22:55 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-10-08 11:18:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-10-08 11:17:35 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-10-08 11:13:33 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-10-08 07:56:24 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-10-08 07:48:03 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-10-08 07:47:44 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-10-08 07:44:05 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-10-08 07:43:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-10-08 07:40:56 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-10-07 07:02:55 281520 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-10-07 07:02:55 281520 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-10-07 07:02:35 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-10-05 08:32:50 111456 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll
2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll
2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll
2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll
2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll
2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll
2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll
2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll
2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys
2012-10-02 08:30:38 185696 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2012-09-25 22:47:43 78336 ----a-w- C:\Windows\SysWow64\synceng.dll
2012-09-25 22:46:17 95744 ----a-w- C:\Windows\System32\synceng.dll
2012-09-21 08:46:04 200032 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2012-09-21 08:46:00 225120 ----a-w- C:\Windows\System32\drivers\avgloga.sys
2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-09-14 08:05:18 40800 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
.
============= FINISH: 22:44:40.75 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 8/14/2010 8:20:38 AM
System Uptime: 12/10/2012 10:43:51 AM (12 hours ago)
.
Motherboard: ASUSTeK Computer Inc. | | G73Jh
Processor: Intel(R) Core(TM) i7 CPU Q 720 @ 1.60GHz | Socket 989 | 1708/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 446 GiB total, 118.772 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Security Processor Loader Driver
Device ID: ROOT\LEGACY_SPLDR\0000
Manufacturer:
Name: Security Processor Loader Driver
PNP Device ID: ROOT\LEGACY_SPLDR\0000
Service: spldr
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0002
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #4
PNP Device ID: ROOT\*ISATAP\0002
Service: tunnel
.
==== System Restore Points ===================
.
RP246: 12/7/2012 4:34:27 PM - TrueCrypt installation
RP247: 12/9/2012 11:10:11 AM - Installed LogMeIn Hamachi
RP248: 12/9/2012 12:14:58 PM - Installed Character Builder Beta.
RP249: 12/9/2012 4:30:19 PM - Restore Operation
RP250: 12/9/2012 4:52:12 PM - Removed Character Builder Beta.
.
==== Installed Programs ======================
.
64 Bit HP CIO Components Installer
7-zip v9.20
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader 9.1 MUI
AIM 7
Alcor Micro USB Card Reader
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Media Foundation Decoders
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Application Profiles
applicationupdater
ARMA 2 Operation Arrowhead Uninstall
ArmA 2 Uninstall
ASUS AI Recovery
ASUS FancyStart
ASUS LifeFrame3
ASUS Live Update
ASUS Power4Gear Hybrid
ASUS SmartLogon
ASUS Splendid Video Enhancement Technology
ASUS Virtual Camera
ASUS_Notebook_G73 Screen Saver
ATK Package
AutoHotkey 1.0.48.05
AVG 2013
Bandicam
Bandisoft MPEG-1 Decoder
Battlefield 2142
Battlefield 3™
Battlelog Web Plugins
BattlEye for OA Uninstall
BattlEye Uninstall
BufferChm
C4700
calibre
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help English
CCleaner
Character Builder Beta
Click to Call with Skype
ControlDeck
Counter-Strike
Counter-Strike: Source
Coupon Printer for Windows
Creative MediaSource 5
CyberLink LabelPrint
CyberLink Power2Go
D3DX10
DayZ Commander
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Destinations
DeviceDiscovery
Diablo III
DivX Setup
Dota 2
Download Updater (AOL LLC)
DreamerRO's 10.11
DreamerRO 10.11
Driver Sweeper version 3.2.0
Dropbox
ESN Sonar
Express Gate
F.lux
Fast Boot
gamelauncher-ps2-live
GOM Player
GOMTV Streamer
Google Chrome
Google Talk Plugin
GPBaseService2
Guild Wars 2
Hi-Rez Studios Authenticate and Update Service
HP Customer Participation Program 14.0
HP Imaging Device Functions 14.0
HP Photo Creations
HP Photosmart C4700 All-in-One Driver Software 14.0 Rel. 6
HP Smart Web Printing 4.60
HP Solution Center 14.0
HP Update
HPPhotoGadget
HPProductAssistant
HPSSupply
Intel(R) Management Engine Components
Intel(R) Turbo Boost Technology Monitor
iTunes
Java Auto Updater
Java(TM) 6 Update 20
Junk Mail filter update
League of Legends
LogMeIn Hamachi
Malwarebytes Anti-Malware version 1.65.1.1000
MarketResearch
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft PowerPoint Viewer
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB973685)
Mumble 1.2.3
Network64
Nexon Game Manager
Origin
Pando Media Booster
PlanetSide 2
Portal 2
PS_AIO_06_C4700_SW_Min
PunkBuster Services
QuickTime
QuickTransfer
Razer BlackWidow Ultimate
Razer Imperator
Realtek High Definition Audio Driver
RPTools MapTool
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2553488) 32-Bit Edition
Shop for HP Supplies
Six Updater
Skype™ 6.0
SmartWebPrinting
Smite
SolutionCenter
Sound Blaster Audigy HD
Spotify
StarCraft II
Status
Steam
Synaptics Pointing Device Driver
System Requirements Lab CYRI
TeamSpeak 3 Client
TeamViewer 8
Toolbox
TrayApp
Tribes Ascend
TrueCrypt
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
USB 2.0 1.3M UVC WebCam
VC80CRTRedist - 8.0.50727.6195
Ventrilo Client
Visual Studio 2010 x64 Redistributables
WebReg
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinFlash
WinRAR archiver
WinSCP 4.3.2
Wireless Console 3
XSplit
.
==== Event Viewer Messages From Past Week ========
.
12/9/2012 5:23:16 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
12/9/2012 5:04:48 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AVGIDSDriver Avgldx64 Avgtdia DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx truecrypt vwififlt Wanarpv6 WfpLwf
12/9/2012 5:04:48 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
12/9/2012 5:04:48 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
12/9/2012 5:04:48 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
12/9/2012 5:04:48 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
12/9/2012 5:04:48 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
12/9/2012 5:04:48 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
12/9/2012 5:04:48 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
12/9/2012 5:04:48 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
12/9/2012 5:04:48 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/9/2012 5:04:48 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
12/9/2012 3:08:04 PM, Error: Service Control Manager [7022] - The Server service hung on starting.
12/9/2012 3:03:15 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
12/9/2012 3:03:15 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
12/9/2012 2:56:11 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Live ID Sign-in Assistant service to connect.
12/9/2012 2:56:11 PM, Error: Service Control Manager [7000] - The Windows Live ID Sign-in Assistant service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/9/2012 11:32:24 PM, Error: volmgr [46] - Crash dump initialization failed!
12/9/2012 11:11:29 AM, Error: Service Control Manager [7030] - The LogMeIn Hamachi Tunneling Engine service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
12/9/2012 11:11:29 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the LogMeIn Hamachi Tunneling Engine service to connect.
12/9/2012 11:11:29 AM, Error: Service Control Manager [7000] - The LogMeIn Hamachi Tunneling Engine service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/10/2012 12:48:28 AM, Error: Service Control Manager [7034] - The LogMeIn Hamachi Tunneling Engine service terminated unexpectedly. It has done this 1 time(s).
12/10/2012 12:48:01 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Application Virtualization Client service to connect.
12/10/2012 12:48:01 AM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
12/10/2012 12:48:01 AM, Error: Service Control Manager [7000] - The Application Virtualization Client service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/10/2012 12:39:00 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Client Virtualization Handler service to connect.
12/10/2012 12:39:00 AM, Error: Service Control Manager [7000] - The Client Virtualization Handler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/10/2012 10:44:54 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
12/10/2012 10:44:46 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/10/2012 10:44:36 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
12/10/2012 10:44:32 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AVGIDSDriver Avgldx64 discache spldr truecrypt Wanarpv6
12/10/2012 10:44:31 AM, Error: NetBT [4321] - The name "ERICSHANG-PC :0" could not be registered on the interface with IP address 192.168.1.15. The computer with the IP address 192.168.1.13 did not allow the name to be claimed by this computer.
12/10/2012 10:44:30 AM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.
12/10/2012 10:44:28 AM, Error: Service Control Manager [7001] - The AVGIDSAgent service depends on the AVGIDSDriver service which failed to start because of the following error: A device attached to the system is not functioning.
12/10/2012 10:41:22 AM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
12/10/2012 1:42:18 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
12/10/2012 1:39:09 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
12/10/2012 1:27:45 AM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{05BDF0D1-9718-447B-9539-4FFA1E2CE07F} because another computer on the network has the same name. The server could not start.
12/10/2012 1:27:45 AM, Error: NetBT [4321] - The name "ERICSHANG-PC :20" could not be registered on the interface with IP address 192.168.1.15. The computer with the IP address 192.168.1.13 did not allow the name to be claimed by this computer.
12/10/2012 1:15:20 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{6a6f8bf6-89ea-11df-a10e-806e6f6e6963}\System Volume Information\SystemRestore\New-system' was corrupted and it has been recovered. Some data might have been lost.
12/10/2012 1:14:18 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
12/10/2012 1:14:03 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AVGIDSDriver Avgldx64 discache spldr Wanarpv6
.
==== End Of File ===========================
mrsunnybones
Regular Member
 
Posts: 20
Joined: July 2nd, 2011, 3:07 pm

Re: Bad Image problem (Virus)?

Unread postby wannabeageek » December 15th, 2012, 12:34 am

Greetings mrsunnybones,

Please do not attempt any more self-help fixes. This makes it much more difficult for me to find all the malware issues.

At this link you will find instructions that allows you to backup your files using puppy linux: How to recover files from Windows using Puppy Linux

I would however try to do the following in safemode first:
While in Safe Mode you can carry out your backup by copying and pasting into an external device. Make sure you have adequate space on your external device.

Copy everything under C:\Users{yourname} into a folder named for you then do the same to the other users - providing there are other users.

If you have an external drive with enough space you would be able to copy the entire drive contents, but you would also get the malware you are trying to remove.


Please explain what you use the program LogMeIn Hamachi for?


P2P Advisory!
IMPORTANT There are signs of one or more P2P (Peer to Peer) File Sharing Programs installed on your computer.
Pando Media Booster P2P

As long as you have the P2P program(s) installed, per Forum Policy, I can offer you no further assitance.
If you choose NOT to remove the program(s)...indicate that in your next reply and this topic will be closed.
Otherwise, please perform the following steps:
Remove P2P Program(s)
  1. Click on Start > Control Panel and double click on Programs and Features.
  2. Locate the following program:
    Pando Media Booster P2P
    Coupon Printer for Windows
  3. Click on the Change/Remove button to uninstall it.
    Carefully read any prompts...
    Some uninstallers prompt in a way to trick you into keeping the program, sometimes, preventing them from being uninstalled again!
    Repeat steps 2 and 3 for each program listed.
  4. When the program(s) have been uninstalled... Close Control Panel.
By using any form of P2P networking to download files you can anticipate infestations of malware to occur. The P2P program
itself, may be safe but the files may not... use P2P at your own risk! Keep in mind that this practice may be the source of your current malware infestation.
Reference... siting risk factors, using P2P programs: How to Prevent the Online Invasion of Spyware and Adware



OTL
Please download OTL ... by Old Timer . Save it to your Desktop.
  1. Right click on OTL.exe select "Run As Administrator" to run it. If prompted by UAC, please allow it.
  2. Click the Scan All Users checkbox.
  3. Check the Extra Registry block to make sure the "Use SafeList" button is highlighted.
    Leave the remaining selections to the default settings.
  4. Click on Run Scan at the top left hand corner.
  5. When done, two Notepad files will open.
    • OTL.txt <-- Will be opened, maximized
    • Extras.txt <-- Will be minimized on task bar.
  6. Please post the contents of both OTL.txt and Extras.txt files in your next reply.





Please include in your next reply:
  1. Answer to my question about LogMeIn Hamachi
  2. Acknowledgement of program removal
  3. Contents of OTL.txt
  4. Contents of Extras.txt
  5. Any problem executing the instructions?
Thanks,
wannabeageek
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Bad Image problem (Virus)?

Unread postby mrsunnybones » December 15th, 2012, 9:18 pm

Hello and thanks for your quick reply!

For the LogMeInHamachi, I'm not sure what it's used for. I recently started to play the game Dungeons and Dragons online with a friend, and she asked me to download that and connect to something with it. So i'm not actually sure what it's for other than that. If this is causing a problem, I would be fine with removing it (I have no idea what the purpose of it actually is)


Here is the OTL SCANNER result

OTL logfile created on: 12/15/2012 7:56:47 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\EricShang\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.93 Gb Total Physical Memory | 3.52 Gb Available Physical Memory | 59.38% Memory free
11.85 Gb Paging File | 8.79 Gb Available in Paging File | 74.15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 446.23 Gb Total Space | 111.90 Gb Free Space | 25.08% Space Free | Partition Type: NTFS

Computer Name: ERICSHANG-PC | User Name: EricShang | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/12/10 01:23:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\EricShang\Desktop\OTL.exe
PRC - [2012/12/05 01:50:56 | 001,046,984 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2012/12/05 01:50:56 | 000,894,920 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.3.1\ToolbarUpdater.exe
PRC - [2012/11/29 08:50:25 | 003,463,080 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2012/11/06 19:00:32 | 003,143,800 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
PRC - [2012/11/06 19:00:04 | 005,814,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
PRC - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
PRC - [2012/10/18 17:33:50 | 026,643,352 | ---- | M] (Dropbox, Inc.) -- C:\Users\EricShang\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/09/29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/02/16 15:13:10 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/05/16 11:30:06 | 000,887,712 | ---- | M] (Razer USA Ltd) -- C:\Program Files (x86)\Razer\BlackWidow Ultimate\BlackWidowUltimateTray.exe
PRC - [2010/09/07 13:15:28 | 002,787,224 | ---- | M] (Razer USA Ltd) -- C:\Program Files (x86)\Razer\Imperator\RazerImperatorTray.exe
PRC - [2010/07/07 12:45:57 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2010/05/17 10:06:10 | 001,079,936 | ---- | M] (asus) -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe
PRC - [2010/01/04 19:43:36 | 001,597,440 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
PRC - [2009/11/09 21:20:36 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
PRC - [2009/11/02 16:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009/10/26 12:10:42 | 000,174,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
PRC - [2009/09/30 21:34:22 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009/09/30 21:33:08 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009/08/29 01:00:12 | 000,966,656 | ---- | M] () -- C:\Users\EricShang\Local Settings\Apps\F.lux\flux.exe
PRC - [2009/06/19 12:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
PRC - [2009/06/15 19:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
PRC - [2008/12/29 18:32:54 | 000,237,693 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe
PRC - [2008/12/22 19:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
PRC - [2007/11/30 13:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe


========== Modules (No Company Name) ==========

MOD - [2012/12/05 01:50:56 | 001,046,984 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2012/12/05 01:50:56 | 000,566,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller\13.3.1\avgdttbx.dll
MOD - [2012/12/05 01:50:56 | 000,137,672 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\13.3.1\SiteSafety.dll
MOD - [2012/12/04 20:15:15 | 012,456,040 | ---- | M] () -- C:\Users\EricShang\AppData\Local\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll
MOD - [2012/12/04 20:15:15 | 000,460,904 | ---- | M] () -- C:\Users\EricShang\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppgooglenaclpluginchrome.dll
MOD - [2012/12/04 20:15:14 | 004,008,040 | ---- | M] () -- C:\Users\EricShang\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll
MOD - [2012/12/04 20:14:29 | 000,587,880 | ---- | M] () -- C:\Users\EricShang\AppData\Local\Google\Chrome\Application\23.0.1271.97\libglesv2.dll
MOD - [2012/12/04 20:14:28 | 000,124,520 | ---- | M] () -- C:\Users\EricShang\AppData\Local\Google\Chrome\Application\23.0.1271.97\libegl.dll
MOD - [2012/12/04 20:14:21 | 000,157,304 | ---- | M] () -- C:\Users\EricShang\AppData\Local\Google\Chrome\Application\23.0.1271.97\avutil-51.dll
MOD - [2012/12/04 20:14:20 | 000,275,576 | ---- | M] () -- C:\Users\EricShang\AppData\Local\Google\Chrome\Application\23.0.1271.97\avformat-54.dll
MOD - [2012/12/04 20:14:19 | 002,168,952 | ---- | M] () -- C:\Users\EricShang\AppData\Local\Google\Chrome\Application\23.0.1271.97\avcodec-54.dll
MOD - [2012/11/17 03:49:18 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\66694f9192bd0dddc2eaf90fbcbcd555\System.Management.ni.dll
MOD - [2012/11/17 03:43:01 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7c4de95aa433eb8d81a81caf805947a8\PresentationFramework.Aero.ni.dll
MOD - [2012/11/17 03:42:30 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1ec80905a71750be50dfc7981ad5ae28\PresentationFramework.ni.dll
MOD - [2012/11/17 03:42:12 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll
MOD - [2012/11/17 03:42:04 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll
MOD - [2012/11/17 03:42:01 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\53d6d827964619285771ed72332d3659\PresentationCore.ni.dll
MOD - [2012/11/17 03:41:50 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll
MOD - [2012/11/17 03:41:44 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll
MOD - [2012/11/17 03:41:39 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll
MOD - [2012/11/17 03:41:38 | 007,988,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll
MOD - [2012/11/17 03:41:26 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll
MOD - [2012/04/30 02:55:46 | 008,358,400 | ---- | M] () -- C:\Program Files (x86)\SplitMediaLabs\XSplit\avcodec-54.dll
MOD - [2012/04/30 02:55:46 | 001,152,512 | ---- | M] () -- C:\Program Files (x86)\SplitMediaLabs\XSplit\avformat-54.dll
MOD - [2012/04/30 02:55:46 | 000,333,824 | ---- | M] () -- C:\Program Files (x86)\SplitMediaLabs\XSplit\swscale-2.dll
MOD - [2012/04/30 02:55:46 | 000,151,040 | ---- | M] () -- C:\Program Files (x86)\SplitMediaLabs\XSplit\avutil-51.dll
MOD - [2011/07/28 18:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2010/07/01 10:21:42 | 000,204,800 | ---- | M] () -- C:\Program Files (x86)\ASUS\VirtualCamera\virtualCamera.ax
MOD - [2010/02/23 14:14:22 | 000,071,680 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\Brightness.dll
MOD - [2010/02/23 14:14:10 | 000,050,688 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\P4GControl.dll
MOD - [2010/02/23 14:12:22 | 000,186,880 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\Resolution.dll
MOD - [2010/02/23 14:11:46 | 000,076,288 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\Volume.dll
MOD - [2010/01/04 19:43:36 | 001,597,440 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
MOD - [2009/11/02 16:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009/11/02 16:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2009/08/29 01:00:12 | 000,966,656 | ---- | M] () -- C:\Users\EricShang\Local Settings\Apps\F.lux\flux.exe
MOD - [2009/04/15 14:04:38 | 000,104,520 | ---- | M] () -- C:\Windows\SysWOW64\OSD.dll
MOD - [2009/03/26 16:46:42 | 000,148,480 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL
MOD - [2009/02/06 20:52:24 | 000,073,728 | ---- | M] () -- C:\Windows\SysWOW64\CmdRtr.DLL
MOD - [2007/11/30 13:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe


========== Services (SafeList) ==========

SRV:64bit: - [2011/09/08 12:29:56 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/12/07 18:16:34 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV:64bit: - [2009/08/06 16:17:46 | 000,118,672 | ---- | M] (Intel(R) Corporation) [On_Demand | Running] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/12/10 17:29:46 | 002,465,712 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012/12/07 05:32:03 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/12/05 01:50:56 | 000,894,920 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.3.1\ToolbarUpdater.exe -- (vToolbarUpdater13.3.1)
SRV - [2012/12/04 12:13:34 | 000,008,704 | ---- | M] (Hi-Rez Studios) [Auto | Running] -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService)
SRV - [2012/11/29 08:50:25 | 003,463,080 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2012/11/09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/11/06 19:00:04 | 005,814,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/03/20 19:26:27 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/02/16 15:13:10 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/10/22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/07/07 12:41:28 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2010/07/07 12:41:24 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/11/09 21:20:36 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2009/09/30 21:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009/09/30 21:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/06/15 19:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/12/07 16:34:46 | 000,231,376 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2012/12/05 01:50:56 | 000,030,568 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2012/10/22 13:02:44 | 000,154,464 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2012/10/15 03:48:50 | 000,063,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/10/05 03:32:50 | 000,111,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2012/10/02 03:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/09/29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/09/21 03:46:04 | 000,200,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/09/21 03:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2012/09/14 03:05:18 | 000,040,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2012/03/08 17:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/09/08 13:27:22 | 010,203,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011/09/08 13:27:22 | 010,203,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/09/08 11:52:40 | 000,310,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/05/12 16:59:46 | 000,154,624 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RzSynapse.sys -- (RzSynapse)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/07/28 23:25:10 | 000,029,720 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ivusb.sys -- (ivusb)
DRV:64bit: - [2010/04/22 06:22:50 | 000,041,096 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SaiU0CCB.sys -- (SaiU0CCB)
DRV:64bit: - [2010/04/16 23:24:34 | 000,027,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2010/03/05 10:19:46 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/03/02 15:45:24 | 001,594,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/11/18 05:30:55 | 000,123,408 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/09/17 14:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/09/04 00:39:07 | 000,062,464 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009/08/21 01:48:17 | 000,044,032 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2009/08/06 16:24:13 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/08/06 16:17:34 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009/07/20 04:29:39 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 05:16:29 | 001,806,400 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC)
DRV:64bit: - [2009/05/20 05:04:55 | 000,202,016 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009/05/13 11:07:20 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)
DRV:64bit: - [2009/03/18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2008/11/07 16:23:30 | 000,040,448 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2008/05/23 19:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2008/04/17 15:12:54 | 000,019,304 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2007/08/17 06:48:46 | 000,030,336 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Lachesis.sys -- (VaneFltr)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/02 19:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = C0 52 1A 02 40 02 70 42 B4 4A 48 A5 D7 40 2D A2 [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = C0 52 1A 02 40 02 70 42 B4 4A 48 A5 D7 40 2D A2 [binary data]

IE - HKU\S-1-5-21-3820835310-3000526531-3120137939-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
IE - HKU\S-1-5-21-3820835310-3000526531-3120137939-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://isearch.avg.com/?cid={6E33F971-9F2A-4C48-A8BB-050CDBA109EF}&mid=6dec3e0dc9d847d09aecf18676f4422f-0cee3f687ab7ac8ac07d095ae766127581a90cb0&lang=en&ds=AVG&pr=fr&d=2012-12-05 01:51:09&v=13.3.0.11&sap=hp
IE - HKU\S-1-5-21-3820835310-3000526531-3120137939-1000\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = C0 52 1A 02 40 02 70 42 B4 4A 48 A5 D7 40 2D A2 [binary data]
IE - HKU\S-1-5-21-3820835310-3000526531-3120137939-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-3820835310-3000526531-3120137939-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={6E33F971-9F2A-4C48-A8BB-050CDBA109EF}&mid=6dec3e0dc9d847d09aecf18676f4422f-0cee3f687ab7ac8ac07d095ae766127581a90cb0&lang=en&ds=AVG&pr=fr&d=2012-12-05 01:51:09&v=13.3.0.11&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-3820835310-3000526531-3120137939-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "http://isearch.avg.com/?cid={6E33F971-9F2A-4C48-A8BB-050CDBA109EF}&mid=6dec3e0dc9d847d09aecf18676f4422f-0cee3f687ab7ac8ac07d095ae766127581a90cb0&lang=en&ds=AVG&pr=fr&d=2012-12-05 01:51:09&v=13.3.0.11&sap=hp"
FF - prefs.js..extensions.enabledAddons: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.5.1.20121012015120
FF - prefs.js..extensions.enabledAddons: {865600b4-a6bd-4a5f-9ab0-f442b0ff3210}:1.0
FF - prefs.js..extensions.enabledAddons: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.1.400
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {865600b4-a6bd-4a5f-9ab0-f442b0ff3210}:1.0


FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\13.3.1\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar: C:\Program Files (x86)\BF3 Alpha Trial Web Plugins\Sonar\npesnsonar.dll (ESN AB)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch: C:\Program Files (x86)\BF3 Alpha Trial Web Plugins\npesnlaunch.dll (ESN AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.116.0: C:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.138.0: C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.96.0: C:\Program Files (x86)\Battlelog Web Plugins\1.96.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\EricShang\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\EricShang\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\EricShang\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\EricShang\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/08/29 22:30:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/01/31 00:46:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\13.3.0.11 [2012/12/05 01:51:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/12/15 19:50:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/05/13 13:17:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/08/29 22:30:19 | 000,000,000 | ---D | M]

[2010/08/14 07:27:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\EricShang\AppData\Roaming\Mozilla\Extensions
[2012/11/27 18:18:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\EricShang\AppData\Roaming\Mozilla\Firefox\Profiles\5ecazms3.default\extensions
[2012/10/28 22:10:16 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\EricShang\AppData\Roaming\Mozilla\Firefox\Profiles\5ecazms3.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/10/01 22:30:45 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\EricShang\AppData\Roaming\Mozilla\Firefox\Profiles\5ecazms3.default\extensions\{865600b4-a6bd-4a5f-9ab0-f442b0ff3210}
[2012/11/27 18:18:38 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Users\EricShang\AppData\Roaming\Mozilla\Firefox\Profiles\5ecazms3.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
[2011/11/12 22:17:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/08/20 20:06:45 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/01/31 00:46:08 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012/12/07 05:32:04 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/10/25 18:06:56 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/12/05 01:51:12 | 000,003,571 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/12/07 05:32:01 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/12/07 05:32:01 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: https://isearch.avg.com/?cid={6E33F971-9F2A-4C48-A8BB-050CDBA109EF}&mid=6dec3e0dc9d847d09aecf18676f4422f-0cee3f687ab7ac8ac07d095ae766127581a90cb0&lang=en&ds=gm011&pr=sa&d=2012-08-04 21:03:26&v=12.1.0.21&sap=hp
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: https://isearch.avg.com/?cid={6E33F971-9F2A-4C48-A8BB-050CDBA109EF}&mid=6dec3e0dc9d847d09aecf18676f4422f-0cee3f687ab7ac8ac07d095ae766127581a90cb0&lang=en&ds=gm011&pr=sa&d=2012-08-04 21:03:26&v=12.1.0.21&sap=hp
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\EricShang\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\EricShang\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\EricShang\AppData\Local\Google\Chrome\Application\23.0.1271.97\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\EricShang\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\EricShang\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.5.0.8013_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U20 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\BF3 Alpha Trial Web Plugins\Sonar\npesnsonar.dll
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\BF3 Alpha Trial Web Plugins\npesnlaunch.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\EricShang\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\EricShang\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Honey = C:\Users\EricShang\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj\0.0.1.25_0\
CHR - Extension: ExHentai Easy = C:\Users\EricShang\AppData\Local\Google\Chrome\User Data\Default\Extensions\bohapeiooecafommnlaiccilacgmkaoc\1.0_0\
CHR - Extension: Google Search = C:\Users\EricShang\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: ICE Quick Stream = C:\Users\EricShang\AppData\Local\Google\Chrome\User Data\Default\Extensions\mapljocpedaolbooelchgnkkaplpadgp\5.1_1\
CHR - Extension: AVG Secure Search = C:\Users\EricShang\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\13.3.0.11_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\EricShang\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = C:\Users\EricShang\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.3.0.11\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.3.0.11\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3820835310-3000526531-3120137939-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-3820835310-3000526531-3120137939-1000\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.)
O4:64bit: - HKLM..\Run: [RunDLLEntry] C:\Windows\SysNative\AmbRunE.DLL (Creative Technology Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Razer Blackwidow Driver] C:\Program Files (x86)\Razer\BlackWidow Ultimate\BlackWidowUltimateTray.exe (Razer USA Ltd)
O4 - HKLM..\Run: [Razer Imperator Driver] C:\Program Files (x86)\Razer\Imperator\RazerImperatorTray.exe (Razer USA Ltd)
O4 - HKLM..\Run: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3820835310-3000526531-3120137939-1000..\Run: [F.lux] C:\Users\EricShang\Local Settings\Apps\F.lux\flux.exe ()
O4 - HKU\S-1-5-21-3820835310-3000526531-3120137939-1000..\Run: [Spotify Web Helper] C:\Users\EricShang\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKU\S-1-5-21-3820835310-3000526531-3120137939-1000..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\EricShang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\EricShang\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-3820835310-3000526531-3120137939-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-21-3820835310-3000526531-3120137939-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3820835310-3000526531-3120137939-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3820835310-3000526531-3120137939-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3820835310-3000526531-3120137939-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{05BDF0D1-9718-447B-9539-4FFA1E2CE07F}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{93422096-8B22-4798-A1C3-B195BD476D83}: DhcpNameServer = 128.8.74.2 128.8.76.2
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.3.1\ViProtocol.dll ()
O20 - AppInit_DLLs: (C:\ProgramData\dxmasf32.dll) - File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\install\winupdt.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\install\winupdt.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\install\winupdt.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\install\winupdt.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\install\winupdt.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\install\winupdt.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\install\winupdt.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\install\winupdt.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\install\winupdt.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\install\winupdt.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\install\winupdt.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\install\winupdt.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\install\winupdt.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\install\winupdt.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\install\winupdt.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\install\winupdt.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\install\winupdt.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\install\winupdt.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\install\winupdt.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\install\winupdt.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\install\winupdt.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\install\winupdt.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\install\winupdt.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\install\winupdt.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\install\winupdt.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\install\winupdt.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\install\winupdt.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\install\winupdt.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\install\winupdt.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\install\winupdt.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\install\winupdt.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\install\winupdt.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\install\winupdt.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\install\winupdt.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\install\winupdt.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\install\winupdt.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\install\winupdt.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\install\winupdt.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\install\winupdt.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\install\winupdt.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\install\winupdt.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\install\winupdt.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\install\winupdt.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\install\winupdt.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\install\winupdt.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\install\winupdt.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\install\winupdt.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\install\winupdt.exe) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{24b3f877-9d26-11e1-9889-20cf3010abdc}\Shell - "" = AutoRun
O33 - MountPoints2\{24b3f877-9d26-11e1-9889-20cf3010abdc}\Shell\AutoRun\command - "" = D:\setup.exe -a
O33 - MountPoints2\{5e9fe941-2611-11e0-804f-20cf3010abdc}\Shell - "" = AutoRun
O33 - MountPoints2\{5e9fe941-2611-11e0-804f-20cf3010abdc}\Shell\AutoRun\command - "" = D:\unlock.exe autoplay=true
O33 - MountPoints2\{eb6a01fd-8ce2-11e1-b9e4-20cf3010abdc}\Shell - "" = AutoRun
O33 - MountPoints2\{eb6a01fd-8ce2-11e1-b9e4-20cf3010abdc}\Shell\AutoRun\command - "" = D:\setup.exe -a
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\unlock.exe autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/12/15 19:48:22 | 000,000,000 | ---D | C] -- C:\Users\EricShang\AppData\Local\{6D191317-ED70-43E5-9738-B6F8EFD72B27}
[2012/12/15 19:39:20 | 000,000,000 | ---D | C] -- C:\Users\EricShang\AppData\Local\{39A650CF-70BE-4C7C-8781-D7D1FA4E3DCD}
[2012/12/15 03:01:43 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/12/15 03:01:43 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/12/15 03:01:42 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/12/15 03:01:42 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/12/15 03:01:42 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/12/15 03:01:42 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/12/15 03:01:42 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/12/15 03:01:42 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/12/15 03:01:41 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/12/15 03:01:41 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/12/15 03:01:41 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/12/15 03:01:41 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/12/15 03:01:40 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/12/15 03:01:40 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/12/15 03:01:40 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/12/14 13:03:27 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012/12/14 13:03:27 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012/12/14 13:03:27 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012/12/14 13:03:27 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012/12/14 13:03:09 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012/12/14 13:03:07 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012/12/14 13:03:07 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012/12/14 13:03:07 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012/12/14 13:03:05 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012/12/14 13:03:05 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012/12/14 13:03:05 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012/12/14 13:03:05 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012/12/14 13:03:04 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012/12/14 13:03:04 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012/12/14 13:03:03 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012/12/14 13:03:03 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012/12/14 13:03:03 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012/12/14 13:03:03 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012/12/14 13:03:03 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012/12/14 13:03:03 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012/12/14 13:03:03 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/12/14 13:03:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012/12/14 13:03:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012/12/14 13:03:02 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012/12/14 13:03:02 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012/12/14 13:03:02 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012/12/14 13:03:02 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012/12/14 13:03:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/12/14 13:03:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012/12/14 13:03:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012/12/14 13:03:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012/12/14 13:03:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012/12/14 13:03:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012/12/14 13:03:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012/12/14 13:03:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012/12/14 13:03:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012/12/14 13:03:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/12/14 13:03:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/12/14 13:03:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/12/14 13:03:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/12/14 13:03:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/12/14 13:03:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012/12/14 13:03:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012/12/14 13:03:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012/12/14 13:03:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/12/14 13:03:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/12/14 13:03:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012/12/14 13:03:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012/12/14 13:03:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012/12/14 13:03:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012/12/14 13:03:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012/12/14 13:03:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012/12/14 13:03:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/12/14 13:03:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012/12/14 13:03:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012/12/14 13:03:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012/12/14 13:03:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012/12/14 13:03:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012/12/14 13:03:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012/12/14 13:03:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012/12/14 13:03:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012/12/14 13:03:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012/12/14 13:03:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/12/14 13:03:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/12/14 13:03:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012/12/14 13:03:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012/12/14 13:03:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012/12/14 13:03:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012/12/14 13:03:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012/12/14 13:03:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012/12/14 13:03:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012/12/14 13:03:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012/12/14 13:03:02 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012/12/14 13:02:48 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll
[2012/12/14 13:02:48 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll
[2012/12/13 21:14:21 | 000,000,000 | ---D | C] -- C:\Users\EricShang\AppData\Local\{2E8E665A-1F56-4442-B199-50DA89B69D84}
[2012/12/12 15:16:23 | 000,000,000 | ---D | C] -- C:\Users\EricShang\AppData\Local\{B0C3CFB8-19D1-492A-A85A-9FAC94D83CB2}
[2012/12/11 17:48:42 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/12/10 22:43:44 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\EricShang\Desktop\dds.com
[2012/12/10 01:48:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/12/10 01:48:43 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/12/10 01:48:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-zip
[2012/12/10 01:48:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-zip
[2012/12/10 01:27:57 | 000,000,000 | ---D | C] -- C:\Users\EricShang\AppData\Local\{43042D43-BA08-4B7B-81AA-4F31E45C221A}
[2012/12/10 01:23:30 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\EricShang\Desktop\OTL.exe
[2012/12/10 00:26:54 | 000,000,000 | ---D | C] -- C:\Users\EricShang\AppData\Roaming\Process Hacker 2
[2012/12/10 00:16:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Process Hacker 2
[2012/12/10 00:16:48 | 000,000,000 | ---D | C] -- C:\Program Files\Process Hacker 2
[2012/12/10 00:15:10 | 000,000,000 | ---D | C] -- C:\Users\EricShang\AppData\Roaming\Malwarebytes
[2012/12/10 00:15:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/12/10 00:15:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/12/10 00:10:37 | 000,000,000 | ---D | C] -- C:\Users\EricShang\AppData\Local\{9C6DEC44-6FBD-4D90-A673-6175569E33BF}
[2012/12/09 12:15:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wizards of the Coast
[2012/12/09 12:15:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wizards of the Coast
[2012/12/09 11:53:22 | 000,000,000 | ---D | C] -- C:\Users\EricShang\AppData\Local\Wizards_of_the_Coast
[2012/12/09 11:52:11 | 000,000,000 | ---D | C] -- C:\Users\EricShang\Documents\charbuilder
[2012/12/09 11:50:07 | 000,000,000 | ---D | C] -- C:\Users\EricShang\Desktop\charbuilder
[2012/12/09 11:15:52 | 000,000,000 | ---D | C] -- C:\Users\EricShang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RPTools
[2012/12/09 11:15:52 | 000,000,000 | ---D | C] -- C:\Users\EricShang\.maptool
[2012/12/09 11:11:29 | 000,033,856 | -H-- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\hamachi.sys
[2012/12/09 11:11:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2012/12/09 11:11:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2012/12/09 11:11:06 | 000,000,000 | ---D | C] -- C:\Users\EricShang\AppData\Local\LogMeIn Hamachi
[2012/12/09 09:17:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/12/09 04:08:25 | 000,000,000 | ---D | C] -- C:\Users\EricShang\AppData\Roaming\TeamViewer
[2012/12/09 04:05:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer
[2012/12/07 16:48:14 | 000,000,000 | ---D | C] -- C:\Users\EricShang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flux
[2012/12/07 16:48:11 | 000,000,000 | ---D | C] -- C:\Users\EricShang\AppData\Local\Apps
[2012/12/07 16:36:12 | 000,000,000 | ---D | C] -- C:\Users\EricShang\AppData\Roaming\TrueCrypt
[2012/12/07 16:34:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrueCrypt
[2012/12/07 16:34:46 | 000,231,376 | ---- | C] (TrueCrypt Foundation) -- C:\Windows\SysNative\drivers\truecrypt.sys
[2012/12/07 16:34:25 | 000,000,000 | ---D | C] -- C:\Program Files\TrueCrypt
[2012/12/07 15:00:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/12/07 15:00:21 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/12/07 05:32:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/12/07 05:32:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/12/07 04:11:26 | 000,000,000 | ---D | C] -- C:\Users\EricShang\AppData\Local\{A6379699-95C3-46E7-B34C-95B3DA944426}
[2012/12/07 04:06:42 | 000,000,000 | ---D | C] -- C:\Users\EricShang\AppData\Local\{323E896F-4C6A-41E2-893A-21AFCC47ADD1}
[2012/12/05 01:52:54 | 000,000,000 | ---D | C] -- C:\Users\EricShang\AppData\Roaming\AVG2013
[2012/12/05 01:51:23 | 000,000,000 | ---D | C] -- C:\Users\EricShang\AppData\Roaming\TuneUp Software
[2012/12/05 01:51:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search
[2012/12/05 01:49:52 | 000,000,000 | -H-D | C] -- C:\$AVG
[2012/12/05 01:49:52 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013
[2012/12/05 01:49:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2012/12/05 01:32:09 | 000,000,000 | ---D | C] -- C:\Users\EricShang\AppData\Local\MFAData
[2012/12/05 01:32:09 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/12/05 01:32:09 | 000,000,000 | ---D | C] -- C:\Users\EricShang\AppData\Local\Avg2013
[2012/12/02 16:06:23 | 000,000,000 | ---D | C] -- C:\Users\EricShang\AppData\Local\{445C6220-2FA8-45A2-8030-F176F6A1039E}
[2012/12/02 16:02:50 | 000,000,000 | ---D | C] -- C:\Users\EricShang\AppData\Local\{526E55A4-9D91-4F9F-A603-5AA37AE9F817}
[2012/11/30 17:14:26 | 000,000,000 | ---D | C] -- C:\Users\EricShang\AppData\Local\{59CD971F-4ED4-421A-A299-433B568E3F2D}
[2012/11/30 05:14:04 | 000,000,000 | ---D | C] -- C:\Users\EricShang\AppData\Local\{BFBD79B7-F127-4519-B39E-4D121633279D}
[2012/11/29 17:13:23 | 000,000,000 | ---D | C] -- C:\Users\EricShang\AppData\Local\{036EEC04-D349-4236-B170-013359FB3A43}
[2012/11/28 23:26:58 | 000,000,000 | ---D | C] -- C:\Users\EricShang\AppData\Local\{BC555C01-53C0-4F01-BEEB-52A27E7D2150}
[2012/11/28 11:26:48 | 000,000,000 | ---D | C] -- C:\Users\EricShang\AppData\Local\{58DD7298-A2A4-4E6E-8F6F-7B874084FD4A}
[2012/11/27 23:26:26 | 000,000,000 | ---D | C] -- C:\Users\EricShang\AppData\Local\{A279A7C8-02C6-4683-8F8C-3D13079705A6}
[2012/11/24 19:54:22 | 000,000,000 | ---D | C] -- C:\Users\EricShang\AppData\Local\SCE
[2012/11/24 19:54:04 | 000,000,000 | ---D | C] -- C:\Crash
[2012/11/24 19:54:03 | 000,000,000 | ---D | C] -- C:\Users\EricShang\AppData\Local\Sony Online Entertainment
[2012/11/24 14:43:41 | 000,000,000 | ---D | C] -- C:\Users\EricShang\AppData\Local\{E8856C97-25BD-45D3-BD94-B96AAB1693AB}
[2012/11/22 10:40:28 | 000,000,000 | ---D | C] -- C:\Users\EricShang\AppData\Local\{D1251ED3-8E47-420C-A3E8-077A21E431F3}
[2012/11/22 04:59:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/11/22 04:59:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012/11/21 20:51:28 | 000,000,000 | ---D | C] -- C:\Users\EricShang\AppData\Local\{35062583-6135-43C7-9F37-47E674986C61}
[2012/11/17 16:16:14 | 000,000,000 | ---D | C] -- C:\Users\EricShang\AppData\Local\{0FF3FB80-8131-4591-B3CB-F5746C487856}
[2012/11/17 03:15:06 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys
[2012/11/17 03:15:06 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll
[2012/11/17 03:02:25 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll
[2012/11/17 03:02:25 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe
[2012/11/17 03:02:25 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll
[2012/11/17 03:02:25 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll
[2012/11/16 17:32:10 | 000,000,000 | ---D | C] -- C:\Users\EricShang\AppData\Local\{16CEACBE-4D7C-41F2-82B5-9DBFD94ACB08}
[2012/11/16 05:31:35 | 000,000,000 | ---D | C] -- C:\Users\EricShang\AppData\Local\{A805FFAD-0FC7-46C7-837C-FD483E205EE6}
[2012/11/16 03:23:33 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll
[2012/11/16 03:23:33 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll
[2012/11/16 03:23:33 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll
[2012/11/16 03:23:25 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll
[2012/11/16 03:23:25 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll
[2012/11/16 03:23:25 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll
[2012/11/16 03:23:25 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll
[2012/11/16 03:23:24 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll
[2012/11/16 03:23:24 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll
[2012/11/16 03:23:03 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll
[2012/11/16 03:23:03 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll

========== Files - Modified Within 30 Days ==========

[2012/12/15 19:54:50 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/15 19:54:50 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/15 19:47:48 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe
[2012/12/15 19:47:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/12/15 19:47:05 | 477,532,159 | -HS- | M] () -- C:\hiberfil.sys
[2012/12/15 19:18:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3820835310-3000526531-3120137939-1000UA.job
[2012/12/15 13:18:00 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3820835310-3000526531-3120137939-1000Core.job
[2012/12/15 03:24:41 | 000,419,584 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/12/14 13:19:33 | 000,002,515 | ---- | M] () -- C:\Users\EricShang\Desktop\Google Chrome.lnk
[2012/12/14 12:51:51 | 000,727,334 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/12/14 12:51:51 | 000,624,864 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/12/14 12:51:51 | 000,106,950 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/12/12 15:14:58 | 000,001,630 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
[2012/12/10 22:43:45 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\EricShang\Desktop\dds.com
[2012/12/10 01:48:45 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/12/10 01:48:02 | 000,000,964 | ---- | M] () -- C:\Users\Public\Desktop\7-zip.lnk
[2012/12/10 01:42:18 | 000,001,352 | ---- | M] () -- C:\Users\EricShang\Desktop\Download Windows.lnk
[2012/12/10 01:23:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\EricShang\Desktop\OTL.exe
[2012/12/09 14:44:43 | 000,002,237 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2012/12/09 11:44:06 | 000,002,023 | ---- | M] () -- C:\Users\EricShang\Desktop\RPTools MapTool.lnk
[2012/12/09 11:10:00 | 003,849,216 | ---- | M] () -- C:\Users\EricShang\Desktop\hamachi.msi
[2012/12/09 09:17:48 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2012/12/09 04:05:56 | 000,001,168 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 8.lnk
[2012/12/07 16:42:36 | 001,048,576 | ---- | M] () -- C:\Users\EricShang\My Volume
[2012/12/07 16:34:50 | 000,000,877 | ---- | M] () -- C:\Users\Public\Desktop\TrueCrypt.lnk
[2012/12/07 16:34:46 | 000,231,376 | ---- | M] (TrueCrypt Foundation) -- C:\Windows\SysNative\drivers\truecrypt.sys
[2012/12/07 16:32:13 | 000,001,412 | ---- | M] () -- C:\Users\Public\Desktop\DayZ Commander.lnk
[2012/12/07 15:00:22 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/12/07 05:32:06 | 000,002,050 | ---- | M] () -- C:\Users\EricShang\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/12/05 01:50:56 | 000,030,568 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2012/11/24 18:34:20 | 000,002,497 | ---- | M] () -- C:\Users\EricShang\Desktop\PlanetSide 2.lnk
[2012/11/22 04:59:19 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk

========== Files Created - No Company Name ==========

[2012/12/10 01:48:45 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/12/10 01:48:02 | 000,000,964 | ---- | C] () -- C:\Users\Public\Desktop\7-zip.lnk
[2012/12/10 01:42:18 | 000,001,352 | ---- | C] () -- C:\Users\EricShang\Desktop\Download Windows.lnk
[2012/12/09 11:15:52 | 000,002,023 | ---- | C] () -- C:\Users\EricShang\Desktop\RPTools MapTool.lnk
[2012/12/09 11:09:58 | 003,849,216 | ---- | C] () -- C:\Users\EricShang\Desktop\hamachi.msi
[2012/12/09 04:05:56 | 000,001,180 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk
[2012/12/09 04:05:56 | 000,001,168 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 8.lnk
[2012/12/07 16:42:36 | 001,048,576 | ---- | C] () -- C:\Users\EricShang\My Volume
[2012/12/07 16:34:50 | 000,000,877 | ---- | C] () -- C:\Users\Public\Desktop\TrueCrypt.lnk
[2012/12/07 15:00:22 | 000,000,824 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/12/05 01:51:24 | 000,000,967 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2012/11/24 18:34:20 | 000,002,527 | ---- | C] () -- C:\Users\EricShang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PlanetSide 2.lnk
[2012/11/24 18:34:20 | 000,002,497 | ---- | C] () -- C:\Users\EricShang\Desktop\PlanetSide 2.lnk
[2012/11/17 03:15:12 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/11/17 03:02:25 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012/11/08 15:53:32 | 000,000,050 | ---- | C] () -- C:\Users\EricShang\jagex_cl_loginapplet_LIVE.dat
[2012/11/08 15:37:34 | 000,000,048 | ---- | C] () -- C:\Users\EricShang\jagex_cl_runescape_LIVE.dat
[2012/11/08 15:37:34 | 000,000,024 | ---- | C] () -- C:\Users\EricShang\random.dat
[2012/04/26 15:11:15 | 000,051,078 | ---- | C] () -- C:\Users\EricShang\AppData\Roaming\room_v3.dat
[2011/11/04 19:27:43 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/10/12 15:16:30 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2011/10/12 15:11:29 | 000,000,020 | ---- | C] () -- C:\Windows\SysWow64\DATA.INI
[2011/09/29 05:21:32 | 000,007,605 | ---- | C] () -- C:\Users\EricShang\AppData\Local\resmon.resmoncfg
[2011/09/19 02:07:46 | 000,015,360 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll
[2011/09/19 02:07:32 | 000,058,368 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll
[2011/09/07 08:31:59 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2011/07/13 00:55:06 | 000,000,734 | ---- | C] () -- C:\Users\EricShang\AppData\Roaming\net.telestream.ustreamproducer.prefs.xml
[2011/06/27 22:38:38 | 000,000,086 | ---- | C] () -- C:\ProgramData\1c57b028
[2011/05/07 15:55:40 | 000,000,600 | ---- | C] () -- C:\Users\EricShang\AppData\Roaming\winscp.rnd
[2011/04/25 16:20:29 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
[2011/03/23 23:45:56 | 000,046,742 | ---- | C] () -- C:\Users\EricShang\AppData\Roaming\room.dat
[2011/03/17 12:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/11/06 20:58:30 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/08/29 05:41:49 | 000,000,600 | ---- | C] () -- C:\Users\EricShang\AppData\Local\PUTTY.RND

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Alternate Data Streams ==========

@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:BEB15613

< End of report >
mrsunnybones
Regular Member
 
Posts: 20
Joined: July 2nd, 2011, 3:07 pm

Re: Bad Image problem (Virus)?

Unread postby mrsunnybones » December 15th, 2012, 9:29 pm

It didn't let me post them both, but here is the extra.txt!


Extras:

OTL Extras logfile created on: 12/15/2012 7:56:47 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\EricShang\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.93 Gb Total Physical Memory | 3.52 Gb Available Physical Memory | 59.38% Memory free
11.85 Gb Paging File | 8.79 Gb Available in Paging File | 74.15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 446.23 Gb Total Space | 111.90 Gb Free Space | 25.08% Space Free | Partition Type: NTFS

Computer Name: ERICSHANG-PC | User Name: EricShang | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{26FF6301-8BF2-450A-BDF8-CA0A00DC8B17}" = protocol=17 | dir=in | app=c:\users\ericshang\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{B04899BC-1BE9-4E89-B071-57186DADA77C}" = protocol=6 | dir=in | app=c:\users\public\sony online entertainment\installed games\planetside 2\planetside2.exe |
"{F2289ED2-B126-4872-9DFE-0C4CB40DDE51}" = protocol=17 | dir=in | app=c:\users\public\sony online entertainment\installed games\planetside 2\planetside2.exe |
"{F8BD4573-2196-4758-9128-EC2CA6D83DD2}" = protocol=6 | dir=in | app=c:\users\ericshang\appdata\local\google\google talk plugin\googletalkplugin.exe |
"TCP Query User{C872CE8B-4603-4963-9F62-2D8FE91505AD}C:\users\public\sony online entertainment\installed games\planetside 2\planetside2.exe" = protocol=6 | dir=in | app=c:\users\public\sony online entertainment\installed games\planetside 2\planetside2.exe |
"UDP Query User{465EE7DE-438E-4881-B05F-F8886EDD35F1}C:\users\public\sony online entertainment\installed games\planetside 2\planetside2.exe" = protocol=17 | dir=in | app=c:\users\public\sony online entertainment\installed games\planetside 2\planetside2.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel(R) Turbo Boost Technology Monitor
"{4575935D-9457-4517-8750-2341F4286F5F}" = iTunes
"{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{52784483-7088-4A4C-81E2-808303AD98F5}" = Apple Mobile Device Support
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{68550918-63B5-4762-85CB-3C160AA4B213}" = HP Photosmart C4700 All-in-One Driver Software 14.0 Rel. 6
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{6D90C794-8E0C-B534-5911-A275777709F7}" = AMD Media Foundation Decoders
"{73105254-4936-47AC-ACDE-08D11D25E3DB}" = AVG 2013
"{765879BD-1A62-F2C4-A5FE-67EF9B6310F1}" = ccc-utility64
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}" = ASUS Power4Gear Hybrid
"{94CBEA74-DE51-FE55-8A0E-CFB5FC970517}" = AMD Catalyst Install Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B9D80BD8-C6F4-467C-9717-0ABA9684DA29}" = AVG 2013
"{BE930E38-7BB3-45B6-85B2-5251F374F844}" = 64 Bit HP CIO Components Installer
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AVG" = AVG 2013
"CCleaner" = CCleaner
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"USB 2.0 1.3M UVC WebCam" = USB 2.0 1.3M UVC WebCam
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05B1529B-C423-42AA-B981-4ECA247E9FC0}" = DayZ Commander
"{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}" = ASUS AI Recovery
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E33EC53-22CE-426C-A88B-2AAC231BAC85}" = Catalyst Control Center - Branding
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2B81872B-A054-48DA-BE3B-FA5C164C303A}" = ASUS FancyStart
"{2BA53FA9-0973-425C-8464-4A73E8C70C1D}" = Character Builder Beta
"{2D8CED57-CCDB-4D86-9087-3BBCAE8F8F22}" = Six Updater
"{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{38F8D823-008D-4E5A-BBCE-867A86C2BF2B}" = Sound Blaster Audigy HD
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF010}" = Tribes Ascend
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}" = Smite
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}" = Hi-Rez Studios Authenticate and Update Service
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{43D16DA8-BF42-3C62-89D3-3AD47829DC2E}" = Google Talk Plugin
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{537DB9D6-1AB1-4CE9-8DE7-312256B49A98}" = PS_AIO_06_C4700_SW_Min
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A67D2EA-FB70-4033-A6F3-606AD85B2015}_is1" = Driver Sweeper version 3.2.0
"{5B65EF64-1DFA-414A-8C94-7BB726158E21}" = ControlDeck
"{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8DE7A656-A244-47C6-BB05-D412820FDA3C}" = calibre
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{8FEDDC74-F21D-5D88-D59A-8DF79816DBD4}" = Catalyst Control Center
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{909E265A-037A-9177-248B-CF1B04D9DBB6}" = Application Profiles
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{93DF9F1F-17EB-82C0-F82B-9ABC230D6DE5}" = Application Profiles
"{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI
"{95140000-00AF-0409-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{95525636-6277-E383-3753-B8C5E3A05092}" = CCC Help English
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A1E1A376-49D4-4960-8599-D5D26A4C2E7B}" = Razer Imperator
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}" = Apple Application Support
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B1D46FFA-BCA1-4810-A8C1-D091E65D544B}" = League of Legends
"{B4E343DD-BAAB-4D59-AD9C-DEA0AFE09DF1}" = Mumble 1.2.3
"{B5978DF3-8A04-4F22-AF67-8CCE52E04B13}" = C4700
"{B5A5627C-0173-4DB2-ADA8-740479370F67}" = Express Gate
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Click to Call with Skype
"{B72E80DB-DF9B-DE1E-8899-CC74B6B9456A}" = Catalyst Control Center InstallProxy
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{BEFDCF8F-BA60-4AF8-9588-4B63A91FF43F}" = XSplit
"{C3BDCF00-CE03-35A1-D347-7DCD50E81A52}" = Catalyst Control Center Graphics Previews Common
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CAE017F8-C238-4397-879B-7FBB915D9457}" = LogMeIn Hamachi
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3AC9740-66D4-412F-AE55-DD0428F78175}" = Razer BlackWidow Ultimate
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{E6B277FE-6F32-02E1-26F2-F77BB26C9D0E}" = Catalyst Control Center Localization All
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{ED50ECE9-EC54-4C05-B5ED-EE4741A9F2EC}" = Battlefield 2142
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2E74DFF-729F-915A-560D-1545183D64CF}" = Catalyst Control Center InstallProxy
"{F4BF5F6B-F695-4762-AEB2-D095A4C34D89}" = Alcor Micro USB Card Reader
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"7-zip" = 7-zip v9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"AIM_7" = AIM 7
"ArmA 2" = ArmA 2 Uninstall
"ARMA 2 Operation Arrowhead" = ARMA 2 Operation Arrowhead Uninstall
"ASUS_Notebook_G73" = ASUS_Notebook_G73 Screen Saver
"AutoHotkey" = AutoHotkey 1.0.48.05
"Bandicam" = Bandicam
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"Battlelog Web Plugins" = Battlelog Web Plugins
"BattlEye for A2" = BattlEye Uninstall
"BattlEye for OA" = BattlEye for OA Uninstall
"Diablo III" = Diablo III
"DivX Setup" = DivX Setup
"DreamerRO 10.11" = DreamerRO 10.11
"DreamerRO's 10.11" = DreamerRO's 10.11
"ESN Sonar" = ESN Sonar
"ESN Sonar-0.70.0" = ESN Sonar
"ESN Sonar-0.70.4" = ESN Sonar
"GOM Player" = GOM Player
"GomTVStreamer" = GOMTV Streamer
"Guild Wars 2" = Guild Wars 2
"HP Photo Creations" = HP Photo Creations
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{F4BF5F6B-F695-4762-AEB2-D095A4C34D89}" = Alcor Micro USB Card Reader
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
"Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"StarCraft II" = StarCraft II
"Steam App 10" = Counter-Strike
"Steam App 240" = Counter-Strike: Source
"Steam App 570" = Dota 2
"Steam App 620" = Portal 2
"TeamViewer 8" = TeamViewer 8
"TrueCrypt" = TrueCrypt
"WinLiveSuite" = Windows Live Essentials
"winscp3_is1" = WinSCP 4.3.2

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3820835310-3000526531-3120137939-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Flux" = F.lux
"Google Chrome" = Google Chrome
"RPTools MapTool" = RPTools MapTool
"SOE-C:/Users/EricShang/AppData/Local/Sony Online Entertainment/ApplicationUpdater" = applicationupdater
"SOE-C:/Users/Public/Sony Online Entertainment/Installed Games/PlanetSide 2" = gamelauncher-ps2-live
"soe-PlanetSide 2" = PlanetSide 2
"Spotify" = Spotify

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 1/1/2012 11:16:47 PM | Computer Name = EricShang-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\MFC80.DLL".
Dependent
Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 1/1/2012 11:20:31 PM | Computer Name = EricShang-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Skype.exe, version: 5.5.0.113, time stamp:
0x4e32992c Faulting module name: KERNELBASE.dll, version: 6.1.7601.17651, time stamp:
0x4e211319 Exception code: 0x0eedfade Fault offset: 0x0000b9bc Faulting process id:
0x14a0 Faulting application start time: 0x01ccc8fd50ac6de9 Faulting application path:
C:\Program Files (x86)\Skype\Phone\Skype.exe Faulting module path: C:\Windows\syswow64\KERNELBASE.dll
Report
Id: b99f2e06-34f0-11e1-aab8-20cf3010abdc

Error - 1/1/2012 11:20:43 PM | Computer Name = EricShang-PC | Source = Windows Backup | ID = 4103
Description =

Error - 1/1/2012 11:20:51 PM | Computer Name = EricShang-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Skype.exe, version: 5.5.0.113, time stamp:
0x4e32992c Faulting module name: KERNELBASE.dll, version: 6.1.7601.17651, time stamp:
0x4e211319 Exception code: 0x0eedfade Fault offset: 0x0000b9bc Faulting process id:
0xa60 Faulting application start time: 0x01ccc8fd7fd2f2cb Faulting application path:
C:\Program Files (x86)\Skype\Phone\Skype.exe Faulting module path: C:\Windows\syswow64\KERNELBASE.dll
Report
Id: c512326e-34f0-11e1-aab8-20cf3010abdc

Error - 1/1/2012 11:21:31 PM | Computer Name = EricShang-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Skype.exe, version: 5.5.0.113, time stamp:
0x4e32992c Faulting module name: KERNELBASE.dll, version: 6.1.7601.17651, time stamp:
0x4e211319 Exception code: 0x0eedfade Fault offset: 0x0000b9bc Faulting process id:
0x181c Faulting application start time: 0x01ccc8fd8ab85070 Faulting application path:
C:\Program Files (x86)\Skype\Phone\Skype.exe Faulting module path: C:\Windows\syswow64\KERNELBASE.dll
Report
Id: dcf56053-34f0-11e1-aab8-20cf3010abdc

Error - 1/1/2012 11:24:23 PM | Computer Name = EricShang-PC | Source = Microsoft-Windows-RestartManager | ID = 10006
Description = Application or service 'Google Chrome' could not be shut down.

Error - 1/2/2012 2:00:48 AM | Computer Name = EricShang-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 1/3/2012 9:32:21 PM | Computer Name = EricShang-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\MFC80.DLL".
Dependent
Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 1/3/2012 9:32:21 PM | Computer Name = EricShang-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\MFC80.DLL".
Dependent
Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 1/3/2012 9:56:20 PM | Computer Name = EricShang-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\MFC80.DLL".
Dependent
Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 1/3/2012 9:56:21 PM | Computer Name = EricShang-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\MFC80.DLL".
Dependent
Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

[ System Events ]
Error - 12/15/2012 8:47:28 PM | Computer Name = EricShang-PC | Source = NetBT | ID = 4321
Description = The name "ERICSHANG-PC :20" could not be registered on the interface
with IP address 192.168.1.15. The computer with the IP address 192.168.1.13 did
not allow the name to be claimed by this computer.

Error - 12/15/2012 8:48:12 PM | Computer Name = EricShang-PC | Source = PNRPSvc | ID = 102
Description =

Error - 12/15/2012 8:48:12 PM | Computer Name = EricShang-PC | Source = Service Control Manager | ID = 7023
Description = The Peer Name Resolution Protocol service terminated with the following
error: %%-2140993535

Error - 12/15/2012 8:48:12 PM | Computer Name = EricShang-PC | Source = Service Control Manager | ID = 7001
Description = The Peer Networking Grouping service depends on the Peer Name Resolution
Protocol service which failed to start because of the following error: %%-2140993535

Error - 12/15/2012 8:48:30 PM | Computer Name = EricShang-PC | Source = PNRPSvc | ID = 102
Description =

Error - 12/15/2012 8:48:30 PM | Computer Name = EricShang-PC | Source = PNRPSvc | ID = 102
Description =

Error - 12/15/2012 8:48:30 PM | Computer Name = EricShang-PC | Source = Service Control Manager | ID = 7023
Description = The Peer Name Resolution Protocol service terminated with the following
error: %%-2140993535

Error - 12/15/2012 8:48:30 PM | Computer Name = EricShang-PC | Source = Service Control Manager | ID = 7001
Description = The Peer Networking Grouping service depends on the Peer Name Resolution
Protocol service which failed to start because of the following error: %%-2140993535

Error - 12/15/2012 8:48:30 PM | Computer Name = EricShang-PC | Source = Service Control Manager | ID = 7023
Description = The Peer Name Resolution Protocol service terminated with the following
error: %%-2140993535

Error - 12/15/2012 8:48:30 PM | Computer Name = EricShang-PC | Source = Service Control Manager | ID = 7001
Description = The Peer Networking Grouping service depends on the Peer Name Resolution
Protocol service which failed to start because of the following error: %%-2140993535


< End of report >


- What exactly does Pando Booster do? I have deleted it multiple times just to have it back on my laptop. Thanks
mrsunnybones
Regular Member
 
Posts: 20
Joined: July 2nd, 2011, 3:07 pm

Re: Bad Image problem (Virus)?

Unread postby wannabeageek » December 17th, 2012, 12:57 am

Greetings mrsunnybones,

I have some not so good news.

Your logs show signs of a Remote Access Infection on your computer.

O20 - AppInit_DLLs: (C:\ProgramData\dxmasf32.dll) - File not found


This indicates you are infected with .... Win32/Tracur



I urge you to see this topic Remote Access Infections ... (why you should repave) make sure ALL information is read and let me know how you would like to proceed.


wbg
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Bad Image problem (Virus)?

Unread postby mrsunnybones » December 17th, 2012, 1:32 am

Hey, thanks for the quick reply again.

In light of the recent news, I think repaving the laptop would be the best. How would I proceed from here?
mrsunnybones
Regular Member
 
Posts: 20
Joined: July 2nd, 2011, 3:07 pm

Re: Bad Image problem (Virus)?

Unread postby wannabeageek » December 18th, 2012, 11:57 am

Greetings mrsunnybones,

This topic: You can Repave your computer lists 2 links which gives directions on how to repave your computer.

Since we specialize in malware removal, I do not have the skill or expertise in order to help you reformat and reinstall Windows on your computer.

I would suggest one of the sites listed below that specializes in these areas:

Tech Support Guy
bleepingcomputer.com
http://www.whatthetech.com/

wbg
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Bad Image problem (Virus)?

Unread postby wannabeageek » December 20th, 2012, 3:56 pm

Hi mrsunnybones.

It has been two days since my last post.

  • Do you still need help?
  • Do you need more time?
  • Did you find assistance at one of the sites mentioned for help reformating your computer?
  • According to Malware Removal's latest policy, topics can be closed after 3 days without a response.
  • If you do not reply within the next 24 hours, this topic will be closed.

wbg
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Bad Image problem (Virus)?

Unread postby mrsunnybones » December 21st, 2012, 1:28 am

Hey wbgk, recently I've been very busy so havent had the time to respond accordingly.

Currently, I am in the process of attempting to reformat my computer. Would it be possible if I were able to post a log of the computer afterwards?

Thanks for all your help.
mrsunnybones
Regular Member
 
Posts: 20
Joined: July 2nd, 2011, 3:07 pm

Re: Bad Image problem (Virus)?

Unread postby wannabeageek » December 23rd, 2012, 12:51 am

Greetings mrsunnybones,

After reformatting, the computer is clean. Security programs must be installed immediately thereafter. There is no need to check.

This thread is concluded as you have chosen to format and reinstall Windows.

wbg
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Bad Image problem (Virus)?

Unread postby Jack&Jill » December 23rd, 2012, 2:17 am

As a resolution to this issue requires a reformat, and recommendations have been given, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Jack&Jill
MRU Emeritus
MRU Emeritus
 
Posts: 2284
Joined: August 19th, 2008, 5:37 am
Location: South East Asia
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 45 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware