gy18

November 22, 2013

# AdwCleaner v3.012 - Report created 21/11/2013 at 19:58:55

# Updated 11/11/2013 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : Gerry - GERRY-HP

# Running from : C:\Users\Gerry\Downloads\adwcleaner.exe

# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\Yontoo

Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search

Folder Deleted : C:\Users\Gerry\AppData\Local\apn

Folder Deleted : C:\Users\Gerry\AppData\Roaming\Search Protection

Folder Deleted : C:\Users\Gerry\AppData\Local\Google\Chrome\User Data\Default\Extensions\apjkpjchfbckhjhokinlgdbmibpbbjak

File Deleted : C:\Users\Gerry\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_apps.conduit.com_0.localstorage

File Deleted : C:\Users\Gerry\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_apps.conduit.com_0.localstorage-journal

File Deleted : C:\Users\Gerry\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_facebook.conduitapps.com_0.localstorage

File Deleted : C:\Users\Gerry\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_facebook.conduitapps.com_0.localstorage-journal

File Deleted : C:\Users\Gerry\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_storage.conduit.com_0.localstorage

File Deleted : C:\Users\Gerry\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_storage.conduit.com_0.localstorage-journal

File Deleted : C:\Users\Gerry\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.wajam.com_0.localstorage

File Deleted : C:\Users\Gerry\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.wajam.com_0.localstorage-journal

***** [ Shortcuts ] *****

***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc

Key Deleted : HKCU\Software\Google\Chrome\Extensions\apjkpjchfbckhjhokinlgdbmibpbbjak

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\apjkpjchfbckhjhokinlgdbmibpbbjak

Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE

Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL

Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol

Key Deleted : HKLM\SOFTWARE\Classes\S

Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi

Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1

Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc

Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE

Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1

Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api

Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1

Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers

Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\privitizevpn_rasapi32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\privitizevpn_rasmancs

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasapi32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasmancs

Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]

Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_vlc-media-player_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_vlc-media-player_RASMANCS

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\Softonic

Key Deleted : HKCU\Software\StartSearch

Key Deleted : HKLM\Software\AVG Security Toolbar

Key Deleted : HKLM\Software\Uniblue

Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16736

-\\ Google Chrome v

[ File : C:\Users\Gerry\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [10474 octets] - [21/11/2013 19:57:26]

AdwCleaner[s0].txt - [9990 octets] - [21/11/2013 19:58:55]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [10050 octets] ##########

Results of screen317's Security Check version 0.99.77

Windows 7 Service Pack 1 x64 (UAC is enabled)

Internet Explorer 10 Out of date!

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

WMI entry may not exist for antivirus; attempting automatic update.

`````````Anti-malware/Other Utilities Check:`````````

MVPS Hosts File

Spybot - Search & Destroy

Malwarebytes Anti-Malware version 1.75.0.1300

Java 7 Update 11

Java version out of Date!

Adobe Flash Player 10 Flash Player out of Date!

Adobe Reader 10.1.0 Adobe Reader out of Date!

Google Chrome 30.0.1599.101

Google Chrome 31.0.1650.57

````````Process Check: objlist.exe by Laurent````````

Spybot Teatimer.exe is disabled!

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 0%

````````````````````End of Log``````````````````````

November 21, 2013

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

Database version: v2013.11.20.14

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 10.0.9200.16736

Gerry :: GERRY-HP [administrator]

11/21/2013 12:13:55 AM

mbam-log-2013-11-21 (00-13-55).txt

Scan type: Full scan (C:\|D:\|)

Scan options disabled: P2P

Objects scanned: 397782

Time elapsed: 55 minute(s), 40 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

C:\Documents and Settings\Gerry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B5XF8UUV\wajam_download[1].exe Win32/Wajam.C application

C:\Documents and Settings\Gerry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LFXTAIJD\SpeedUpMyPC-standalone-setup[1].exe multiple threats

C:\Documents and Settings\Gerry\AppData\Roaming\Search Protection\SearchProtection.exe a variant of Win32/Toolbar.Widgi application

C:\Documents and Settings\Gerry\AppData\Roaming\Search Protection\Uninstall.exe probably a variant of Win32/Toolbar.Widgi application

C:\Users\Gerry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B5XF8UUV\wajam_download[1].exe Win32/Wajam.C application

C:\Users\Gerry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LFXTAIJD\SpeedUpMyPC-standalone-setup[1].exe multiple threats

C:\Users\Gerry\AppData\Roaming\Search Protection\SearchProtection.exe a variant of Win32/Toolbar.Widgi application

C:\Users\Gerry\AppData\Roaming\Search Protection\Uninstall.exe probably a variant of Win32/Toolbar.Widgi application

November 19, 2013

RogueKiller V8.7.8 _x64_ [Nov 14 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.adlice.com/forum/

Website : http://www.adlice.com/softwares/roguekiller/

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Gerry [Admin rights]

Mode : Scan -- Date : 11/18/2013 23:07:40

| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤

[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com

127.0.0.1 www.0scan.com

127.0.0.1 0scan.com

127.0.0.1 www.1000gratisproben.com

127.0.0.1 1000gratisproben.com

127.0.0.1 1001namen.com

127.0.0.1 www.1001namen.com

127.0.0.1 100888290cs.com

127.0.0.1 www.100888290cs.com

127.0.0.1 www.100sexlinks.com

127.0.0.1 100sexlinks.com

[...]

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST640LM0 00 HM641JI SATA Disk Device +++++

--- User ---

[MBR] a9170f2a98bd823d599c96af3f4682c7

[bSP] 64b910be8d7ee242f93cd740d0858b6a : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 590425 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1209600000 | Size: 19751 Mo

3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 1250050048 | Size: 103 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[0]_S_11182013_230740.txt >>

November 15, 2013

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 10.0.9200.16736 BrowserJavaVersion: 10.11.2

Run by Gerry at 18:39:12 on 2013-11-15

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5609.3574 [GMT -5:00]

.

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files\IDT\WDM\STacSV64.exe

C:\Windows\system32\Hpservice.exe

C:\Windows\System32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k WbioSvcGroup

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe

C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe

C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\valWBFPolicyService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\HP SimplePass\TouchControl.exe

C:\Windows\system32\taskhost.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe

C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe

C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\loggingserver.exe

C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files (x86)\HP SimplePass\DownloadAD.exe

C:\Users\Gerry\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

mWinlogon: Userinit = userinit.exe,

BHO: {1036AD63-AEAC-460B-9060-C96005D4DC86} - <orphaned>

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.1.2.1\AVG SafeGuard toolbar_toolbar.dll

BHO: Privacy Safeguard BHO: {A42D2EB4-DD31-4BB5-8AA5-8D4E04806DBE} - C:\Program Files\PrivacySafeGuard\PrivacySafeGuard.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

TB: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.1.2.1\AVG SafeGuard toolbar_toolbar.dll

uRun: [Google Update] "C:\Users\Gerry\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [bitTorrent] "C:\Users\Gerry\AppData\Roaming\BitTorrent\BitTorrent.exe" /MINIMIZED

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

mRun: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

.

INFO: HKCU has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

INFO: HKLM has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

TCP: NameServer = 192.168.2.1

TCP: Interfaces\{C6B5DCDE-0D0C-48E7-B028-14CE425B373D} : DHCPNameServer = 192.168.2.1

TCP: Interfaces\{C6B5DCDE-0D0C-48E7-B028-14CE425B373D}\368696E61647F677E6 : DHCPNameServer = 172.16.0.1

TCP: Interfaces\{E018E128-C296-40DF-B3AE-C19C3E726B3C} : DHCPNameServer = 192.168.2.1

Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll

Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.1.2\ViProtocol.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

mASetup: {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec /fu {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} /qn

x64-BHO: Privacy Safeguard BHO: {1036AD63-AEAC-460B-9060-C96005D4DC86} - C:\Program Files\PrivacySafeGuard\PrivacySafeGuard-x64.dll

x64-BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe

x64-Run: [setDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe

x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe

x64-RunOnce: [NCPluginUpdater] "c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\NCPluginUpdater.exe" Update

.

INFO: x64-HKLM has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

x64-Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll

x64-Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

x64-mASetup: {6032497A-4479-462B-ADB8-A0A372BB9A23} - msiexec /fu {6032497A-4479-462B-ADB8-A0A372BB9A23} /qn

Hosts: 127.0.0.1 www.spywareinfo.com

.

============= SERVICES / DRIVERS ===============

.

R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2011-12-13 82048]

R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2011-12-13 42624]

R0 amdkmpfd;AMD PCI Root Bus Lower Filter;C:\Windows\System32\drivers\amdkmpfd.sys [2012-1-18 31360]

R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-11-15 46368]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-1-27 235520]

R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-1-26 361984]

R2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2011-11-13 55936]

R2 APXACC;AppEx Networks Accelerator LWF;C:\Windows\System32\drivers\appexDrv.sys [2012-6-26 189760]

R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [2013-2-7 1641768]

R2 Freemake Improver;Freemake Improver;C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [2013-3-28 101888]

R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2013-8-2 9216]

R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]

R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]

R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2012-9-24 31040]

R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-3-5 35200]

R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-9-10 1153368]

R2 valWBFPolicyService;Validity WBF Policy Service;C:\Windows\System32\valWBFPolicyService.exe [2012-9-6 28160]

R2 vToolbarUpdater17.1.2;vToolbarUpdater17.1.2;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe [2013-11-15 1734680]

R3 amdhub30;AMD USB 3.0 Hub Driver;C:\Windows\System32\drivers\amdhub30.sys [2011-10-26 102528]

R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2012-6-26 46136]

R3 amdxhc;AMD USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\amdxhc.sys [2011-10-26 219776]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2011-12-6 95248]

R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-7-28 31088]

R3 RSP2STOR;Realtek PCIE CardReader Driver - P2;C:\Windows\System32\drivers\RtsP2Stor.sys [2012-10-26 266896]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-6-26 646248]

R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2012-6-26 56448]

R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-10-23 418376]

S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-10-23 701512]

S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-10-23 25928]

S3 SmbDrv;SmbDrv;C:\Windows\System32\drivers\Smb_driver.sys [2011-10-13 20016]

S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]

S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]

S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]

S3 TrueService;TrueAPI Service component;C:\Program Files\Common Files\AuthenTec\TrueService.exe [2013-1-7 401856]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-7-19 1255736]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2013-11-15 22:36:05 10280728 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{EB919C91-15B9-429C-B7FE-7C8C70564084}\mpengine.dll

2013-11-15 22:32:20 -------- d-----w- C:\Users\Gerry\AppData\Local\AVG SafeGuard toolbar

2013-11-15 22:32:03 46368 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys

2013-11-15 22:31:56 -------- d-----w- C:\ProgramData\AVG SafeGuard toolbar

2013-11-15 22:31:56 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search

2013-11-15 22:31:54 -------- d-----w- C:\Program Files (x86)\AVG SafeGuard toolbar

2013-11-15 01:15:57 -------- d-----w- C:\Users\Gerry\AppData\Roaming\Uniblue

.

==================== Find3M ====================

.

2013-10-12 08:45:20 2241536 ----a-w- C:\Windows\System32\wininet.dll

2013-10-12 08:43:37 3959808 ----a-w- C:\Windows\System32\jscript9.dll

2013-10-12 08:43:32 67072 ----a-w- C:\Windows\System32\iesetup.dll

2013-10-12 08:43:32 136704 ----a-w- C:\Windows\System32\iesysprep.dll

2013-10-12 07:03:50 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-10-12 07:02:33 2877952 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-10-12 07:02:29 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll

2013-10-12 07:02:29 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll

2013-10-12 06:35:26 2706432 ----a-w- C:\Windows\System32\mshtml.tlb

2013-10-12 06:08:58 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-10-12 05:44:38 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe

2013-10-12 05:15:39 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe

2013-10-12 02:30:42 830464 ----a-w- C:\Windows\System32\nshwfp.dll

2013-10-12 02:29:21 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL

2013-10-12 02:29:08 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL

2013-10-12 02:03:08 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll

2013-10-12 02:01:25 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL

2013-10-05 20:25:35 1474048 ----a-w- C:\Windows\System32\crypt32.dll

2013-10-05 19:57:25 1168384 ----a-w- C:\Windows\SysWow64\crypt32.dll

2013-10-04 02:28:31 190464 ----a-w- C:\Windows\System32\SmartcardCredentialProvider.dll

2013-10-04 02:25:17 197120 ----a-w- C:\Windows\System32\credui.dll

2013-10-04 02:24:49 1930752 ----a-w- C:\Windows\System32\authui.dll

2013-10-04 01:58:50 152576 ----a-w- C:\Windows\SysWow64\SmartcardCredentialProvider.dll

2013-10-04 01:56:25 168960 ----a-w- C:\Windows\SysWow64\credui.dll

2013-10-04 01:56:00 1796096 ----a-w- C:\Windows\SysWow64\authui.dll

2013-10-03 02:23:48 404480 ----a-w- C:\Windows\System32\gdi32.dll

2013-10-03 02:00:44 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll

2013-09-28 01:09:10 497152 ----a-w- C:\Windows\System32\drivers\afd.sys

2013-09-25 02:26:40 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

2013-09-25 02:26:40 154560 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

2013-09-25 02:23:33 28672 ----a-w- C:\Windows\System32\sspisrv.dll

2013-09-25 02:23:33 135680 ----a-w- C:\Windows\System32\sspicli.dll

2013-09-25 02:23:01 28160 ----a-w- C:\Windows\System32\secur32.dll

2013-09-25 02:22:59 340992 ----a-w- C:\Windows\System32\schannel.dll

2013-09-25 02:21:50 307200 ----a-w- C:\Windows\System32\ncrypt.dll

2013-09-25 02:21:07 1447936 ----a-w- C:\Windows\System32\lsasrv.dll

2013-09-25 01:58:17 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

2013-09-25 01:57:26 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

2013-09-25 01:57:24 247808 ----a-w- C:\Windows\SysWow64\schannel.dll

2013-09-25 01:56:42 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll

2013-09-25 01:03:24 30720 ----a-w- C:\Windows\System32\lsass.exe

2013-09-08 02:30:37 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2013-09-08 02:27:14 327168 ----a-w- C:\Windows\System32\mswsock.dll

2013-09-08 02:03:58 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll

2013-09-04 12:12:11 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys

2013-09-04 12:11:51 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys

2013-09-04 12:11:49 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys

2013-09-04 12:11:43 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys

2013-09-04 12:11:43 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys

2013-09-04 12:11:42 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys

2013-09-04 12:11:40 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys

2013-09-03 18:35:10 278800 ------w- C:\Windows\System32\MpSigStub.exe

2013-08-29 02:17:48 5549504 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-08-29 02:16:35 1732032 ----a-w- C:\Windows\System32\ntdll.dll

2013-08-29 02:16:28 243712 ----a-w- C:\Windows\System32\wow64.dll

2013-08-29 02:16:14 859648 ----a-w- C:\Windows\System32\tdh.dll

2013-08-29 02:13:28 878080 ----a-w- C:\Windows\System32\advapi32.dll

2013-08-29 01:51:45 3969472 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2013-08-29 01:51:45 3914176 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2013-08-29 01:50:31 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2013-08-29 01:50:30 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll

2013-08-29 01:50:16 619520 ----a-w- C:\Windows\SysWow64\tdh.dll

2013-08-29 01:48:17 640512 ----a-w- C:\Windows\SysWow64\advapi32.dll

2013-08-29 01:48:15 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2013-08-29 00:49:53 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2013-08-29 00:49:52 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2013-08-29 00:49:52 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2013-08-29 00:49:49 2048 ----a-w- C:\Windows\SysWow64\user.exe

2013-08-28 01:21:06 3155968 ----a-w- C:\Windows\System32\win32k.sys

2013-08-28 01:12:33 461312 ----a-w- C:\Windows\System32\scavengeui.dll

.

============= FINISH: 18:39:37.85 ===============

GMER 2.1.19163 - http://www.gmer.net

Rootkit scan 2013-11-15 18:49:51

Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\0000005d ST640LM0 rev.2AJ1 596.17GB

Running: myxq8vl8.exe; Driver: C:\Users\Gerry\AppData\Local\Temp\fgtiqpob.sys

---- Threads - GMER 2.1 ----

Thread C:\Windows\System32\svchost.exe [4244:1040] 000007fee6639688

---- EOF - GMER 2.1 ----

attach.txt

November 15, 2013

I noticed that lately, my laptop started running a bit more slowly than usual. So I checked my task manager. I found a program that I haven't seen before. It's called csrss.exe. I can't end the program like normal through task manager so I googled the program name. This program is supposedly a registered trojan. Is there any possibility of removing it?

March 26, 2012

Yes. Thanks a lot!

March 25, 2012

I re-installed the flash player and it seems to work now.

March 20, 2012

I was able to watch videos online. But it was only after I went to settings on the flash player and disable hardware acceleration. If I were to enable it again, I wouldn't be able to watch videos online. Is there a way to fix this?

March 15, 2012

I updated to the latest version of firefox but i am still having the same problem.

March 13, 2012

I used Mozilla Firefox and internet explorer 7

March 11, 2012

Results of screen317's Security Check version 0.99.31

Windows XP Service Pack 2 x86

Out of date service pack!!

Internet Explorer 7 Out of date!

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

AVG 2012

AVG PC Tuneup

AVG 2012

ESET Online Scanner v3

Antivirus up to date!

```````````````````````````````

Anti-malware/Other Utilities Check:

Spybot - Search & Destroy

AVG PC Tuneup

Java DB 10.2.2.0

Java 6 Update 14

Java 6 Update 2

Java 6 Update 3

Java 6 Update 5

Java 6 Update 7

Java SE Development Kit 6 Update 3

Java version out of date!

Adobe Flash Player 11.1.102.55

Adobe Reader 8 Adobe Reader out of date!

Mozilla Firefox (4.0.1)

````````````````````````````````

Process Check:

objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe

Malwarebytes' Anti-Malware mbamgui.exe

AVG avgwdsvc.exe

AVG avgtray.exe

AVG avgrsx.exe

AVG avgnsx.exe

AVG avgemc.exe

``````````End of Log````````````

March 10, 2012

I still cannot watch videos online. It still freezes my computer when the video tries loading and I would have to force shut down the computer and restart it.

March 10, 2012

All processes killed

========== OTL ==========

Error: No service named ymdwqbuwixvpepmk was found to stop!

Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ymdwqbuwixvpepmk deleted successfully.

Service mferkdk stopped successfully!

Service mferkdk deleted successfully!

Error: No service named adbm0aq2 was found to stop!

Service\Driver key adbm0aq2 not found.

Prefs.js: vshare@toolbar:1.0.0 removed from extensions.enabledItems

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA\ deleted successfully.

C:\Documents and Settings\Glenn\Application Data\Mozilla\Firefox\Profiles\pf04h0gi.default\extensions\vshare@toolbar\modules folder moved successfully.

C:\Documents and Settings\Glenn\Application Data\Mozilla\Firefox\Profiles\pf04h0gi.default\extensions\vshare@toolbar\locale\en-US folder moved successfully.

C:\Documents and Settings\Glenn\Application Data\Mozilla\Firefox\Profiles\pf04h0gi.default\extensions\vshare@toolbar\locale folder moved successfully.

C:\Documents and Settings\Glenn\Application Data\Mozilla\Firefox\Profiles\pf04h0gi.default\extensions\vshare@toolbar\components\FF4 folder moved successfully.

C:\Documents and Settings\Glenn\Application Data\Mozilla\Firefox\Profiles\pf04h0gi.default\extensions\vshare@toolbar\components folder moved successfully.

C:\Documents and Settings\Glenn\Application Data\Mozilla\Firefox\Profiles\pf04h0gi.default\extensions\vshare@toolbar\chrome folder moved successfully.

C:\Documents and Settings\Glenn\Application Data\Mozilla\Firefox\Profiles\pf04h0gi.default\extensions\vshare@toolbar folder moved successfully.

C:\Documents and Settings\Glenn\Local Settings\Application Data\604866v5f616x168a661d1ner1a5 moved successfully.

C:\Documents and Settings\All Users\Application Data\604866v5f616x168a661d1ner1a5 moved successfully.

C:\Documents and Settings\Glenn\Local Settings\Application Data\kqxjax25212syk721811b172n8n71yg66c moved successfully.

C:\Documents and Settings\All Users\Application Data\kqxjax25212syk721811b172n8n71yg66c moved successfully.

Folder C:\Documents and Settings\All Users\Application Data\pOlFiHc05200\ not found.

C:\Documents and Settings\All Users\Application Data\Viewpoint folder moved successfully.

C:\Documents and Settings\Glenn\Application Data\DNA folder moved successfully.

C:\Documents and Settings\Glenn\Application Data\FrostWire\xml\data folder moved successfully.

C:\Documents and Settings\Glenn\Application Data\FrostWire\xml folder moved successfully.

C:\Documents and Settings\Glenn\Application Data\FrostWire\themes\frostwirePro_theme folder moved successfully.

C:\Documents and Settings\Glenn\Application Data\FrostWire\themes folder moved successfully.

C:\Documents and Settings\Glenn\Application Data\FrostWire\overlays folder moved successfully.

C:\Documents and Settings\Glenn\Application Data\FrostWire\image_cache\static.frostwire.com\images\banners folder moved successfully.

C:\Documents and Settings\Glenn\Application Data\FrostWire\image_cache\static.frostwire.com\images folder moved successfully.

C:\Documents and Settings\Glenn\Application Data\FrostWire\image_cache\static.frostwire.com folder moved successfully.

C:\Documents and Settings\Glenn\Application Data\FrostWire\image_cache\farm6.static.flickr.com\5128 folder moved successfully.

C:\Documents and Settings\Glenn\Application Data\FrostWire\image_cache\farm6.static.flickr.com\5047 folder moved successfully.

C:\Documents and Settings\Glenn\Application Data\FrostWire\image_cache\farm6.static.flickr.com folder moved successfully.

C:\Documents and Settings\Glenn\Application Data\FrostWire\image_cache\farm5.static.flickr.com\4147 folder moved successfully.

C:\Documents and Settings\Glenn\Application Data\FrostWire\image_cache\farm5.static.flickr.com\4089 folder moved successfully.

C:\Documents and Settings\Glenn\Application Data\FrostWire\image_cache\farm5.static.flickr.com\4084 folder moved successfully.

C:\Documents and Settings\Glenn\Application Data\FrostWire\image_cache\farm5.static.flickr.com\4055 folder moved successfully.

C:\Documents and Settings\Glenn\Application Data\FrostWire\image_cache\farm5.static.flickr.com\4047 folder moved successfully.

C:\Documents and Settings\Glenn\Application Data\FrostWire\image_cache\farm5.static.flickr.com\4028 folder moved successfully.

C:\Documents and Settings\Glenn\Application Data\FrostWire\image_cache\farm5.static.flickr.com folder moved successfully.

C:\Documents and Settings\Glenn\Application Data\FrostWire\image_cache\farm2.static.flickr.com\1218 folder moved successfully.

C:\Documents and Settings\Glenn\Application Data\FrostWire\image_cache\farm2.static.flickr.com\1207 folder moved successfully.

C:\Documents and Settings\Glenn\Application Data\FrostWire\image_cache\farm2.static.flickr.com folder moved successfully.

C:\Documents and Settings\Glenn\Application Data\FrostWire\image_cache folder moved successfully.

C:\Documents and Settings\Glenn\Application Data\FrostWire\azureus\torrents folder moved successfully.

C:\Documents and Settings\Glenn\Application Data\FrostWire\azureus\tmp folder moved successfully.

C:\Documents and Settings\Glenn\Application Data\FrostWire\azureus\plugins folder moved successfully.

C:\Documents and Settings\Glenn\Application Data\FrostWire\azureus\net folder moved successfully.

C:\Documents and Settings\Glenn\Application Data\FrostWire\azureus\logs\save folder moved successfully.

C:\Documents and Settings\Glenn\Application Data\FrostWire\azureus\logs folder moved successfully.

C:\Documents and Settings\Glenn\Application Data\FrostWire\azureus\dht folder moved successfully.

C:\Documents and Settings\Glenn\Application Data\FrostWire\azureus\active folder moved successfully.

C:\Documents and Settings\Glenn\Application Data\FrostWire\azureus folder moved successfully.

C:\Documents and Settings\Glenn\Application Data\FrostWire\.NetworkShare\Incomplete folder moved successfully.

C:\Documents and Settings\Glenn\Application Data\FrostWire\.NetworkShare folder moved successfully.

C:\Documents and Settings\Glenn\Application Data\FrostWire\.AppSpecialShare folder moved successfully.

C:\Documents and Settings\Glenn\Application Data\FrostWire folder moved successfully.

C:\Documents and Settings\Glenn\Application Data\LimeWire\xml\schemas folder moved successfully.

C:\Documents and Settings\Glenn\Application Data\LimeWire\xml\misc folder moved successfully.

C:\Documents and Settings\Glenn\Application Data\LimeWire\xml\data folder moved successfully.

C:\Documents and Settings\Glenn\Application Data\LimeWire\xml folder moved successfully.

C:\Documents and Settings\Glenn\Application Data\LimeWire\themes\windows_theme folder moved successfully.

C:\Documents and Settings\Glenn\Application Data\LimeWire\themes folder moved successfully.

C:\Documents and Settings\Glenn\Application Data\LimeWire\promotion folder moved successfully.

C:\Documents and Settings\Glenn\Application Data\LimeWire\mozilla-profile\updates\0 folder moved successfully.

C:\Documents and Settings\Glenn\Application Data\LimeWire\mozilla-profile\updates folder moved successfully.

C:\Documents and Settings\Glenn\Application Data\LimeWire\mozilla-profile\extensions folder moved successfully.

C:\Documents and Settings\Glenn\Application Data\LimeWire\mozilla-profile\Cache folder moved successfully.

C:\Documents and Settings\Glenn\Application Data\LimeWire\mozilla-profile folder moved successfully.

C:\Documents and Settings\Glenn\Application Data\LimeWire\certificate folder moved successfully.

C:\Documents and Settings\Glenn\Application Data\LimeWire\browser\xulrunner\res\html folder moved successfully.

C:\Documents and Settings\Glenn\Application Data\LimeWire\browser\xulrunner\res\fonts folder moved successfully.

C:\Documents and Settings\Glenn\Application Data\LimeWire\browser\xulrunner\res\entityTables folder moved successfully.

C:\Documents and Settings\Glenn\Application Data\LimeWire\browser\xulrunner\res\dtd folder moved successfully.

C:\Documents and Settings\Glenn\Application Data\LimeWire\browser\xulrunner\res folder moved successfully.

C:\Documents and Settings\Glenn\Application Data\LimeWire\browser\xulrunner\plugins folder moved successfully.

C:\Documents and Settings\Glenn\Application Data\LimeWire\browser\xulrunner\modules folder moved successfully.

C:\Documents and Settings\Glenn\Application Data\LimeWire\browser\xulrunner\greprefs folder moved successfully.

C:\Documents and Settings\Glenn\Application Data\LimeWire\browser\xulrunner\dictionaries folder moved successfully.

C:\Documents and Settings\Glenn\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome folder moved successfully.

C:\Documents and Settings\Glenn\Application Data\LimeWire\browser\xulrunner\defaults\profile\US folder moved successfully.

C:\Documents and Settings\Glenn\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome folder moved successfully.

C:\Documents and Settings\Glenn\Application Data\LimeWire\browser\xulrunner\defaults\profile folder moved successfully.

C:\Documents and Settings\Glenn\Application Data\LimeWire\browser\xulrunner\defaults\pref folder moved successfully.

C:\Documents and Settings\Glenn\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig folder moved successfully.

C:\Documents and Settings\Glenn\Application Data\LimeWire\browser\xulrunner\defaults folder moved successfully.

C:\Documents and Settings\Glenn\Application Data\LimeWire\browser\xulrunner\components folder moved successfully.

C:\Documents and Settings\Glenn\Application Data\LimeWire\browser\xulrunner\chrome folder moved successfully.

C:\Documents and Settings\Glenn\Application Data\LimeWire\browser\xulrunner folder moved successfully.

C:\Documents and Settings\Glenn\Application Data\LimeWire\browser folder moved successfully.

C:\Documents and Settings\Glenn\Application Data\LimeWire\.NetworkShare folder moved successfully.

C:\Documents and Settings\Glenn\Application Data\LimeWire\.AppSpecialShare folder moved successfully.

C:\Documents and Settings\Glenn\Application Data\LimeWire folder moved successfully.

C:\Documents and Settings\Glenn\Application Data\uTorrent folder moved successfully.

Folder C:\Documents and Settings\Glenn\Application Data\Viewpoint\ not found.

Folder C:\Documents and Settings\Glenn\Application Data\vShare\ not found.

========== FILES ==========

File\Folder C:\Program Files\DNA not found.

========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 78991 bytes

->FireFox cache emptied: 2130409 bytes

->Flash cache emptied: 519 bytes

User: All Users

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 70113 bytes

->FireFox cache emptied: 3593665 bytes

User: Glenn

->Temp folder emptied: 51863588 bytes

->Temporary Internet Files folder emptied: 20329499 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 217457946 bytes

->Google Chrome cache emptied: 6472928 bytes

->Flash cache emptied: 3915 bytes

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 71070586 bytes

->Java cache emptied: 15156 bytes

->Flash cache emptied: 10324 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 1119073 bytes

%systemroot%\System32 .tmp files removed: 2577 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 878625 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 3896324 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 39762 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 362.00 mb

Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.35.1 log created on 03092012_205207

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

March 9, 2012

What is supposed to happen when I run the scan? I tried running it a couple of times. When I start the scan, the program, windows.exe stops running. This prevents me from opening the start menu. I let it scan for 4 hours today and nothing happened. When I checked on it, it ends up saying that OTL isn't responding so I have to force shut down my computer.

March 5, 2012

OTL:

OTL logfile created on: 3/4/2012 11:17:28 PM - Run 1

OTL by OldTimer - Version 3.2.35.1 Folder = C:\Documents and Settings\Glenn\My Documents\Downloads

Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.30 Gb Available Physical Memory | 65.21% Memory free

3.85 Gb Paging File | 3.25 Gb Available in Paging File | 84.49% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 127.99 Gb Total Space | 63.48 Gb Free Space | 49.60% Space Free | Partition Type: NTFS

Drive F: | 170.10 Gb Total Space | 51.70 Gb Free Space | 30.40% Space Free | Partition Type: NTFS

Computer Name: GLENN-XO7NI61RK | User Name: Glenn | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/04 22:25:29 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Glenn\My Documents\Downloads\OTL.exe

PRC - [2012/01/24 17:24:26 | 002,416,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe

PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012/01/13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2011/11/28 01:19:04 | 001,229,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe

PRC - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe

PRC - [2011/09/08 20:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe

PRC - [2011/08/15 06:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe

PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe

PRC - [2007/07/11 15:31:14 | 000,569,344 | ---- | M] (Sonix) -- C:\WINDOWS\vsnp2uvc.exe

PRC - [2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe

PRC - [2006/12/23 18:05:20 | 000,143,360 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

PRC - [2006/09/11 19:59:28 | 000,172,032 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

PRC - [2006/09/11 19:56:02 | 000,135,227 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

PRC - [2006/09/11 19:55:42 | 000,065,599 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

PRC - [2006/04/13 16:14:26 | 000,020,543 | ---- | M] (Apache Software Foundation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe

PRC - [2004/10/25 16:01:52 | 000,421,888 | ---- | M] (Dell) -- C:\WINDOWS\system32\dlbtcoms.exe

========== Modules (No Company Name) ==========

MOD - [2011/03/21 16:30:20 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2008/03/29 10:42:20 | 000,159,744 | ---- | M] () -- C:\WINDOWS\system32\mmfinfo.dll

MOD - [2008/03/29 10:41:52 | 000,023,552 | ---- | M] () -- C:\WINDOWS\system32\mkunicode.dll

MOD - [2006/09/11 19:59:28 | 000,172,032 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

MOD - [2006/04/13 16:14:26 | 000,876,544 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\libeay32.dll

MOD - [2006/04/13 16:14:26 | 000,159,744 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\ssleay32.dll

MOD - [2006/04/13 16:14:26 | 000,024,691 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_auth.so

MOD - [2005/06/28 13:59:48 | 000,053,248 | ---- | M] () -- C:\Program Files\ArcSoft\PhotoImpression 5\Share\PIHook.dll

MOD - [2004/11/10 14:35:12 | 000,007,680 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 922\dlbtmcro.dll

MOD - [2004/11/10 14:32:52 | 000,065,536 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 922\JetScan.dll

MOD - [2004/11/10 14:31:24 | 000,065,536 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 922\JetImage.dll

MOD - [2004/11/10 14:30:56 | 000,028,672 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 922\JetPDF.dll

MOD - [2004/11/10 14:30:28 | 000,036,864 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 922\JetFunc.dll

MOD - [2004/10/08 13:50:56 | 000,287,232 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\DLBTSTRN.DLL

MOD - [2004/10/08 13:49:08 | 000,004,096 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\DLBTPCFG.DLL

MOD - [2004/10/08 13:49:02 | 000,075,264 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\DLBTPP5C.DLL

MOD - [2004/10/08 13:48:36 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\DLBTUI5C.DLL

MOD - [2004/10/08 13:48:08 | 000,096,768 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\DLBTDR5C.DLL

MOD - [2004/03/10 10:36:24 | 000,061,440 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 922\ConvDIB.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (SessionLauncher)

SRV - File not found [Auto | Stopped] -- -- (RoxLiveShare10)

SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)

SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)

SRV - [2009/10/29 01:02:00 | 003,407,292 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)

SRV - [2008/12/09 23:10:14 | 000,024,636 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe -- (wampapache)

SRV - [2008/11/15 04:53:14 | 006,447,744 | ---- | M] () [On_Demand | Stopped] -- c:\wamp\bin\mysql\mysql5.1.30\bin\mysqld.exe -- (wampmysqld)

SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)

SRV - [2006/09/11 19:59:28 | 000,172,032 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM)

SRV - [2006/09/11 19:56:02 | 000,135,227 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe -- (nSvcIp)

SRV - [2006/09/11 19:55:42 | 000,065,599 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe -- (nSvcLog)

SRV - [2006/04/13 16:14:26 | 000,020,543 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe -- (ForcewareWebInterface)

SRV - [2004/10/25 16:01:52 | 000,421,888 | ---- | M] (Dell) [On_Demand | Running] -- C:\WINDOWS\System32\dlbtcoms.exe -- (dlbt_device)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Unknown] -- -- (ymdwqbuwixvpepmk)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)

DRV - File not found [Kernel | System | Stopped] -- -- (mferkdk)

DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)

DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)

DRV - File not found [Kernel | System | Stopped] -- -- (Changer)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (catchme)

DRV - File not found [Kernel | On_Demand | Unknown] -- -- (adbm0aq2)

DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2011/10/07 06:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)

DRV - [2011/10/04 06:21:42 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)

DRV - [2011/09/13 06:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)

DRV - [2011/08/08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)

DRV - [2011/07/11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)

DRV - [2011/07/11 01:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)

DRV - [2011/07/11 01:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)

DRV - [2011/07/11 01:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)

DRV - [2010/02/11 07:01:43 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)

DRV - [2009/08/04 15:29:51 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)

DRV - [2008/07/07 02:40:49 | 000,056,108 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)

DRV - [2007/08/22 19:51:28 | 009,611,520 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)

DRV - [2007/07/27 22:30:26 | 002,371,584 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

DRV - [2007/07/20 18:40:10 | 000,084,992 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)

DRV - [2006/12/06 06:41:16 | 000,044,416 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\jraid.sys -- (JRAID)

DRV - [2006/10/18 14:12:16 | 000,012,664 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)

DRV - [2006/09/11 06:45:38 | 000,019,968 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)

DRV - [2006/09/11 06:45:36 | 000,057,856 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)

DRV - [2006/09/11 06:45:26 | 000,110,592 | ---- | M] (NVIDIA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\nvtcp.sys -- (NVTCP)

DRV - [2006/08/21 05:24:28 | 000,105,344 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\nvata.sys -- (nvata)

DRV - [2006/06/18 23:37:34 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)

DRV - [2006/03/17 04:18:58 | 000,392,960 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)

DRV - [2006/02/07 06:52:58 | 000,006,912 | ---- | M] (JMicron ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\JGOGO.sys -- (JGOGO)

DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)

DRV - [2004/08/12 21:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data over 100 bytes]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data over 100 bytes]

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = D9 FC CD 03 E8 D6 F5 41 BE FD B3 06 76 3B 9A 1C [binary data]

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = D9 FC CD 03 E8 D6 F5 41 BE FD B3 06 76 3B 9A 1C [binary data]

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = D9 FC CD 03 E8 D6 F5 41 BE FD B3 06 76 3B 9A 1C [binary data]

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = D9 FC CD 03 E8 D6 F5 41 BE FD B3 06 76 3B 9A 1C [binary data]

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1645522239-261478967-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data over 100 bytes]

IE - HKU\S-1-5-21-1645522239-261478967-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKU\S-1-5-21-1645522239-261478967-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = D9 FC CD 03 E8 D6 F5 41 BE FD B3 06 76 3B 9A 1C [binary data]

IE - HKU\S-1-5-21-1645522239-261478967-839522115-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-1645522239-261478967-839522115-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKU\S-1-5-21-1645522239-261478967-839522115-1003\..\SearchScopes\{388ABC47-34A4-405F-8384-3AB0FAEF5157}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b2ie7

IE - HKU\S-1-5-21-1645522239-261478967-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1645522239-261478967-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7

FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0

FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1209

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll File not found

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)

FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)

FF - HKLM\Software\MozillaPlugins\@idsoftware.com/quakelive: C:\Documents and Settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll (id Software Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/wpf,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Glenn\Application Data\Move Networks\plugins\npqmp071701000002.dll (Move Networks)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.3088: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.3146: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.11.3006: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.15: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)

FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.15: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)

FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()

FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Glenn\Application Data\Move Networks\plugins\npqmp071701000002.dll (Move Networks)

FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: File not found

FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/02/26 18:23:02 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/20 12:40:57 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/23 21:19:50 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Documents and Settings\Glenn\Application Data\Move Networks [2012/01/17 23:47:51 | 000,000,000 | ---D | M]

[2010/04/18 07:54:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Glenn\Application Data\Mozilla\Extensions

[2009/04/10 01:35:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Glenn\Application Data\Mozilla\Extensions\mozswing@mozswing.org

[2012/02/22 13:13:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Glenn\Application Data\Mozilla\Firefox\Profiles\pf04h0gi.default\extensions

[2011/03/17 20:12:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Glenn\Application Data\Mozilla\Firefox\Profiles\pf04h0gi.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2011/02/18 20:31:37 | 000,000,000 | ---D | M] (vShare) -- C:\Documents and Settings\Glenn\Application Data\Mozilla\Firefox\Profiles\pf04h0gi.default\extensions\vshare@toolbar

[2011/05/20 12:25:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2011/05/20 12:25:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions

[2011/05/20 12:25:10 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

[2012/01/17 23:47:51 | 000,000,000 | ---D | M] (Move Media Player) -- C:\DOCUMENTS AND SETTINGS\GLENN\APPLICATION DATA\MOVE NETWORKS

[2012/02/26 18:23:02 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX4

[2008/12/14 13:49:11 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

[2011/04/14 11:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2005/12/05 21:31:00 | 000,114,688 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npmozax.dll

[2008/04/12 16:28:26 | 000,151,552 | ---- | M] (PopCap Games) -- C:\Program Files\mozilla firefox\plugins\nppopcaploader.dll

[2007/04/16 12:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll

[2011/03/11 19:49:09 | 000,001,919 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing-zugo.xml

[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: ()

CHR - default_search_provider: search_url =

CHR - default_search_provider: suggest_url =

CHR - Extension: No name found = C:\Documents and Settings\Glenn\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1374_0\

O1 HOSTS File: ([2012/02/24 02:45:56 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [36X Raid Configurer] C:\WINDOWS\System32\JMRaidSetup.exe (JMicron Technology Corp.)

O4 - HKLM..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.15\AsRunHelp.exe ()

O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [DLBTCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.DLL ()

O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe ()

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [Malwarebytes Anti-Malware (rootkit-scan)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)

O4 - HKLM..\Run: [snp2uvc] C:\WINDOWS\vsnp2uvc.exe (Sonix)

O4 - HKU\S-1-5-21-1645522239-261478967-839522115-1003..\Run: [Aim] C:\Program Files\AIM\aim.exe -cnetwait.odl File not found

O4 - HKU\S-1-5-21-1645522239-261478967-839522115-1003..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)

O4 - HKU\S-1-5-21-1645522239-261478967-839522115-1003..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)

O4 - HKU\S-1-5-21-1645522239-261478967-839522115-1003..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()

O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)

O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1645522239-261478967-839522115-1003\Software\Policies\Microsoft\Internet Explorer\control panel present

O7 - HKU\S-1-5-21-1645522239-261478967-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-21-1645522239-261478967-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-21-1645522239-261478967-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)

O16 - DPF: {5ed80217-570b-4da9-bf44-be107c0ec166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab (Windows Live Safety Center Base Module)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1271014203546 (WUWebControl Class)

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.systemrequirementslab.com/sysreqlab2.cab (System Requirements Lab Class)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1271015953046 (MUWebControl Class)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)

O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)

O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1AF64B4D-F8E2-4E6D-ACCC-7C06B6C6B884}: DhcpNameServer = 192.168.2.1

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O24 - Desktop WallPaper: C:\Documents and Settings\Glenn\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Glenn\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2007/12/15 12:19:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O35 - HKU\S-1-5-21-1645522239-261478967-839522115-1003..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/26 18:36:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Glenn\Application Data\AVG

[2012/02/26 18:35:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2012/02/26 18:35:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG PC Tuneup 2011

[2012/02/26 18:23:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2012

[2012/02/24 15:27:20 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2012/02/24 02:57:55 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine

[2012/02/24 02:29:57 | 000,000,000 | ---D | C] -- C:\ComboFix

[2012/02/22 14:06:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Glenn\Application Data\AVG2012

[2012/02/22 14:05:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2012

[2012/02/22 12:58:33 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2012/02/22 12:58:33 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2012/02/22 12:58:33 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2012/02/22 12:27:42 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2012/02/11 01:41:51 | 000,000,000 | ---D | C] -- C:\Qoobox

[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/04 23:15:54 | 000,000,630 | ---- | M] () -- C:\WINDOWS\dellstat.ini

[2012/03/04 23:09:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2012/03/04 20:23:53 | 090,795,267 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm

[2012/03/04 20:23:14 | 000,002,163 | ---- | M] () -- C:\Documents and Settings\Glenn\Application Data\Microsoft\Internet Explorer\Quick Launch\Steam.lnk

[2012/03/04 20:09:01 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2012/03/04 18:37:34 | 000,000,368 | ---- | M] () -- C:\WINDOWS\tasks\AVG PC Tuneup Integrator Start On Glenn Logon.job

[2012/03/04 18:35:43 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012/03/04 18:35:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012/03/04 15:58:05 | 000,030,445 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm

[2012/02/26 18:23:02 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk

[2012/02/26 04:54:22 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2012/02/24 14:49:29 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012/02/24 02:45:56 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2012/02/24 02:06:27 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/26 18:35:58 | 000,000,368 | ---- | C] () -- C:\WINDOWS\tasks\AVG PC Tuneup Integrator Start On Glenn Logon.job

[2012/02/26 18:23:02 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk

[2012/02/24 14:49:29 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012/02/22 12:58:33 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2012/02/22 12:58:33 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2012/02/22 12:58:33 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2012/02/22 12:58:33 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2012/02/22 12:58:33 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2011/12/24 18:23:57 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll

[2011/12/24 18:20:50 | 000,107,520 | RHS- | C] () -- C:\WINDOWS\System32\TAKDSDecoder.dll

[2011/12/17 17:24:46 | 000,001,310 | -HS- | C] () -- C:\Documents and Settings\Glenn\Local Settings\Application Data\604866v5f616x168a661d1ner1a5

[2011/12/17 17:24:46 | 000,001,310 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\604866v5f616x168a661d1ner1a5

[2011/05/15 14:28:52 | 000,001,444 | -HS- | C] () -- C:\Documents and Settings\Glenn\Local Settings\Application Data\kqxjax25212syk721811b172n8n71yg66c

[2011/05/15 14:28:52 | 000,001,444 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\kqxjax25212syk721811b172n8n71yg66c

[2011/03/08 18:00:16 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010/07/23 20:38:40 | 000,000,371 | ---- | C] () -- C:\WINDOWS\cdplayer.ini

========== LOP Check ==========

[2010/04/11 13:05:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ooVoo Details

[2009/01/09 16:44:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2DBoy

[2008/11/18 17:28:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore

[2010/06/22 16:20:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM

[2012/02/22 12:24:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10

[2012/02/26 18:29:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012

[2011/03/16 21:55:24 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files

[2009/08/04 15:32:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite

[2008/03/29 16:37:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET

[2009/03/31 17:56:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\id Software

[2007/12/22 17:53:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JCreator

[2011/05/12 18:26:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks

[2007/12/17 22:20:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe

[2012/03/04 20:23:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData

[2008/12/08 22:44:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\National Instruments

[2012/03/04 22:24:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files

[2011/02/06 23:04:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pOlFiHc05200

[2008/04/12 16:28:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap

[2011/06/16 09:34:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegistryCleanerFree

[2008/03/20 22:03:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SITEguard

[2008/07/09 13:33:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc

[2008/03/21 00:16:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!

[2012/03/04 18:37:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2010/06/22 16:31:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint

[2008/10/22 20:24:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip

[2009/03/26 00:22:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}

[2011/05/20 12:42:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2007/12/19 15:50:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glenn\Application Data\acccore

[2008/03/04 22:04:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glenn\Application Data\Aim

[2008/04/19 09:56:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glenn\Application Data\Any Video Converter

[2012/02/26 18:38:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glenn\Application Data\AVG

[2011/03/16 21:58:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glenn\Application Data\AVG10

[2012/02/22 14:06:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glenn\Application Data\AVG2012

[2009/08/04 15:33:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glenn\Application Data\DAEMON Tools

[2009/08/04 15:33:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glenn\Application Data\DAEMON Tools Lite

[2009/10/01 21:49:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glenn\Application Data\Dev-Cpp

[2012/02/24 02:40:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glenn\Application Data\DNA

[2011/10/18 20:17:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glenn\Application Data\Dropbox

[2011/03/05 14:33:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glenn\Application Data\FrostWire

[2009/04/05 11:13:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glenn\Application Data\GARMIN

[2009/03/31 17:57:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glenn\Application Data\id Software

[2009/11/15 13:34:24 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Glenn\Application Data\ijjigame

[2007/12/22 17:53:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glenn\Application Data\JCreator

[2011/05/12 18:26:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glenn\Application Data\Juniper Networks

[2010/12/12 21:31:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glenn\Application Data\LimeWire

[2011/07/04 21:12:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glenn\Application Data\LolClient

[2008/12/08 22:40:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glenn\Application Data\National Instruments

[2010/01/04 16:41:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glenn\Application Data\ooVoo Details

[2011/06/12 11:24:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glenn\Application Data\PhotoScape

[2010/10/24 20:01:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glenn\Application Data\Processing

[2011/06/16 09:34:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glenn\Application Data\RegistryCleanerFree

[2011/08/20 10:40:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glenn\Application Data\SystemRequirementsLab

[2008/09/16 18:48:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glenn\Application Data\uTorrent

[2007/12/19 20:22:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glenn\Application Data\Viewpoint

[2011/02/18 20:31:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glenn\Application Data\vShare

[2008/01/03 06:38:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glenn\Application Data\Vso

[2008/03/05 00:08:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glenn\Application Data\WeGame

[2012/03/04 18:37:34 | 000,000,368 | ---- | M] () -- C:\WINDOWS\Tasks\AVG PC Tuneup Integrator Start On Glenn Logon.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4

< End of report >

Extras:

OTL Extras logfile created on: 3/4/2012 11:17:28 PM - Run 1