1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

having virus issues

Discussion in 'Virus & Other Malware Removal' started by goldenmia1, Feb 16, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. goldenmia1

    goldenmia1 Thread Starter

    Joined:
    Feb 16, 2013
    Messages:
    20
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 6:46:42 PM, on 2/16/2013
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16464)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\AVG Secure Search\vprot.exe
    C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
    C:\Program Files\AVG\AVG2013\avgui.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Users\muniz.munizfamily-PC\Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.msn.com/?ocid=EIE9HP&PC=UP50
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/?ocid=EIE9HP&PC=UP50
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, optimized for Bing and MSN
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\14.1.0.10\AVG Secure Search_toolbar.dll
    O3 - Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - (no file)
    O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\14.1.0.10\AVG Secure Search_toolbar.dll
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [QuickTime Plugin Install] C:\Program Files\QuickTime\Plugins\DeleteMe1.exe
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"
    O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY
    O4 - HKCU\..\Run: [Spybot-S&D Cleaning] "C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{39B147BB-8AFD-4F2B-95CF-61E173EEB56C}: NameServer = 67.138.54.100,208.67.222.222
    O17 - HKLM\System\CCS\Services\Tcpip\..\{7EF4F01F-9E88-49AA-B8C0-CE04781927FD}: NameServer = 4.2.2.2,4.2.2.1
    O17 - HKLM\System\CS1\Services\Tcpip\..\{39B147BB-8AFD-4F2B-95CF-61E173EEB56C}: NameServer = 67.138.54.100,208.67.222.222
    O17 - HKLM\System\CS2\Services\Tcpip\..\{39B147BB-8AFD-4F2B-95CF-61E173EEB56C}: NameServer = 67.138.54.100,208.67.222.222
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
    O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\14.1.7\ViProtocol.dll
    O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgidsagent.exe
    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgwdsvc.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
    O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
    O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
    O23 - Service: vToolbarUpdater14.1.7 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.1.7\ToolbarUpdater.exe

    --
    End of file - 7738 bytes

    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 9.0.8112.16464
    Run by muniz at 19:07:25 on 2013-02-16
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.1916.720 [GMT -5:00]
    .
    AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
    SP: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
    .
    ============== Running Processes ================
    .
    C:\PROGRA~1\AVG\AVG2013\avgrsx.exe
    C:\Program Files\AVG\AVG2013\avgcsrvx.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\AVG\AVG2013\avgidsagent.exe
    C:\Program Files\AVG\AVG2013\avgwdsvc.exe
    C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
    C:\Windows\system32\sppsvc.exe
    C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.1.7\ToolbarUpdater.exe
    C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
    C:\Program Files\AVG\AVG2013\avgnsx.exe
    C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\AVG Secure Search\vprot.exe
    C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
    C:\Program Files\AVG\AVG2013\avgui.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Users\muniz.munizfamily-PC\Downloads\HijackThis.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil10e.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Users\muniz.munizfamily-PC\Downloads\gi0pv2rd.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k imgsvc
    .
    ============== Pseudo HJT Report ===============
    .
    uWindow Title = Internet Explorer, optimized for Bing and MSN
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - <orphaned>
    BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\14.1.0.10\AVG Secure Search_toolbar.dll
    TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\14.1.0.10\AVG Secure Search_toolbar.dll
    uRun: [Spybot-S&D Cleaning] "c:\program files\spybot - search & destroy 2\SDCleaner.exe" /autoclean
    uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
    mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [QuickTime Plugin Install] c:\program files\quicktime\plugins\DeleteMe1.exe
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [SDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"
    mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll
    .
    INFO: HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: NameServer = 192.168.0.1
    TCP: Interfaces\{39B147BB-8AFD-4F2B-95CF-61E173EEB56C} : NameServer = 67.138.54.100,208.67.222.222
    TCP: Interfaces\{39B147BB-8AFD-4F2B-95CF-61E173EEB56C} : DHCPNameServer = 192.168.0.1
    TCP: Interfaces\{39B147BB-8AFD-4F2B-95CF-61E173EEB56C}\2656C6B696E6534376 : NameServer = 4.2.2.2,4.2.2.1
    TCP: Interfaces\{39B147BB-8AFD-4F2B-95CF-61E173EEB56C}\2656C6B696E6534376 : DHCPNameServer = 192.168.2.1
    TCP: Interfaces\{7EF4F01F-9E88-49AA-B8C0-CE04781927FD} : NameServer = 4.2.2.2,4.2.2.1
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\14.1.7\ViProtocol.dll
    Notify: SDWinLogon - SDWinLogon.dll
    SSODL: WebCheck - <orphaned>
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - <orphaned>
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\24.0.1312.57\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-10-15 55776]
    R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2012-9-21 177376]
    R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2012-11-15 94048]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-9-14 35552]
    R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2012-10-22 179936]
    R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2012-9-21 19936]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-10-2 159712]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-9-21 164832]
    R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-9-3 33112]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
    R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2012-7-11 116608]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2012-11-15 5814904]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2012-10-22 196664]
    R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2013-2-12 1103392]
    R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2013-2-12 1369624]
    R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2013-2-12 168384]
    R2 vToolbarUpdater14.1.7;vToolbarUpdater14.1.7;c:\program files\common files\avg secure search\vtoolbarupdater\14.1.7\ToolbarUpdater.exe [2013-2-10 965296]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]
    S3 A5AGU;D-Link Wireless LAN 802.11 USB device driver;c:\windows\system32\drivers\AGUx86.sys [2008-8-6 905728]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-9-21 15872]
    S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-9-21 52224]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-4-13 1343400]
    .
    =============== Created Last 30 ================
    .
    2013-02-16 21:51:29 -------- d-----w- c:\users\muniz.munizfamily-pc\appdata\roaming\SUPERAntiSpyware.com
    2013-02-16 21:51:19 -------- d-----w- c:\program files\SUPERAntiSpyware
    2013-02-16 16:04:44 -------- d-----w- c:\users\muniz.munizfamily-pc\appdata\local\CrashDumps
    2013-02-16 13:38:36 -------- d-sh--w- c:\windows\system32\%APPDATA%
    2013-02-16 13:36:57 3967848 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2013-02-16 13:36:57 3913064 ----a-w- c:\windows\system32\ntoskrnl.exe
    2013-02-16 13:36:55 2347008 ----a-w- c:\windows\system32\win32k.sys
    2013-02-16 13:36:34 49152 ----a-w- c:\windows\system32\taskhost.exe
    2013-02-16 13:36:32 1389568 ----a-w- c:\windows\system32\msxml6.dll
    2013-02-16 13:36:30 220160 ----a-w- c:\windows\system32\ncrypt.dll
    2013-02-16 13:36:13 169984 ----a-w- c:\windows\system32\winsrv.dll
    2013-02-16 13:36:09 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2013-02-16 13:36:08 187752 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
    2013-02-16 13:36:07 492032 ----a-w- c:\windows\system32\win32spl.dll
    2013-02-13 17:18:05 -------- d-----w- c:\users\muniz.munizfamily-pc\appdata\local\Opera
    2013-02-13 16:13:27 -------- d-----w- c:\windows\msdownld.tmp
    2013-02-13 13:50:50 -------- d-----w- c:\users\muniz.munizfamily-pc\appdata\local\Apple
    2013-02-13 02:33:01 -------- d-----w- c:\users\muniz.munizfamily-pc\appdata\local\Google
    2013-02-13 02:32:46 -------- d-----w- c:\users\muniz.munizfamily-pc\appdata\local\AVG Secure Search
    2013-02-13 02:32:43 -------- d-----w- c:\users\muniz.munizfamily-pc\appdata\roaming\AVG2013
    2013-02-13 02:32:35 -------- d-----w- c:\users\muniz.munizfamily-pc\appdata\local\Avg2013
    2013-02-13 01:28:13 -------- d-----w- c:\programdata\AVG2013
    2013-02-12 20:51:14 -------- d-----w- c:\program files\CCleaner
    2013-02-12 19:09:27 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2013-02-12 19:08:26 15224 ----a-w- c:\windows\system32\sdnclean.exe
    2013-02-12 19:08:22 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
    2013-02-12 18:02:53 -------- d-----w- c:\programdata\Norton
    2013-02-12 16:14:08 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2013-02-06 21:35:16 91552 ----a-w- c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
    2013-02-06 21:35:16 91552 ----a-w- c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
    2013-02-06 21:35:16 184248 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
    .
    ==================== Find3M ====================
    .
    2013-02-10 15:31:36 33112 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
    2013-02-07 22:44:49 74096 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-02-07 22:44:49 697712 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-01-08 22:11:21 1800704 ----a-w- c:\windows\system32\jscript9.dll
    2013-01-08 22:03:20 1129472 ----a-w- c:\windows\system32\wininet.dll
    2013-01-08 22:03:12 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
    2013-01-08 21:59:02 142848 ----a-w- c:\windows\system32\ieUnatt.exe
    2013-01-08 21:58:29 420864 ----a-w- c:\windows\system32\vbscript.dll
    2013-01-08 21:56:23 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2012-12-16 14:13:28 295424 ----a-w- c:\windows\system32\atmfd.dll
    2012-12-16 14:13:20 34304 ----a-w- c:\windows\system32\atmlib.dll
    .
    ============= FINISH: 19:08:31.90 ===============

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Ultimate
    Boot Device: \Device\HarddiskVolume1
    Install Date: 12/13/2009 1:44:53 PM
    System Uptime: 2/16/2013 6:04:38 PM (1 hours ago)
    .
    Motherboard: TOSHIBA | | Portable PC
    Processor: Intel(R) Pentium(R) Dual CPU T3400 @ 2.16GHz | CPU | 996/667mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 149 GiB total, 112.771 GiB free.
    D: is CDROM ()
    E: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: MpKsl1bfa50df
    Device ID: ROOT\LEGACY_MPKSL1BFA50DF\0000
    Manufacturer:
    Name: MpKsl1bfa50df
    PNP Device ID: ROOT\LEGACY_MPKSL1BFA50DF\0000
    Service: MpKsl1bfa50df
    .
    Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
    Description: Multi-Card
    Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_MULTI-CARD&REV_1.00#20071114173400000&0#
    Manufacturer: Generic-
    Name: E:\
    PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_MULTI-CARD&REV_1.00#20071114173400000&0#
    Service: WUDFRd
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: MpKsl9d0b6099
    Device ID: ROOT\LEGACY_MPKSL9D0B6099\0000
    Manufacturer:
    Name: MpKsl9d0b6099
    PNP Device ID: ROOT\LEGACY_MPKSL9D0B6099\0000
    Service: MpKsl9d0b6099
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: MpKsl9d2c65fd
    Device ID: ROOT\LEGACY_MPKSL9D2C65FD\0000
    Manufacturer:
    Name: MpKsl9d2c65fd
    PNP Device ID: ROOT\LEGACY_MPKSL9D2C65FD\0000
    Service: MpKsl9d2c65fd
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: MpKsldd3e5487
    Device ID: ROOT\LEGACY_MPKSLDD3E5487\0000
    Manufacturer:
    Name: MpKsldd3e5487
    PNP Device ID: ROOT\LEGACY_MPKSLDD3E5487\0000
    Service: MpKsldd3e5487
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: MpKsl300609ef
    Device ID: ROOT\LEGACY_MPKSL300609EF\0000
    Manufacturer:
    Name: MpKsl300609ef
    PNP Device ID: ROOT\LEGACY_MPKSL300609EF\0000
    Service: MpKsl300609ef
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: MpKslf56d46aa
    Device ID: ROOT\LEGACY_MPKSLF56D46AA\0000
    Manufacturer:
    Name: MpKslf56d46aa
    PNP Device ID: ROOT\LEGACY_MPKSLF56D46AA\0000
    Service: MpKslf56d46aa
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: MpKsl70d95ab2
    Device ID: ROOT\LEGACY_MPKSL70D95AB2\0000
    Manufacturer:
    Name: MpKsl70d95ab2
    PNP Device ID: ROOT\LEGACY_MPKSL70D95AB2\0000
    Service: MpKsl70d95ab2
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: MpKsl1e413a0f
    Device ID: ROOT\LEGACY_MPKSL1E413A0F\0000
    Manufacturer:
    Name: MpKsl1e413a0f
    PNP Device ID: ROOT\LEGACY_MPKSL1E413A0F\0000
    Service: MpKsl1e413a0f
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: MpKsl72c8deaf
    Device ID: ROOT\LEGACY_MPKSL72C8DEAF\0000
    Manufacturer:
    Name: MpKsl72c8deaf
    PNP Device ID: ROOT\LEGACY_MPKSL72C8DEAF\0000
    Service: MpKsl72c8deaf
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: MpKsl0d4d0387
    Device ID: ROOT\LEGACY_MPKSL0D4D0387\0000
    Manufacturer:
    Name: MpKsl0d4d0387
    PNP Device ID: ROOT\LEGACY_MPKSL0D4D0387\0000
    Service: MpKsl0d4d0387
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: MpKsl8921904c
    Device ID: ROOT\LEGACY_MPKSL8921904C\0000
    Manufacturer:
    Name: MpKsl8921904c
    PNP Device ID: ROOT\LEGACY_MPKSL8921904C\0000
    Service: MpKsl8921904c
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: MpKslc895d1a9
    Device ID: ROOT\LEGACY_MPKSLC895D1A9\0000
    Manufacturer:
    Name: MpKslc895d1a9
    PNP Device ID: ROOT\LEGACY_MPKSLC895D1A9\0000
    Service: MpKslc895d1a9
    .
    Class GUID:
    Description:
    Device ID: ACPI\TOS1901\2&DABA3FF&1
    Manufacturer:
    Name:
    PNP Device ID: ACPI\TOS1901\2&DABA3FF&1
    Service:
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: MpKsl8bd412a3
    Device ID: ROOT\LEGACY_MPKSL8BD412A3\0000
    Manufacturer:
    Name: MpKsl8bd412a3
    PNP Device ID: ROOT\LEGACY_MPKSL8BD412A3\0000
    Service: MpKsl8bd412a3
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: MpKsle6e36f1a
    Device ID: ROOT\LEGACY_MPKSLE6E36F1A\0000
    Manufacturer:
    Name: MpKsle6e36f1a
    PNP Device ID: ROOT\LEGACY_MPKSLE6E36F1A\0000
    Service: MpKsle6e36f1a
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: MpKsl48b7a4e6
    Device ID: ROOT\LEGACY_MPKSL48B7A4E6\0000
    Manufacturer:
    Name: MpKsl48b7a4e6
    PNP Device ID: ROOT\LEGACY_MPKSL48B7A4E6\0000
    Service: MpKsl48b7a4e6
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: MpKsl18eaf85f
    Device ID: ROOT\LEGACY_MPKSL18EAF85F\0000
    Manufacturer:
    Name: MpKsl18eaf85f
    PNP Device ID: ROOT\LEGACY_MPKSL18EAF85F\0000
    Service: MpKsl18eaf85f
    .
    ==== System Restore Points ===================
    .
    RP502: 2/15/2013 11:19:45 AM - Scheduled Checkpoint
    RP503: 2/16/2013 8:37:17 AM - Windows Update
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader X (10.1.5)
    Adobe Shockwave Player 11.6
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    AVG 2013
    AVG Security Toolbar
    CCleaner
    Google Chrome
    Google Update Helper
    iTunes
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Myxer MP3 Downloader
    Opera 12.14
    QuickTime
    Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
    Spybot - Search & Destroy
    SUPERAntiSpyware
    swMSM
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2767848) 32-Bit Edition
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Windows Live OneCare safety scanner
    .
    ==== Event Viewer Messages From Past Week ========
    .
    2/16/2013 8:24:54 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000116 (0xec10b510, 0x8ea479b0, 0x00000000, 0x0000000c). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 021613-32042-01.
    2/16/2013 6:05:22 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SABKUTIL
    2/16/2013 6:05:18 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
    2/13/2013 1:57:59 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
    2/12/2013 8:51:57 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the AVGIDSAgent service to connect.
    2/12/2013 8:51:57 PM, Error: Service Control Manager [7000] - The AVGIDSAgent service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    2/12/2013 7:23:48 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    2/12/2013 7:23:48 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
    2/12/2013 2:52:53 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    2/12/2013 2:34:59 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ehSched with arguments "-Service" in order to run the server: {33D8C85A-B8C1-4828-B51A-4F3349AD5F9E}
    2/12/2013 2:07:12 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
    2/12/2013 1:54:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
    2/12/2013 1:54:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
    2/12/2013 1:36:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service gupdatem with arguments "/comsvc" in order to run the server: {9465B4B4-5216-4042-9A2C-754D3BCDC410}
    2/12/2013 1:36:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}
    2/12/2013 1:34:49 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    2/12/2013 1:34:47 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    2/12/2013 1:34:46 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    2/12/2013 1:34:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    2/12/2013 1:32:12 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx86 Avgmfx86 discache SABKUTIL spldr Wanarpv6
    .
    ==== End Of File ===========================


    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Ultimate
    Boot Device: \Device\HarddiskVolume1
    Install Date: 12/13/2009 1:44:53 PM
    System Uptime: 2/16/2013 6:04:38 PM (1 hours ago)
    .
    Motherboard: TOSHIBA | | Portable PC
    Processor: Intel(R) Pentium(R) Dual CPU T3400 @ 2.16GHz | CPU | 996/667mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 149 GiB total, 112.771 GiB free.
    D: is CDROM ()
    E: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: MpKsl1bfa50df
    Device ID: ROOT\LEGACY_MPKSL1BFA50DF\0000
    Manufacturer:
    Name: MpKsl1bfa50df
    PNP Device ID: ROOT\LEGACY_MPKSL1BFA50DF\0000
    Service: MpKsl1bfa50df
    .
    Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
    Description: Multi-Card
    Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_MULTI-CARD&REV_1.00#20071114173400000&0#
    Manufacturer: Generic-
    Name: E:\
    PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_MULTI-CARD&REV_1.00#20071114173400000&0#
    Service: WUDFRd
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: MpKsl9d0b6099
    Device ID: ROOT\LEGACY_MPKSL9D0B6099\0000
    Manufacturer:
    Name: MpKsl9d0b6099
    PNP Device ID: ROOT\LEGACY_MPKSL9D0B6099\0000
    Service: MpKsl9d0b6099
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: MpKsl9d2c65fd
    Device ID: ROOT\LEGACY_MPKSL9D2C65FD\0000
    Manufacturer:
    Name: MpKsl9d2c65fd
    PNP Device ID: ROOT\LEGACY_MPKSL9D2C65FD\0000
    Service: MpKsl9d2c65fd
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: MpKsldd3e5487
    Device ID: ROOT\LEGACY_MPKSLDD3E5487\0000
    Manufacturer:
    Name: MpKsldd3e5487
    PNP Device ID: ROOT\LEGACY_MPKSLDD3E5487\0000
    Service: MpKsldd3e5487
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: MpKsl300609ef
    Device ID: ROOT\LEGACY_MPKSL300609EF\0000
    Manufacturer:
    Name: MpKsl300609ef
    PNP Device ID: ROOT\LEGACY_MPKSL300609EF\0000
    Service: MpKsl300609ef
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: MpKslf56d46aa
    Device ID: ROOT\LEGACY_MPKSLF56D46AA\0000
    Manufacturer:
    Name: MpKslf56d46aa
    PNP Device ID: ROOT\LEGACY_MPKSLF56D46AA\0000
    Service: MpKslf56d46aa
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: MpKsl70d95ab2
    Device ID: ROOT\LEGACY_MPKSL70D95AB2\0000
    Manufacturer:
    Name: MpKsl70d95ab2
    PNP Device ID: ROOT\LEGACY_MPKSL70D95AB2\0000
    Service: MpKsl70d95ab2
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: MpKsl1e413a0f
    Device ID: ROOT\LEGACY_MPKSL1E413A0F\0000
    Manufacturer:
    Name: MpKsl1e413a0f
    PNP Device ID: ROOT\LEGACY_MPKSL1E413A0F\0000
    Service: MpKsl1e413a0f
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: MpKsl72c8deaf
    Device ID: ROOT\LEGACY_MPKSL72C8DEAF\0000
    Manufacturer:
    Name: MpKsl72c8deaf
    PNP Device ID: ROOT\LEGACY_MPKSL72C8DEAF\0000
    Service: MpKsl72c8deaf
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: MpKsl0d4d0387
    Device ID: ROOT\LEGACY_MPKSL0D4D0387\0000
    Manufacturer:
    Name: MpKsl0d4d0387
    PNP Device ID: ROOT\LEGACY_MPKSL0D4D0387\0000
    Service: MpKsl0d4d0387
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: MpKsl8921904c
    Device ID: ROOT\LEGACY_MPKSL8921904C\0000
    Manufacturer:
    Name: MpKsl8921904c
    PNP Device ID: ROOT\LEGACY_MPKSL8921904C\0000
    Service: MpKsl8921904c
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: MpKslc895d1a9
    Device ID: ROOT\LEGACY_MPKSLC895D1A9\0000
    Manufacturer:
    Name: MpKslc895d1a9
    PNP Device ID: ROOT\LEGACY_MPKSLC895D1A9\0000
    Service: MpKslc895d1a9
    .
    Class GUID:
    Description:
    Device ID: ACPI\TOS1901\2&DABA3FF&1
    Manufacturer:
    Name:
    PNP Device ID: ACPI\TOS1901\2&DABA3FF&1
    Service:
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: MpKsl8bd412a3
    Device ID: ROOT\LEGACY_MPKSL8BD412A3\0000
    Manufacturer:
    Name: MpKsl8bd412a3
    PNP Device ID: ROOT\LEGACY_MPKSL8BD412A3\0000
    Service: MpKsl8bd412a3
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: MpKsle6e36f1a
    Device ID: ROOT\LEGACY_MPKSLE6E36F1A\0000
    Manufacturer:
    Name: MpKsle6e36f1a
    PNP Device ID: ROOT\LEGACY_MPKSLE6E36F1A\0000
    Service: MpKsle6e36f1a
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: MpKsl48b7a4e6
    Device ID: ROOT\LEGACY_MPKSL48B7A4E6\0000
    Manufacturer:
    Name: MpKsl48b7a4e6
    PNP Device ID: ROOT\LEGACY_MPKSL48B7A4E6\0000
    Service: MpKsl48b7a4e6
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: MpKsl18eaf85f
    Device ID: ROOT\LEGACY_MPKSL18EAF85F\0000
    Manufacturer:
    Name: MpKsl18eaf85f
    PNP Device ID: ROOT\LEGACY_MPKSL18EAF85F\0000
    Service: MpKsl18eaf85f
    .
    ==== System Restore Points ===================
    .
    RP502: 2/15/2013 11:19:45 AM - Scheduled Checkpoint
    RP503: 2/16/2013 8:37:17 AM - Windows Update
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader X (10.1.5)
    Adobe Shockwave Player 11.6
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    AVG 2013
    AVG Security Toolbar
    CCleaner
    Google Chrome
    Google Update Helper
    iTunes
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Myxer MP3 Downloader
    Opera 12.14
    QuickTime
    Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
    Spybot - Search & Destroy
    SUPERAntiSpyware
    swMSM
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2767848) 32-Bit Edition
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Windows Live OneCare safety scanner
    .
    ==== Event Viewer Messages From Past Week ========
    .
    2/16/2013 8:24:54 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000116 (0xec10b510, 0x8ea479b0, 0x00000000, 0x0000000c). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 021613-32042-01.
    2/16/2013 6:05:22 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SABKUTIL
    2/16/2013 6:05:18 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
    2/13/2013 1:57:59 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
    2/12/2013 8:51:57 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the AVGIDSAgent service to connect.
    2/12/2013 8:51:57 PM, Error: Service Control Manager [7000] - The AVGIDSAgent service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    2/12/2013 7:23:48 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    2/12/2013 7:23:48 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
    2/12/2013 2:52:53 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    2/12/2013 2:34:59 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ehSched with arguments "-Service" in order to run the server: {33D8C85A-B8C1-4828-B51A-4F3349AD5F9E}
    2/12/2013 2:07:12 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
    2/12/2013 1:54:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
    2/12/2013 1:54:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
    2/12/2013 1:36:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service gupdatem with arguments "/comsvc" in order to run the server: {9465B4B4-5216-4042-9A2C-754D3BCDC410}
    2/12/2013 1:36:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}
    2/12/2013 1:34:49 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    2/12/2013 1:34:47 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    2/12/2013 1:34:46 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    2/12/2013 1:34:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    2/12/2013 1:32:12 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx86 Avgmfx86 discache SABKUTIL spldr Wanarpv6
    .
    ==== End Of File ===========================


    GMER 2.1.18952 - http://www.gmer.net
    Rootkit scan 2013-02-16 19:05:15
    Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD1600BEVS-26VAT0 rev.11.01A11 149.05GB
    Running: gi0pv2rd.exe; Driver: C:\Users\MUNIZ~1.MUN\AppData\Local\Temp\fxlciuoc.sys


    ---- System - GMER 2.1 ----

    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeKey [0x8E00F14A]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeMultipleKeys [0x8E00F21A]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0x8E00ED7C]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwSuspendProcess [0x8E00EF6A]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwSuspendThread [0x8E00F000]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0x8E00EE32]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0x8E00EECE]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0x8E00F09C]

    ---- Kernel code sections - GMER 2.1 ----

    .text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82C469E9 1 Byte [06]
    .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C801C2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
    .text ntkrnlpa.exe!KeRemoveQueueEx + 1357 82C8746C 8 Bytes [4A, F1, 00, 8E, 1A, F2, 00, ...] {DEC EDX; INT1 ; ADD [ESI-0x71ff0de6], CL}
    .text ntkrnlpa.exe!KeRemoveQueueEx + 139F 82C874B4 4 Bytes [7C, ED, 00, 8E]
    .text ntkrnlpa.exe!KeRemoveQueueEx + 165F 82C87774 8 Bytes [6A, EF, 00, 8E, 00, F0, 00, ...] {PUSH -0x11; ADD [ESI-0x71ff1000], CL}
    .text ntkrnlpa.exe!KeRemoveQueueEx + 166F 82C87784 8 Bytes [32, EE, 00, 8E, CE, EE, 00, ...] {XOR CH, DH; ADD [ESI-0x71ff1132], CL}
    .text ntkrnlpa.exe!KeRemoveQueueEx + 16E3 82C877F8 4 Bytes [9C, F0, 00, 8E]

    ---- User code sections - GMER 2.1 ----

    .text C:\Program Files\Google\Chrome\Application\chrome.exe[844] ntdll.dll!NtCreateFile + 6 774755CE 4 Bytes [28, 08, B1, 00] {SUB [EAX], CL; MOV CL, 0x0}
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[844] ntdll.dll!NtCreateFile + B 774755D3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[844] ntdll.dll!NtMapViewOfSection + 6 77475C2E 4 Bytes [28, 0B, B1, 00] {SUB [EBX], CL; MOV CL, 0x0}
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[844] ntdll.dll!NtMapViewOfSection + B 77475C33 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[844] ntdll.dll!NtOpenFile + 6 77475CDE 4 Bytes [68, 08, B1, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[844] ntdll.dll!NtOpenFile + B 77475CE3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[844] ntdll.dll!NtOpenProcess + 6 77475D8E 4 Bytes [A8, 09, B1, 00] {TEST AL, 0x9; MOV CL, 0x0}
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[844] ntdll.dll!NtOpenProcess + B 77475D93 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[844] ntdll.dll!NtOpenProcessToken + 6 77475D9E 4 Bytes CALL 76480EAC C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[844] ntdll.dll!NtOpenProcessToken + B 77475DA3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[844] ntdll.dll!NtOpenProcessTokenEx + 6 77475DAE 4 Bytes [A8, 0A, B1, 00] {TEST AL, 0xa; MOV CL, 0x0}
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[844] ntdll.dll!NtOpenProcessTokenEx + B 77475DB3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[844] ntdll.dll!NtOpenThread + 6 77475E0E 4 Bytes [68, 09, B1, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[844] ntdll.dll!NtOpenThread + B 77475E13 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[844] ntdll.dll!NtOpenThreadToken + 6 77475E1E 4 Bytes [68, 0A, B1, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[844] ntdll.dll!NtOpenThreadToken + B 77475E23 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[844] ntdll.dll!NtOpenThreadTokenEx + 6 77475E2E 4 Bytes CALL 76480F3D C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[844] ntdll.dll!NtOpenThreadTokenEx + B 77475E33 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[844] ntdll.dll!NtQueryAttributesFile + 6 77475F3E 4 Bytes [A8, 08, B1, 00] {TEST AL, 0x8; MOV CL, 0x0}
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[844] ntdll.dll!NtQueryAttributesFile + B 77475F43 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[844] ntdll.dll!NtQueryFullAttributesFile + 6 77475FEE 4 Bytes CALL 764810FB C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[844] ntdll.dll!NtQueryFullAttributesFile + B 77475FF3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[844] ntdll.dll!NtSetInformationFile + 6 7747663E 4 Bytes [28, 09, B1, 00] {SUB [ECX], CL; MOV CL, 0x0}
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[844] ntdll.dll!NtSetInformationFile + B 77476643 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[844] ntdll.dll!NtSetInformationThread + 6 7747669E 4 Bytes [28, 0A, B1, 00] {SUB [EDX], CL; MOV CL, 0x0}
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[844] ntdll.dll!NtSetInformationThread + B 774766A3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[844] ntdll.dll!NtUnmapViewOfSection + 6 774769BE 4 Bytes [68, 0B, B1, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[844] ntdll.dll!NtUnmapViewOfSection + B 774769C3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2380] ntdll.dll!NtCreateFile + 6 774755CE 4 Bytes [28, A0, F7, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2380] ntdll.dll!NtCreateFile + B 774755D3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2380] ntdll.dll!NtMapViewOfSection + 6 77475C2E 4 Bytes [28, A3, F7, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2380] ntdll.dll!NtMapViewOfSection + B 77475C33 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2380] ntdll.dll!NtOpenFile + 6 77475CDE 4 Bytes [68, A0, F7, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2380] ntdll.dll!NtOpenFile + B 77475CE3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2380] ntdll.dll!NtOpenProcess + 6 77475D8E 4 Bytes [A8, A1, F7, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2380] ntdll.dll!NtOpenProcess + B 77475D93 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2380] ntdll.dll!NtOpenProcessToken + 6 77475D9E 4 Bytes CALL 76485544 C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2380] ntdll.dll!NtOpenProcessToken + B 77475DA3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2380] ntdll.dll!NtOpenProcessTokenEx + 6 77475DAE 4 Bytes [A8, A2, F7, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2380] ntdll.dll!NtOpenProcessTokenEx + B 77475DB3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2380] ntdll.dll!NtOpenThread + 6 77475E0E 4 Bytes [68, A1, F7, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2380] ntdll.dll!NtOpenThread + B 77475E13 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2380] ntdll.dll!NtOpenThreadToken + 6 77475E1E 4 Bytes [68, A2, F7, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2380] ntdll.dll!NtOpenThreadToken + B 77475E23 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2380] ntdll.dll!NtOpenThreadTokenEx + 6 77475E2E 4 Bytes CALL 764855D5 C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2380] ntdll.dll!NtOpenThreadTokenEx + B 77475E33 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2380] ntdll.dll!NtQueryAttributesFile + 6 77475F3E 4 Bytes [A8, A0, F7, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2380] ntdll.dll!NtQueryAttributesFile + B 77475F43 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2380] ntdll.dll!NtQueryFullAttributesFile + 6 77475FEE 4 Bytes CALL 76485793 C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2380] ntdll.dll!NtQueryFullAttributesFile + B 77475FF3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2380] ntdll.dll!NtSetInformationFile + 6 7747663E 4 Bytes [28, A1, F7, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2380] ntdll.dll!NtSetInformationFile + B 77476643 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2380] ntdll.dll!NtSetInformationThread + 6 7747669E 4 Bytes [28, A2, F7, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2380] ntdll.dll!NtSetInformationThread + B 774766A3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2380] ntdll.dll!NtUnmapViewOfSection + 6 774769BE 4 Bytes [68, A3, F7, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2380] ntdll.dll!NtUnmapViewOfSection + B 774769C3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2616] ntdll.dll!NtCreateFile + 6 774755CE 4 Bytes [28, 88, D4, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2616] ntdll.dll!NtCreateFile + B 774755D3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2616] ntdll.dll!NtMapViewOfSection + 6 77475C2E 4 Bytes [28, 8B, D4, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2616] ntdll.dll!NtMapViewOfSection + B 77475C33 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2616] ntdll.dll!NtOpenFile + 6 77475CDE 4 Bytes [68, 88, D4, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2616] ntdll.dll!NtOpenFile + B 77475CE3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2616] ntdll.dll!NtOpenProcess + 6 77475D8E 4 Bytes [A8, 89, D4, 00] {TEST AL, 0x89; AAM 0x0}
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2616] ntdll.dll!NtOpenProcess + B 77475D93 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2616] ntdll.dll!NtOpenProcessToken + 6 77475D9E 4 Bytes CALL 7648322C C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2616] ntdll.dll!NtOpenProcessToken + B 77475DA3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2616] ntdll.dll!NtOpenProcessTokenEx + 6 77475DAE 4 Bytes [A8, 8A, D4, 00] {TEST AL, 0x8a; AAM 0x0}
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2616] ntdll.dll!NtOpenProcessTokenEx + B 77475DB3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2616] ntdll.dll!NtOpenThread + 6 77475E0E 4 Bytes [68, 89, D4, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2616] ntdll.dll!NtOpenThread + B 77475E13 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2616] ntdll.dll!NtOpenThreadToken + 6 77475E1E 4 Bytes [68, 8A, D4, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2616] ntdll.dll!NtOpenThreadToken + B 77475E23 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2616] ntdll.dll!NtOpenThreadTokenEx + 6 77475E2E 4 Bytes CALL 764832BD C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2616] ntdll.dll!NtOpenThreadTokenEx + B 77475E33 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2616] ntdll.dll!NtQueryAttributesFile + 6 77475F3E 4 Bytes [A8, 88, D4, 00] {TEST AL, 0x88; AAM 0x0}
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2616] ntdll.dll!NtQueryAttributesFile + B 77475F43 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2616] ntdll.dll!NtQueryFullAttributesFile + 6 77475FEE 4 Bytes CALL 7648347B C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2616] ntdll.dll!NtQueryFullAttributesFile + B 77475FF3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2616] ntdll.dll!NtSetInformationFile + 6 7747663E 4 Bytes [28, 89, D4, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2616] ntdll.dll!NtSetInformationFile + B 77476643 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2616] ntdll.dll!NtSetInformationThread + 6 7747669E 4 Bytes [28, 8A, D4, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2616] ntdll.dll!NtSetInformationThread + B 774766A3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2616] ntdll.dll!NtUnmapViewOfSection + 6 774769BE 4 Bytes [68, 8B, D4, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[2616] ntdll.dll!NtUnmapViewOfSection + B 774769C3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtCreateFile + 6 774755CE 4 Bytes [28, 44, 40, 00] {SUB [EAX+EAX*2+0x0], AL}
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtCreateFile + B 774755D3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtMapViewOfSection + 6 77475C2E 4 Bytes [28, 47, 40, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtMapViewOfSection + B 77475C33 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtOpenFile + 6 77475CDE 4 Bytes [68, 44, 40, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtOpenFile + B 77475CE3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtOpenProcess + 6 77475D8E 4 Bytes [A8, 45, 40, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtOpenProcess + B 77475D93 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtOpenProcessToken + B 77475DA3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtOpenProcessTokenEx + 6 77475DAE 4 Bytes [A8, 46, 40, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtOpenProcessTokenEx + B 77475DB3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtOpenThread + 6 77475E0E 4 Bytes [68, 45, 40, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtOpenThread + B 77475E13 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtOpenThreadToken + 6 77475E1E 4 Bytes [68, 46, 40, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtOpenThreadToken + B 77475E23 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtOpenThreadTokenEx + B 77475E33 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtQueryAttributesFile + 6 77475F3E 4 Bytes [A8, 44, 40, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtQueryAttributesFile + B 77475F43 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtQueryFullAttributesFile + B 77475FF3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtSetInformationFile + 6 7747663E 4 Bytes [28, 45, 40, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtSetInformationFile + B 77476643 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtSetInformationThread + 6 7747669E 4 Bytes [28, 46, 40, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtSetInformationThread + B 774766A3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtUnmapViewOfSection + 6 774769BE 4 Bytes [68, 47, 40, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtUnmapViewOfSection + B 774769C3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3496] ntdll.dll!NtCreateFile + 6 774755CE 4 Bytes [28, 64, 75, 00] {SUB [EBP+ESI*2+0x0], AH}
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3496] ntdll.dll!NtCreateFile + B 774755D3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3496] ntdll.dll!NtMapViewOfSection + 6 77475C2E 4 Bytes [28, 67, 75, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3496] ntdll.dll!NtMapViewOfSection + B 77475C33 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3496] ntdll.dll!NtOpenFile + 6 77475CDE 4 Bytes [68, 64, 75, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3496] ntdll.dll!NtOpenFile + B 77475CE3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3496] ntdll.dll!NtOpenProcess + 6 77475D8E 4 Bytes [A8, 65, 75, 00] {TEST AL, 0x65; JNZ 0x4}
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3496] ntdll.dll!NtOpenProcess + B 77475D93 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3496] ntdll.dll!NtOpenProcessToken + B 77475DA3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3496] ntdll.dll!NtOpenProcessTokenEx + 6 77475DAE 4 Bytes [A8, 66, 75, 00] {TEST AL, 0x66; JNZ 0x4}
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3496] ntdll.dll!NtOpenProcessTokenEx + B 77475DB3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3496] ntdll.dll!NtOpenThread + 6 77475E0E 4 Bytes [68, 65, 75, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3496] ntdll.dll!NtOpenThread + B 77475E13 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3496] ntdll.dll!NtOpenThreadToken + 6 77475E1E 4 Bytes [68, 66, 75, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3496] ntdll.dll!NtOpenThreadToken + B 77475E23 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3496] ntdll.dll!NtOpenThreadTokenEx + B 77475E33 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3496] ntdll.dll!NtQueryAttributesFile + 6 77475F3E 4 Bytes [A8, 64, 75, 00] {TEST AL, 0x64; JNZ 0x4}
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3496] ntdll.dll!NtQueryAttributesFile + B 77475F43 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3496] ntdll.dll!NtQueryFullAttributesFile + B 77475FF3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3496] ntdll.dll!NtSetInformationFile + 6 7747663E 4 Bytes [28, 65, 75, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3496] ntdll.dll!NtSetInformationFile + B 77476643 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3496] ntdll.dll!NtSetInformationThread + 6 7747669E 4 Bytes [28, 66, 75, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3496] ntdll.dll!NtSetInformationThread + B 774766A3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3496] ntdll.dll!NtUnmapViewOfSection + 6 774769BE 4 Bytes [68, 67, 75, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[3496] ntdll.dll!NtUnmapViewOfSection + B 774769C3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtCreateFile + 6 774755CE 4 Bytes [28, 40, E7, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtCreateFile + B 774755D3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtMapViewOfSection + 6 77475C2E 4 Bytes [28, 43, E7, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtMapViewOfSection + B 77475C33 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtOpenFile + 6 77475CDE 4 Bytes [68, 40, E7, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtOpenFile + B 77475CE3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtOpenProcess + 6 77475D8E 4 Bytes [A8, 41, E7, 00] {TEST AL, 0x41; OUT 0x0, EAX}
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtOpenProcess + B 77475D93 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtOpenProcessToken + 6 77475D9E 4 Bytes CALL 764844E4 C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtOpenProcessToken + B 77475DA3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtOpenProcessTokenEx + 6 77475DAE 4 Bytes [A8, 42, E7, 00] {TEST AL, 0x42; OUT 0x0, EAX}
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtOpenProcessTokenEx + B 77475DB3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtOpenThread + 6 77475E0E 4 Bytes [68, 41, E7, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtOpenThread + B 77475E13 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtOpenThreadToken + 6 77475E1E 4 Bytes [68, 42, E7, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtOpenThreadToken + B 77475E23 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtOpenThreadTokenEx + 6 77475E2E 4 Bytes CALL 76484575 C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtOpenThreadTokenEx + B 77475E33 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtQueryAttributesFile + 6 77475F3E 4 Bytes [A8, 40, E7, 00] {TEST AL, 0x40; OUT 0x0, EAX}
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtQueryAttributesFile + B 77475F43 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtQueryFullAttributesFile + 6 77475FEE 4 Bytes CALL 76484733 C:\Windows\system32\OLEAUT32.dll (Microsoft Corporation)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtQueryFullAttributesFile + B 77475FF3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtSetInformationFile + 6 7747663E 4 Bytes [28, 41, E7, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtSetInformationFile + B 77476643 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtSetInformationThread + 6 7747669E 4 Bytes [28, 42, E7, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtSetInformationThread + B 774766A3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtUnmapViewOfSection + 6 774769BE 4 Bytes [68, 43, E7, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4020] ntdll.dll!NtUnmapViewOfSection + B 774769C3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtCreateFile + 6 774755CE 4 Bytes [28, F8, 8B, 00] {SUB AL, BH; MOV EAX, [EAX]}
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtCreateFile + B 774755D3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtMapViewOfSection + 6 77475C2E 4 Bytes [28, FB, 8B, 00] {SUB BL, BH; MOV EAX, [EAX]}
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtMapViewOfSection + B 77475C33 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtOpenFile + 6 77475CDE 4 Bytes [68, F8, 8B, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtOpenFile + B 77475CE3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtOpenProcess + 6 77475D8E 4 Bytes [A8, F9, 8B, 00] {TEST AL, 0xf9; MOV EAX, [EAX]}
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtOpenProcess + B 77475D93 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtOpenProcessToken + B 77475DA3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtOpenProcessTokenEx + 6 77475DAE 4 Bytes [A8, FA, 8B, 00] {TEST AL, 0xfa; MOV EAX, [EAX]}
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtOpenProcessTokenEx + B 77475DB3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtOpenThread + 6 77475E0E 4 Bytes [68, F9, 8B, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtOpenThread + B 77475E13 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtOpenThreadToken + 6 77475E1E 4 Bytes [68, FA, 8B, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtOpenThreadToken + B 77475E23 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtOpenThreadTokenEx + B 77475E33 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtQueryAttributesFile + 6 77475F3E 4 Bytes [A8, F8, 8B, 00] {TEST AL, 0xf8; MOV EAX, [EAX]}
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtQueryAttributesFile + B 77475F43 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtQueryFullAttributesFile + B 77475FF3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtSetInformationFile + 6 7747663E 4 Bytes [28, F9, 8B, 00] {SUB CL, BH; MOV EAX, [EAX]}
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtSetInformationFile + B 77476643 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtSetInformationThread + 6 7747669E 4 Bytes [28, FA, 8B, 00] {SUB DL, BH; MOV EAX, [EAX]}
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtSetInformationThread + B 774766A3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtUnmapViewOfSection + 6 774769BE 4 Bytes [68, FB, 8B, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4044] ntdll.dll!NtUnmapViewOfSection + B 774769C3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtCreateFile + 6 774755CE 4 Bytes [28, 94, 5A, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtCreateFile + B 774755D3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtMapViewOfSection + 6 77475C2E 4 Bytes [28, 97, 5A, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtMapViewOfSection + B 77475C33 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtOpenFile + 6 77475CDE 4 Bytes [68, 94, 5A, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtOpenFile + B 77475CE3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtOpenProcess + 6 77475D8E 4 Bytes [A8, 95, 5A, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtOpenProcess + B 77475D93 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtOpenProcessToken + B 77475DA3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtOpenProcessTokenEx + 6 77475DAE 4 Bytes [A8, 96, 5A, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtOpenProcessTokenEx + B 77475DB3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtOpenThread + 6 77475E0E 4 Bytes [68, 95, 5A, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtOpenThread + B 77475E13 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtOpenThreadToken + 6 77475E1E 4 Bytes [68, 96, 5A, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtOpenThreadToken + B 77475E23 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtOpenThreadTokenEx + B 77475E33 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtQueryAttributesFile + 6 77475F3E 4 Bytes [A8, 94, 5A, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtQueryAttributesFile + B 77475F43 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtQueryFullAttributesFile + B 77475FF3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtSetInformationFile + 6 7747663E 4 Bytes [28, 95, 5A, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtSetInformationFile + B 77476643 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtSetInformationThread + 6 7747669E 4 Bytes [28, 96, 5A, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtSetInformationThread + B 774766A3 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtUnmapViewOfSection + 6 774769BE 4 Bytes [68, 97, 5A, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4076] ntdll.dll!NtUnmapViewOfSection + B 774769C3 1 Byte [E2]
    .text C:\Program Files\Internet Explorer\iexplore.exe[4828] USER32.dll!EnableWindow 76658D02 5 Bytes JMP 6A859EBC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4828] USER32.dll!DialogBoxParamW 76673B9B 5 Bytes JMP 6A7B1893 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4828] USER32.dll!DialogBoxIndirectParamW 76683B7F 5 Bytes JMP 6A9A8F36 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4828] USER32.dll!DialogBoxParamA 7669CF42 5 Bytes JMP 6A9A8ED1 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4828] USER32.dll!DialogBoxIndirectParamA 7669D274 5 Bytes JMP 6A9A8F9B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4828] USER32.dll!MessageBoxIndirectA 766AE869 5 Bytes JMP 6A9A8E58 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4828] USER32.dll!MessageBoxIndirectW 766AE963 5 Bytes JMP 6A9A8DDF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4828] USER32.dll!MessageBoxExA 766AE9C9 5 Bytes JMP 6A9A8D7B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4828] USER32.dll!MessageBoxExW 766AE9ED 5 Bytes JMP 6A9A8D17 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4880] kernel32.dll!CreateThread 764EDCC2 5 Bytes JMP 6A8175E3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4880] USER32.dll!EnableWindow 76658D02 5 Bytes JMP 6A859EBC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4880] USER32.dll!GetAsyncKeyState 7665A256 5 Bytes JMP 6A7FDEDD C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4880] USER32.dll!CallNextHookEx 7665ABE1 5 Bytes JMP 6A877FF1 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4880] USER32.dll!UnhookWindowsHookEx 7665ADF9 5 Bytes JMP 6A89ED14 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4880] USER32.dll!DefWindowProcA 7665BB1C 7 Bytes JMP 6A81980D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4880] USER32.dll!CreateWindowExA 7665BF40 5 Bytes JMP 6A823643 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4880] USER32.dll!SetWindowsHookExW 7665E30C 5 Bytes JMP 6A8525B4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4880] USER32.dll!CreateWindowExW 7665EC7C 5 Bytes JMP 6A8803DF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4880] USER32.dll!GetKeyState 76662B4D 5 Bytes JMP 6A7FDDB3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4880] USER32.dll!IsDialogMessageW 76664104 5 Bytes JMP 6A9A99FA C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4880] USER32.dll!DefWindowProcW 7666507D 7 Bytes JMP 6A878054 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4880] USER32.dll!CreateDialogParamA 76671F42 5 Bytes JMP 6A9A9268 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4880] USER32.dll!IsDialogMessage 76672019 5 Bytes JMP 6A9A99D2 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4880] USER32.dll!DialogBoxParamW 76673B9B 5 Bytes JMP 6A7B1893 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4880] USER32.dll!CreateDialogIndirectParamA 7667721D 5 Bytes JMP 6A9A92D8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4880] USER32.dll!CreateDialogIndirectParamW 7667EA10 5 Bytes JMP 6A9A9310 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4880] USER32.dll!DialogBoxIndirectParamW 76683B7F 5 Bytes JMP 6A9A8F36 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4880] USER32.dll!EndDialog 76683BA3 5 Bytes JMP 6A9A9CA6 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4880] USER32.dll!CreateDialogParamW 76685630 5 Bytes JMP 6A9A92A0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4880] USER32.dll!SetKeyboardState 7668695A 5 Bytes JMP 6A9AA2C1 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4880] USER32.dll!SendInput 76687019 5 Bytes JMP 6A9AA269 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4880] USER32.dll!SetCursorPos 7669C1B0 5 Bytes JMP 6A9AA342 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4880] USER32.dll!DialogBoxParamA 7669CF42 5 Bytes JMP 6A9A8ED1 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4880] USER32.dll!DialogBoxIndirectParamA 7669D274 5 Bytes JMP 6A9A8F9B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4880] USER32.dll!MessageBoxIndirectA 766AE869 5 Bytes JMP 6A9A8E58 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4880] USER32.dll!MessageBoxIndirectW 766AE963 5 Bytes JMP 6A9A8DDF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4880] USER32.dll!MessageBoxExA 766AE9C9 5 Bytes JMP 6A9A8D7B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4880] USER32.dll!MessageBoxExW 766AE9ED 5 Bytes JMP 6A9A8D17 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4880] USER32.dll!keybd_event 766AEC3B 5 Bytes JMP 6A9AA226 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4880] SHELL32.dll!RealDriveType + 173D 7585FE30 4 Bytes [CF, 01, 01, 6E] {IRET ; ADD [ECX], EAX; OUTS DX, BYTE [ESI]}
    .text C:\Program Files\Internet Explorer\iexplore.exe[4880] SHELL32.dll!RealDriveType + 1745 7585FE38 8 Bytes [E0, 61, 00, 6E, 79, F7, 00, ...]
    .text C:\Program Files\Internet Explorer\iexplore.exe[4880] ole32.dll!OleLoadFromStream 74F06143 5 Bytes JMP 6A9A9704 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5620] kernel32.dll!CreateThread 764EDCC2 5 Bytes JMP 6A8175E3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5620] USER32.dll!EnableWindow 76658D02 5 Bytes JMP 6A859EBC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5620] USER32.dll!GetAsyncKeyState 7665A256 5 Bytes JMP 6A7FDEDD C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5620] USER32.dll!CallNextHookEx 7665ABE1 5 Bytes JMP 6A877FF1 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5620] USER32.dll!UnhookWindowsHookEx 7665ADF9 5 Bytes JMP 6A89ED14 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5620] USER32.dll!DefWindowProcA 7665BB1C 7 Bytes JMP 6A81980D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5620] USER32.dll!CreateWindowExA 7665BF40 5 Bytes JMP 6A823643 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5620] USER32.dll!SetWindowsHookExW 7665E30C 5 Bytes JMP 6A8525B4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5620] USER32.dll!CreateWindowExW 7665EC7C 5 Bytes JMP 6A8803DF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5620] USER32.dll!GetKeyState 76662B4D 5 Bytes JMP 6A7FDDB3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5620] USER32.dll!IsDialogMessageW 76664104 5 Bytes JMP 6A9A99FA C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5620] USER32.dll!DefWindowProcW 7666507D 7 Bytes JMP 6A878054 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5620] USER32.dll!CreateDialogParamA 76671F42 5 Bytes JMP 6A9A9268 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5620] USER32.dll!IsDialogMessage 76672019 5 Bytes JMP 6A9A99D2 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5620] USER32.dll!DialogBoxParamW 76673B9B 5 Bytes JMP 6A7B1893 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5620] USER32.dll!CreateDialogIndirectParamA 7667721D 5 Bytes JMP 6A9A92D8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5620] USER32.dll!CreateDialogIndirectParamW 7667EA10 5 Bytes JMP 6A9A9310 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5620] USER32.dll!DialogBoxIndirectParamW 76683B7F 5 Bytes JMP 6A9A8F36 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5620] USER32.dll!EndDialog 76683BA3 5 Bytes JMP 6A9A9CA6 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5620] USER32.dll!CreateDialogParamW 76685630 5 Bytes JMP 6A9A92A0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5620] USER32.dll!SetKeyboardState 7668695A 5 Bytes JMP 6A9AA2C1 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5620] USER32.dll!SendInput 76687019 5 Bytes JMP 6A9AA269 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5620] USER32.dll!SetCursorPos 7669C1B0 5 Bytes JMP 6A9AA342 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5620] USER32.dll!DialogBoxParamA 7669CF42 5 Bytes JMP 6A9A8ED1 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5620] USER32.dll!DialogBoxIndirectParamA 7669D274 5 Bytes JMP 6A9A8F9B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5620] USER32.dll!MessageBoxIndirectA 766AE869 5 Bytes JMP 6A9A8E58 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5620] USER32.dll!MessageBoxIndirectW 766AE963 5 Bytes JMP 6A9A8DDF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5620] USER32.dll!MessageBoxExA 766AE9C9 5 Bytes JMP 6A9A8D7B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5620] USER32.dll!MessageBoxExW 766AE9ED 5 Bytes JMP 6A9A8D17 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5620] USER32.dll!keybd_event 766AEC3B 5 Bytes JMP 6A9AA226 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5620] SHELL32.dll!RealDriveType + 173D 7585FE30 4 Bytes [CF, 01, 01, 6E] {IRET ; ADD [ECX], EAX; OUTS DX, BYTE [ESI]}
    .text C:\Program Files\Internet Explorer\iexplore.exe[5620] SHELL32.dll!RealDriveType + 1745 7585FE38 8 Bytes [E0, 61, 00, 6E, 79, F7, 00, ...]
    .text C:\Program Files\Internet Explorer\iexplore.exe[5620] ole32.dll!OleLoadFromStream 74F06143 5 Bytes JMP 6A9A9704 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

    ---- Devices - GMER 2.1 ----

    AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

    Device \Driver\ACPI_HAL \Device\00000062 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

    AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
    AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

    ---- Registry - GMER 2.1 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\[email protected] 15451
    Reg HKLM\SYSTEM\CurrentControlSet\services\TCPIP6\Parameters\Interfaces\{7765d228-2576-42b3-ad23-de55ebbcfc8f}@Dhcpv6State 0

    ---- EOF - GMER 2.1 ----
     
  2. OCD

    OCD Malware Specialist

    Joined:
    Sep 11, 2012
    Messages:
    273
    Hello goldenmia1,

    My name is OCD. I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

    Please be advised, as I am still in training, all my replies to you will be checked for accuracy by one of our experts to ensure that I am giving you the best possible advice, this will be a team effort. This may cause a delay, but I will do my best to keep it as short as possible. Please bear with me, I will post back to you as soon as I can.

    • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
    • The fixes are specific to your problem and should only be used for the issues on this machine.
    • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
    • It's often worth reading through these instructions and printing them for ease of reference.
    • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
    • Please reply to this thread. Do not start a new topic.

    IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.

    DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.

    Important Note for Vista and Windows 7 users:

    These tools MUST be run from the executable.(.exe) every time you run them with Admin Rights (Right click, choose "Run as Administrator")

    Please stay with this topic until I let you know that your system appears to be "All Clear"
     
  3. goldenmia1

    goldenmia1 Thread Starter

    Joined:
    Feb 16, 2013
    Messages:
    20
    ok, thank you
     
  4. OCD

    OCD Malware Specialist

    Joined:
    Sep 11, 2012
    Messages:
    273
    Hi goldenmia1,

    Sorry for the delay.

    = = = = = = = = = =

    Download AdwCleaner to your desktop.

    Right click and select "Run as Administrator".

    • Run AdwCleaner and select Delete
    • Once done it will ask to reboot, allow the reboot
    • On reboot a log will be produced, please attach the content of the log to your next reply
    Next

    Download OTL to your desktop.

    Right click and select "Run as Administrator".

    • Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Check the boxes beside LOP Check and Purity Check.
    • Under Custom Scan paste this in

      netsvcs
      %SYSTEMDRIVE%\*.exe
      /md5start
      explorer.exe
      winlogon.exe
      Userinit.exe
      svchost.exe
      services.exe
      /md5stop
      %systemroot%\*. /rp /s
      %systemdrive%\$Recycle.Bin|@;true;true;true
      %USERPROFILE%\..|smtmp;true;true;true /FP
      %temp%\smtmp\*.* /s >
      BASESERVICES
      DRIVES
      CREATERESTOREPOINT
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
        Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

    In your next post please provide the following:

    • AdwCleaner log
    • OTL.txt
    • Extras.txt
    • What "virus issues" are you experiencing?
     
  5. goldenmia1

    goldenmia1 Thread Starter

    Joined:
    Feb 16, 2013
    Messages:
    20
    # AdwCleaner v2.112 - Logfile created 02/20/2013 at 13:31:41
    # Updated 10/02/2013 by Xplode
    # Operating system : Windows 7 Ultimate Service Pack 1 (32 bits)
    # User : muniz - MUNIZFAMILY-PC
    # Boot Mode : Normal
    # Running from : C:\Users\muniz.munizfamily-PC\Downloads\AdwCleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****

    Deleted on reboot : C:\Program Files\Common Files\AVG Secure Search
    File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
    File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\SearchResults.xml
    Folder Deleted : C:\Program Files\AVG Secure Search
    Folder Deleted : C:\ProgramData\AVG Secure Search
    Folder Deleted : C:\ProgramData\boost_interprocess

    ***** [Registry] *****

    Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
    Key Deleted : HKCU\Software\AVG Secure Search
    Key Deleted : HKCU\Software\Cr_Installer
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\Software\AVG Secure Search
    Key Deleted : HKLM\Software\AVG Security Toolbar
    Key Deleted : HKLM\Software\Babylon
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
    Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
    Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
    Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
    Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
    Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
    Key Deleted : HKLM\SOFTWARE\Classes\S
    Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
    Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
    Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
    Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
    Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{99079A25-328F-4BD4-BE04-00955ACAA0A7}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16464

    Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://isearch.avg.com/tab?cid={159C2F57-49DF-4684-B65D-DE3B606E1C84}&mid=7aa19c13dd6047d19e45d157754a00f2-2ffdcbf23a4e31a7822f27c122b4546ff731230c&lang=en&ds=AVG&pr=fr&d=2011-10-31 09:38:01&v=9.0.0.22&sap=nt --> hxxp://www.google.com

    -\\ Mozilla Firefox v18.0.2 (en-US)

    -\\ Google Chrome v [Unable to get version]

    -\\ Opera v [Unable to get version]

    *************************

    AdwCleaner[S1].txt - [6313 octets] - [20/02/2013 13:31:41]

    ########## EOF - C:\AdwCleaner[S1].txt - [6373 octets] ##########
     
  6. goldenmia1

    goldenmia1 Thread Starter

    Joined:
    Feb 16, 2013
    Messages:
    20
    OTL logfile created on: 2/20/2013 1:47:05 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\muniz.munizfamily-PC\Downloads
    Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.87 Gb Total Physical Memory | 1.35 Gb Available Physical Memory | 72.36% Memory free
    3.74 Gb Paging File | 2.77 Gb Available in Paging File | 73.94% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 148.95 Gb Total Space | 111.51 Gb Free Space | 74.87% Space Free | Partition Type: NTFS

    Computer Name: MUNIZFAMILY-PC | User Name: muniz | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Users\muniz.munizfamily-PC\Downloads\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe ()
    PRC - C:\Program Files\HitmanPro\hmpsched.exe (SurfRight B.V.)
    PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
    PRC - C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
    PRC - C:\Program Files\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
    PRC - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
    PRC - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
    PRC - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
    PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
    PRC - C:\Program Files\AVG\AVG2013\avgrsx.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG2013\avgnsx.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG2013\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
    PRC - C:\Windows\explorer.exe (Microsoft Corporation)


    ========== Modules (No Company Name) ==========

    MOD - C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl ()
    MOD - C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
    MOD - C:\Program Files\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl ()
    MOD - C:\Program Files\Spybot - Search & Destroy 2\JSDialogPack150.bpl ()
    MOD - C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl ()


    ========== Services (SafeList) ==========

    SRV - (SDWSCService) -- C:\Program Files\Spybot File not found
    SRV - (SDUpdateService) -- C:\Program Files\Spybot File not found
    SRV - (SDScannerService) -- C:\Program Files\Spybot File not found
    SRV - (vToolbarUpdater14.2.0) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe ()
    SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
    SRV - (HitmanProScheduler) -- C:\Program Files\HitmanPro\hmpsched.exe (SurfRight B.V.)
    SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
    SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
    SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
    SRV - (avgwd) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
    SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
    SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
    SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
    SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
    SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)


    ========== Driver Services (SafeList) ==========

    DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found
    DRV - (tsusbhub) -- system32\drivers\tsusbhub.sys File not found
    DRV - (Synth3dVsc) -- System32\drivers\synth3dvsc.sys File not found
    DRV - (SABKUTIL) -- C:\Program Files\SUPERAntiSpyware\SABKUTIL.sys File not found
    DRV - (RimUsb) -- System32\Drivers\RimUsb.sys File not found
    DRV - (MpKslf56d46aa) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3C0DE5A6-FAA2-4A33-B2B8-5A5293AD81C7}\MpKslf56d46aa.sys File not found
    DRV - (MpKsle6e36f1a) -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3C918FE9-6181-46B5-9702-516640315EB9}\MpKsle6e36f1a.sys File not found
    DRV - (MpKsldd3e5487) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8CEBF21D-3B48-4CE1-980B-AF41A2845DF7}\MpKsldd3e5487.sys File not found
    DRV - (MpKslc895d1a9) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0FD11A1C-EFE7-42F9-B212-B786657D6740}\MpKslc895d1a9.sys File not found
    DRV - (MpKsl9d2c65fd) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{82B852CD-5DF3-49C0-9860-E70E62491690}\MpKsl9d2c65fd.sys File not found
    DRV - (MpKsl9d0b6099) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7E9DD00D-D924-41F0-AC54-B7A374A6CC77}\MpKsl9d0b6099.sys File not found
    DRV - (MpKsl8bd412a3) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6EFD2A3F-BA47-40E8-A1B8-269CA6AE2B69}\MpKsl8bd412a3.sys File not found
    DRV - (MpKsl8921904c) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{98169998-1C5D-47BB-95DE-F671D14DE2A8}\MpKsl8921904c.sys File not found
    DRV - (MpKsl72c8deaf) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{21776295-7609-4C34-9FDC-57CEAD1DB345}\MpKsl72c8deaf.sys File not found
    DRV - (MpKsl70d95ab2) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9A865283-D5B9-4C8C-B036-8024FC10DC78}\MpKsl70d95ab2.sys File not found
    DRV - (MpKsl48b7a4e6) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{26260C1B-BBAA-4841-91B8-5263B99726F6}\MpKsl48b7a4e6.sys File not found
    DRV - (MpKsl300609ef) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6A246086-F1B2-4B1A-AEDE-47595439A23A}\MpKsl300609ef.sys File not found
    DRV - (MpKsl1e413a0f) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0576F51F-C8E7-490A-9C54-E689511B405B}\MpKsl1e413a0f.sys File not found
    DRV - (MpKsl1bfa50df) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7F7F3102-F671-4C0B-9068-13A0E29B5284}\MpKsl1bfa50df.sys File not found
    DRV - (MpKsl18eaf85f) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FE75D910-00B6-4981-8433-BA4C006AD91B}\MpKsl18eaf85f.sys File not found
    DRV - (MpKsl0d4d0387) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0430CD45-36EF-4125-AF32-5E42BCCF1F8B}\MpKsl0d4d0387.sys File not found
    DRV - (avgtp) -- C:\Windows\System32\drivers\avgtpx86.sys (AVG Technologies)
    DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
    DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o. )
    DRV - (AVGIDSHX) -- C:\Windows\System32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o. )
    DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
    DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
    DRV - (Avglogx) -- C:\Windows\System32\drivers\avglogx.sys (AVG Technologies CZ, s.r.o.)
    DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o. )
    DRV - (Avgrkx86) -- C:\Windows\System32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
    DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
    DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
    DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
    DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
    DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
    DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
    DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
    DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
    DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
    DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
    DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.)
    DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (LSI Corp)
    DRV - (A5AGU) -- C:\Windows\System32\drivers\AGUx86.sys (D-Link Corporation)
    DRV - (TVALZ) -- C:\Windows\System32\drivers\TVALZ_O.SYS (TOSHIBA Corporation)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{BE28C22E-F666-424d-B5FD-125C4AFEE34E}: "URL" = http://search.myheritage.com?orig=ds&q={searchTerms}

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.msn.com/?ocid=EIE9HP&PC=UP50
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/?ocid=EIE9HP&PC=UP50
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AC 7A 1D 12 93 09 CE 01 [binary data]
    IE - HKCU\..\SearchScopes,DefaultScope =
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKCU\..\SearchScopes\{0B18B24F-7A43-4D5F-B5BB-75DC59F0209D}: "URL" = http://www.bing.com/search?FORM=UP50DF&PC=UP50&q={searchTerms}&src=IE-SearchBox
    IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_168.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/02/17 09:53:00 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/02/12 19:16:09 | 000,000,000 | ---D | M]

    [2013/02/17 09:53:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\muniz.munizfamily-PC\AppData\Roaming\mozilla\Extensions
    [2013/02/17 09:53:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2013/02/01 13:22:53 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2009/11/19 17:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
    [2009/11/19 17:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
    [2013/02/01 13:22:13 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2013/02/01 13:22:13 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - Extension: No name found = C:\Users\muniz.munizfamily-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
    CHR - Extension: No name found = C:\Users\muniz.munizfamily-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
    CHR - Extension: No name found = C:\Users\muniz.munizfamily-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbpppaoddgakkggpcadaefofdnbmfkcm\2_1\
    CHR - Extension: No name found = C:\Users\muniz.munizfamily-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: No name found = C:\Users\muniz.munizfamily-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm\1.0.3_0\
    CHR - Extension: No name found = C:\Users\muniz.munizfamily-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\cefgfanmediacpjhomlbcijbohpejidb\2.0.1_0\
    CHR - Extension: No name found = C:\Users\muniz.munizfamily-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: No name found = C:\Users\muniz.munizfamily-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihgfeikcl\1.0_0\
    CHR - Extension: No name found = C:\Users\muniz.munizfamily-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\14.1.0.10_0\
    CHR - Extension: No name found = C:\Users\muniz.munizfamily-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfpeapihoiogbcmdmnibeplnikfnhoge\1.0.1_0\
    CHR - Extension: No name found = C:\Users\muniz.munizfamily-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2013/02/12 14:50:01 | 000,444,830 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 www.007guard.com
    O1 - Hosts: 127.0.0.1 007guard.com
    O1 - Hosts: 127.0.0.1 008i.com
    O1 - Hosts: 127.0.0.1 www.008k.com
    O1 - Hosts: 127.0.0.1 008k.com
    O1 - Hosts: 127.0.0.1 www.00hq.com
    O1 - Hosts: 127.0.0.1 00hq.com
    O1 - Hosts: 127.0.0.1 010402.com
    O1 - Hosts: 127.0.0.1 www.032439.com
    O1 - Hosts: 127.0.0.1 032439.com
    O1 - Hosts: 127.0.0.1 www.0scan.com
    O1 - Hosts: 127.0.0.1 0scan.com
    O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
    O1 - Hosts: 127.0.0.1 1000gratisproben.com
    O1 - Hosts: 127.0.0.1 1001namen.com
    O1 - Hosts: 127.0.0.1 www.1001namen.com
    O1 - Hosts: 127.0.0.1 100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100sexlinks.com
    O1 - Hosts: 127.0.0.1 100sexlinks.com
    O1 - Hosts: 127.0.0.1 www.10sek.com
    O1 - Hosts: 127.0.0.1 10sek.com
    O1 - Hosts: 127.0.0.1 www.1-2005-search.com
    O1 - Hosts: 127.0.0.1 1-2005-search.com
    O1 - Hosts: 127.0.0.1 www.123fporn.info
    O1 - Hosts: 15276 more lines...
    O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [QuickTime Plugin Install] C:\Program Files\QuickTime\Plugins\DeleteMe1.exe ()
    O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
    O4 - HKLM..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" File not found
    O4 - HKCU..\Run: [Spybot-S&D Cleaning] C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
    O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
    O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
    O13 - gopher Prefix: missing
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{39B147BB-8AFD-4F2B-95CF-61E173EEB56C}: DhcpNameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{39B147BB-8AFD-4F2B-95CF-61E173EEB56C}: NameServer = 67.138.54.100,208.67.222.222
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7EF4F01F-9E88-49AA-B8C0-CE04781927FD}: NameServer = 4.2.2.2,4.2.2.1
    O18 - Protocol\Handler\linkscanner - No CLSID value found
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2010/02/17 21:21:07 | 000,000,073 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/02/18 16:34:55 | 000,000,000 | ---D | C] -- C:\Users\muniz.munizfamily-PC\AppData\Local\Adobe
    [2013/02/17 10:14:47 | 000,000,000 | ---D | C] -- C:\Users\muniz.munizfamily-PC\AppData\Local\Macromedia
    [2013/02/17 09:53:15 | 000,000,000 | ---D | C] -- C:\Users\muniz.munizfamily-PC\AppData\Roaming\Mozilla
    [2013/02/17 09:53:15 | 000,000,000 | ---D | C] -- C:\Users\muniz.munizfamily-PC\AppData\Local\Mozilla
    [2013/02/17 09:53:06 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
    [2013/02/17 09:24:40 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
    [2013/02/17 09:01:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
    [2013/02/17 09:01:08 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
    [2013/02/17 09:00:40 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
    [2013/02/17 08:58:06 | 000,000,000 | ---D | C] -- C:\Users\muniz.munizfamily-PC\AppData\Local\ElevatedDiagnostics
    [2013/02/17 08:56:51 | 000,000,000 | ---D | C] -- C:\Users\muniz.munizfamily-PC\AppData\Local\Coupon Companion Plugin
    [2013/02/16 22:26:48 | 000,000,000 | ---D | C] -- C:\Users\muniz.munizfamily-PC\AppData\Roaming\Malwarebytes
    [2013/02/16 22:26:37 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2013/02/16 22:26:20 | 000,000,000 | ---D | C] -- C:\Users\muniz.munizfamily-PC\AppData\Local\Programs
    [2013/02/16 16:51:29 | 000,000,000 | ---D | C] -- C:\Users\muniz.munizfamily-PC\AppData\Roaming\SUPERAntiSpyware.com
    [2013/02/16 16:51:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
    [2013/02/16 16:51:19 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2013/02/16 12:31:24 | 000,000,000 | ---D | C] -- C:\Users\muniz.munizfamily-PC\Documents\chris
    [2013/02/16 11:04:44 | 000,000,000 | ---D | C] -- C:\Users\muniz.munizfamily-PC\AppData\Local\CrashDumps
    [2013/02/16 10:40:02 | 000,398,752 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\muniz.munizfamily-PC\Documents\unhide.exe
    [2013/02/16 08:40:39 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
    [2013/02/16 08:40:38 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
    [2013/02/16 08:40:37 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
    [2013/02/16 08:40:37 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
    [2013/02/16 08:40:37 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
    [2013/02/16 08:40:36 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
    [2013/02/16 08:40:36 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
    [2013/02/16 08:40:35 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
    [2013/02/16 08:38:36 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
    [2013/02/16 08:36:57 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
    [2013/02/16 08:36:57 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
    [2013/02/16 08:36:55 | 002,347,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
    [2013/02/16 08:36:34 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
    [2013/02/16 08:36:30 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
    [2013/02/16 08:36:13 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
    [2013/02/16 08:36:08 | 000,187,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
    [2013/02/13 12:18:05 | 000,000,000 | ---D | C] -- C:\Users\muniz.munizfamily-PC\AppData\Roaming\Opera
    [2013/02/13 12:18:05 | 000,000,000 | ---D | C] -- C:\Users\muniz.munizfamily-PC\AppData\Local\Opera
    [2013/02/13 12:17:57 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
    [2013/02/13 08:50:50 | 000,000,000 | ---D | C] -- C:\Users\muniz.munizfamily-PC\AppData\Local\Apple
    [2013/02/12 21:33:11 | 000,000,000 | ---D | C] -- C:\Users\muniz.munizfamily-PC\AppData\Roaming\Adobe
    [2013/02/12 21:33:01 | 000,000,000 | ---D | C] -- C:\Users\muniz.munizfamily-PC\AppData\Local\Google
    [2013/02/12 21:32:46 | 000,000,000 | ---D | C] -- C:\Users\muniz.munizfamily-PC\AppData\Local\AVG Secure Search
    [2013/02/12 21:32:43 | 000,000,000 | ---D | C] -- C:\Users\muniz.munizfamily-PC\AppData\Roaming\AVG2013
    [2013/02/12 21:32:35 | 000,000,000 | ---D | C] -- C:\Users\muniz.munizfamily-PC\AppData\Local\Avg2013
    [2013/02/12 21:32:30 | 000,000,000 | ---D | C] -- C:\Users\muniz.munizfamily-PC\AppData\Roaming\Apple Computer
    [2013/02/12 21:32:14 | 000,000,000 | R--D | C] -- C:\Users\muniz.munizfamily-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
    [2013/02/12 21:32:14 | 000,000,000 | R--D | C] -- C:\Users\muniz.munizfamily-PC\Searches
    [2013/02/12 21:32:14 | 000,000,000 | R--D | C] -- C:\Users\muniz.munizfamily-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
    [2013/02/12 21:32:13 | 000,000,000 | ---D | C] -- C:\Users\muniz.munizfamily-PC\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
    [2013/02/12 21:32:02 | 000,000,000 | ---D | C] -- C:\Users\muniz.munizfamily-PC\AppData\Roaming\Identities
    [2013/02/12 21:32:00 | 000,000,000 | R--D | C] -- C:\Users\muniz.munizfamily-PC\Contacts
    [2013/02/12 21:31:48 | 000,000,000 | ---D | C] -- C:\Users\muniz.munizfamily-PC\AppData\Local\VirtualStore
    [2013/02/12 21:31:45 | 000,000,000 | -HSD | C] -- C:\Users\muniz.munizfamily-PC\AppData\Local\Temporary Internet Files
    [2013/02/12 21:31:45 | 000,000,000 | -HSD | C] -- C:\Users\muniz.munizfamily-PC\Templates
    [2013/02/12 21:31:45 | 000,000,000 | -HSD | C] -- C:\Users\muniz.munizfamily-PC\Start Menu
    [2013/02/12 21:31:45 | 000,000,000 | -HSD | C] -- C:\Users\muniz.munizfamily-PC\SendTo
    [2013/02/12 21:31:45 | 000,000,000 | -HSD | C] -- C:\Users\muniz.munizfamily-PC\Recent
    [2013/02/12 21:31:45 | 000,000,000 | -HSD | C] -- C:\Users\muniz.munizfamily-PC\PrintHood
    [2013/02/12 21:31:45 | 000,000,000 | -HSD | C] -- C:\Users\muniz.munizfamily-PC\NetHood
    [2013/02/12 21:31:45 | 000,000,000 | -HSD | C] -- C:\Users\muniz.munizfamily-PC\Local Settings
    [2013/02/12 21:31:45 | 000,000,000 | -HSD | C] -- C:\Users\muniz.munizfamily-PC\AppData\Local\History
    [2013/02/12 21:31:45 | 000,000,000 | -HSD | C] -- C:\Users\muniz.munizfamily-PC\Cookies
    [2013/02/12 21:31:45 | 000,000,000 | -HSD | C] -- C:\Users\muniz.munizfamily-PC\Application Data
    [2013/02/12 21:31:45 | 000,000,000 | -HSD | C] -- C:\Users\muniz.munizfamily-PC\AppData\Local\Application Data
    [2013/02/12 21:31:44 | 000,000,000 | -HSD | C] -- C:\Users\muniz.munizfamily-PC\Documents\My Videos
    [2013/02/12 21:31:44 | 000,000,000 | -HSD | C] -- C:\Users\muniz.munizfamily-PC\Documents\My Pictures
    [2013/02/12 21:31:44 | 000,000,000 | -HSD | C] -- C:\Users\muniz.munizfamily-PC\Documents\My Music
    [2013/02/12 21:31:44 | 000,000,000 | -HSD | C] -- C:\Users\muniz.munizfamily-PC\My Documents
    [2013/02/12 21:31:32 | 000,000,000 | --SD | C] -- C:\Users\muniz.munizfamily-PC\AppData\Roaming\Microsoft
    [2013/02/12 21:31:32 | 000,000,000 | R--D | C] -- C:\Users\muniz.munizfamily-PC\Videos
    [2013/02/12 21:31:32 | 000,000,000 | R--D | C] -- C:\Users\muniz.munizfamily-PC\Saved Games
    [2013/02/12 21:31:32 | 000,000,000 | R--D | C] -- C:\Users\muniz.munizfamily-PC\Pictures
    [2013/02/12 21:31:32 | 000,000,000 | R--D | C] -- C:\Users\muniz.munizfamily-PC\Music
    [2013/02/12 21:31:32 | 000,000,000 | R--D | C] -- C:\Users\muniz.munizfamily-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
    [2013/02/12 21:31:32 | 000,000,000 | R--D | C] -- C:\Users\muniz.munizfamily-PC\Links
    [2013/02/12 21:31:32 | 000,000,000 | R--D | C] -- C:\Users\muniz.munizfamily-PC\Favorites
    [2013/02/12 21:31:32 | 000,000,000 | R--D | C] -- C:\Users\muniz.munizfamily-PC\Downloads
    [2013/02/12 21:31:32 | 000,000,000 | R--D | C] -- C:\Users\muniz.munizfamily-PC\Documents
    [2013/02/12 21:31:32 | 000,000,000 | R--D | C] -- C:\Users\muniz.munizfamily-PC\Desktop
    [2013/02/12 21:31:32 | 000,000,000 | R--D | C] -- C:\Users\muniz.munizfamily-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
    [2013/02/12 21:31:32 | 000,000,000 | ---D | C] -- C:\Users\muniz.munizfamily-PC\AppData\Roaming\TuneUp Software
    [2013/02/12 21:31:32 | 000,000,000 | ---D | C] -- C:\Users\muniz.munizfamily-PC\AppData\Local\Temp
    [2013/02/12 21:31:32 | 000,000,000 | ---D | C] -- C:\Users\muniz.munizfamily-PC\AppData\Local\Microsoft Help
    [2013/02/12 21:31:32 | 000,000,000 | ---D | C] -- C:\Users\muniz.munizfamily-PC\AppData\Local\Microsoft
    [2013/02/12 21:31:32 | 000,000,000 | ---D | C] -- C:\Users\muniz.munizfamily-PC\AppData\Roaming\Media Center Programs
    [2013/02/12 21:31:32 | 000,000,000 | ---D | C] -- C:\Users\muniz.munizfamily-PC\AppData\Roaming\Macromedia
    [2013/02/12 21:31:32 | 000,000,000 | ---D | C] -- C:\Users\muniz.munizfamily-PC\AppData
    [2013/02/12 20:28:13 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013
    [2013/02/12 15:51:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    [2013/02/12 15:51:14 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
    [2013/02/12 14:09:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
    [2013/02/12 14:08:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
    [2013/02/12 14:08:26 | 000,015,224 | ---- | C] (Safer Networking Limited) -- C:\Windows\System32\sdnclean.exe
    [2013/02/12 14:08:22 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
    [2013/02/12 13:02:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
    [2013/02/12 11:14:08 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
    [2013/02/06 16:35:14 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [2013/01/31 08:49:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2013/02/20 13:42:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2013/02/20 13:34:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013/02/20 13:34:27 | 1506,799,616 | -HS- | M] () -- C:\hiberfil.sys
    [2013/02/20 13:33:48 | 000,017,168 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/02/20 13:33:47 | 000,017,168 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/02/20 13:32:10 | 000,000,115 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
    [2013/02/20 13:29:55 | 000,001,190 | ---- | M] () -- C:\Users\muniz.munizfamily-PC\Desktop\OTL - Shortcut.lnk
    [2013/02/20 13:26:39 | 000,001,263 | ---- | M] () -- C:\Users\muniz.munizfamily-PC\Desktop\AdwCleaner - Shortcut.lnk
    [2013/02/20 08:51:00 | 000,000,510 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task ac5d85a8-12c8-451d-9cef-cc5c7db91569.job
    [2013/02/20 07:37:18 | 000,033,112 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
    [2013/02/20 07:35:09 | 000,000,510 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task bd24eefa-c6a8-407d-8d01-0f485cc736de.job
    [2013/02/17 10:11:20 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
    [2013/02/17 10:11:20 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
    [2013/02/17 09:53:10 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2013/02/17 09:24:40 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
    [2013/02/17 09:01:09 | 000,001,897 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk
    [2013/02/17 08:49:42 | 000,001,411 | ---- | M] () -- C:\Users\muniz.munizfamily-PC\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2013/02/16 19:07:52 | 000,001,194 | ---- | M] () -- C:\Users\muniz.munizfamily-PC\Desktop\dds - Shortcut.lnk
    [2013/02/16 16:51:22 | 000,001,965 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2013/02/16 12:35:41 | 000,615,360 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2013/02/16 12:35:41 | 000,103,702 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2013/02/16 10:40:05 | 000,398,752 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\muniz.munizfamily-PC\Documents\unhide.exe
    [2013/02/16 08:52:28 | 000,409,752 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2013/02/16 08:24:31 | 194,269,038 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2013/02/12 20:31:44 | 000,000,935 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
    [2013/02/12 15:51:17 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2013/02/12 14:54:31 | 000,002,123 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
    [2013/02/12 14:50:01 | 000,444,830 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2013/02/12 14:29:47 | 000,000,297 | ---- | M] () -- C:\Windows\wininit.ini
    [2013/02/12 14:08:37 | 000,000,620 | ---- | M] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
    [2013/02/12 14:08:37 | 000,000,616 | ---- | M] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
    [2013/02/12 14:08:37 | 000,000,446 | ---- | M] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2013/02/20 13:32:02 | 000,000,115 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
    [2013/02/20 13:29:55 | 000,001,190 | ---- | C] () -- C:\Users\muniz.munizfamily-PC\Desktop\OTL - Shortcut.lnk
    [2013/02/20 13:26:39 | 000,001,263 | ---- | C] () -- C:\Users\muniz.munizfamily-PC\Desktop\AdwCleaner - Shortcut.lnk
    [2013/02/17 09:53:10 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2013/02/17 09:53:09 | 000,001,121 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    [2013/02/17 09:01:09 | 000,001,897 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk
    [2013/02/16 19:07:52 | 000,001,194 | ---- | C] () -- C:\Users\muniz.munizfamily-PC\Desktop\dds - Shortcut.lnk
    [2013/02/16 16:51:38 | 000,000,510 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task ac5d85a8-12c8-451d-9cef-cc5c7db91569.job
    [2013/02/16 16:51:36 | 000,000,510 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task bd24eefa-c6a8-407d-8d01-0f485cc736de.job
    [2013/02/16 16:51:22 | 000,001,965 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2013/02/16 08:24:31 | 194,269,038 | ---- | C] () -- C:\Windows\MEMORY.DMP
    [2013/02/12 21:37:19 | 000,001,411 | ---- | C] () -- C:\Users\muniz.munizfamily-PC\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2013/02/12 21:32:20 | 000,001,417 | ---- | C] () -- C:\Users\muniz.munizfamily-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    [2013/02/12 21:31:38 | 000,000,290 | ---- | C] () -- C:\Users\muniz.munizfamily-PC\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
    [2013/02/12 21:31:38 | 000,000,272 | ---- | C] () -- C:\Users\muniz.munizfamily-PC\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
    [2013/02/12 20:31:44 | 000,000,935 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk
    [2013/02/12 15:51:17 | 000,000,969 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2013/02/12 14:29:47 | 000,000,297 | ---- | C] () -- C:\Windows\wininit.ini
    [2013/02/12 14:08:37 | 000,000,620 | ---- | C] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
    [2013/02/12 14:08:37 | 000,000,616 | ---- | C] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
    [2013/02/12 14:08:37 | 000,000,446 | ---- | C] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
    [2013/02/12 14:08:32 | 000,002,135 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
    [2013/02/12 14:08:32 | 000,002,123 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
    [2011/09/21 12:49:27 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
    [2011/09/21 12:47:48 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
    [2011/01/12 10:04:41 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat

    ========== ZeroAccess Check ==========

    [2009/07/13 23:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 20:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== LOP Check ==========

    [2013/02/12 21:32:43 | 000,000,000 | ---D | M] -- C:\Users\muniz.munizfamily-PC\AppData\Roaming\AVG2013
    [2013/02/13 12:18:05 | 000,000,000 | ---D | M] -- C:\Users\muniz.munizfamily-PC\AppData\Roaming\Opera
    [2013/01/31 08:49:09 | 000,000,000 | ---D | M] -- C:\Users\muniz.munizfamily-PC\AppData\Roaming\TuneUp Software

    ========== Purity Check ==========



    ========== Custom Scans ==========

    < %SYSTEMDRIVE%\*.exe >

    < MD5 for: EXPLORER.EXE >
    [2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
    [2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
    [2011/02/26 00:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
    [2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
    [2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
    [2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
    [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
    [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
    [2009/08/03 00:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
    [2009/08/03 00:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
    [2009/10/31 01:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
    [2012/11/13 14:07:52 | 003,906,584 | ---- | M] (Safer-Networking Ltd.) MD5=E4A0900CF535888DDD85B10040CA3E34 -- C:\Program Files\Spybot - Search & Destroy 2\explorer.exe

    < MD5 for: SERVICES.EXE >
    [2009/07/13 20:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
    [2009/07/13 20:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe

    < MD5 for: SVCHOST.EXE >
    [2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
    [2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

    < MD5 for: USERINIT.EXE >
    [2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
    [2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
    [2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

    < MD5 for: WINLOGON.EXE >
    [2009/10/28 01:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
    [2009/10/28 00:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
    [2010/11/20 07:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
    [2010/11/20 07:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
    [2009/07/13 20:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

    < %systemroot%\*. /rp /s >

    < %systemdrive%\$Recycle.Bin|@;true;true;true >

    < %USERPROFILE%\..|smtmp;true;true;true /FP >

    < %temp%\smtmp\*.* /s > >

    ========== Base Services ==========
    SRV - [2009/07/13 20:14:53 | 000,062,464 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\aelupsvc.dll -- (AeLookupSvc)
    SRV - [2010/11/20 07:18:03 | 000,047,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\appinfo.dll -- (Appinfo)
    SRV - [2009/07/13 20:14:11 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\alg.exe -- (ALG)
    SRV - [2010/11/20 07:20:58 | 000,585,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\qmgr.dll -- (BITS)
    SRV - [2010/11/20 07:18:06 | 000,494,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\BFE.DLL -- (BFE)
    SRV - [2011/11/17 00:29:50 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\lsass.exe -- (KeyIso)
    SRV - [2009/07/13 20:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\es.dll -- (EventSystem)
    SRV - [2012/07/04 16:14:34 | 000,102,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\browser.dll -- (Browser)
    SRV - [2012/06/01 23:36:29 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\cryptsvc.dll -- (CryptSvc)
    SRV - [2010/11/20 07:21:03 | 000,376,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (DcomLaunch)
    SRV - [2010/11/20 07:18:30 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
    SRV - [2011/03/03 00:38:01 | 000,132,608 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dnsrslvr.dll -- (Dnscache)
    SRV - [2009/07/13 20:15:13 | 000,098,304 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\eapsvc.dll -- (EapHost)
    SRV - [2009/07/13 20:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\hidserv.dll -- (hidserv)
    SRV - [2009/07/13 20:15:33 | 000,300,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess)
    SRV - [2010/11/20 07:19:23 | 000,350,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IPSECSVC.DLL -- (PolicyAgent)
    No service found with a name of MsMpSvc
    No service found with a name of NisSrv
    SRV - [2009/07/13 20:16:15 | 000,313,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\swprv.dll -- (swprv)
    SRV - [2009/07/13 20:15:41 | 000,049,664 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\mmcss.dll -- (MMCSS)
    SRV - [2009/07/13 20:16:03 | 000,280,576 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netman.dll -- (Netman)
    SRV - [2009/07/13 20:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netprofm.dll -- (netprofm)
    SRV - [2010/11/20 07:20:30 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nlasvc.dll -- (NlaSvc)
    SRV - [2009/07/13 20:16:11 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nsisvc.dll -- (nsi)
    SRV - [2011/05/24 05:44:59 | 000,293,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpnpmgr.dll -- (PlugPlay)
    SRV - [2010/11/20 07:17:45 | 000,317,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\spoolsv.exe -- (Spooler)
    SRV - [2011/11/17 00:29:50 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (ProtectedStorage)
    No service found with a name of EMDMgmt
    SRV - [2009/07/13 20:16:12 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasauto.dll -- (RasAuto)
    SRV - [2010/11/20 07:21:00 | 000,286,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasmans.dll -- (RasMan)
    SRV - [2010/11/20 07:21:03 | 000,376,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (RpcSs)
    SRV - [2009/07/13 20:16:13 | 000,021,504 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\seclogon.dll -- (seclogon)
    SRV - [2011/11/17 00:29:50 | 000,022,528 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsass.exe -- (SamSs)
    SRV - [2009/07/13 20:16:20 | 000,073,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wscsvc.dll -- (wscsvc)
    SRV - [2010/11/20 07:21:26 | 000,168,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\srvsvc.dll -- (LanmanServer)
    SRV - [2010/11/20 07:21:19 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (ShellHWDetection)
    No service found with a name of slsvc
    SRV - [2010/11/20 07:21:05 | 000,750,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\schedsvc.dll -- (Schedule)
    SRV - [2010/11/20 07:21:28 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\tapisrv.dll -- (TapiSrv)
    SRV - [2009/07/13 20:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
    SRV - [2010/11/20 07:20:57 | 000,164,352 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\profsvc.dll -- (ProfSvc)
    SRV - [2010/11/20 07:17:51 | 001,025,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\VSSVC.exe -- (VSS)
    SRV - [2010/11/20 07:18:05 | 000,473,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (Audiosrv)
    SRV - [2010/11/20 07:18:05 | 000,473,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (AudioEndpointBuilder)
    SRV - [2010/11/20 07:21:06 | 000,125,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sdrsvc.dll -- (SDRSVC)
    SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2010/11/20 07:21:35 | 001,086,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wevtsvc.dll -- (eventlog)
    SRV - [2010/11/20 07:19:40 | 000,566,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\MPSSVC.dll -- (MpsSvc)
    SRV - [2010/11/20 07:21:35 | 000,463,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wiaservc.dll -- (StiSvc)
    SRV - [2010/11/20 07:17:22 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\msiexec.exe -- (msiserver)
    SRV - [2009/07/13 20:16:19 | 000,168,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wbem\WMIsvc.dll -- (Winmgmt)
    SRV - [2012/06/02 17:19:17 | 001,933,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wuaueng.dll -- (wuauserv)
    SRV - [2010/11/20 07:18:34 | 000,214,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dot3svc.dll -- (dot3svc)
    SRV - [2009/07/13 20:16:19 | 000,829,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wlansvc.dll -- (Wlansvc)
    SRV - [2010/11/20 07:21:36 | 000,084,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wkssvc.dll -- (LanmanWorkstation)

    ========== Drive Information ==========

    Physical Drives
    ---------------

    Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
    Interface type: IDE
    Media Type: Fixed hard disk media
    Model: WDC WD1600BEVS-26VAT0 ATA Device
    Partitions: 2
    Status: OK
    Status Info: 0

    Drive: \\\\.\\PHYSICALDRIVE1 -
    Interface type: USB
    Media Type:
    Model: Generic- Multi-Card USB Device
    Partitions: 0
    Status: OK
    Status Info: 0

    Partitions
    ---------------

    DeviceID: Disk #0, Partition #0
    PartitionType: Installable File System
    Bootable: True
    BootPartition: True
    PrimaryPartition: True
    Size: 100.00MB
    Starting Offset: 1048576
    Hidden sectors: 0


    DeviceID: Disk #0, Partition #1
    PartitionType: Installable File System
    Bootable: False
    BootPartition: False
    PrimaryPartition: True
    Size: 149.00GB
    Starting Offset: 105906176
    Hidden sectors: 0


    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
    @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8

    < End of report >
     
  7. goldenmia1

    goldenmia1 Thread Starter

    Joined:
    Feb 16, 2013
    Messages:
    20
    OTL Extras logfile created on: 2/20/2013 1:47:05 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\muniz.munizfamily-PC\Downloads
    Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.87 Gb Total Physical Memory | 1.35 Gb Available Physical Memory | 72.36% Memory free
    3.74 Gb Paging File | 2.77 Gb Available in Paging File | 73.94% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 148.95 Gb Total Space | 111.51 Gb Free Space | 74.87% Space Free | Partition Type: NTFS

    Computer Name: MUNIZFAMILY-PC | User Name: muniz | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
    "C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
    "C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
    "C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{04231086-00DE-4FD3-9765-AD9ECF3AD0C8}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{04D3B4D4-F7C5-414A-91CD-B43C4AD0AA39}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{189D74B5-239A-4E67-8787-E554A3A77C38}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{1DF71817-3D4E-4A7C-9CCC-E198E5AAA4DA}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{22FA0841-334F-485B-B3FA-9F211F5CE050}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{245EA031-2F3F-4E60-B091-90985A1F92F2}" = lport=445 | protocol=6 | dir=in | app=system |
    "{25A32DCE-868C-40E9-9000-F70C542D6A19}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{27EB62CE-A337-4BA9-9993-C5383BC5FD31}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{2C84D884-F5DF-481A-A205-AA8A425A5DC2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{2EBD3253-A83B-4BDC-89AA-746B59B37B05}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{3F2703FA-5AC9-4239-90BE-652F8825A15D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{4EA4F5A4-66DA-4205-8A50-40851A389C05}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
    "{5A6F9DDE-FC98-4C7F-9E37-B8BC56543F45}" = rport=138 | protocol=17 | dir=out | app=system |
    "{5CDE881A-3D48-430F-A649-48A0CD62E8FA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{695C4FFF-D33F-4024-80EB-1AAC917C4A75}" = rport=445 | protocol=6 | dir=out | app=system |
    "{76AFC0EB-F58C-4A0A-9A80-8F356AB3F595}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{7B0BEE89-842D-4D54-AB2B-670E1113B344}" = lport=138 | protocol=17 | dir=in | app=system |
    "{8159D1EB-3B0F-4703-80A6-121E99EA3D95}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{882FE6FF-16BD-4E25-9400-689633C1FE8B}" = lport=137 | protocol=17 | dir=in | app=system |
    "{924A2EBB-1330-44CC-9183-E270BB00BEF0}" = lport=139 | protocol=6 | dir=in | app=system |
    "{95D577AB-35ED-4C6A-9B46-209844235F23}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{97BA3713-C61C-45D6-A1B4-8D3FFC860B08}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{97DE7189-7881-4AE2-BF55-F0224A586580}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{9818EBC3-8B34-47B0-8BEF-06EC463C44F6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{A82FE5EC-2F47-4B63-B9EA-EF08C64196FE}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{AF143760-2834-47C7-AE49-56106858BFD8}" = rport=139 | protocol=6 | dir=out | app=system |
    "{C00CBABE-859C-46F9-B5A3-FABC11C715CD}" = rport=137 | protocol=17 | dir=out | app=system |
    "{C1AB64BE-C90D-4317-8F64-6F3D75F89788}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{C2055553-D924-4C5A-A01B-AD51EE4FEEFE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{C67C90D4-9202-498F-825F-4F9BBB717F78}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{E09B7A91-348E-4AA0-BDB1-B20928C5B362}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{EA1A17D9-0D0A-4994-82D6-162B0F60E7E8}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{1A7BD84B-031D-4A6B-BA5C-E8861470DA04}" = protocol=58 | dir=in | [email protected],-28545 |
    "{211E21C4-5D98-4FC4-8B59-E6BB756EAD92}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
    "{262840BF-F832-43D8-AA24-E53D232E0BB5}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{296FBC38-91CA-4CA1-9156-AA64F5A29FF2}" = protocol=58 | dir=out | [email protected],-28546 |
    "{2BF464C3-E64B-440E-A87C-EE27A73E2233}" = protocol=17 | dir=in | app=c:\program files\adobe\acrobat_com\acrobat_com.exe |
    "{2F750043-E30E-4B39-BA2A-66E511C41318}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{30C3BC31-2D32-4636-BBA2-62D7ACA60E60}" = protocol=6 | dir=in | app=c:\program files\adobe\acrobat_com\acrobat_com.exe |
    "{30DBA363-7FE0-4823-A713-2801B5037BA8}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |
    "{31E9509D-1D2D-43AC-A0FA-8B88C7A14713}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{40CB0FC8-BF02-4D6B-9BD9-6F30A6472EE2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{46F5E9D0-7679-4169-A8B0-89316A0BF019}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |
    "{49DA9070-BBEB-4B15-B3AD-4F434BC403CF}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
    "{55F96C09-A19B-4AE6-A33A-3C9E4C1AF15F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{5E972B78-12E5-4F93-BFB1-0A03645716BD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{5EBA687F-EA7A-44D5-B138-7AA70B574ACC}" = protocol=1 | dir=in | [email protected],-28543 |
    "{7B17CA8A-00F3-4083-86E7-5BDD4BFC0CCF}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
    "{7DC0CF65-B31E-4795-B901-3C41A705BF9C}" = protocol=1 | dir=out | [email protected],-28544 |
    "{7FB0EA1B-0E89-4297-9A72-D042A22DF9F4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{82522A9E-D9CA-4F3E-8C8F-AA03EE178980}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{86F56EEA-DFF4-4350-9726-E45CBE36B584}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
    "{8C5911F6-DE87-4143-B1C1-8BCA60E0BF5E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{91A35604-0543-49E7-AA5F-EDE2DAA415C2}" = protocol=6 | dir=out | app=system |
    "{92342902-8FF7-4B3D-A465-5627296FABB7}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |
    "{99F64B4F-ABE0-40AE-83F9-23B471C39B4E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
    "{A93301F9-E1D0-4D65-AEE3-331A3C5E8C5C}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |
    "{AAE5C06C-E1C2-4009-90A2-DE93A5271D88}" = dir=in | app=c:\program files\itunes\itunes.exe |
    "{BAE2036A-0193-45A9-9D5B-38D0F32E058E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{C54BBD83-0B04-42A2-9EC8-8D6CED424B1F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{CA2BFC30-107D-407C-B647-5E989C4BC023}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
    "{CCB31B6E-A3DF-465A-8947-3F6FFA14066F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{D8041C20-CC9B-40B3-AA8B-97C26FD5279D}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
    "{F5B2688A-6371-4DFE-A337-30BD295A060F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{FDF86C97-0827-4CD9-99BE-0950AD211A1E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{22644FC4-9EA9-4F67-A76C-91C51E9E0963}" = AVG 2013
    "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
    "{613EB1C2-33DB-4AB7-B71A-161CAF5B40ED}" = Myxer MP3 Downloader
    "{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
    "{731E713B-C13E-4527-B624-8A6DF2D33DAF}" = AVG 2013
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.5)
    "{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
    "{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}" = iTunes
    "{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 12.0
    "AVG" = AVG 2013
    "CCleaner" = CCleaner
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "HitmanPro37" = HitmanPro 3.7
    "Mozilla Firefox 18.0.2 (x86 en-US)" = Mozilla Firefox 18.0.2 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 2/13/2013 2:19:25 PM | Computer Name = munizfamily-PC | Source = SideBySide | ID = 16842815
    Description = Activation context generation failed for "c:\Program Files\Common
    Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
    Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
    of attribute "version" in element "assemblyIdentity" is invalid.

    Error - 2/14/2013 9:13:11 PM | Computer Name = munizfamily-PC | Source = System Restore | ID = 8193
    Description =

    Error - 2/14/2013 9:13:11 PM | Computer Name = munizfamily-PC | Source = System Restore | ID = 8211
    Description =

    Error - 2/15/2013 12:13:35 PM | Computer Name = munizfamily-PC | Source = SideBySide | ID = 16842815
    Description = Activation context generation failed for "c:\Program Files\Common
    Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
    Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
    of attribute "version" in element "assemblyIdentity" is invalid.

    Error - 2/16/2013 12:04:35 PM | Computer Name = munizfamily-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: ReneeUndeleter.exe, version: 2013.1.29.0,
    time stamp: 0x510b4f76 Faulting module name: ReneeUndeleter.exe, version: 2013.1.29.0,
    time stamp: 0x510b4f76 Exception code: 0xc0000005 Fault offset: 0x000280ad Faulting
    process id: 0xb80 Faulting application start time: 0x01ce0c5f05cc4b5d Faulting application
    path: C:\Program Files\Rene.e Laboratory\Undeleter\ReneeUndeleter.exe Faulting module
    path: C:\Program Files\Rene.e Laboratory\Undeleter\ReneeUndeleter.exe Report Id:
    8e5078c1-7852-11e2-b569-001e33aee901

    Error - 2/17/2013 9:53:16 AM | Computer Name = munizfamily-PC | Source = Software Protection Platform Service | ID = 8198
    Description = License Activation (slui.exe) failed with the following error code:
    0x8007043C

    Error - 2/17/2013 9:53:16 AM | Computer Name = munizfamily-PC | Source = Winlogon | ID = 4103
    Description = Windows license activation failed. Error 0x00000000.

    Error - 2/18/2013 4:51:17 PM | Computer Name = munizfamily-PC | Source = SideBySide | ID = 16842815
    Description = Activation context generation failed for "c:\Program Files\Common
    Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
    Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
    of attribute "version" in element "assemblyIdentity" is invalid.

    Error - 2/18/2013 6:19:22 PM | Computer Name = munizfamily-PC | Source = SideBySide | ID = 16842815
    Description = Activation context generation failed for "c:\Program Files\Common
    Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
    Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
    of attribute "version" in element "assemblyIdentity" is invalid.

    Error - 2/20/2013 10:48:57 AM | Computer Name = munizfamily-PC | Source = SideBySide | ID = 16842815
    Description = Activation context generation failed for "c:\Program Files\Common
    Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
    Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
    of attribute "version" in element "assemblyIdentity" is invalid.

    [ OSession Events ]
    Error - 3/25/2011 1:46:03 PM | Computer Name = munizfamily-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 22122
    seconds with 120 seconds of active time. This session ended with a crash.

    [ Spybot - Search and Destroy Events ]
    Error - 2/12/2013 4:31:30 PM | Computer Name = munizfamily-PC | Source = SDCleaner | ID = 100
    Description = LoadCleaningInstructions

    Error - 2/12/2013 10:10:14 PM | Computer Name = munizfamily-PC | Source = SDCleaner | ID = 100
    Description = LoadCleaningInstructions

    Error - 2/16/2013 11:27:08 AM | Computer Name = munizfamily-PC | Source = SDCleaner | ID = 100
    Description = LoadCleaningInstructions

    [ System Events ]
    Error - 2/17/2013 10:30:18 AM | Computer Name = munizfamily-PC | Source = Service Control Manager | ID = 7001
    Description = The Computer Browser service depends on the Server service which failed
    to start because of the following error: %%1068

    Error - 2/17/2013 10:30:18 AM | Computer Name = munizfamily-PC | Source = Service Control Manager | ID = 7001
    Description = The Computer Browser service depends on the Server service which failed
    to start because of the following error: %%1068

    Error - 2/17/2013 10:31:08 AM | Computer Name = munizfamily-PC | Source = Service Control Manager | ID = 7001
    Description = The Computer Browser service depends on the Server service which failed
    to start because of the following error: %%1068

    Error - 2/17/2013 10:31:08 AM | Computer Name = munizfamily-PC | Source = Service Control Manager | ID = 7001
    Description = The Computer Browser service depends on the Server service which failed
    to start because of the following error: %%1068

    Error - 2/17/2013 10:31:08 AM | Computer Name = munizfamily-PC | Source = Service Control Manager | ID = 7001
    Description = The Computer Browser service depends on the Server service which failed
    to start because of the following error: %%1068

    Error - 2/17/2013 10:32:46 AM | Computer Name = munizfamily-PC | Source = Service Control Manager | ID = 7006
    Description = The ScRegSetValueExW call failed for FailureActions with the following
    error: %%5

    Error - 2/17/2013 10:32:49 AM | Computer Name = munizfamily-PC | Source = Service Control Manager | ID = 7006
    Description = The ScRegSetValueExW call failed for FailureActions with the following
    error: %%5

    Error - 2/17/2013 10:32:52 AM | Computer Name = munizfamily-PC | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    SABKUTIL

    Error - 2/20/2013 9:49:07 AM | Computer Name = munizfamily-PC | Source = Service Control Manager | ID = 7011
    Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
    response from the ShellHWDetection service.

    Error - 2/20/2013 2:34:55 PM | Computer Name = munizfamily-PC | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    SABKUTIL


    < End of report >
     
  8. OCD

    OCD Malware Specialist

    Joined:
    Sep 11, 2012
    Messages:
    273
    Hi goldenmia1,

    Run OTL.exe
    Windows Vista and Windows 7 users Right Click and select "Run as Administrator"

    • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

      Code:
      :OTL
      O4 - HKLM..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" File not found
      
      :Services
      vToolbarUpdater14.2.0
      
      :Files
      C:\Program Files\Common Files\AVG Secure Search
      C:\Program Files\AVG Secure Search
      
      :Commands
      [purity]
      [createrestorepoint]
      [emptytemp]
      [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot when it is done
    • Then post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

    In your next post please provide the following:

    • OTL.txt
    • Can you describe what type of "virus issues" you are experiencing?
    • How is the computer running at the moment?
     
  9. goldenmia1

    goldenmia1 Thread Starter

    Joined:
    Feb 16, 2013
    Messages:
    20
    All processes killed
    Error: Unable to interpret <%SYSTEMDRIVE%\*.exe> in the current context!
    Error: Unable to interpret </md5start> in the current context!
    Error: Unable to interpret <explorer.exe> in the current context!
    Error: Unable to interpret <winlogon.exe> in the current context!
    Error: Unable to interpret <Userinit.exe> in the current context!
    Error: Unable to interpret <svchost.exe> in the current context!
    Error: Unable to interpret <services.exe> in the current context!
    Error: Unable to interpret </md5stop> in the current context!
    Error: Unable to interpret <%systemroot%\*. /rp /s> in the current context!
    Error: Unable to interpret <%systemdrive%\$Recycle.Bin|@;true;true;true> in the current context!
    Error: Unable to interpret <%USERPROFILE%\..|smtmp;true;true;true /FP> in the current context!
    Error: Unable to interpret <%temp%\smtmp\*.* /s > > in the current context!
    Error: Unable to interpret <BASESERVICES> in the current context!
    Error: Unable to interpret <DRIVES> in the current context!
    Error: Unable to interpret <Code:> in the current context!
    Error: Unable to interpret <---------> in the current context!
    ========== OTL ==========
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\vProt deleted successfully.
    ========== SERVICES/DRIVERS ==========
    Service vToolbarUpdater14.2.0 stopped successfully!
    Service vToolbarUpdater14.2.0 deleted successfully!
    ========== FILES ==========
    C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1 folder moved successfully.
    C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1 folder moved successfully.
    C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0 folder moved successfully.
    C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater folder moved successfully.
    C:\Program Files\Common Files\AVG Secure Search folder moved successfully.
    File\Folder C:\Program Files\AVG Secure Search not found.
    ========== COMMANDS ==========
    Restore point Set: OTL Restore Point

    [EMPTYTEMP]

    User: All Users

    User: chips
    ->Temp folder emptied: 2738618 bytes
    ->Temporary Internet Files folder emptied: 30950935 bytes
    ->Google Chrome cache emptied: 11400369 bytes
    ->Flash cache emptied: 42054 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 41620 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: muniz family

    User: muniz.munizfamily-PC
    ->Temp folder emptied: 123423610 bytes
    ->Temporary Internet Files folder emptied: 160068090 bytes
    ->FireFox cache emptied: 14541798 bytes
    ->Google Chrome cache emptied: 102320174 bytes
    ->Opera cache emptied: 12694929 bytes
    ->Flash cache emptied: 44121 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 20811733 bytes
    %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 87807 bytes
    %systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 741 bytes
    RecycleBin emptied: 4951216 bytes

    Total Files Cleaned = 462.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 02202013_220852

    Files\Folders moved on Reboot...

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...
     
  10. goldenmia1

    goldenmia1 Thread Starter

    Joined:
    Feb 16, 2013
    Messages:
    20
    Hi ocd,

    Thank you so much for your help, does everything appear to look ok? It has been acting good I have not noticed anything unusual. Over this past week I ran different scans with spybot, superantispyware, hitmanpro, norman cleaner etc, and each one picked up different trojans and adware, and the Babylon toolbar. Sat am I went to look for a file and noticed all my files, songs and photos were all gone. I had run ccleaner to do the registry and did not know if it was that or a virus that did it. I wanted to make sure everything was removed and not hiding and that was over my head. I really appreciate you taking time to work with me. :)
     
  11. OCD

    OCD Malware Specialist

    Joined:
    Sep 11, 2012
    Messages:
    273
    Hi goldenmia1,

    It is very important that you don't run any scans/removals unless instructed to do so.

    = = = = = = = = = = = = = = = = = = = =

    Re-run OTL (it should be located on your desktop).

    Windows Vista and Windows 7 users Right Click and select "Run as Administrator" on the icon to run it.

    • Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Uncheck the boxes beside LOP Check and Purity Check.
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open one notepad window. OTL.Txt. (No Extras.txt will be produced)
        Note:The log can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
      • Please copy (Edit->Select All, Edit->Copy) the contents of the file, and post it with your next reply.
    Next

    Download aswMBR.exe and save it to your desktop.

    Right click and select "Run as Administrator".

    • When asked if you want to download Avast's virus definitions please select Yes.
    • Click Scan
      • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
      • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.

    In your next post please provide the following:

    • OTL.txt
    • aswMBR log
    • attach MBR.zip
     
  12. goldenmia1

    goldenmia1 Thread Starter

    Joined:
    Feb 16, 2013
    Messages:
    20
    OTL logfile created on: 2/21/2013 4:58:37 PM - Run 2
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\muniz.munizfamily-PC\Downloads
    Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.87 Gb Total Physical Memory | 1.15 Gb Available Physical Memory | 61.26% Memory free
    3.74 Gb Paging File | 2.65 Gb Available in Paging File | 70.92% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 148.95 Gb Total Space | 111.32 Gb Free Space | 74.73% Space Free | Partition Type: NTFS

    Computer Name: MUNIZFAMILY-PC | User Name: muniz | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Users\muniz.munizfamily-PC\Downloads\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\HitmanPro\hmpsched.exe (SurfRight B.V.)
    PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
    PRC - C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
    PRC - C:\Program Files\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
    PRC - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
    PRC - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
    PRC - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
    PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
    PRC - C:\Program Files\AVG\AVG2013\avgrsx.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG2013\avgnsx.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG2013\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
    PRC - C:\Windows\explorer.exe (Microsoft Corporation)


    ========== Modules (No Company Name) ==========

    MOD - C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll ()
    MOD - C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl ()
    MOD - C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
    MOD - C:\Program Files\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl ()
    MOD - C:\Program Files\Spybot - Search & Destroy 2\JSDialogPack150.bpl ()
    MOD - C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl ()


    ========== Services (SafeList) ==========

    SRV - (SDWSCService) -- C:\Program Files\Spybot File not found
    SRV - (SDUpdateService) -- C:\Program Files\Spybot File not found
    SRV - (SDScannerService) -- C:\Program Files\Spybot File not found
    SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
    SRV - (HitmanProScheduler) -- C:\Program Files\HitmanPro\hmpsched.exe (SurfRight B.V.)
    SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
    SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
    SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
    SRV - (avgwd) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
    SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
    SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
    SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
    SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
    SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)


    ========== Driver Services (SafeList) ==========

    DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found
    DRV - (tsusbhub) -- system32\drivers\tsusbhub.sys File not found
    DRV - (Synth3dVsc) -- System32\drivers\synth3dvsc.sys File not found
    DRV - (SABKUTIL) -- C:\Program Files\SUPERAntiSpyware\SABKUTIL.sys File not found
    DRV - (RimUsb) -- System32\Drivers\RimUsb.sys File not found
    DRV - (MpKslf56d46aa) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3C0DE5A6-FAA2-4A33-B2B8-5A5293AD81C7}\MpKslf56d46aa.sys File not found
    DRV - (MpKsle6e36f1a) -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3C918FE9-6181-46B5-9702-516640315EB9}\MpKsle6e36f1a.sys File not found
    DRV - (MpKsldd3e5487) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8CEBF21D-3B48-4CE1-980B-AF41A2845DF7}\MpKsldd3e5487.sys File not found
    DRV - (MpKslc895d1a9) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0FD11A1C-EFE7-42F9-B212-B786657D6740}\MpKslc895d1a9.sys File not found
    DRV - (MpKsl9d2c65fd) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{82B852CD-5DF3-49C0-9860-E70E62491690}\MpKsl9d2c65fd.sys File not found
    DRV - (MpKsl9d0b6099) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7E9DD00D-D924-41F0-AC54-B7A374A6CC77}\MpKsl9d0b6099.sys File not found
    DRV - (MpKsl8bd412a3) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6EFD2A3F-BA47-40E8-A1B8-269CA6AE2B69}\MpKsl8bd412a3.sys File not found
    DRV - (MpKsl8921904c) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{98169998-1C5D-47BB-95DE-F671D14DE2A8}\MpKsl8921904c.sys File not found
    DRV - (MpKsl72c8deaf) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{21776295-7609-4C34-9FDC-57CEAD1DB345}\MpKsl72c8deaf.sys File not found
    DRV - (MpKsl70d95ab2) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9A865283-D5B9-4C8C-B036-8024FC10DC78}\MpKsl70d95ab2.sys File not found
    DRV - (MpKsl48b7a4e6) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{26260C1B-BBAA-4841-91B8-5263B99726F6}\MpKsl48b7a4e6.sys File not found
    DRV - (MpKsl300609ef) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6A246086-F1B2-4B1A-AEDE-47595439A23A}\MpKsl300609ef.sys File not found
    DRV - (MpKsl1e413a0f) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0576F51F-C8E7-490A-9C54-E689511B405B}\MpKsl1e413a0f.sys File not found
    DRV - (MpKsl1bfa50df) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7F7F3102-F671-4C0B-9068-13A0E29B5284}\MpKsl1bfa50df.sys File not found
    DRV - (MpKsl18eaf85f) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FE75D910-00B6-4981-8433-BA4C006AD91B}\MpKsl18eaf85f.sys File not found
    DRV - (MpKsl0d4d0387) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0430CD45-36EF-4125-AF32-5E42BCCF1F8B}\MpKsl0d4d0387.sys File not found
    DRV - (avgtp) -- C:\Windows\System32\drivers\avgtpx86.sys (AVG Technologies)
    DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
    DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o. )
    DRV - (AVGIDSHX) -- C:\Windows\System32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o. )
    DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
    DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
    DRV - (Avglogx) -- C:\Windows\System32\drivers\avglogx.sys (AVG Technologies CZ, s.r.o.)
    DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o. )
    DRV - (Avgrkx86) -- C:\Windows\System32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
    DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
    DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
    DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
    DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
    DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
    DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
    DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
    DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
    DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
    DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
    DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.)
    DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (LSI Corp)
    DRV - (A5AGU) -- C:\Windows\System32\drivers\AGUx86.sys (D-Link Corporation)
    DRV - (TVALZ) -- C:\Windows\System32\drivers\TVALZ_O.SYS (TOSHIBA Corporation)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{BE28C22E-F666-424d-B5FD-125C4AFEE34E}: "URL" = http://search.myheritage.com?orig=ds&q={searchTerms}

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.msn.com/?ocid=EIE9HP&PC=UP50
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/?ocid=EIE9HP&PC=UP50
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AC 7A 1D 12 93 09 CE 01 [binary data]
    IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKCU\..\SearchScopes\{0B18B24F-7A43-4D5F-B5BB-75DC59F0209D}: "URL" = http://www.bing.com/search?FORM=UP50DF&PC=UP50&q={searchTerms}&src=IE-SearchBox
    IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_168.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/02/17 09:53:00 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/02/12 19:16:09 | 000,000,000 | ---D | M]

    [2013/02/17 09:53:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\muniz.munizfamily-PC\AppData\Roaming\mozilla\Extensions
    [2013/02/17 09:53:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2013/02/01 13:22:53 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2009/11/19 17:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
    [2009/11/19 17:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
    [2013/02/01 13:22:13 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2013/02/01 13:22:13 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - Extension: No name found = C:\Users\muniz.munizfamily-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
    CHR - Extension: No name found = C:\Users\muniz.munizfamily-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
    CHR - Extension: No name found = C:\Users\muniz.munizfamily-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbpppaoddgakkggpcadaefofdnbmfkcm\2_1\
    CHR - Extension: No name found = C:\Users\muniz.munizfamily-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: No name found = C:\Users\muniz.munizfamily-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm\1.0.3_0\
    CHR - Extension: No name found = C:\Users\muniz.munizfamily-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\cefgfanmediacpjhomlbcijbohpejidb\2.0.1_0\
    CHR - Extension: No name found = C:\Users\muniz.munizfamily-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: No name found = C:\Users\muniz.munizfamily-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihgfeikcl\1.0_0\
    CHR - Extension: No name found = C:\Users\muniz.munizfamily-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\14.1.0.10_0\
    CHR - Extension: No name found = C:\Users\muniz.munizfamily-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfpeapihoiogbcmdmnibeplnikfnhoge\1.0.1_0\
    CHR - Extension: No name found = C:\Users\muniz.munizfamily-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2013/02/12 14:50:01 | 000,444,830 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 www.007guard.com
    O1 - Hosts: 127.0.0.1 007guard.com
    O1 - Hosts: 127.0.0.1 008i.com
    O1 - Hosts: 127.0.0.1 www.008k.com
    O1 - Hosts: 127.0.0.1 008k.com
    O1 - Hosts: 127.0.0.1 www.00hq.com
    O1 - Hosts: 127.0.0.1 00hq.com
    O1 - Hosts: 127.0.0.1 010402.com
    O1 - Hosts: 127.0.0.1 www.032439.com
    O1 - Hosts: 127.0.0.1 032439.com
    O1 - Hosts: 127.0.0.1 www.0scan.com
    O1 - Hosts: 127.0.0.1 0scan.com
    O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
    O1 - Hosts: 127.0.0.1 1000gratisproben.com
    O1 - Hosts: 127.0.0.1 1001namen.com
    O1 - Hosts: 127.0.0.1 www.1001namen.com
    O1 - Hosts: 127.0.0.1 100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100sexlinks.com
    O1 - Hosts: 127.0.0.1 100sexlinks.com
    O1 - Hosts: 127.0.0.1 www.10sek.com
    O1 - Hosts: 127.0.0.1 10sek.com
    O1 - Hosts: 127.0.0.1 www.1-2005-search.com
    O1 - Hosts: 127.0.0.1 1-2005-search.com
    O1 - Hosts: 127.0.0.1 www.123fporn.info
    O1 - Hosts: 15276 more lines...
    O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [QuickTime Plugin Install] C:\Program Files\QuickTime\Plugins\DeleteMe1.exe ()
    O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
    O4 - HKCU..\Run: [Spybot-S&D Cleaning] C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
    O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
    O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
    O13 - gopher Prefix: missing
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{39B147BB-8AFD-4F2B-95CF-61E173EEB56C}: DhcpNameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{39B147BB-8AFD-4F2B-95CF-61E173EEB56C}: NameServer = 67.138.54.100,208.67.222.222
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7EF4F01F-9E88-49AA-B8C0-CE04781927FD}: NameServer = 4.2.2.2,4.2.2.1
    O18 - Protocol\Handler\linkscanner - No CLSID value found
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2010/02/17 21:21:07 | 000,000,073 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/02/20 22:08:52 | 000,000,000 | ---D | C] -- C:\_OTL
    [2013/02/18 16:34:55 | 000,000,000 | ---D | C] -- C:\Users\muniz.munizfamily-PC\AppData\Local\Adobe
    [2013/02/17 10:14:47 | 000,000,000 | ---D | C] -- C:\Users\muniz.munizfamily-PC\AppData\Local\Macromedia
    [2013/02/17 09:53:15 | 000,000,000 | ---D | C] -- C:\Users\muniz.munizfamily-PC\AppData\Roaming\Mozilla
    [2013/02/17 09:53:15 | 000,000,000 | ---D | C] -- C:\Users\muniz.munizfamily-PC\AppData\Local\Mozilla
    [2013/02/17 09:53:06 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
    [2013/02/17 09:24:40 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
    [2013/02/17 09:01:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
    [2013/02/17 09:01:08 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
    [2013/02/17 09:00:40 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
    [2013/02/17 08:58:06 | 000,000,000 | ---D | C] -- C:\Users\muniz.munizfamily-PC\AppData\Local\ElevatedDiagnostics
    [2013/02/17 08:56:51 | 000,000,000 | ---D | C] -- C:\Users\muniz.munizfamily-PC\AppData\Local\Coupon Companion Plugin
    [2013/02/16 22:26:48 | 000,000,000 | ---D | C] -- C:\Users\muniz.munizfamily-PC\AppData\Roaming\Malwarebytes
    [2013/02/16 22:26:37 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2013/02/16 22:26:20 | 000,000,000 | ---D | C] -- C:\Users\muniz.munizfamily-PC\AppData\Local\Programs
    [2013/02/16 16:51:29 | 000,000,000 | ---D | C] -- C:\Users\muniz.munizfamily-PC\AppData\Roaming\SUPERAntiSpyware.com
    [2013/02/16 16:51:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
    [2013/02/16 16:51:19 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2013/02/16 12:31:24 | 000,000,000 | ---D | C] -- C:\Users\muniz.munizfamily-PC\Documents\chris
    [2013/02/16 11:04:44 | 000,000,000 | ---D | C] -- C:\Users\muniz.munizfamily-PC\AppData\Local\CrashDumps
    [2013/02/16 10:40:02 | 000,398,752 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\muniz.munizfamily-PC\Documents\unhide.exe
    [2013/02/16 08:40:39 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
    [2013/02/16 08:40:38 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
    [2013/02/16 08:40:37 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
    [2013/02/16 08:40:37 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
    [2013/02/16 08:40:37 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
    [2013/02/16 08:40:36 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
    [2013/02/16 08:40:36 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
    [2013/02/16 08:40:35 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
    [2013/02/16 08:38:36 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
    [2013/02/16 08:36:57 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
    [2013/02/16 08:36:57 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
    [2013/02/16 08:36:55 | 002,347,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
    [2013/02/16 08:36:34 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
    [2013/02/16 08:36:30 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
    [2013/02/16 08:36:13 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
    [2013/02/16 08:36:08 | 000,187,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
    [2013/02/13 12:18:05 | 000,000,000 | ---D | C] -- C:\Users\muniz.munizfamily-PC\AppData\Roaming\Opera
    [2013/02/13 12:18:05 | 000,000,000 | ---D | C] -- C:\Users\muniz.munizfamily-PC\AppData\Local\Opera
    [2013/02/13 12:17:57 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
    [2013/02/13 08:50:50 | 000,000,000 | ---D | C] -- C:\Users\muniz.munizfamily-PC\AppData\Local\Apple
    [2013/02/12 21:33:11 | 000,000,000 | ---D | C] -- C:\Users\muniz.munizfamily-PC\AppData\Roaming\Adobe
    [2013/02/12 21:33:01 | 000,000,000 | ---D | C] -- C:\Users\muniz.munizfamily-PC\AppData\Local\Google
    [2013/02/12 21:32:46 | 000,000,000 | ---D | C] -- C:\Users\muniz.munizfamily-PC\AppData\Local\AVG Secure Search
    [2013/02/12 21:32:43 | 000,000,000 | ---D | C] -- C:\Users\muniz.munizfamily-PC\AppData\Roaming\AVG2013
    [2013/02/12 21:32:35 | 000,000,000 | ---D | C] -- C:\Users\muniz.munizfamily-PC\AppData\Local\Avg2013
    [2013/02/12 21:32:30 | 000,000,000 | ---D | C] -- C:\Users\muniz.munizfamily-PC\AppData\Roaming\Apple Computer
    [2013/02/12 21:32:14 | 000,000,000 | R--D | C] -- C:\Users\muniz.munizfamily-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
    [2013/02/12 21:32:14 | 000,000,000 | R--D | C] -- C:\Users\muniz.munizfamily-PC\Searches
    [2013/02/12 21:32:14 | 000,000,000 | R--D | C] -- C:\Users\muniz.munizfamily-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
    [2013/02/12 21:32:13 | 000,000,000 | ---D | C] -- C:\Users\muniz.munizfamily-PC\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
    [2013/02/12 21:32:02 | 000,000,000 | ---D | C] -- C:\Users\muniz.munizfamily-PC\AppData\Roaming\Identities
    [2013/02/12 21:32:00 | 000,000,000 | R--D | C] -- C:\Users\muniz.munizfamily-PC\Contacts
    [2013/02/12 21:31:48 | 000,000,000 | ---D | C] -- C:\Users\muniz.munizfamily-PC\AppData\Local\VirtualStore
    [2013/02/12 21:31:45 | 000,000,000 | -HSD | C] -- C:\Users\muniz.munizfamily-PC\AppData\Local\Temporary Internet Files
    [2013/02/12 21:31:45 | 000,000,000 | -HSD | C] -- C:\Users\muniz.munizfamily-PC\Templates
    [2013/02/12 21:31:45 | 000,000,000 | -HSD | C] -- C:\Users\muniz.munizfamily-PC\Start Menu
    [2013/02/12 21:31:45 | 000,000,000 | -HSD | C] -- C:\Users\muniz.munizfamily-PC\SendTo
    [2013/02/12 21:31:45 | 000,000,000 | -HSD | C] -- C:\Users\muniz.munizfamily-PC\Recent
    [2013/02/12 21:31:45 | 000,000,000 | -HSD | C] -- C:\Users\muniz.munizfamily-PC\PrintHood
    [2013/02/12 21:31:45 | 000,000,000 | -HSD | C] -- C:\Users\muniz.munizfamily-PC\NetHood
    [2013/02/12 21:31:45 | 000,000,000 | -HSD | C] -- C:\Users\muniz.munizfamily-PC\Local Settings
    [2013/02/12 21:31:45 | 000,000,000 | -HSD | C] -- C:\Users\muniz.munizfamily-PC\AppData\Local\History
    [2013/02/12 21:31:45 | 000,000,000 | -HSD | C] -- C:\Users\muniz.munizfamily-PC\Cookies
    [2013/02/12 21:31:45 | 000,000,000 | -HSD | C] -- C:\Users\muniz.munizfamily-PC\Application Data
    [2013/02/12 21:31:45 | 000,000,000 | -HSD | C] -- C:\Users\muniz.munizfamily-PC\AppData\Local\Application Data
    [2013/02/12 21:31:44 | 000,000,000 | -HSD | C] -- C:\Users\muniz.munizfamily-PC\Documents\My Videos
    [2013/02/12 21:31:44 | 000,000,000 | -HSD | C] -- C:\Users\muniz.munizfamily-PC\Documents\My Pictures
    [2013/02/12 21:31:44 | 000,000,000 | -HSD | C] -- C:\Users\muniz.munizfamily-PC\Documents\My Music
    [2013/02/12 21:31:44 | 000,000,000 | -HSD | C] -- C:\Users\muniz.munizfamily-PC\My Documents
    [2013/02/12 21:31:32 | 000,000,000 | --SD | C] -- C:\Users\muniz.munizfamily-PC\AppData\Roaming\Microsoft
    [2013/02/12 21:31:32 | 000,000,000 | R--D | C] -- C:\Users\muniz.munizfamily-PC\Videos
    [2013/02/12 21:31:32 | 000,000,000 | R--D | C] -- C:\Users\muniz.munizfamily-PC\Saved Games
    [2013/02/12 21:31:32 | 000,000,000 | R--D | C] -- C:\Users\muniz.munizfamily-PC\Pictures
    [2013/02/12 21:31:32 | 000,000,000 | R--D | C] -- C:\Users\muniz.munizfamily-PC\Music
    [2013/02/12 21:31:32 | 000,000,000 | R--D | C] -- C:\Users\muniz.munizfamily-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
    [2013/02/12 21:31:32 | 000,000,000 | R--D | C] -- C:\Users\muniz.munizfamily-PC\Links
    [2013/02/12 21:31:32 | 000,000,000 | R--D | C] -- C:\Users\muniz.munizfamily-PC\Favorites
    [2013/02/12 21:31:32 | 000,000,000 | R--D | C] -- C:\Users\muniz.munizfamily-PC\Downloads
    [2013/02/12 21:31:32 | 000,000,000 | R--D | C] -- C:\Users\muniz.munizfamily-PC\Documents
    [2013/02/12 21:31:32 | 000,000,000 | R--D | C] -- C:\Users\muniz.munizfamily-PC\Desktop
    [2013/02/12 21:31:32 | 000,000,000 | R--D | C] -- C:\Users\muniz.munizfamily-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
    [2013/02/12 21:31:32 | 000,000,000 | ---D | C] -- C:\Users\muniz.munizfamily-PC\AppData\Roaming\TuneUp Software
    [2013/02/12 21:31:32 | 000,000,000 | ---D | C] -- C:\Users\muniz.munizfamily-PC\AppData\Local\Temp
    [2013/02/12 21:31:32 | 000,000,000 | ---D | C] -- C:\Users\muniz.munizfamily-PC\AppData\Local\Microsoft Help
    [2013/02/12 21:31:32 | 000,000,000 | ---D | C] -- C:\Users\muniz.munizfamily-PC\AppData\Local\Microsoft
    [2013/02/12 21:31:32 | 000,000,000 | ---D | C] -- C:\Users\muniz.munizfamily-PC\AppData\Roaming\Media Center Programs
    [2013/02/12 21:31:32 | 000,000,000 | ---D | C] -- C:\Users\muniz.munizfamily-PC\AppData\Roaming\Macromedia
    [2013/02/12 21:31:32 | 000,000,000 | ---D | C] -- C:\Users\muniz.munizfamily-PC\AppData
    [2013/02/12 20:28:13 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013
    [2013/02/12 15:51:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    [2013/02/12 15:51:14 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
    [2013/02/12 14:09:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
    [2013/02/12 14:08:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
    [2013/02/12 14:08:26 | 000,015,224 | ---- | C] (Safer Networking Limited) -- C:\Windows\System32\sdnclean.exe
    [2013/02/12 14:08:22 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
    [2013/02/12 13:02:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
    [2013/02/12 11:14:08 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
    [2013/02/06 16:35:14 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [2013/01/31 08:49:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG

    ========== Files - Modified Within 30 Days ==========

    [2013/02/21 16:51:00 | 000,000,510 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task ac5d85a8-12c8-451d-9cef-cc5c7db91569.job
    [2013/02/21 16:42:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2013/02/21 16:40:19 | 000,017,168 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/02/21 16:40:19 | 000,017,168 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/02/21 16:36:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013/02/21 07:02:05 | 000,000,510 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task bd24eefa-c6a8-407d-8d01-0f485cc736de.job
    [2013/02/20 22:12:37 | 1506,799,616 | -HS- | M] () -- C:\hiberfil.sys
    [2013/02/20 13:32:10 | 000,000,115 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
    [2013/02/20 13:29:55 | 000,001,190 | ---- | M] () -- C:\Users\muniz.munizfamily-PC\Desktop\OTL - Shortcut.lnk
    [2013/02/20 13:26:39 | 000,001,263 | ---- | M] () -- C:\Users\muniz.munizfamily-PC\Desktop\AdwCleaner - Shortcut.lnk
    [2013/02/20 07:37:18 | 000,033,112 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
    [2013/02/17 10:11:20 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
    [2013/02/17 10:11:20 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
    [2013/02/17 09:53:10 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2013/02/17 09:24:40 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
    [2013/02/17 09:01:09 | 000,001,897 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk
    [2013/02/17 08:49:42 | 000,001,411 | ---- | M] () -- C:\Users\muniz.munizfamily-PC\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2013/02/16 19:07:52 | 000,001,194 | ---- | M] () -- C:\Users\muniz.munizfamily-PC\Desktop\dds - Shortcut.lnk
    [2013/02/16 16:51:22 | 000,001,965 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2013/02/16 12:35:41 | 000,615,360 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2013/02/16 12:35:41 | 000,103,702 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2013/02/16 10:40:05 | 000,398,752 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\muniz.munizfamily-PC\Documents\unhide.exe
    [2013/02/16 08:52:28 | 000,409,752 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2013/02/16 08:24:31 | 194,269,038 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2013/02/12 20:31:44 | 000,000,935 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
    [2013/02/12 15:51:17 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2013/02/12 14:54:31 | 000,002,123 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
    [2013/02/12 14:50:01 | 000,444,830 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2013/02/12 14:29:47 | 000,000,297 | ---- | M] () -- C:\Windows\wininit.ini
    [2013/02/12 14:08:37 | 000,000,620 | ---- | M] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
    [2013/02/12 14:08:37 | 000,000,616 | ---- | M] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
    [2013/02/12 14:08:37 | 000,000,446 | ---- | M] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job

    ========== Files Created - No Company Name ==========

    [2013/02/20 13:32:02 | 000,000,115 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
    [2013/02/20 13:29:55 | 000,001,190 | ---- | C] () -- C:\Users\muniz.munizfamily-PC\Desktop\OTL - Shortcut.lnk
    [2013/02/20 13:26:39 | 000,001,263 | ---- | C] () -- C:\Users\muniz.munizfamily-PC\Desktop\AdwCleaner - Shortcut.lnk
    [2013/02/17 09:53:10 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2013/02/17 09:53:09 | 000,001,121 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    [2013/02/17 09:01:09 | 000,001,897 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk
    [2013/02/16 19:07:52 | 000,001,194 | ---- | C] () -- C:\Users\muniz.munizfamily-PC\Desktop\dds - Shortcut.lnk
    [2013/02/16 16:51:38 | 000,000,510 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task ac5d85a8-12c8-451d-9cef-cc5c7db91569.job
    [2013/02/16 16:51:36 | 000,000,510 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task bd24eefa-c6a8-407d-8d01-0f485cc736de.job
    [2013/02/16 16:51:22 | 000,001,965 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2013/02/16 08:24:31 | 194,269,038 | ---- | C] () -- C:\Windows\MEMORY.DMP
    [2013/02/12 21:37:19 | 000,001,411 | ---- | C] () -- C:\Users\muniz.munizfamily-PC\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2013/02/12 21:32:20 | 000,001,417 | ---- | C] () -- C:\Users\muniz.munizfamily-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    [2013/02/12 21:31:38 | 000,000,290 | ---- | C] () -- C:\Users\muniz.munizfamily-PC\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
    [2013/02/12 21:31:38 | 000,000,272 | ---- | C] () -- C:\Users\muniz.munizfamily-PC\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
    [2013/02/12 20:31:44 | 000,000,935 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk
    [2013/02/12 15:51:17 | 000,000,969 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2013/02/12 14:29:47 | 000,000,297 | ---- | C] () -- C:\Windows\wininit.ini
    [2013/02/12 14:08:37 | 000,000,620 | ---- | C] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
    [2013/02/12 14:08:37 | 000,000,616 | ---- | C] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
    [2013/02/12 14:08:37 | 000,000,446 | ---- | C] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
    [2013/02/12 14:08:32 | 000,002,135 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
    [2013/02/12 14:08:32 | 000,002,123 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
    [2011/09/21 12:49:27 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
    [2011/09/21 12:47:48 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
    [2011/01/12 10:04:41 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat

    ========== ZeroAccess Check ==========

    [2009/07/13 23:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 20:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
    @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8

    < End of report >
     
  13. goldenmia1

    goldenmia1 Thread Starter

    Joined:
    Feb 16, 2013
    Messages:
    20
    aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
    Run date: 2013-02-21 17:06:09
    -----------------------------
    17:06:09.305 OS Version: Windows 6.1.7601 Service Pack 1
    17:06:09.305 Number of processors: 2 586 0xF0D
    17:06:09.321 ComputerName: MUNIZFAMILY-PC UserName: muniz
    17:06:12.051 Initialize success
    17:18:34.650 AVAST engine defs: 13022103
    17:30:44.341 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    17:30:44.341 Disk 0 Vendor: WDC_WD1600BEVS-26VAT0 11.01A11 Size: 152627MB BusType: 11
    17:30:44.388 Disk 0 MBR read successfully
    17:30:44.404 Disk 0 MBR scan
    17:30:44.404 Disk 0 Windows 7 default MBR code
    17:30:44.435 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
    17:30:44.451 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 152525 MB offset 206848
    17:30:44.451 Disk 0 scanning sectors +312578048
    17:30:44.529 Disk 0 scanning C:\Windows\system32\drivers
    17:31:00.285 Service scanning
    17:31:29.965 Modules scanning
    17:31:38.607 Disk 0 trace - called modules:
    17:31:38.623 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS PCIIDEX.SYS msahci.sys dxgkrnl.sys igdkmd32.sys dxgmms1.sys
    17:31:39.138 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84bc5220]
    17:31:39.138 3 CLASSPNP.SYS[8898859e] -> nt!IofCallDriver -> [0x858d8c10]
    17:31:39.153 5 ACPI.sys[884a93d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x854f3030]
    17:31:40.245 AVAST engine scan C:\Windows
    17:31:42.882 AVAST engine scan C:\Windows\system32
    17:35:08.903 AVAST engine scan C:\Windows\system32\drivers
    17:35:31.184 AVAST engine scan C:\Users\muniz.munizfamily-PC
    17:36:48.624 AVAST engine scan C:\ProgramData
    17:38:30.386 Scan finished successfully
    17:39:01.915 Disk 0 MBR has been saved successfully to "C:\Users\muniz.munizfamily-PC\Desktop\MBR.dat"
    17:39:01.915 The log file has been saved successfully to "C:\Users\muniz.munizfamily-PC\Desktop\aswMBR.txt"
     
  14. goldenmia1

    goldenmia1 Thread Starter

    Joined:
    Feb 16, 2013
    Messages:
    20
    attached zip
     

    Attached Files:

    • MBR.zip
      File size:
      559 bytes
      Views:
      0
  15. OCD

    OCD Malware Specialist

    Joined:
    Sep 11, 2012
    Messages:
    273
    Hi goldenmia1,

    Please download Malwarebytes' Anti-Malware to your desktop.


    • Right click and select "Run as Administrator" mbam-setup.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform quick scan, then click Scan as shown below.

      [​IMG]
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected.
    • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
    Next

    Please run Eset Online Scanner

    Administrator rights are required to run ESET Online Scanner

    • Place a check mark in the box YES, I accept the Terms Of Use
    • Click the Start button.
    • Now click the Install button.
    • Click Start. The scanner engine will initialize and update.
    • Do Not place a check mark in the box beside Remove found threats.
    • Click the Scan button. The scan will now run, please be patient.
    • When the scan finishes click the Details tab.
    • Copy and paste the contents of the C:\Program Files\ESET\log.txt into your next reply.

    In your next post please provide the following:

    • MBAM log
    • ESET log.txt
    • How's the computer running?
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1089829

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice